Bump the minor-and-patch group across 1 directory with 17 updates

[dependabot]

Bumps the minor-and-patch group with 17 updates in the / directory:

Package	From	To
org.springdoc:springdoc-openapi-starter-webmvc-ui	3.0.2	3.0.3
org.jdbi:jdbi3-sqlobject	3.51.0	3.53.0
org.mariadb.jdbc:mariadb-java-client	3.5.7	3.5.8
com.google.guava:guava	33.5.0-jre	33.6.0-jre
commons-io:commons-io	2.21.0	2.22.0
commons-codec:commons-codec	1.21.0	1.22.0
com.google.code.gson:gson	2.13.2	2.14.0
org.apache.tika:tika-core	3.2.3	3.3.0
org.apache.tika:tika-parser-html-module	3.2.3	3.3.0
org.apache.tika:tika-parser-microsoft-module	3.2.3	3.3.0
org.apache.tika:tika-parser-miscoffice-module	3.2.3	3.3.0
org.apache.tika:tika-parser-pdf-module	3.2.3	3.3.0
org.netpreserve:jwarc	0.35.0	0.36.0
org.springframework.boot:spring-boot-dependencies	4.0.3	4.0.6
org.springframework.boot:spring-boot-maven-plugin	4.0.3	4.0.6
com.fasterxml.jackson.datatype:jackson-datatype-jsr310	2.21.1	2.21.3
org.apache.maven.plugins:maven-shade-plugin	3.6.1	3.6.2

Updates org.springdoc:springdoc-openapi-starter-webmvc-ui from 3.0.2 to 3.0.3

Release notes

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's releases.

springdoc-openapi v3.0.3 released!

Added

• #3246 – Add Springdoc OpenAPI MCP (Model Context Protocol) support
• #3256 – Auto-set nullable: true for Kotlin nullable types in schema properties
• #3239 – Add support for the @Range constraint validation annotation
• #3244 – Handle default values for LocalDate

Changed

• Upgrade Spring Boot to version 4.0.5
• Upgrade swagger-core to version 2.2.47
• Upgrade swagger-ui to version 5.32.2
• #3260 – @ConditionalOnClass(HateoasProperties.class) in SpringDocHateoasConfiguration
• Forwards all MCP non-transport headers to downstream methods
• Dynamically resolve the base path from window.location.pathname for MCP UI

Fixed

• #3258 – Setting API Version Required when using WebFlux breaks the Swagger UI
• #3259 – Annotated Generic properties getting applied to sibling properties
• #3255 – Direction enum: fixed visibility scope of group order so that setGroupsOrder method can be used
• #3247 – Preserve YAML group URLs in Swagger UI
• #3245 – Upgrade swagger-core from version 2.2.43 to 2.2.45
• #3235 – PropertyResolverUtils retains a JsonNode when reading an ExtensionProperty annotation
• #3226 – Propagate JsonView context when resolving Page<T> schema

New Contributors

• @​seregamorph made their first contribution in springdoc/springdoc-openapi#3260

Full Changelog: springdoc/springdoc-openapi@v3.0.2...v3.0.3

Changelog

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's changelog.

[3.0.3] - 2026-04-12

Added

• #3246 – Add Springdoc OpenAPI MCP (Model Context Protocol) support
• #3256 – Auto-set nullable: true for Kotlin nullable types in schema properties
• #3239 – Add support for the @Range constraint validation annotation
• #3244 – Handle default values for LocalDate

Changed

• Upgrade Spring Boot to version 4.0.5
• Upgrade swagger-core to version 2.2.47
• Upgrade swagger-ui to version 5.32.2
• #3260 – @ConditionalOnClass(HateoasProperties.class) in SpringDocHateoasConfiguration
• Forwards all MCP non-transport headers to downstream methods
• Dynamically resolve the base path from window.location.pathname for MCP UI

Fixed

• #3258 – Setting API Version Required when using WebFlux breaks the Swagger UI
• #3259 – Annotated Generic properties getting applied to sibling properties
• #3255 – Direction enum: fixed visibility scope of group order so that setGroupsOrder method can be used
• #3247 – Preserve YAML group URLs in Swagger UI
• #3245 – Upgrade swagger-core from version 2.2.43 to 2.2.45
• #3235 – PropertyResolverUtils retains a JsonNode when reading an ExtensionProperty annotation
• #3226 – Propagate JsonView context when resolving Page<T> schema

Commits

• 3c30283 [maven-release-plugin] prepare release v3.0.3
• 4184c05 update .gitignore
• 89745c2 CHANGELOG.md update
• 4d1a730 Merge pull request #3260 from seregamorph/SpringDocHateoasConfiguration-class...
• 54e7650 ConditionalOnClass (HateoasProperties.class) in SpringDocHateoasConfiguration
• 9f354b2 Spring-boot upgrade to version 4.0.5
• 14df32f Forwards all MCP non-transport headers, to downstream methods
• 3ee9a44 Forwards all MCP non-transport headers, to downstream methods
• df99408 upgrade swagger-ui to version 5.32.2
• 6ee70f4 upgrade swagger-api to version 2.2.47
• Additional commits viewable in compare view

Updates org.jdbi:jdbi3-sqlobject from 3.51.0 to 3.53.0

Release notes

Sourced from org.jdbi:jdbi3-sqlobject's releases.

3.53.0

Fixes: Jdbi-Freemarker Security Advisory GHSA-mggx-p7jf-jgw4

The Freemarker configuration allows templates to construct arbitrary Java types, including freemarker.template.utility.Execute.

While exploiting this requires other unsafe practices (letting a user dictate template input), it seems prudent to disable template class resolution.

Please see GHSA-mggx-p7jf-jgw4 for more details.

Upgrade to testcontainers 2.x

While this required no code changes, the testcontainers project has renamed a number of their jar files. Jdbi still supports testcontainers 1.x and now also testcontainers 2.x:

If you are using testcontainers with Jdbi today and can not update to 2.x, make sure that you reference the org.testcontainers:jdbc and org.testcontainers:junit-jupiter dependencies. Those used to be available as transitive dependency from jdbi3-testcontainers.

If you upgrade to testcontainers 2.x, the org.testcontainers:testcontainers-jdbc and org.testcontainers:testcontainers-junit-jupiter dependencies must be available.

• Update testcontainers dependency to 2.0.5 (from 1.21.4)
• Add StatementContext parameter to SqlExceptionHandler and remove return value

3.52.1

• fix regression for java.time.Instant mapping from 3.52.0
• Add missing mappers for java.sql.Date and java.sql.Time
• Add support for java.time.OffsetTime
• Add support for java.time.ZoneOffset

3.52.0

Changes to java.time related classes

JDBC 4.2 added full support to map java.time classes onto SQL types in 2014. This release of Jdbi switches from mapping these objects onto "classic" (java.sql.Date, Time, Timestamp) to using the JDBC 4.2 API (PreparedStatement#setObject and ResultSet#getObject).

These changes should not be visible for any database, except if you were brave enough to map types with time zones or offsets (ZonedDateTime and OffsetDateTime) onto SQL types that have no timezone (TIMESTAMP or DATETIME). This affects databases that do not support the TIMESTAMP WITH TIMEZONE data type. IAW MySQL.

... (truncated)

Changelog

Sourced from org.jdbi:jdbi3-sqlobject's changelog.

3.53.0

Fixes: Jdbi-Freemarker Security Advisory GHSA-mggx-p7jf-jgw4

The Freemarker configuration allows templates to construct arbitrary Java types, including freemarker.template.utility.Execute.

While exploiting this requires other unsafe practices (letting a user dictate template input), it seems prudent to disable template class resolution.

Please see GHSA-mggx-p7jf-jgw4 for more details.

Upgrade to testcontainers 2.x

While this required no code changes, the testcontainers project has renamed a number of their jar files. Jdbi still supports testcontainers 1.x and now also testcontainers 2.x:

If you are using testcontainers with Jdbi today and can not update to 2.x, make sure that you reference the org.testcontainers:jdbc and org.testcontainers:junit-jupiter dependencies. Those used to be available as transitive dependency from jdbi3-testcontainers.

If you upgrade to testcontainers 2.x, the org.testcontainers:testcontainers-jdbc and org.testcontainers:testcontainers-junit-jupiter dependencies must be available.

• Update testcontainers dependency to 2.0.5 (from 1.21.4)
• Add StatementContext parameter to SqlExceptionHandler and remove return value

3.52.1

• fix regression for java.time.Instant mapping from 3.52.0 (#2955, reported by @​Eng-Fouad and @​toadzky)
• Add missing mappers for java.sql.Date and java.sql.Time
• Add support for java.time.OffsetTime
• Add support for java.time.ZoneOffset

3.52.0

Changes to java.time related classes

JDBC 4.2 added full support to map java.time classes onto SQL types in 2014. This release of Jdbi switches from mapping these objects onto "classic" (java.sql.Date, Time, Timestamp) to using the JDBC 4.2 API (PreparedStatement#setObject and ResultSet#getObject).

These changes should not be visible for any database, except if you were brave enough to map types with time zones or offsets (ZonedDateTime and OffsetDateTime) onto SQL types that have no

... (truncated)

Commits

• 5361840 [maven-release-plugin] prepare release v3.53.0
• 59a8376 Release notes 3.53.0
• 1f1a5c5 freemarker: disable template class resolution
• 83465ac Merge remote-tracking branch 'origin/master' into sqlexception-handler-statem...
• 5d4191f Merge pull request #2969 from hgschmie/testcontainers2
• 05f9bdb align mysql docker image property name
• ce9f12c align oracle docker image property name
• ebceb8a move to testcontainers 2.x
• 9a42863 add documentation and example
• d53118f SqlExceptionHandler: add StatementContext parameter, remove confusing return ...
• Additional commits viewable in compare view

Updates org.mariadb.jdbc:mariadb-java-client from 3.5.7 to 3.5.8

Release notes

Sourced from org.mariadb.jdbc:mariadb-java-client's releases.

MariaDB Connector/Java 3.5.8

3.5.8 (Apr 2026)

Full Changelog

Issues Resolved

• CONJ-1305 - XAResource.isSameRM() incorrectly returns true when rewriteBatchedStatements differs between connections
• CONJ-1303 - Statement.cancel() fails to kill running query during result streaming

Other

• CONJ-1298 - Performance improvement: avoid decoding extended format

Changelog

Sourced from org.mariadb.jdbc:mariadb-java-client's changelog.

3.5.8 (Apr 2026)

Full Changelog

Issues Resolved

• CONJ-1305 - XAResource.isSameRM() incorrectly returns true when rewriteBatchedStatements differs between connections
• CONJ-1303 - Statement.cancel() fails to kill running query during result streaming

Other

• CONJ-1298 - Performance improvement: avoid decoding extended format

Commits

• 26b34a2 Merge branch 'develop'
• 06d6efe bump CI actions/checkout@v5
• a86a83c bump 3.5.8
• 975f991 [misc] refactor TimestampCodec to implement Codec directly and extract shared...
• 75bb509 [misc] code formatting cleanup
• 4c0b6a0 [misc] refactor TimestampCodec to extend UtilDateCodec and extract common dat...
• a5b7fb1 [misc] convert Reader and Writer from interfaces to final class implementatio...
• d31eb06 [misc] convert ReadableByteBuf from interface to final class implementation, ...
• 11d45a9 [misc] optimize binary row decoder null bitmap checks and simplify signed Big...
• 5aad14c [misc] optimize BigInt column decoding and improve type safety in codec inter...
• Additional commits viewable in compare view

Updates com.google.guava:guava from 33.5.0-jre to 33.6.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.6.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.6.0-jre</version>
  <!-- or, for Android: -->
  <version>33.6.0-android</version>
</dependency>

Jar files

• 33.6.0-jre.jar
• 33.6.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.6.0-jre
• 33.6.0-android

JDiff

• 33.6.0-jre vs. 33.5.0-jre
• 33.6.0-android vs. 33.5.0-android
• 33.6.0-android vs. 33.6.0-jre

Changelog

• Migrated some classes from finalize() to PhantomReference in preparation for the removal of finalization. (786b619dd6, 7c6b17c, aeef90988d)
• cache: Deprecated CacheBuilder APIs that use TimeUnit in favor of those that use Duration. (73f8b0bb84)
• collect: Added toImmutableSortedMap collectors that use the natural comparator. (64d70b9f94)
• collect: Changed ConcurrentHashMultiset, ImmutableMap and TreeMultiset deserialization to avoid mutating final fields. In extremely unlikely scenarios in which an instance of that type contains an object that refers back to that instance, this could lead to a broken instance that throws NullPointerException when used. (8240c7e596, 046468055f)
• graph: Removed @Beta from all APIs in the package. (dae9566b73)
• graph: Added support to Graphs.transitiveClosure() for different strategies for adding self-loops. (2e13df25b2)
• graph: Added an asNetwork() view to Graph and ValueGraph. (909c593c61)
• hash: Added BloomFilter.serializedSize(). (df9bcc251a)
• net: Added HttpHeaders.CDN_CACHE_CONTROL. (75331b5030)

Commits

• See full diff in compare view

Updates commons-io:commons-io from 2.21.0 to 2.22.0

Updates commons-codec:commons-codec from 1.21.0 to 1.22.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.22.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.22.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

• CODEC-326: Add Base58 support. Thanks to Inkeet, Gary Gregory, Wolff Bock von Wuelfingen.

•         Add BaseNCodecInputStream.AbstracBuilder.setByteArray(byte[]). Thanks to Gary Gregory.
  

• CODEC-335: Add GitIdentifiers to compute Git blob and tree object identifiers. Thanks to Piotr P. Karwasz, Gary Gregory.

Fixed Bugs

• CODEC-249: Fix Incorrect transform of CH digraph according Metaphone basic rules #423. Thanks to Shalu Jha, Andrey, Gary Gregory.
• CODEC-317: ColognePhonetic can create duplicate consecutive codes in some cases. Thanks to DRUser123, Shalu Jha, Gary Gregory.

•         Add boundary tests for BinaryCodec.fromAscii partial-bit inputs [#425](https://github.com/apache/commons-codec/issues/425). Thanks to fancying, Gary Gregory.
  

• CODEC-336: Base64.Builder.setUrlSafe(boolean) Javadoc incorrectly states null is accepted for primitive boolean parameter. Thanks to Partha Paul, Gary Gregory.

Changes

•         Bump org.apache.commons:commons-parent from 96 to 98. Thanks to Gary Gregory.
  

For complete information on Apache Commons Codec, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Codec website:

https://commons.apache.org/proper/commons-codec/

Download page: https://commons.apache.org/proper/commons-codec/download_codec.cgi

---

Commits

• 81a6295 Prepare for the release candidate 1.22.0 RC1
• 73104b0 Prepare for the next release candidate
• 8e36214 In-line single use test local variables
• 9bd67e7 Use vararg syntax
• 25e52b0 Use vararg syntax
• e2ebaca Bump github/codeql-action from 4.35.1 to 4.35.2
• 33998a0 Bump actions/upload-artifact from 7.0.0 to 7.0.1
• 50c6583 Bump actions/cache from 5.0.4 to 5.0.5
• b2be3a8 Add @​Override
• 20f09bf Use final.
• Additional commits viewable in compare view

Updates com.google.code.gson:gson from 2.13.2 to 2.14.0

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.14.0

What's Changed

• Add type adapters for java.time classes by @​eamonnmcmanus in google/gson#2948

  When the java.time API is available, Gson automatically can read and write instances of classes like Instant and Duration. The format it uses essentially freezes the JSON representation that ReflectiveTypeAdapterFactory established by default, based on the private fields of java.time classes. That's not a great representation, but it is understandable. Changing it to anything else would break compatibility with systems that are expecting the current format.

  With this change, Gson no longer tries to access private fields of these classes using reflection. So it is no longer necessary to run with --add-opens for these classes on recent JDKs.

• Remove com.google.gson.graph by @​eamonnmcmanus in google/gson#2990.

  This package was not part of any released artifact and depended on Gson internals in potentially problematic ways.

• Validate that strings being parsed as integers consist of ASCII characters by @​eamonnmcmanus in google/gson#2995

  Previously, strings could contain non-ASCII Unicode digits and still be parsed as integers. That's inconsistent with how JSON numbers are treated.

• Fix duplicate key detection when first value is null by @​andrewstellman in google/gson#3006

  This could potentially break code that was relying on the incorrect behaviour. For example, this JSON string was previously accepted but will no longer be: {"foo": null, "foo": bar}.

• Remove Serializable from internal Type implementation classes. by @​eamonnmcmanus in google/gson#3011

  The nested classes ParameterizedTypeImpl, GenericArrayTypeImpl, and WildcardTypeImpl in GsonTypes are implementations of the corresponding types (without Impl) in java.lang.reflect. For some reason, they were serializable, even though the java.lang.reflect implementations are not. Having unnecessarily serializable classes could conceivably have been a security problem if they were part of a larger exploit using serialization. (We do not consider this a likely scenario and do not suggest that you need to update Gson just to get this change.)

• Add LegacyProtoTypeAdapterFactory. by @​eamonnmcmanus in google/gson#3014

  This is not part of any released artifact, but may be of use when trying to fix code that is currently accessing the internals of protobuf classes via reflection.

• Make AppendableWriter do flush and close if delegation object supports by @​MukjepScarlet in google/gson#2925

Other less visible changes

• Add default capacity to EnumTypeAdapter maps by @​MukjepScarlet in google/gson#2959
• refactor: move derived adapters from Gson to TypeAdapters by @​MukjepScarlet in google/gson#2951
• Optimize new Gson() by @​MukjepScarlet in google/gson#2864

New Contributors

• @​ThirdGoddess made their first contribution in google/gson#2944
• @​lmj798 made their first contribution in google/gson#2988
• @​Eng-YasminKotb made their first contribution in google/gson#3005
• @​andrewstellman made their first contribution in google/gson#3006

Full Changelog: google/gson@gson-parent-2.13.2...gson-parent-2.14.0

Commits

• 3ff35d6 [maven-release-plugin] prepare release gson-parent-2.14.0
• a3024fd Bump the maven group with 13 updates (#3002)
• 5689ffe Bump the github-actions group across 1 directory with 3 updates (#3018)
• 48db33c Add LegacyProtoTypeAdapterFactory. (#3014)
• 53d703e Update outdated comment regarding serializable types (#3012)
• 0189b72 Remove Serializable from internal Type implementation classes. (#3011)
• f4d371d Fix duplicate key detection when first value is null (#3006)
• 27d9ba1 Fix typo in README (JPMS dependencies section) (#3005)
• 1fa9b7a Validate that strings being parsed as integers consist of ASCII characters (#...
• b7d5954 Add iterator fail-fast tests for LinkedTreeMap.clear() (#2992)
• Additional commits viewable in compare view

Updates org.apache.tika:tika-core from 3.2.3 to 3.3.0

Changelog

Sourced from org.apache.tika:tika-core's changelog.

Release 4.0.0-BETA1 - ???

BREAKING CHANGES

• Moved towards default json based configuration (TIKA-4544 and many others).

• tika-pipes implementation modules have been reorganized by resource (tika-pipes-solr) vs task (tika-pipes-fetcher-solr) (TIKA-4543). Note that the file-system pipes components have been taken out of tika-pipes-core and placed in their own pf4j module: tika-pipes-file-system.

• tika-pipes implementation modules are now pf4j plugins (TIKA-4519).

• tika-pipes core classes have been moved to a new module: tika-pipes-core, and the FileSystem pipes components have moved (TIKA-4334).

• MetadataListFilter has been renamed MetadataFilter, and MetadataFilter has been removed (TIKA-4546).

• Removed several modules, including: tika-batch (TIKA-4333), snaps deployment (TIKA-4502), dotnet (TIKA-4332), advanced media module (TIKA-4500), tika-dl module (TIKA-4499), tika-fuzzing module (TIKA-4506).

• Headers are no longer injected into the body/content of MSG files (TIKA-4345). Please open a ticket if you need this behavior across email formats.

• API changes in the EmbeddedStreamTranslator (TIKA-4518).

• Removed DigestingParser (TIKA-4607).

• tika-parsers-standard-package is now a pom, not a jar. Users must add pom in Maven or @​pom in Gradle (TIKA-4712).

• Removed legacy ExternalParser; external parsers now require explicit JSON configuration (TIKA-4707).

OTHER CHANGES

• Fix concurrency bug in TikaToXMP (TIKA-4393)

Release 3.3.0 - ???

• Various fixes based on regression testing (TIKA-4563).

• Improve zip parsing (TIKA-4650).

• Add detection of compressed bmp (TIKA-4511).

• Allow per file timeouts in tika-pipes (TIKA-4497).

... (truncated)

Commits

• cd800dd [maven-release-plugin] prepare release 3.3.0-rc1
• cece4c8 rollback for attempt #3
• 9174a23 scm fix
• de5dcb3 [maven-release-plugin] prepare release 3.3.0-rc1
• 168a286 revert version for attempt #2
• 75c3b71 updates for release
• 13a5b37 [maven-release-plugin] prepare for next development iteration
• fd54cf7 [maven-release-plugin] prepare release 3.3.0-rc1
• 34336ac rollback for rc1, attempt #2
• ae77ec1 fix repo information in tika-bom
• Additional commits viewable in compare view

Updates org.apache.tika:tika-parser-html-module from 3.2.3 to 3.3.0

Updates org.apache.tika:tika-parser-microsoft-module from 3.2.3 to 3.3.0

Updates org.apache.tika:tika-parser-miscoffice-module from 3.2.3 to 3.3.0

Updates org.apache.tika:tika-parser-pdf-module from 3.2.3 to 3.3.0

Updates org.apache.tika:tika-parser-html-module from 3.2.3 to 3.3.0

Updates org.apache.tika:tika-parser-microsoft-module from 3.2.3 to 3.3.0

Updates org.apache.tika:tika-parser-miscoffice-module from 3.2.3 to 3.3.0

Updates org.apache.tika:tika-parser-pdf-module from 3.2.3 to 3.3.0

Updates org.netpreserve:jwarc from 0.35.0 to 0.36.0

Release notes

Sourced from org.netpreserve:jwarc's releases.

v0.36.0

Fixed

• Made zstd-jni dependency optional. It was included as a required dependency in 0.33.0 by mistake.

Changelog

Sourced from org.netpreserve:jwarc's changelog.

0.36.0 (2026-04-07)

Fixed

• Made zstd-jni dependency optional. It was included as a required dependency in 0.33.0 by mistake.

Commits

• f544543 [maven-release-plugin] prepare release v0.36.0
• d6ec0ee Update CHANGELOG.md for 0.36.0
• 5060e13 Merge pull request #109 from tballison/issue108
• 38ccf8e make zstd-jni compile scope and optional
• 581874b [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.springframework.boot:spring-boot-dependencies from 4.0.3 to 4.0.6

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v4.0.6

🐞 Bug Fixes

• Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
• Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
• ApplicationPidFileWriter does not handle symlinks correctly #50185
• RandomValuePropertySource is not suitable for secrets #50183
• Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
• ApplicationTemp does not handle symlinks correctly #50178
• Remote DevTools performs comparison incorrectly #50176
• spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
• Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
• Classic starters are missing several modules #50071
• Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
• Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
• EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
• WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
• Imports on a containing test class are ignored when a nested class has imports #50012
• With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
• 500 response from env endpoint when supplied pattern is invalid #49946
• Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
• HTTP method is lost when configuring excludes in EndpointRequest #49943
• Honor HttpMethod for reactive additional endpoint paths #49880
• Docker Compose support doesn't work with apache/artemis image #49869
• Docker Compose support doesn't work with apache/activemq image #49866
• Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
• API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

• Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
• HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
• Link to the observability section of the Lettuce documentation is broken #50097
• Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
• MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
• Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
• Link to the Kubernetes documentation when discussing startup probes #50015
• Typo in JdbcSessionAutoConfiguration Javadoc #49873
• Clarify that configuration property default values are not available through the Environment #49851
• Document the need for Liquibase and Flyway starters #49839
• Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

• Upgrade to Elasticsearch Client 9.2.8 #50027
• Upgrade to Groovy 5.0.5 #49911
• Upgrade to Hibernate 7.2.12.Final #50134
• Upgrade to Jackson Bom 3.1.2 #50051
• Upgrade to Jaxen 2.0.1 #50104
• Upgrade to Jaybird 6.0.5 #49914

... (truncated)

Commits

• 8821ad2 Release v4.0.6
• 9e4048a Merge branch '3.5.x' into 4.0.x
• 20bb11c Next development version (v3.5.15-SNAPSHOT)
• 98daa8e Merge branch '3.5.x' into 4.0.x
• 9dc5aa2 Polish
• 874f629 Fix default security with actuator but without health
• e41b3bf Enable hostname verification for SSL connections to Elasticsearch
• ef8527b Merge branch '3.5.x' into 4.0.x
• f533a45 Do not follow symlinks when writing PID file
• 4a7bd33 Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-maven-plugin from 4.0.3 to 4.0.6

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v4.0.6

🐞 Bug Fixes

• Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
• Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
• ApplicationPidFileWriter does not handle symlinks correctly #50185
• RandomValuePropertySource is not suitable for secrets #50183
• Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
• ApplicationTemp does not handle symlinks correctly #50178
• Remote DevTools performs comparison incorrectly #50176
• spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
• Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
• Classic starters are missing several modules #50071
• Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
• Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
• EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
• WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
• Imports on a containing test class are ignored when a nested class has imports #50012
• With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
• 500 response from env endpoint when supplied pattern is invalid #49946
• Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
• HTTP method is lost when configuring excludes in EndpointRequest #49943
• Honor HttpMethod for reactive additional endpoint paths #49880
• Docker Compose support doesn't work with apache/artemis image #49869
• Docker Compose support doesn't work with apache/activemq image #49866
• Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
• API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

• Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
• HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
• Link to the observability section of the Lettuce documentation is broken #50097
• Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
• MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
• Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
• Link to the Kubernetes documentation when discussing startup probes #50015
• Typo in JdbcSessionAutoConfiguration Javadoc #49873
• Clarify that configuration property default values are not available through the Environment #49851
• Document the need for Liquibase and Flyway starters #49839
• Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

• Upgrade to Elasticsearch Client 9.2.8 #50027
• Upgrade to Groovy 5.0.5 #49911
• Upgrade to Hibernate 7.2.12.Final #50134
• Upgrade to Jackson Bom 3.1.2 #50051
• Upgrade to Jaxen 2.0.1 #50104
• Upgrade to Jaybird 6.0.5 #49914

... (truncated)

Commits

• 8821ad2 Release v4.0.6
• 9e4048a Merge branch '3.5.x' into 4.0.x
• 20bb11c Next development version (v3.5.15-SNAPSHOT)
• 98daa8e Merge branch '3.5.x' into 4.0.x
• 9dc5aa2 Polish
• 874f629 Fix default security with actuator but without health
• e41b3bf Enable hostname verification for SSL connections to Elasticsearch
• ef8527b Merge branch '3.5.x' into 4.0.x
• f533a45 Do not follow symlinks when writing PID file
• 4a7bd33 Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-maven-plugin from 4.0.3 to 4.0.6

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v4.0.6

🐞 Bug Fixes

• Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
• Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
• ApplicationPidFileWriter does not handle symlinks correctly #50185
• Ra...

  Description has been truncated