Skip to content

Update org.springframework.boot to v4 (major) #213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
xdev-renovate wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Update org.springframework.boot to v4 (major) #213

xdev-renovate wants to merge 1 commit into from

Conversation

@xdev-renovate
Copy link
Member

@xdev-renovate xdev-renovate commented Nov 21, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
org.springframework.boot:spring-boot-starter-security (source) provided major 3.5.64.0.1
org.springframework.boot:spring-boot-starter-web (source) provided major 3.5.64.0.1
org.springframework.boot:spring-boot-maven-plugin (source) build major 3.5.64.0.1
org.springframework.boot:spring-boot-dependencies (source) import major 3.5.64.0.1

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-security)

v4.0.1

Compare Source

⚠️ Noteworthy changes
  • Hibernate has been upgraded to 7.2.0.Final in response to Hibernate 7.1 moving to limited support
  • spring-boot-starter-kotlin-serialization has been renamed to to spring-boot-starter-kotlinx-serialization-json and spring-boot-starter-kotlin-serialization-test has been renamed to spring-boot-starter-kotlinx-serialization-json-test. This change aligns the starters' names with those of their respective modules
  • Using TestRestTemplate now requires a dependency on spring-boot-restclient
🐞 Bug Fixes
  • JsonMixinModuleEntriesBeanRegistrationAotProcessor does not handle deprecated code #​48564
  • JdbcSessionAutoConfiguration may not match when using the auto-configured DataSource #​48552
  • @ServiceConnection for LgtmStackContainer fails when logging endpoint is configured due to multiple OtlpLoggingConnectionDetails beans #​48536
  • WebApplicationType does not consider modules when deduced from classpath #​48517
  • Spring Session auto-configuration fails in a war deployment as ServerProperties is not available #​48493
  • Opentelemetry logging export requires actuator module #​48488
  • RabbitHealthIndicator reports an error when version is missing from the connection's server properties #​48487
  • Actuator Info class has inconsistent nullability annotations and cannot be built with null value #​48480
  • Profiles retained during AOT processing are not configured in a native image #​48476
  • Security matchers and WebServerNamespace resolution can fail with NoClassDefFoundError when used in a traditional WAR deployment #​48388
  • HealthEndpointGroupMembershipValidator does not consider reactive health indicators causing NoSuchHealthContributorException to be thrown #​48387
  • spring.jackson.default-property-inclusion is not applied to content inclusion #​48343
  • TestRestTemplate.getRootUri() returns empty string #​48330
  • Redis health check reports an error when redis_version is missing from the INFO response #​48328
  • Parent's MeterRegistry beans are closed when child context closes #​48325
  • HttpMessageConverters picks up converter beans for both client and server #​48310
  • Conditions to auto-configure a RestClient are outdated with the modularization #​48308
  • A custom JwtTypeValidator that replaces the default can no longer be configured #​48301
  • PropertiesRestClientHttpServiceGroupConfigurer has highest precedence, preventing other configurers from being ordered ahead of it #​48296
  • SpringBootTest.UseMainMethod.WHEN_AVAILABLE and ALWAYS are incompatible with package-private or parameter-less main method #​48275
  • Conditions to auto-configure RestClient-based HTTP service clients are outdated with the modularization #​48274
  • Starter for Kotlinx Serialization Json is misnamed #​48262
  • ApplicationServletEnvironment is no longer configured in war deployments #​48254
  • RestClient.Builder bean present in @SpringBootTest due to spring-boot-starter-webmvc-test, but missing at runtime without restclient starter #​48253
  • ProblemDetail is rendered to XML incorrectly #​48222
📔 Documentation
  • Harmonize Kotlin example for HTTP Service client support #​48577
  • Document HttpMessageConverters detection changes in 4.0.1 #​48574
  • Improve javadoc for when to use class names rather than class references #​48569
  • Documentation has an outdated reference to the Jackson Kotlin Module #​48534
  • Caching documentation should clarify how to use a no-op implementation to run a test suite #​48532
  • Document that the default rolling policy for Log4j2 requires logging.file.path to be set #​48527
  • Review documentation and migration guide about changes in @AutoConfigureCache #​48522
  • License header in build samples is displayed in the reference documentation #​48478
  • Configuring Two DataSources How-To code sample is inconsistent #​48449
  • Fix links to source files on GitHub #​48398
  • Documentation contains broken links to GitHub source files #​48394
  • Document that org.aspectj.weaver.Advice must be on the classpath to enable support for Micrometer's annotations #​48360
  • Correct the annotation in the Kotlin @ConfigurationPropertiesSource example #​48357
  • Polish TestRestTemplate examples in the reference guide #​48336
  • Documentation missing for LocalTestWebServer #​48333
  • Update "Creating Your Own Starter" following modularisation #​48317
  • Fix links to javadoc in the reference documentation #​48300
  • Update references for RestTemplateCustomizer and RestTemplateBuilder classes in documentation #​48295
  • Remove modules section of the README following modularisation #​48291
  • Wrong number in Graceful Shutdown chapter #​48284
  • Mention new spring-boot-h2console module when describing how to use H2 Console #​48278
  • Clarify that @EnableBatchProcessing turns off all batch auto-configuration, including schema initialization #​48266
  • Documented replacements for spring.jackson.generator and spring.jackson.parser are inverted #​48255
  • Document the need for a JdbcDialect bean when using Spring Data JDBC and AOT #​48240
  • Update reference documentation as Spring Batch's resourceless infrastructure means that it no longer always requires a DataSource #​48233
  • Kotlin auto-configuration examples are not annotated with @AutoConfiguration #​48228
  • Revise "Use Liquibase for test-only migrations" section in reference manual #​48219
  • Infinispan Cache Documentation is outdated #​48218
  • Removed max-attempts properties metadata don't have replacement #​48206
  • Polish documentation on testing web applications and the various testing clients that are available #​47948
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Nhahan, @​arey, @​banseok1216, @​berry120, @​candrews, @​dmitrysulman, @​geopark021, @​hktechn0, @​igslznev, @​jwalter, @​kzander91, @​michaldo, @​mzeijen, @​ngocnhan-tran1996, @​noojung, @​scottfrederick, @​vpavic, and @​youngledo

v4.0.0

Compare Source

Full release notes for Spring Boot 4.0 are available on the wiki. There is also a migration guide to help you upgrade from Spring Boot 3.5.

⭐ New Features
  • Change tomcat and jetty runtime modules to starters #​48175
  • Rename spring-boot-kotlin-serialization to align with the name of the Kotlinx module that it pulls in #​48076
🐞 Bug Fixes
  • Error properties are a general web concern and should not be located beneath server.* #​48201
  • With both Jackson 2 and 3 on the classpath, @JsonTest fails due to duplicate jacksonTesterFactoryBean #​48198
  • Gradle war task does not exclude starter POMs from lib-provided #​48197
  • spring.test.webclient.mockrestserviceserver.enabled is not aligned with its module's name #​48193
  • SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #​48182
  • Properties bound in the child management context ignore the parent's environment prefix #​48177
  • ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #​48171
  • Starter for spring-boot-micrometer-metrics is missing #​48161
  • Elasticsearch client's sniffer functionality should not be enabled by default #​48155
  • spring-boot-starter-elasticsearch should depend on elasticsearch-java #​48141
  • Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #​48132
  • New arm64 macbooks fail to bootBuildImage due to incorrect platform image #​48128
  • Properties for configuring an isolated JsonMapper or ObjectMapper are incorrectly named #​48116
  • Buildpack fails with recent Docker installs due to hardcoded version in URL #​48103
  • Image building may fail when specifying a platform if an image has already been built with a different platform #​48099
  • Default values of Kotlinx Serialization JSON configuration properties are not documented #​48097
  • Custom XML converters should override defaults in HttpMessageConverters #​48096
  • Kotlin serialization is used too aggressively when other JSON libraries are available #​48070
  • PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #​48059
  • Auto-configured JCacheMetrics cannot be customized #​48057
  • WebSecurityCustomizer beans are excluded by WebMvcTest #​48055
  • Deprecated EnvironmentPostProcessor does not resolve arguments #​48047
  • RetryPolicySettings should refer to maxRetries, not maxAttempts #​48023
  • Devtools Restarter does not work with a parameterless main method #​47996
  • Dependency management for Kafka should not manage Scala 2.12 libraries #​47991
  • spring-boot-mail should depend on jakarta.mail:jakarta.mail-api and org.eclipse.angus:angus-mail instead of org.eclipse.angus:jakarta.mail #​47983
  • spring-boot-starter-data-mongodb-reactive has dependency on reactor-test #​47982
  • Support for ReactiveElasticsearchClient is in the wrong module #​47848
📔 Documentation
  • Removed property spring.test.webclient.register-rest-template is still documented #​48199
  • Mention support for detecting AWS ECS in "Deploying to the Cloud" #​48170
  • Revise AWS section of "Deploying to the Cloud" in reference manual #​48163
  • Fix typo in PortInUseException Javadoc #​48134
  • Correct section about required setters in "Type-safe Configuration Properties" #​48131
  • Use since attribute in configuration properties deprecation consistently #​48122
  • Document EndpointJsonMapper and management.endpoints.jackson.isolated-json-mapper #​48115
  • Document support for configuring servlet context init parameters using properties #​48112
  • Some configuration properties are not documented in the appendix #​48095
  • Clarify how warnings about soon-to-expire SSL certificates are reported #​48063
  • Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #​48053
  • Document the level of support for the OpenTelemetry APIs #​47960
  • Document that you need to build with Java 25 for buildpack build-image Graal support #​45501
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​K-jun98, @​TerryTaoYY, @​filiphr, @​hojooo, @​linw-bai, @​nosan, @​scottfrederick, @​stevearmstrong-dev, @​stewue, and @​vpavic

v3.5.9

Compare Source

🐞 Bug Fixes
  • RabbitHealthIndicator reports an error when version is missing from the connection's server properties #​48486
  • Profiles retained during AOT processing are not configured in a native image #​48475
  • NullPointerException in UndertowWebServer.destroy() when using @DirtiesContext and Citrus Spring Boot Simulator #​48450
  • Redis health check reports an error when redis_version is missing from the INFO response #​48326
  • Parent's MeterRegistry beans are closed when child context closes #​48324
  • SpringBootTest.UseMainMethod.WHEN_AVAILABLE and ALWAYS are incompatible with package-private or parameter-less main method #​48271
📔 Documentation
  • Documentation has an outdated reference to the Jackson Kotlin Module #​48533
  • Caching documentation should clarify how to use a no-op implementation to run a test suite #​48531
  • Document that the default rolling policy for Log4j2 requires logging.file.path to be set #​48526
  • License header in build samples is displayed in the reference documentation #​48477
  • Configuring Two DataSources How-To code sample is inconsistent #​48448
  • Improve javadoc for when to use class names rather than class references #​48395
  • Document that org.aspectj.weaver.Advice must be on the classpath to enable support for Micrometer's annotations #​48359
  • Polish TestRestTemplate examples in the reference guide #​48335
  • Fix links to javadoc in the reference documentation #​48299
  • Clarify that @EnableBatchProcessing turns off all batch auto-configuration, including schema initialization #​48265
  • Kotlin auto-configuration examples are not annotated with @AutoConfiguration #​48227
  • Infinispan Cache Documentation is outdated #​48217
  • Revise "Use Liquibase for test-only migrations" section in reference manual #​48169
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​banseok1216, @​berry120, @​dmitrysulman, @​geopark021, @​noojung, @​scottfrederick, @​vpavic, and @​youngledo

v3.5.8

Compare Source

⚠️ Noteworthy changes
🐞 Bug Fixes
  • Gradle war task does not exclude starter POMs from lib-provided #​48196
  • Testcontainers integration fails on Docker 29.0.0 #​48192
  • SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #​48180
  • Properties bound in the child management context ignore the parent's environment prefix #​48176
  • ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #​48153
  • Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #​48129
  • New arm64 macbooks fail to bootBuildImage due to incorrect platform image #​48127
  • NullPointerException when using @ConditionalOnSingleCandidate with multiple manually registered singletons #​48123
  • Buildpack fails with recent Docker installs due to hardcoded version in URL #​48102
  • Image building may fail when specifying a platform if an image has already been built with a different platform #​48098
  • Undertow's ServletContext is destroy too early, making it unusable in @PreDestroy methods #​48061
  • PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #​48058
  • Auto-configured JCacheMetrics cannot be customized #​48056
  • WebSecurityCustomizer beans are excluded by WebMvcTest #​48054
  • Devtools Restarter does not work with a parameterless main method #​47987
  • Setting 'max-uri-tags' does not prevent unlimited meter growth on any AutoConfiguredCompositeMeterRegistry #​47923
  • Docker response 407 is not handled correctly resulting in no error message #​47900
  • spring-boot-maven-plugin process-aot goal does not find package-private main method #​47780
📔 Documentation
  • Revise AWS section of "Deploying to the Cloud" in reference manual #​48156
  • Fix typo in PortInUseException Javadoc #​48133
  • Correct section about required setters in "Type-safe Configuration Properties" #​48130
  • Document EndpointObjectMapper and management.endpoints.jackson.isolated-object-mapper #​48114
  • Document support for configuring servlet context init parameters using properties #​48111
  • Clarify how warnings about soon-to-expire SSL certificates are reported #​48062
  • Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #​48052
  • Use since attribute in configuration properties deprecation consistently #​47980
  • BootstrapContext#getOrElseThrow has incorrect reference to IllegalStateException #​47905
  • Clarify when BootstrapContext get methods may return null rather than throwing an exception or calling the fallback supplier #​47898
  • Document that Actuator endpoint may have at most one extension of each type #​47873
  • Limit Kotlin API documentation to Kotlin-specific APIs #​47859
  • Adapt AOTCache documentation to JEP 514 #​47274
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​K-jun98, @​TerryTaoYY, @​hojooo, @​linw-bai, @​mipo256, @​namest504, @​ngocnhan-tran1996, @​nosan, @​scottfrederick, @​siva-sai-udaygiri, @​tschut, and @​vpavic

v3.5.7

Compare Source

⭐ New Features
  • Add TWENTY_FIVE to JavaVersion enum #​47609
🐞 Bug Fixes
  • Signed jar verification fails when nested in an uber war running on an Oracle JVM #​47771
  • In an uber war, value of the Sbom-Location manifest attribute does not match the SBOM's actual location #​47737
  • Homebrew formula for the CLI should use libexec #​47722
  • When virtual threads are enabled, embedded Jetty does not use recommended virtual thread configuration #​47717
  • ClientHttpRequestFactoryRuntimeHints is missing timeout methods with Duration overloads #​47678
  • OnBeanCondition no longer correctly finds annotations on scoped target proxy beans #​47635
  • JavaVersion doesn't work reliably in native-image #​47620
  • LiquibaseEndpoint always uses defaultSchema instead of liquibaseSchema #​47346
  • Launcher fails to find main method when it is parameterless #​47311
  • Package private Main class using Java 25 is not found by build plugins #​47309
  • Bitnami legacy images are not automatically detected #​47275
  • Maven plugin does not provide an easy way to exclude optional dependencies from uber jar #​25403
📔 Documentation
  • Some spring.test.* properties are not documented #​47775
  • Dependency management for Maven AntRun Plugin is missing changelog link #​47744
  • Developing Your First Spring Boot Application has outdated tools #​47700
  • Include deprecated configuration properties in the reference documentation #​47669
  • Aggregated Javadoc should link to the proper version of JakartaEE #​47593
  • Update javadoc of TestRestTemplate following change to redirect behavior #​47474
  • Use non-deprecated syntax to configure sourceCompatibility #​47343
  • Fix link to Framework's @Bean annotation #​47330
  • Update managed dependency version override examples in documentation #​47306
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​DKARAGODIN, @​JinhyeokFang, @​Lublanski, @​Pankraz76, @​fhiyo, @​ngocnhan-tran1996, @​nosan, @​scottfrederick, and @​xyraclius

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@xdev-renovate xdev-renovate force-pushed the renovate/major-org.springframework.boot branch from 0b78c47 to 93aebeb Compare December 19, 2025 04:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xdev-renovate