Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency org.springframework.boot:spring-boot to v3 (main) #32

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency org.springframework.boot:spring-boot to v3 (main) #32

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Oct 25, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
org.springframework.boot:spring-boot (source) compile major 2.1.4.RELEASE -> 3.2.11

By merging this PR, the issue #16 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
High High 7.8 CVE-2022-27772

Unreachable
Medium Medium 5.3 CVE-2022-22970

Unreachable
Medium Medium 4.3 CVE-2021-22060

Unreachable

By merging this PR, the issue #16 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
Critical Critical 9.8 CVE-2022-22965

Unreachable
Medium Medium 5.3 CVE-2022-22970

Unreachable

By merging this PR, the issue #16 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
Medium Medium 6.5 CVE-2022-22950

Unreachable
Medium Medium 6.5 CVE-2023-20861

Unreachable
Medium Medium 6.5 CVE-2023-20863

Unreachable
Medium Medium 5.3 CVE-2022-22968

Unreachable
Medium Medium 4.3 CVE-2024-38808

Unreachable
Low Low 3.1 CVE-2024-38820

Unreachable

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot)

v3.2.11

Compare Source

🐞 Bug Fixes
  • Case-insensitive comparisons may be adversely affected by the user's locale #​42719
  • DataSourceProperties#driverClassIsLoadable should not print a stacktrace to the error stream when it fails #​42681
  • Auto-configuration for Rabbit Streams doesn't consider RabbitConnectionDetails #​42489
  • ActiveMQ Artemis Connection Factory creation fails in native image #​42414
  • Duplicate meter binding when context contains multiple registries, none are primary, and one or more is a composite #​42396
  • Report produced by ConditionReportApplicationContextFailureProcessor is always empty in a failed test #​42185
📔 Documentation
  • Fix systemd example configuration #​42795
  • Polish javadoc for Binder#bindOrCreate(String, Class) #​42777
  • Remove stale link to jar-to-war getting started guide #​42691
  • Fix Regex javadoc links #​42645
  • Clarify why @Primary is recommended when defining your own ObjectMapper that replaces JacksonAutoConfiguration's #​42598
  • Remove links to Spring Data GemFire #​42575
  • Improve the javadoc describing when @ConditionalOn(Missing)Bean will infer the type to match #​42504
  • Polish documentation #​42445
  • Document how to handle MANIFEST.MF in native image with Maven #​42412
  • Document support for Java 23 #​42374
  • Remove note about graceful shutdown with Tomcat requiring 9.0.33 or later as we now require 10.1.x #​42373
  • Improve classpath index documentation for reproducible builds #​41265
  • Document how Map properties are bound from environment variables #​40936
  • Document that the exact behavior of the maximum HTTP request header size property is server-specific #​40798
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​IMWoo94, @​arefbehboudi, @​jeonghyeon00, @​ngocnhan-tran1996, @​nosan, and @​quaff

v3.2.10

Compare Source

🐞 Bug Fixes
  • management.health.db.ignore-routing-datasources=true has no effect when an AbstractRoutingDataSource has been wrapped #​42313
  • Missing details in OAuth2ClientProperties validation error message #​42278
  • FileNotFoundException from unused mis-configured SSL bundles #​42119
  • PropertiesMigrationListener wrongly reports property as deprecated when has group #​42068
  • Using an empty string MongoDB 'replica-set-name' property will result in ClusterType=REPLICA_SET #​42055
  • JarLauncher fails to load large jar files #​42012
  • @RestartScope can cause 'Recursive update' exceptions when used with container beans #​41571
📔 Documentation
  • Document that spring.jmx.enabled is not intended for third-party libraries #​42272
  • Update link to Log4j2 system properties #​42262
  • Links to GraphQL in the reference guide redirect to the root instead of specific sections #​42207
  • Fix links to Spring Data's reference documentation #​42203
  • Update documentation to reflect new no handler found exception behavior #​42164
  • Polish configuration property reference #​42162
  • Remove link to “Converting a Spring Boot JAR Application to a WAR” as the guide is no longer available #​42110
  • Improve documentation in "Command-line Completion" #​42091
  • Deprecation reason for the autotime enabled, percentiles, and percentiles-historgram properties is confusing #​41745
  • Document that configuration property binding to a Kotlin value class with a default is not supported #​41693
  • Replace RFC 7807 by RFC 9457 in property documentation #​41260
  • Explain difference between OTel agent and Micrometer instrumentations #​41227
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Alchemik, @​arefbehboudi, @​izeye, @​mushroom528, @​nosan, and @​quaff

v3.2.9

Compare Source

⭐ New Features
  • Add TWENTY_THREE to JavaVersion enum #​41710
🐞 Bug Fixes
  • When using WebFlux, server.error.include-binding-errors=ALWAYS no longer has an effect when the BindingResult exception is the cause of a ResponseStatusException #​41984
  • spring-boot-testcontainers causes unwanted container initialization during AOT processing #​41838
  • Extending DefaultErrorAttributes and overriding getErrorAttributes() gets called twice #​41732
  • PropertiesLauncher does not respect classpath.idx when adding jars in BOOT-INF/lib to the classpath #​41719
  • ReactiveElasticsearchRepositoriesAutoConfiguration should back off when Reactor is not on the classpath #​41672
  • Launcher's ClassLoader is no longer parallel capable #​41665
  • Using Gradle's new file permission API is implemented in a way that prevents removal of the old API #​41599
  • Constructor binding of EnumMap fails due to missing key type #​41550
  • Spring Boot Maven plugin AOT cannot handle Maven modules with module-info.java #​33383
  • Docker publishRegistry in Maven plugin configuration is validated when publish option is false #​29756
  • mvn spring-boot:build-image fails when 'classifier' is set to non-default value #​26721
📔 Documentation
  • Release type conditionals are not working in documentation #​41993
  • Harmonize code sample for MyUserHandler in reference documentation #​41948
  • Explain that enabling virtual threads disables traditional thread pools #​41937
  • Improve documented logging property descriptions and default values #​41933
  • Fix duplicate words #​41916
  • Javadoc of slice test annotations should describe more accurately which components are considered #​41914
  • Document when environment variable property mapping applies #​41877
  • Correct grammar in 'Running your Application with Maven' #​41868
  • Document the need to explicitly reset mock servers when using mock server customizers directly #​41848
  • Pulsar configuration does not have default value for several entries in the metadata #​41682
  • management.otlp.metrics.export.aggregation-temporality does not have a default value in the metadata #​41674
  • management.newrelic.metrics.export.client-provider-type does not have a default value in the metadata #​41666
  • "Use Spring Data repositories" How-to incorrectly refers to Repository annotations #​41625
  • Update link to documentation for log4j-spring-boot #​41612
  • Fix link to Flyway reference documentation #​41591
  • Document configuration property binding's support for using @Name to customize a property name #​41577
  • The effect upon Actuator of defining your own SecurityFilterChain is documented inconsistently #​41569
  • Document more clearly that username and password are not used when spring.data.redis.url is set #​41231
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​PiyalAhmed, @​Rajin9601, @​dreis2211, @​hyunmin0317, @​ivamly, @​lamtrinhdev, @​ngocnhan-tran1996, @​quaff, and @​ritzykey

v3.2.8

Compare Source

🐞 Bug Fixes
  • NPE during auto-configuration in OnClassCondition.resolveOutcomesThreaded because firstHalf is null #​41492
  • No configuration property for defaultTimeout setting that was introduced in Spring Integration 6.2 #​41477
  • NoSuchMethodException on org.apache.activemq.ActiveMQConnectionFactory.<init> when using spring-boot-starter-activemq in a native image #​41212
  • build-image failures after docker desktop update with 'Illegal char <:> at index 5: npipe:////' #​41199
  • DirtiesContext used with Webflux, a random port and multiple contexts causes multiple contexts to misbehave #​38199
  • When using Jetty, filters, listeners, and servlets are not initialized with the same thread context classloader #​37649
  • Error message can be misleading if spring.config.import fails to resolve #​36243
  • TestcontainersLifecycleBeanPostProcessor does not work correctly with scoped beans #​35786
  • PropertiesMigrationListener wrongly reports property as deprecated #​35774
📔 Documentation
  • Fix documentation links in the README #​41547
  • Document the types to which each spring.mvc.format and spring.webflux.format property applies #​41482
  • Fix typos in javadoc of BootstrapContext #​41443
  • Document that logging.file.name and logging.file.path cannot be used together #​41351
  • Document tracing support for RestClient #​41182
  • Update Kotlin DSL examples that configure the environment of bootBuildImage to be additive #​41173
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​jxblum, @​mateusscheper, and @​sdeleuze

v3.2.7

Compare Source

🐞 Bug Fixes
  • SQL Server JDBC URL is malformed after adding org.springframework.boot.jdbc.parameters label #​41146
  • Git instant properties cannot be coerced following git-commit-id Maven plugin upgrade #​41109
  • MongoHealthIndicator not compliant with Mongo stable API with strict setting #​41101
  • DataSourceProperties fail to bind if java.sql module isn't included #​41082
  • Image building requires builder to specify a stack #​41046
  • IllegalArgumentException when trying to use Tomcat's HttpNio2Protocol with Spring Boot-configured SSL #​41007
  • Uber jar fails to start when it contains a dependency with Multi-Release: true in its manifest and unexpected file entries in META-INF/versions #​41001
  • buildInfo does not work with Gradle 8.7 or later when the configuration cache is enabled #​40911
  • The auto-configured reactiveNeo4jTransactionManager may cause a failure due to multiple TransactionManager beans #​40895
  • Flyway auto-configuration does not work with Flyway 10 when using GraalVM #​40821
  • Image building hangs when builder and buildpack are configured #​40697
  • Spring Boot remote restart with devtools causes 'factory already defined' Tomcat error when running with 'java -jar' #​39733
  • JSP-related resources may not be found in an executable war file when using Jetty #​39472
  • Excluding status code from DefaultErrorAttributes throws NPE #​30011
📔 Documentation
  • Document more precisely how a Container's Docker image name is used to find the matching service connection #​41111
  • Fix typos in javadoc of MockServerRestClientCustomizer and MockServerRestTemplateCustomizer #​41052
  • Improve readability when listing three pillars of observability #​41051
  • Fix typos in method names and javadoc #​40971
  • Warn in the documentation that spring.profiles.group can only be used in non-profile-specific documents #​40918
  • Add Kotlin example for @Testcontainers #​40905
  • Fix various minor inconsistencies of the documentation #​40900
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​MazizEsa, @​PiyalAhmed, @​asashour, @​cmabdullah, @​donghoony, @​erie0210, @​mateusscheper, @​quaff, and @​vsanna

v3.2.6

Compare Source

🐞 Bug Fixes
  • Image building fails during cleanup when bind mount has read-only content #​40760
  • Failure Analysis for InvalidConfigurationPropertyValueException is skipped when the property is not set #​40690
  • setReadTimeout can't be set via Reflective factory on JettyClientHttpRequestFactory #​40635
  • URISyntaxException is raised if the spring boot application is started in a location that contains invalid URI characters #​40615
  • Help information for spring init's build option has the wrong default #​40605
  • When using JPA and ImportTestcontainers, test context may fail to refresh due to "Mapped port can only be obtained after the container is started" #​40585
  • IllegalArgumentException can be thrown when running an uber jar on a shared drive #​40549
  • spring-boot-dependencies cannot be used with repositories that ban com.oracle.database.jdbc:ojdbc-bom #​40534
  • SpringBootMockMvcBuilderCustomizer can crash cryptically while collecting data that it would have discarded anyway #​40516
  • Containers not shut down between tests when using .withReuse(true) but env. does not support reuse (e.g. CI builds) #​40508
  • Pulsar auth parameters don't properly encode JSON values #​40493
  • Runtime hint registration for property binding should not fail when parameter information is unavailable #​40485
  • ServiceLevelObjectiveBoundary properties cannot be bound in a native image application #​40482
  • spring.data.redis.cluster.nodes and spring.data.redis.sentinel.nodes do not handle IPv6 addresses correctly #​40466
  • Using relative paths to describe the classpath in the error message from ResolveMainClassName hinders problem diagnosis #​40464
  • Native image doesn't start and doesn't log anything if an environment post processor throws an exception #​40450
  • Unlike DataSourceAutoConfiguration, DevToolsDataSourceAutoConfiguration assumes that javax.sql.DataSource will always be available #​40440
  • Starting from 3.2.x, @SpyBean is not able to initialise MongoRepository bean of the generic type #​40234
  • AnsiOutput.detectIfAnsiCapable broken on JDK22 #​40172
  • Buildpacks do not support Docker with containerd image store #​40100
  • resolveMainClassName fails when building with Gradle using Java 22 #​40074
  • server.error.include-binding-errors does not recognize MethodValidationResult exceptions #​39865
  • JarUrlConnection.getPermission() can throw NullPointerException if jarFileConnection is null #​39856
  • gradlew bootBuildImage fails with Podman on macOS Sonoma #​39830
  • CookieSameSiteSupplier influences session cookie #​39766
  • Auto-configuration ordering change breaks DocumentReference (in non-reactive MongoTemplate) when depending on mongodb-driver-reactivestreams #​39405
  • Properties binding eagerly creates superfluous maps #​39375
  • Configuring SSL bundle reload for non-file resource types causes errors that are difficult to diagnose #​38903
  • In some situations, the failure when the AOT-generated initializer cannot be loaded is less helpful than before #​38645
📔 Documentation
  • Improve graceful shutdown documentation to remove ambiguity #​40845
  • Document ways to opt out from immutable @ConfigurationProperties binding with single constructor #​40843
  • Document that a custom HttpMessageConverters bean can be used to reorder json message converters when needed #​40838
  • Address ambiguity now that Testcontainers has two classes named KafkaContainer #​40699
  • Clarify devtools restart class loader #​40607
  • Note that spring-boot-docker-compose is excluded by default from packaged jars #​40564
  • Clarify docs around spring.jpa.generate-ddl #​40522
  • Clarify the directory that's used by default to find Docker Compose compose.yaml #​40514
  • Clarify that all named properties must match for @ConditionalOnProperty to match #​40470
  • Links to Spring Batch javadoc for EnableBatchProcessing and DefaultBatchConfiguration are broken #​40468
  • Suggest testAndDevelopmentOnly configuration when using Docker Compose support in tests #​40171
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​PiyalAhmed, @​chaewss, @​coursar, @​dependabot[bot], @​dsyer, @​dukbong, @​facewise, @​izeye, @​onobc, @​quaff, @​snicoll, @​tobi-laa, and @​yokotaso

v3.2.5

Compare Source

🐞 Bug Fixes
  • BindValidationFailureAnalyzer uses wrong target #​40364
  • Log4j2LoggingSystem pollutes Log4j2's environment with a SpringEnvironmentPropertySource that is never removed #​40326
  • When using Maven, configuring the spring-boot.excludes or spring-boot-includes user properties causes the build to fail with "Cannot find default setter" #​40323
  • @ServletComponentScan does not register servlet components in a mock web environment #​40321
  • Loading of custom deny-all filter can cause a StackOverflowError when deploying to Tomcat with Log4j2 configured to use a single JVM-wide logger context #​40312
  • Jetty support doesn't set virtual thread name #​40152
  • Executable JAR application startup is slower after 3.2.0 when Hibernate scanner is not disabled #​40125
  • NoClassDefFoundError can be thrown from LaunchedClassLoader when threads are interrupted #​40096
📔 Documentation
  • Producible's javadoc has the wrong link text for @WriteOperation and @DeleteOperation #​40386
  • Clarify requirements for -parameters and constructor binding #​40157
🔨 Dependency Upgrades

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Oct 25, 2024
@mend-for-github-com mend-for-github-com bot changed the title Update dependency org.springframework.boot:spring-boot to v3 (main) Update dependency org.springframework.boot:spring-boot to v3 (main) - autoclosed Jan 24, 2025
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/main-org.springframework.boot-spring-boot-3.x branch January 24, 2025 00:15
@mend-for-github-com mend-for-github-com bot changed the title Update dependency org.springframework.boot:spring-boot to v3 (main) - autoclosed Update dependency org.springframework.boot:spring-boot to v3 (main) Jan 24, 2025
@mend-for-github-com mend-for-github-com bot reopened this Jan 24, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/main-org.springframework.boot-spring-boot-3.x branch from eae10d6 to e486c21 Compare January 24, 2025 12:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants