Bump the java group with 10 updates

[dependabot]

Bumps the java group with 10 updates:

Package	From	To
ch.qos.logback:logback-core	1.5.20	1.5.21
ch.qos.logback:logback-classic	1.5.20	1.5.21
org.apache.commons:commons-lang3	3.19.0	3.20.0
org.sonarsource.scanner.maven:sonar-maven-plugin	5.2.0.4988	5.3.0.6276
org.apache.maven.plugins:maven-jar-plugin	3.4.2	3.5.0
org.springframework.boot:spring-boot-maven-plugin	3.5.7	4.0.0
org.springframework.boot:spring-boot-dependencies	3.5.7	4.0.0
commons-validator:commons-validator	1.10.0	1.10.1
org.springframework:spring-web	6.2.12	7.0.1
org.springframework.boot:spring-boot-starter-test	3.5.7	4.0.0

Updates ch.qos.logback:logback-core from 1.5.20 to 1.5.21

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.21

2025-11-10 Release of logback version 1.5.21

• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of Logger with the contents of the LoggingEvent, typically via the fluent API. This fixes issues/871.

• Removed reentry-guard in most subclasses of UnsynchronizedAppenderBase where it was not needed.

• Initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• JsonEncoder is now friendlier to derivation by sub-classes as requested in issues/979.

• Fixed XMLLayout thread safety issue reported in LOGBACK-427.

• Removed superfluous buffering in Zip, GZ and XZ compression code.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit fed6f37ffe3449e40f6a9fffe050936a33116bd1 associated with the tag v_1.5.21. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• fed6f37 prepare release 1.5.21
• b111e89 Initialization procedure has been simplified by removing the step
• 1cd2df4 fix issues/871
• dea5b95 minor - remove superflous call to Objects.requireNonNull
• 3cecf29 add comment for the TurboFilter list ACCEPT case
• 1497142 improve performance for 2 or more turbo filters
• 04a7ba5 most subclasses of UnsynchronizedAppenderBase do not need a reentry guard
• ab6a006 add maven cache to github CI, update .github/FUNDING.yml
• 2bf5557 fix failed LegacyPatternLayoutTest#subPattern test due to TZ discrepancies, u...
• 2ca8c52 update funding info
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.20 to 1.5.21

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.21

2025-11-10 Release of logback version 1.5.21

• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of Logger with the contents of the LoggingEvent, typically via the fluent API. This fixes issues/871.

• Removed reentry-guard in most subclasses of UnsynchronizedAppenderBase where it was not needed.

• Initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• JsonEncoder is now friendlier to derivation by sub-classes as requested in issues/979.

• Fixed XMLLayout thread safety issue reported in LOGBACK-427.

• Removed superfluous buffering in Zip, GZ and XZ compression code.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit fed6f37ffe3449e40f6a9fffe050936a33116bd1 associated with the tag v_1.5.21. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• fed6f37 prepare release 1.5.21
• b111e89 Initialization procedure has been simplified by removing the step
• 1cd2df4 fix issues/871
• dea5b95 minor - remove superflous call to Objects.requireNonNull
• 3cecf29 add comment for the TurboFilter list ACCEPT case
• 1497142 improve performance for 2 or more turbo filters
• 04a7ba5 most subclasses of UnsynchronizedAppenderBase do not need a reentry guard
• ab6a006 add maven cache to github CI, update .github/FUNDING.yml
• 2bf5557 fix failed LegacyPatternLayoutTest#subPattern test due to TZ discrepancies, u...
• 2ca8c52 update funding info
• Additional commits viewable in compare view

Updates org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0

Updates org.sonarsource.scanner.maven:sonar-maven-plugin from 5.2.0.4988 to 5.3.0.6276

Release notes

Sourced from org.sonarsource.scanner.maven:sonar-maven-plugin's releases.

5.3.0.6276

Release notes - Sonar Scanner for Maven - 5.3

Bug

SCANMAVEN-283 Mvn 4.0.0-rc-3 breaks scanner because change of API

SCANMAVEN-308 Toolchains are not properly discovered by the scanner with Maven 4

Task

SCANMAVEN-297 Update README.md with copy from Product Marketing

SCANMAVEN-301 PrepareNextIteration.yml: add recent improvements

SCANMAVEN-302 Update GH release and releasability actions

SCANMAVEN-303 Delete mend_scan_task

SCANMAVEN-305 Migrate Cirrus build to Github actions

SCANMAVEN-307 Migrate QA from Cirrus to Github action

SCANMAVEN-309 Prevent injection in PrepareNextIteration GHA

SCANMAVEN-310 Exclude test projects from SCA

SCANMAVEN-311 Upgrade dependencies

SCANMAVEN-314 Fix ProxyTest on GitHub actions

SCANMAVEN-315 Rework QA: split invoker-based ITs and Orchestrator-based e2e

SCANMAVEN-325 Update license header from SonarSource SA to SonarSource Sàrl

SCANMAVEN-326 Delete Cirrus CI config

SCANMAVEN-327 Use explicit build number

Commits

• 4fcd9b1 SCANMAVEN-326 Delete Cirrus CI config (#345)
• b38cf6e SCANMAVEN-327 Use explicit build number (#346)
• 3cc18b9 SCANMAVEN-325 Update license header from SonarSource SA to SonarSource Sàrl
• 472f0c3 SCANMAVEN-310 Exclude E2E test projects from sca analysis after move
• 4a248b4 SCANMAVEN-314 Fix ProxyTest on GitHub Actions
• c4a3521 SCANMAVEN-315 Split invoker-based ITs and Orchestrator-based e2e
• 1d568c1 SCANMAVEN-308 Fix toolchains support in Maven 4
• 7c181df SCANMAVEN-283 Code refactoring, to avoid using mutable lists
• 44e3b0c SCANMAVEN-311 Upgrade orchestrator to version 5.6.2.2625
• 479c11d SCANMAVEN-311 Upgrade jsonassert to version 1.5.3
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-jar-plugin from 3.4.2 to 3.5.0

Release notes

Sourced from org.apache.maven.plugins:maven-jar-plugin's releases.

3.5.0

🚀 New features and improvements

• Add new "attach" configuration parameter (3.x port of #482) (#483) @​hgschmie
• add Java-Version to MANIFEST.MF (#465) @​hboutemy

🐛 Bug Fixes

• Fix detecting java version for toolchains and JDK 1.8 (#500) @​slawekjaranowski
• Ignore stderr when parsing javac version from toolchain (#471) @​jaredstehler

👻 Maintenance

• Update site descriptor to 2.0.0 (#501) @​slawekjaranowski
• chore: remove junit3 references (#494) @​slawekjaranowski
• Migrate component injection to JSR-330 (#492) @​slawekjaranowski
• Add PR Automation to 3.x (#132) @​slawekjaranowski
• Improve release-drafter configuration (#128) @​slawekjaranowski
• Fix for Maven 4.0.0-rc-3 (#130) @​slawekjaranowski
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#119) @​Bukama

🔧 Build

• Bump m-invoker-p to 3.9.1 for Java 25 (#480) @​hboutemy

📦 Dependency updates

• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#499) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#498) @dependabot[bot]
• Use maven-plugin-testing-harness version 3.4.0 (#491) @​slawekjaranowski
• Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.15.1 to 3.15.2 (#488) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#478) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#464) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 42 to 45 (#452) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.4 (#461) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#457) @dependabot[bot]
• Bump mavenVersion from 3.9.10 to 3.9.11 (#456) @dependabot[bot]
• Bump mavenVersion from 3.9.9 to 3.9.10 (#146) @dependabot[bot]
• Bump org.apache.maven.shared:file-management from 3.1.0 to 3.2.0 (#143) @dependabot[bot]
• Bump mavenVersion from 3.6.3 to 3.9.9 (#107) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#140) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.1 to 2.18.0 (#114) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#109) @dependabot[bot]

Commits

• 68d00f1 [maven-release-plugin] prepare release maven-jar-plugin-3.5.0
• 357b9bf Update site descriptor to 2.0.0
• 340249c Fix detecting java version for toolchains and JDK 1.8
• 06a6245 chore: remove junit3 references
• d302b2c Bump commons-io:commons-io from 2.20.0 to 2.21.0
• 6081bdb Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
• ef8ed4c Migrate component injection to JSR-330
• 704a35c Ignore stderr when parsing javac version from toolchain (#471)
• 0beb969 Use maven-plugin-testing-harness version 3.4.0
• c2624c8 Bump org.apache.maven.plugin-tools:maven-plugin-annotations (#488)
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-maven-plugin from 3.5.7 to 4.0.0

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v4.0.0

Full release notes for Spring Boot 4.0 are available on the wiki. There is also a migration guide to help you upgrade from Spring Boot 3.5.

⭐ New Features

• Change tomcat and jetty runtime modules to starters #48175
• Rename spring-boot-kotlin-serialization to align with the name of the Kotlinx module that it pulls in #48076

🐞 Bug Fixes

• Error properties are a general web concern and should not be located beneath server.* #48201
• With both Jackson 2 and 3 on the classpath, @JsonTest fails due to duplicate jacksonTesterFactoryBean #48198
• Gradle war task does not exclude starter POMs from lib-provided #48197
• spring.test.webclient.mockrestserviceserver.enabled is not aligned with its module's name #48193
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #48182
• Properties bound in the child management context ignore the parent's environment prefix #48177
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #48171
• Starter for spring-boot-micrometer-metrics is missing #48161
• Elasticsearch client's sniffer functionality should not be enabled by default #48155
• spring-boot-starter-elasticsearch should depend on elasticsearch-java #48141
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #48132
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #48128
• Properties for configuring an isolated JsonMapper or ObjectMapper are incorrectly named #48116
• Buildpack fails with recent Docker installs due to hardcoded version in URL #48103
• Image building may fail when specifying a platform if an image has already been built with a different platform #48099
• Default values of Kotlinx Serialization JSON configuration properties are not documented #48097
• Custom XML converters should override defaults in HttpMessageConverters #48096
• Kotlin serialization is used too aggressively when other JSON libraries are available #48070
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #48059
• Auto-configured JCacheMetrics cannot be customized #48057
• WebSecurityCustomizer beans are excluded by WebMvcTest #48055
• Deprecated EnvironmentPostProcessor does not resolve arguments #48047
• RetryPolicySettings should refer to maxRetries, not maxAttempts #48023
• Devtools Restarter does not work with a parameterless main method #47996
• Dependency management for Kafka should not manage Scala 2.12 libraries #47991
• spring-boot-mail should depend on jakarta.mail:jakarta.mail-api and org.eclipse.angus:angus-mail instead of org.eclipse.angus:jakarta.mail #47983
• spring-boot-starter-data-mongodb-reactive has dependency on reactor-test #47982
• Support for ReactiveElasticsearchClient is in the wrong module #47848

📔 Documentation

• Removed property spring.test.webclient.register-rest-template is still documented #48199
• Mention support for detecting AWS ECS in "Deploying to the Cloud" #48170
• Revise AWS section of "Deploying to the Cloud" in reference manual #48163
• Fix typo in PortInUseException Javadoc #48134
• Correct section about required setters in "Type-safe Configuration Properties" #48131
• Use since attribute in configuration properties deprecation consistently #48122
• Document EndpointJsonMapper and management.endpoints.jackson.isolated-json-mapper #48115
• Document support for configuring servlet context init parameters using properties #48112
• Some configuration properties are not documented in the appendix #48095

... (truncated)

Commits

• 1c0e08b Release v4.0.0
• 3487928 Merge branch '3.5.x'
• 29b8e96 Switch make-default in preparation for Spring Boot 4.0.0
• 88da0dd Merge branch '3.5.x'
• 56feeaa Next development version (v3.5.9-SNAPSHOT)
• 3becdc7 Move server.error properties to spring.web.error
• 2b30632 Merge branch '3.5.x'
• 4f03b44 Merge branch '3.4.x' into 3.5.x
• 3d15c13 Next development version (v3.4.13-SNAPSHOT)
• dc140df Upgrade to Spring Framework 7.0.1
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-dependencies from 3.5.7 to 4.0.0

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v4.0.0

Full release notes for Spring Boot 4.0 are available on the wiki. There is also a migration guide to help you upgrade from Spring Boot 3.5.

⭐ New Features

• Change tomcat and jetty runtime modules to starters #48175
• Rename spring-boot-kotlin-serialization to align with the name of the Kotlinx module that it pulls in #48076

🐞 Bug Fixes

• Error properties are a general web concern and should not be located beneath server.* #48201
• With both Jackson 2 and 3 on the classpath, @JsonTest fails due to duplicate jacksonTesterFactoryBean #48198
• Gradle war task does not exclude starter POMs from lib-provided #48197
• spring.test.webclient.mockrestserviceserver.enabled is not aligned with its module's name #48193
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #48182
• Properties bound in the child management context ignore the parent's environment prefix #48177
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #48171
• Starter for spring-boot-micrometer-metrics is missing #48161
• Elasticsearch client's sniffer functionality should not be enabled by default #48155
• spring-boot-starter-elasticsearch should depend on elasticsearch-java #48141
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #48132
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #48128
• Properties for configuring an isolated JsonMapper or ObjectMapper are incorrectly named #48116
• Buildpack fails with recent Docker installs due to hardcoded version in URL #48103
• Image building may fail when specifying a platform if an image has already been built with a different platform #48099
• Default values of Kotlinx Serialization JSON configuration properties are not documented #48097
• Custom XML converters should override defaults in HttpMessageConverters #48096
• Kotlin serialization is used too aggressively when other JSON libraries are available #48070
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #48059
• Auto-configured JCacheMetrics cannot be customized #48057
• WebSecurityCustomizer beans are excluded by WebMvcTest #48055
• Deprecated EnvironmentPostProcessor does not resolve arguments #48047
• RetryPolicySettings should refer to maxRetries, not maxAttempts #48023
• Devtools Restarter does not work with a parameterless main method #47996
• Dependency management for Kafka should not manage Scala 2.12 libraries #47991
• spring-boot-mail should depend on jakarta.mail:jakarta.mail-api and org.eclipse.angus:angus-mail instead of org.eclipse.angus:jakarta.mail #47983
• spring-boot-starter-data-mongodb-reactive has dependency on reactor-test #47982
• Support for ReactiveElasticsearchClient is in the wrong module #47848

📔 Documentation

• Removed property spring.test.webclient.register-rest-template is still documented #48199
• Mention support for detecting AWS ECS in "Deploying to the Cloud" #48170
• Revise AWS section of "Deploying to the Cloud" in reference manual #48163
• Fix typo in PortInUseException Javadoc #48134
• Correct section about required setters in "Type-safe Configuration Properties" #48131
• Use since attribute in configuration properties deprecation consistently #48122
• Document EndpointJsonMapper and management.endpoints.jackson.isolated-json-mapper #48115
• Document support for configuring servlet context init parameters using properties #48112
• Some configuration properties are not documented in the appendix #48095

... (truncated)

Commits

• 1c0e08b Release v4.0.0
• 3487928 Merge branch '3.5.x'
• 29b8e96 Switch make-default in preparation for Spring Boot 4.0.0
• 88da0dd Merge branch '3.5.x'
• 56feeaa Next development version (v3.5.9-SNAPSHOT)
• 3becdc7 Move server.error properties to spring.web.error
• 2b30632 Merge branch '3.5.x'
• 4f03b44 Merge branch '3.4.x' into 3.5.x
• 3d15c13 Next development version (v3.4.13-SNAPSHOT)
• dc140df Upgrade to Spring Framework 7.0.1
• Additional commits viewable in compare view

Updates commons-validator:commons-validator from 1.10.0 to 1.10.1

Changelog

Sourced from commons-validator:commons-validator's changelog.

Apache Commons Validator 1.10.1 RELEASE NOTES

The Apache Commons Validator team is pleased to announce the release of Apache Commons Validator 1.10.1.

Apache Commons Validator provides the building blocks for both client-side and server-side data validation. It may be used standalone or with a framework like Struts.

This is a feature and maintenance release. Java 8 or later is required.

For complete information on Apache Commons Validator, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Validator website:

https://commons.apache.org/proper/commons-validator/

Download page: https://commons.apache.org/proper/commons-validator/download_validator.cgi

Changes in this version

Fixed Bugs

• VALIDATOR-502: Circular dependency in static initialization causes NullPointerException in GenericValidator.isCreditCard(). Thanks to Mark Miller, Gary Gregory.

Changes

•             Bump org.apache.commons:commons-parent from 85 to 92 [#361](https://github.com/apache/commons-validator/issues/361), [#370](https://github.com/apache/commons-validator/issues/370). Thanks to Gary Gregory, Dependabot.
  

•             Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.19.0 [#346](https://github.com/apache/commons-validator/issues/346). Thanks to Dependabot, Gary Gregory.
  

•             Bump org.apache.commons:commons-csv from 1.14.0 to 1.14.0. Thanks to Dependabot, Gary Gregory.
  

Historical list of changes: https://commons.apache.org/proper/commons-validator/changes.html

Enjoy! -Apache Commons Validator team

---

Commits

• 0290614 Prepare for the release candidate 1.10.1 RC1
• a94909f Inherit POM /scm from parent POM
• 0f072cd Prepare for the next release candidate
• b7ce69d Bump org.apache.commons:commons-parent from 91 to 92
• 4c9a066 Restore issueManagement/url (doesn't work for issue links, needs a
• 43b0964 Fix issue links in the generated site's release history page
• 63924bf Better action description
• b1d98fe Update site menu to match other components
• caf2693 Remove obsolete Ant section
• ddc5c65 Add security page
• Additional commits viewable in compare view

Updates org.springframework:spring-web from 6.2.12 to 7.0.1

Release notes

Sourced from org.springframework:spring-web's releases.

v7.0.1

⭐ New Features

• Align RestOperations Kotlin extensions nullability with Java one #35852
• Add resetCaches() method to Caffeine/ConcurrentMapCacheManager #35840
• Fix single-check idiom in UnmodifiableMultiValueMap #35822
• Fix Spliterator characteristics in ConcurrentReferenceHashMap #35817
• RestTestClient does not configure JsonPathAssertions in the same way as WebTestClient #35793

🐞 Bug Fixes

• Fix JdbcOperations Kotlin extensions #35846
• Fix getCacheNames() concurrent access in NoOpCacheManager #35842
• Annotation discovery regression for interfaces extending BeanNameAware and co. #35835
• MissingPathVariableException produces wrong status code in ProblemDetail #35829
• Refine ParameterizedPreparedStatementSetter nullability #35749
• Fix HtmlUtils unescape for supplementary chars #35477

📔 Documentation

• Fix cross-reference links in HtmlUnit sections #35853
• Remove @see Javadoc references to deprecated PropertiesBeanDefinitionReader #35836
• Replace kotlin-issues attribute reference #35820
• Document semantics and behavior of SpringExtension.getApplicationContext() #35764

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​juntae6942, @​kilink, @​ngocnhan-tran1996, and @​quaff

v7.0.0

🍃 Please read the official release notes and upgrade guide

⭐ New Features

• Make SessionHolder publicly accessible for external resource management #35799
• RouterFunctions Builders do not support ServerResponse subtypes #35791
• Configure Jackson CBOR codecs by default if present #35787
• Rename maxAttempts to maxRetries in @Retryable and RetryPolicy #35772
• Prevent Kotlin Serialization side effects #35761
• Add default API version to the list of supported versions #35755
• Improve user check in TransportHandlingSockJsService #35753
• Update ApiVersionDeprecationHandler to provide access to handler #35750
• Use dedicated classes for ApiVersionResolver implementations #35747
• Provide AOT support for @Nested classes in a @ParameterizedClass #35744
• AssertJ support for WebTestClient #35737
• Reject attempt to use @MockitoSpyBean with a scoped proxy #35722
• Provide a way to supply the client builder for an HttpServiceGroup #35707
• Review HttpMessageConverters.Builder to improve readability of code using the API #35704

... (truncated)

Commits

• b038beb Release v7.0.1
• abec289 Stop mentioning non-existent NestedServletException
• 3026f0a Lazily initialize ProblemDetail for picking up actual status code
• 9fe4e77 Fix link to MockMvc test in HtmlUnit section
• d178930 Polishing
• 91d2a51 Fix cross-reference links in HtmlUnit sections
• f456674 Polishing
• 35b8fbf Remove javadoc references to deprecated PropertiesBeanDefinitionReader
• 1d1851f Refine RestOperations Kotlin extensions nullability
• 23f0cfb Fix JdbcOperations Kotlin extensions
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-dependencies from 3.5.7 to 4.0.0

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v4.0.0

Full release notes for Spring Boot 4.0 are available on the wiki. There is also a migration guide to help you upgrade from Spring Boot 3.5.

⭐ New Features

• Change tomcat and jetty runtime modules to starters #48175
• Rename spring-boot-kotlin-serialization to align with the name of the Kotlinx module that it pulls in #48076

🐞 Bug Fixes

• Error properties are a general web concern and should not be located beneath server.* #48201
• With both Jackson 2 and 3 on the classpath, @JsonTest fails due to duplicate jacksonTesterFactoryBean #48198
• Gradle war task does not exclude starter POMs from lib-provided #48197
• spring.test.webclient.mockrestserviceserver.enabled is not aligned with its module's name #48193
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #48182
• Properties bound in the child management context ignore the parent's environment prefix #48177
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #48171
• Starter for spring-boot-micrometer-metrics is missing #48161
• Elasticsearch client's sniffer functionality should not be enabled by default #48155
• spring-boot-starter-elasticsearch should depend on elasticsearch-java #48141
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #48132
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #48128
• Properties for configuring an isolated JsonMapper or ObjectMapper are incorrectly named #48116
• Buildpack fails with recent Docker installs due to hardcoded version in URL #48103
• Image building may fail when specifying a platform if an image has already been built with a different platform #48099
• Default values of Kotlinx Serialization JSON configuration properties are not documented #48097
• Custom XML converters should override defaults in HttpMessageConverters #48096
• Kotlin serialization is used too aggressively when other JSON libraries are available #48070
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #48059
• Auto-configured JCacheMetrics cannot be customized #48057
• WebSecurityCustomizer beans are excluded by WebMvcTest #48055
• Deprecated EnvironmentPostProcessor does not resolve arguments #48047
• RetryPolicySettings should refer to maxRetries, not maxAttempts #48023
• Devtools Restarter does not work with a parameterless main method #47996
• Dependency management for Kafka should not manage Scala 2.12 libraries #47991
• spring-boot-mail should depend on jakarta.mail:jakarta.mail-api and org.eclipse.angus:angus-mail instead of org.eclipse.angus:jakarta.mail #47983
• spring-boot-starter-data-mongodb-reactive has dependency on reactor-test #47982
• Support for ReactiveElasticsearchClient is in the wrong module #47848

📔 Documentation

• Removed property spring.test.webclient.register-rest-template is still documented #48199
• Mention support for detecting AWS ECS in "Deploying to the Cloud" #48170
• Revise AWS section of "Deploying to the Cloud" in reference manual #48163
• Fix typo in PortInUseException Javadoc #48134
• Correct section about required setters in "Type-safe Configuration Properties" #48131
• Use since attribute in configuration properties deprecation consistently #48122
• Document EndpointJsonMapper and management.endpoints.jackson.isolated-json-mapper #48115
• Document support for configuring servlet context init parameters using properties #48112
• Some configuration properties are not documented in the appendix #48095

... (truncated)

Commits

• 1c0e08b Release v4.0.0
• 3487928 Merge branch '3.5.x'
• 29b8e96 Switch make-default in preparation for Spring Boot 4.0.0
• 88da0dd Merge branch '3.5.x'
• 56feeaa Next development version (v3.5.9-SNAPSHOT)
• 3becdc7 Move server.error properties to spring.web.error
• 2b30632 Merge branch '3.5.x'
• 4f03b44 Merge branch '3.4.x' into 3.5.x
• 3d15c13 Next development version (v3.4.13-SNAPSHOT)
• dc140df Upgrade to Spring Framework 7.0.1
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-test from 3.5.7 to 4.0.0

Release notes

Sourced from org.springframework.boot:spring-boot-starter-test's releases.

v4.0.0

Full release notes for Spring Boot 4.0 are available on the wiki. There is also a migration guide to help you upgrade from Spring Boot 3.5.

⭐ New Features

• Change tomcat and jetty runtime modules to starters

[dependabot]

Looks like these dependencies are no longer being updated by Dependabot, so this is no longer needed.