chore(deps): bump the all-dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the all-dependencies group with 9 updates in the / directory:

Package	From	To
org.eclipse.jetty:jetty-bom	12.0.32	12.1.9
com.fasterxml.jackson:jackson-bom	2.21.2	2.21.3
org.junit.jupiter:junit-jupiter	6.0.3	6.1.0
ch.qos.logback:logback-classic	1.5.32	1.5.33
ch.qos.logback:logback-core	1.5.32	1.5.33
org.apache.maven.plugins:maven-surefire-plugin	3.2.5	3.5.6
com.diffplug.spotless:spotless-maven-plugin	3.3.0	3.6.0
org.springframework.boot:spring-boot-dependencies	3.4.5	4.0.6
org.springframework.boot:spring-boot-maven-plugin	3.4.5	4.0.6

Updates org.eclipse.jetty:jetty-bom from 12.0.32 to 12.1.9

Release notes

Sourced from org.eclipse.jetty:jetty-bom's releases.

12.1.9

Changelog

• #14972 - Jetty 12.1.8 jetty-home has lib/*-config.jar files
• #14913 - Upgrade to Quiche version 0.28.0
• #14870 - Refactor compliance checks
• #14853 - CombinedResource.getRealURI() returns null when multiple members exist, causing 404 for all static resources
• #14846 - NPE in MimeTypes$Mutable.getMimeByExtension on startup with web-fragment with mime mapping
• #14824 - FileSystemPool doesn't always own its filesystems
• #14821 - Websocket IllegalStateException ('Demand already fulfilled') since Jetty 12.1
• #14805 - HTTP/3 server crashes on quiche_header_info
• #14646 - Regression in Jetty 12.1: Invalid UTF-8 exception for application/x-www-form-urlencoded; charset=iso-8859-1
• #14564 - Jetty 12.1.x TLS connections hang after several requests with internal HTTPS self-requests
• #14541 - Jetty HTTP Client - setMaxRequestHeadersSize resulting in java.lang.OutOfMemoryError
• #14196 - Using passivation with eviction: HttpServletRequest.getSession() may return null due to race-condition
• #12110 - Request Authority checks needed
• #8876 - Jetty 12 - JMX-ify HttpContent.Factory implementations

12.1.8

Special Thanks to the following Eclipse Jetty community members

• @​afarber (Alexander Farber)

Changelog

• 14757 Fixes for JASPI isMandatory, authType and isAuthenticationRequest params - Addresses CVE-2026-5795
• #14752 - Jetty 12.1 Violation of RFC9113 with Host and :authority headers
• #14747 - Revert usage of SLF4J2 fluent APIs
• #14732 - possible race condition in jetty 12.x code
• #14694 - Sync jetty-ee11 with jetty-ee10
• #14689 - ThreadIdPool.take() bottlenecks QueuedThreadPool.tryExecute()
• #14687 - Destinations don't keep track of redirections.
• #14685 - CachingHttpContentFactory#getContent may return null if httpContent size is not set
• #14651 - Retain negative Max-Age cookie attribute
• #14494 - Review use of CharsetStringBuilder subclasses
• #14431 - ServletContainerInitializers are always excluded when used with absolute-ordering
• #14332 - Complete mess with idleTimeout
• #13685 - Infinite loop on Content.copy() with Content.Source.from(... , Path, ) when Path has size 0.
• #13513 - Make MemoryEndPoint use RBB.DynamicCapacity (@​afarber)
• #10906 - Add Slf4j ConsoleRequestLog (JettySlf4jRequestLog) module

12.1.7

Special Thanks to the following Eclipse Jetty community members

• @​afarber (Alexander Farber)

Changelog

... (truncated)

Commits

• b1fb145 Updating to version 12.1.9
• 6ca6c9a Fixes #14564 - Jetty 12.1.x TLS connections hang after several requests with ...
• 98524be Fixes #14541 - Jetty HTTP Client - setMaxRequestHeadersSize resulting in java...
• d0c3b5f Fixes #14972 - Jetty 12.1.8 jetty-home has lib/*-config.jar files
• 3e5a4da Fixes #12110 - Request Authority checks needed. (#14970)
• 650e6f6 Merge pull request #14969 from jetty/fix/jetty-12.1.x/UriUtilCleanup
• ade27ce Various cleanups for URIUtil
• b4fafbc Issue #14196 fix race in session eviction
• 87bc532 Fix imports in DispatcherTest
• cb8fceb Fixed newlines in the expected response.
• Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3

Commits

• 374fbd0 [maven-release-plugin] prepare release jackson-bom-2.21.3
• 7059df7 Prep for 2.21.3 release
• 2fd60bd Merge branch '2.20' into 2.21
• b82a364 Merge branch '2.19' into 2.20
• ef4e013 Merge branch '2.18' into 2.19
• 536ae51 Post-release dep version bump
• 536c533 [maven-release-plugin] prepare for next development iteration
• 426b778 [maven-release-plugin] prepare release jackson-bom-2.18.7
• a73cda9 Prep for 2.18.7 release
• 76b4a05 Post-release dep version bump
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter from 6.0.3 to 6.1.0

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 6.1.0 = Platform 6.1.0 + Jupiter 6.1.0 + Vintage 6.1.0

See Release Notes.

New Contributors

• @​JarvisCraft made their first contribution in junit-team/junit-framework#5633
• @​Maran23 made their first contribution in junit-team/junit-framework#5644

Full Changelog: junit-team/junit-framework@r6.0.3...r6.1.0

JUnit 6.1.0-RC1 = Platform 6.1.0-RC1 + Jupiter 6.1.0-RC1 + Vintage 6.1.0-RC1

See Release Notes.

New Contributors

• @​mariokhoury4 made their first contribution in junit-team/junit-framework#4574
• @​Ogu1208 made their first contribution in junit-team/junit-framework#5145
• @​HyungGeun94 made their first contribution in junit-team/junit-framework#5271
• @​yalishevant made their first contribution in junit-team/junit-framework#5316
• @​JINU-CHANG made their first contribution in junit-team/junit-framework#5290
• @​jaschdoc made their first contribution in junit-team/junit-framework#5427
• @​kawshikbuet17 made their first contribution in junit-team/junit-framework#5561
• @​msridhar made their first contribution in junit-team/junit-framework#5602

Full Changelog: junit-team/junit-framework@r6.1.0-M1...r6.1.0-RC1

JUnit 6.1.0-M1 = Platform 6.1.0-M1 + Jupiter 6.1.0-M1 + Vintage 6.1.0-M1

See Release Notes.

New Contributors

• @​vy made their first contribution in junit-team/junit-framework#5041
• @​Pankraz76 made their first contribution in junit-team/junit-framework#5006
• @​arukiidou made their first contribution in junit-team/junit-framework#5066
• @​laeubi made their first contribution in junit-team/junit-framework#5092
• @​jihun4452 made their first contribution in junit-team/junit-framework#5088
• @​TWiStErRob made their first contribution in junit-team/junit-framework#5133

Full Changelog: junit-team/junit-framework@r6.0.0...r6.1.0-M1

Commits

• 0dc3af1 Release 6.1.0
• 1d13002 Prepare 6.1.0 release notes
• 072b217 Update plugin spotless to v8.5.0 (#5668)
• 3a53480 Update Gradle to v9.5.1 (#5666)
• 0e18a20 Update zizmorcore/zizmor-action action to v0.5.4 (#5669)
• 0a2634f Update github/codeql-action action to v4.35.5 (#5671)
• 4dbd556 Restructure workflows to have single "status" job (#5670)
• f2194ce Increase timeout to reduce flakiness
• 5c8fdd2 Update dependency org.apache.groovy:groovy to v5.0.6 (#5659)
• 43c6982 Update dependency org.slf4j:slf4j-jdk14 to v2.0.18 (#5667)
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.32 to 1.5.33

Commits

• 124e8b4 prepare release 1.5.33
• d8fd6f2 escapeTags in message field when printing status messages
• 95edbeb hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...
• b768a96 remove spurious java.swing.* import
• 12cf2c5 classes in java.lang and java.util are now whitelisted individually
• e9133ed fix typo
• 47089a2 added Filip Egeric icla
• 85735f7 Modified ConversionRuleAction.java: Updated validPreconditions() to
• 614f7a7 the official name for initial instructions file foe coding agents is AGENTS.md
• fe50bb5 fix: do not warn when both converterClass and class attributes are specified ...
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.5.32 to 1.5.33

Commits

• 124e8b4 prepare release 1.5.33
• d8fd6f2 escapeTags in message field when printing status messages
• 95edbeb hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...
• b768a96 remove spurious java.swing.* import
• 12cf2c5 classes in java.lang and java.util are now whitelisted individually
• e9133ed fix typo
• 47089a2 added Filip Egeric icla
• 85735f7 Modified ConversionRuleAction.java: Updated validPreconditions() to
• 614f7a7 the official name for initial instructions file foe coding agents is AGENTS.md
• fe50bb5 fix: do not warn when both converterClass and class attributes are specified ...
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.5.32 to 1.5.33

Commits

• 124e8b4 prepare release 1.5.33
• d8fd6f2 escapeTags in message field when printing status messages
• 95edbeb hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...
• b768a96 remove spurious java.swing.* import
• 12cf2c5 classes in java.lang and java.util are now whitelisted individually
• e9133ed fix typo
• 47089a2 added Filip Egeric icla
• 85735f7 Modified ConversionRuleAction.java: Updated validPreconditions() to
• 614f7a7 the official name for initial instructions file foe coding agents is AGENTS.md
• fe50bb5 fix: do not warn when both converterClass and class attributes are specified ...
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.6

🚀 New features and improvements

• Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

• Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_socket at address' is not displayed anymore when using maven.surefire.debug (#3353) (#3354) @​olamy
• Ensure that the statistics filename is calculated only once. (#3326) (#3327) @​olamy
• Add flakes attribute to use in testsuite report (#3306) (#3308) @​olamy
• [BACKPORT 3.5.x] [SUREFIRE-2049] - Fix SHUTDOWN type lost during command serialization. (#3270) (#3289) @​olamy
• fix: null guard for context map (#3269) (#3272) @​olamy

👻 Maintenance

• 3.5.x/bug/cherry pick embedded mode its (#3328) @​olamy
• Use surefire 3.5.5 by project itself for testing (#3324) @​slawekjaranowski
• Follow Oracle javadoc guidelines (#3177) @​elharo

📦 Dependency updates

• Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#3334) @dependabot[bot]
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#3350) @dependabot[bot]

3.5.5

🚀 New features and improvements

• Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @​olamy
• Pass slf4j context to spawned thread (#3241) @​scottrw93
• [SUREFIRE-3239] - allow override of statistics file checksum (#3247) @​XN137
• Reduce log level for skipped tests result to info (#3232) @​strangelookingnerd

🐛 Bug Fixes

• Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
• Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

• Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

• Fix Jenkin badges in README (#3254) @​slawekjaranowski
• Use JUnit5 in failsafe ITs (#3251) @​slawekjaranowski
• Remove long-deprecated unused encoding property from VerifyMojo (#3198) @​Tomlincoln
• Add IT and deal with corner cases of handling beforeAll failures (#3200) @​Frawless
• Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @​Frawless

... (truncated)

Commits

• 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
• e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
• dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
• 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
• 2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
• 0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
• 04ad9a2 Use surefire 3.5.5 by project itself for testing
• 37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
• a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
• e838393 deploy 3.5.x branch to nexus
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.3.0 to 3.6.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.6.0

Added

• Add <cacheDirectory> to <eclipse>, <greclipse>, and <eclipseCdt> for the Equo/Solstice P2 cache. (#2944)
• EclipseJdtFormtterStep now can conditionally set compiler source/compliance options. Allows for better parsing of AST Node for newer language features and more correct sorting; e.g. records or seal classes. (#2942)

Fixed

• <versionCatalog> no longer splits long inline tables across multiple lines — Gradle's TOML 1.0 parser cannot read multi-line inline tables. The maxLineLength option has been removed. (#2948)
• spotless:apply no longer aborts on the first file with lints; it now formats all files and reports a single aggregated lint failure across every file, matching the Gradle plugin's behavior. (#2937)
• <greclipse> and <eclipseCdt> now default P2 data to the Maven local repository. (#2944)
• forbidWildcardImports and forbidModuleImports now detect imports that have leading whitespace (indentation/tabs). (#2939)

Changes

• Improved formatting performance by eliminating redundant per-step line-ending normalization in the core formatter loop. (#2934)

Maven Plugin v3.5.1

Fixed

• <licenseHeader> with <yearMode>SET_FROM_GIT</yearMode> no longer runs git log through a shell, eliminating a shell-injection vector when formatting files whose names contain shell metacharacters.
• Bump transitive plexus-utils 4.0.2 -> 4.0.3 to address CVE-2025-67030. (#2919)

Maven Plugin v3.5.0

Added

• <scalafmt> now reads the version from the version field in the scalafmt config file when no <version> is explicitly set, falling back to the built-in default only if neither is available. (#2922)
• Add <toml> format type with <versionCatalog> step for formatting and sorting Gradle version catalog files. (#2916)
• Add <javaparserVersion> option to <cleanthat>, allowing users to override the JavaParser version pulled in transitively by Cleanthat. (#2903)
• Add a expandWildcardImports API for java (#2829)

Fixed

• Preserve case of JDBI named bind params that collide with SQL keywords (e.g. :limit, :offset) in the DBeaver SQL formatter. (#2899)
• The -Dspotless.ratchetFrom=... user property now takes priority over <ratchetFrom> configured in the plugin or in individual formatters, instead of being overridden by them. (#2896, fixes #2842)
• Fix non-idempotent formatting when importOrder() is combined with greclipse(): a single catch-all group no longer strips blank lines that greclipse() independently inserted between import groups. (#2914)

Changes

• Fix expandWildcardImports failing on JDK XML types such as org.xml.sax.InputSource. (#2921)
• Use Eclipse JDT's collator-based comparison when sorting Java members to better match Eclipse save actions. (#2920)
• Bump default cleanthat version 2.24 -> 2.25. (#2903)
• Bump default eclipse-jdt version from 4.35 to 4.39. (#2912)

Maven Plugin v3.4.0

Added

• Add tableTest format type for standalone .table files. (#2880)

Changes

• Bump default tabletest-formatter version 1.0.1 -> 1.1.1, now works with Java 17+. (#2880)

Lib v3.3.1

Fixed

• GitPrePushHookInstaller didn't work on windows, now fixed. (#2562)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

spotless-lib and spotless-lib-extra releases

If you are a Spotless user (as opposed to developer), then you are probably looking for:

• https://github.com/diffplug/spotless/blob/main/plugin-gradle/CHANGES.md
• https://github.com/diffplug/spotless/blob/main/plugin-maven/CHANGES.md

This document is intended for Spotless developers.

We adhere to the keepachangelog format (starting after version 1.27.0).

[Unreleased]

[4.6.2] - 2026-05-27

Fixed

• P2Provisioner now passes cache directory overrides directly to Solstice. (#2944)
• forbidWildcardImports and forbidModuleImports now detect imports that have leading whitespace (indentation/tabs). (#2939)
• versionCatalog step no longer splits long inline tables across multiple lines — Gradle's TOML 1.0 parser cannot read multi-line inline tables. The maxLineLength option has been removed. (#2948)

Changes

• EclipseJdtFormtterStep now can conditionally set compiler source/compliance options. Allows for better parsing of AST Node for newer language features and more correct sorting; e.g. records or seal classes. (#2942)
• Formatter no longer recomputes line-ending normalization (LineEnding.toUnix) a second time for every formatter step that changes content, removing redundant O(n) work from the core formatting loop. (#2934)
• expandWildcardImports support pom type dependency. (#2839)

[4.6.1] - 2026-05-15

Fixed

• LicenseHeaderStep in SET_FROM_GIT year mode no longer invokes git log through bash -c / cmd /c, eliminating a shell-injection vector when processing repositories that contain files whose names include shell metacharacters.

[4.6.0] - 2026-05-14

Added

• scalafmt() now reads the version from the version field in the scalafmt config file when no version is explicitly set in the plugin config, falling back to the built-in default only if neither is available. (#2922)
• Add versionCatalog step for formatting and sorting Gradle version catalog (.toml) files. (#2916)
• Add javaparserVersion option to the Cleanthat step, allowing callers to override the JavaParser version pulled in transitively by Cleanthat. (#2903)

Fixed

• Preserve case of JDBI named bind params that collide with SQL keywords (e.g. :limit, :offset) in the DBeaver SQL formatter. (#2899)
• Fix non-idempotent formatting when importOrder() is combined with greclipse(): a single catch-all group no longer strips blank lines that greclipse() independently inserted between import groups. (#2914)

Changes

• Fix expandWildcardImports failing on JDK XML types such as org.xml.sax.InputSource. (#2921)
• Use Eclipse JDT's collator-based comparison when sorting Java members to better match Eclipse save actions. (#2920)
• Bump default cleanthat version 2.24 -> 2.25. (#2903)
• Bump default eclipse-jdt version from 4.35 to 4.39. (#2912)

[4.5.0] - 2026-03-18

Added

• Add tableTest format type for standalone .table files. (#2880)

Changes

• Bump default tabletest-formatter version 1.0.1 -> 1.1.1, now works with Java 17+. (#2880)

[4.4.0] - 2026-03-02

Added

• Add tabletest-formatter support for Java and Kotlin. (#2860)

... (truncated)

Commits

• 71a433c Published maven/3.6.0
• 3a0f101 Published gradle/8.6.0
• 007e9d8 Published lib/4.6.2
• a074d53 Allow setting the local P2 cache dir in the Spotless Gradle plugin (#2944)
• a266fc2 Merge branch 'main' into add-cache-directory-dsl
• e0d466e Fix: sort members treats record declarations as types (#2942)
• 3936b6f Merge branch 'main' into main
• 278765f fix: expandWildcardImports support pom type dependency, fix #2839 (#2935)
• a18ddec Remove maxLineLength from versionCatalog step (#2949)
• b91ad87 Add changelog entries for versionCatalog maxLineLength removal
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-dependencies from 3.4.5 to 4.0.6

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v4.0.6

🐞 Bug Fixes

• Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
• Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
• ApplicationPidFileWriter does not handle symlinks correctly #50185
• RandomValuePropertySource is not suitable for secrets #50183
• Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
• ApplicationTemp does not handle symlinks correctly #50178
• Remote DevTools performs comparison incorrectly #50176
• spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
• Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
• Classic starters are missing several modules #50071
• Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
• Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
• EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
• WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
• Imports on a containing test class are ignored when a nested class has imports #50012
• With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
• 500 response from env endpoint when supplied pattern is invalid #49946
• Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
• HTTP method is lost when configuring excludes in EndpointRequest #49943
• Honor HttpMethod for reactive additional endpoint paths #49880
• Docker Compose support doesn't work with apache/artemis image #49869
• Docker Compose support doesn't work with apache/activemq image #49866
• Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
• API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

• Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
• HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
• Link to the observability section of the Lettuce documentation is broken #50097
• Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
• MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
• Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
• Link to the Kubernetes documentation when discussing startup probes #50015
• Typo in JdbcSessionAutoConfiguration Javadoc #49873
• Clarify that configuration property default values are not available through the Environment #49851
• Document the need for Liquibase and Flyway starters #49839
• Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

• Upgrade to Elasticsearch Client 9.2.8 #50027
• Upgrade to Groovy 5.0.5 #49911
• Upgrade to Hibernate 7.2.12.Final #50134
• Upgrade to Jackson Bom 3.1.2 #50051
• Upgrade to Jaxen 2.0.1 #50104
• Upgrade to Jaybird 6.0.5 #49914

... (truncated)

Commits

• 8821ad2 Release v4.0.6
• 9e4048a Merge branch '3.5.x' into 4.0.x
• 20bb11c Next development version (v3.5.15-SNAPSHOT)
• 98daa8e Merge branch '3.5.x' into 4.0.x
• 9dc5aa2 Polish
• 874f629 Fix default security with actuator but without health
• e41b3bf Enable hostname verification for SSL connections to Elasticsearch
• ef8527b Merge branch '3.5.x' into 4.0.x
• f533a45 Do not follow symlinks when writing PID file
• 4a7bd33 Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-maven-plugin from 3.4.5 to 4.0.6

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v4.0.6

🐞 Bug Fixes

• Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
• Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
• ApplicationPidFileWriter does not handle symlinks correctly #50185
• RandomValuePropertySource is not suitable for secrets #50183
• Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
• ApplicationTemp does not handle symlinks correctly #50178
• Remote DevTools performs comparison incorrectly #50176
• spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
• Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
• Classic starters are missing several modules #50071
• Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
• Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
• EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
• WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
• Imports on a containing test class are ignored when a nested class has imports #50012
• With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
• 500 response from env endpoint when supplied pattern is invalid #49946
• Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
• HTTP method is lost when configuring excludes in EndpointRequest #49943
• Honor HttpMethod for reactive additional endpoint paths #49880
• Docker Compose support doesn't work with apache/artemis image #49869
• Docker Compose support doesn't work with apache/activemq image #49866
• Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
• API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

• Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
• HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
• Link to the observability section of the Lettuce documentation is broken #50097
• Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
• MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
• Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
• Link to the Kubernetes documentation when discussing startup probes #50015
• Typo in JdbcSessionAutoConfiguration Javadoc #49873
• Clarify that configuration property default values are not available through the Environment #49851
• Document the need for Liquibase and Flyway starters #49839
• Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

• Upgrade to Elasticsearch Client 9.2.8 #50027
• Upgrade to Groovy 5.0.5 #49911
• Upgrade to Hibernate 7.2.12.Final #50134
• Upgrade to Jackson Bom 3.1.2 #50051
• Upgrade to Jaxen 2.0.1 #50104
• Upgrade to Jaybird 6.0.5...

  Description has been truncated