⭐ New Features

• Add configuration key spring.rabbitmq.template.allowed-list-patterns #40421
• Add spring.graphql.websocket.keep-alive property #40320
• Add Spring Pulsar transaction support #40189
• Make it harder to misconfigure logging.threshold.console in yaml #40124
• Make configuration properties for Pulsar failover more concise #40077
• Add support for Prometheus Client 1.x and simpleclient #40023
• Delay interaction with Lazy CqlSession bean until first required usage #39948
• Add property spring.data.jdbc.dialect #39941
• Make spring-test available to compile classpath of consumers of spring-boot-test #39901
• Exclude infrastructure beans from lazy initialization when lazy-initialization=true #39831
• Configure JpaBaseConfiguration with custom ManagedClassNameFilter #39813
• Add property to ignore running Docker Compose services #39749
• Add configuration property to disable long timers in Micrometer Observations #39618
• Upgrade Cassandra driver to 4.18.0 and change coordinates from com.datastax.oss to org.apache.cassandra #39090
• Add more gap between the orders of CloudFoundryVcapEnvironmentPostProcessor and ConfigDataEnvironmentPostProcessor #38684
• Add SNI support to embedded web server SSL auto-configuration #26022

🐞 Bug Fixes

• Executable JAR application startup is slower after 3.2.0 when Hibernate scanner is not disabled #40381
• NoClassDefFoundError can be thrown from LaunchedClassLoader when threads are interrupted #40379
• BindValidationFailureAnalyzer uses wrong target #40365
• Log4j2LoggingSystem pollutes Log4j2's environment with a SpringEnvironmentPropertySource that is never removed #40327
• When using Maven, configuring the spring-boot.excludes or spring-boot-includes user properties causes the build to fail with "Cannot find default setter" #40324
• @ServletComponentScan does not register servlet components in a mock web environment #40322
• Loading of custom deny-all filter can cause a StackOverflowError when deploying to Tomcat with Log4j2 configured to use a single JVM-wide logger context #40313
• Jetty support doesn't set virtual thread name #40169
• Maven uses 'start-class' when the parent POM is being used and ignores 'spring-boot.run.main-class' #40145
• PropertiesLdapConnectionDetails should not be public #40081
• spring.datasource.dbcp2.username and spring.datasource.dbcp2.password are incorrectly marked as deprecated #40076
• spring-boot-dependencies should not manage org.flywaydb:flyway-community-db-support as it is not released as part of Flyway #40073
• Spring Config does not use environment conversion service on resolved properties #39944

📔 Documentation

• Producible's javadoc has the wrong link text for @WriteOperation and @DeleteOperation #40387
• Refine Efficient Deployments section in the reference guide #40175
• Clarify requirements for -parameters and constructor binding #40164
• Ensure Reference Guides breadcrumb in page headers is hyperlinked #40135
• Document new tools mode #40094
• Replace links to code with links to javadoc #40065
• Document CDS support #40061
• Document SBOM Support #40059
• Fix forward-headers-strategy documentation regarding cloud defaults #40054
• Pull the whole "Testing" documentation section up to the top level #38361

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.2 #40399
• Upgrade to Artemis 2.33.0 #40082
• Upgrade to AspectJ 1.9.22 #40239
• Upgrade to Awaitility 4.2.1 #40331
• Upgrade to Brave 6.0.3 #40332
• Upgrade to Byte Buddy 1.14.13 #40240
• Upgrade to Couchbase Client 3.6.1 #40241
• Upgrade to CycloneDX Maven Plugin 2.8.0 #40242
• Upgrade to Elasticsearch Client 8.13.2 #40333
• Upgrade to GraphQL Java 21.5 #40244
• Upgrade to Groovy 4.0.21 #40245
• Upgrade to Hazelcast 5.4.0 #40400
• Upgrade to Hibernate 6.5.0.CR2 #40378
• Upgrade to Infinispan 15.0.1.Final #40334
• Upgrade to Jakarta Json Bind 3.0.1 #40248
• Upgrade to Jersey 3.1.6 #40249
• Upgrade to Jetty 12.0.8 #40250
• Upgrade to jOOQ 3.19.7 #40251
• Upgrade to Json-smart 2.5.1 #40252
• Upgrade to Liquibase 4.27.0 #40253
• Upgrade to Logback 1.5.6 #40401
• Upgrade to Lombok 1.18.32 #40254
• Upgrade to Maven Invoker Plugin 3.6.1 #40255
• Upgrade to Maven Jar Plugin 3.4.0 #40402
• Upgrade to Maven Source Plugin 3.3.1 #40256
• Upgrade to Micrometer 1.13.0-RC1 #40257
• Upgrade to Micrometer Tracing 1.3.0-RC1 #40258
• Upgrade to MongoDB 5.0.1 #40259
• Upgrade to Neo4j Java Driver 5.19.0 #40232
• Upgrade to Netty 4.1.109.Final #40403
• Upgrade to OpenTelemetry 1.37.0 #40261
• Upgrade to Pulsar 3.2.2 #40262
• Upgrade to Pulsar Reactive 0.5.4 #40404
• Upgrade to R2DBC MySQL 1.1.3 #40263
• Upgrade to R2DBC Postgresql 1.0.5.RELEASE #40335
• Upgrade to Rabbit AMQP Client 5.21.0 #40264
• Upgrade to Reactor Bom 2023.0.5 #40221
• Upgrade to Selenium 4.19.1 #40265
• Upgrade to SLF4J 2.0.13 #40405
• Upgrade to Spring AMQP 3.1.4 #40222
• Upgrade to Spring Authorization Server 1.3.0-RC1 [#40223](https://github.com/spring-projects/spring-boot/issues/...

🐞 Bug Fixes

• BindValidationFailureAnalyzer uses wrong target #40364
• Log4j2LoggingSystem pollutes Log4j2's environment with a SpringEnvironmentPropertySource that is never removed #40326
• When using Maven, configuring the spring-boot.excludes or spring-boot-includes user properties causes the build to fail with "Cannot find default setter" #40323
• @ServletComponentScan does not register servlet components in a mock web environment #40321
• Loading of custom deny-all filter can cause a StackOverflowError when deploying to Tomcat with Log4j2 configured to use a single JVM-wide logger context #40312
• Jetty support doesn't set virtual thread name #40152
• Executable JAR application startup is slower after 3.2.0 when Hibernate scanner is not disabled #40125
• NoClassDefFoundError can be thrown from LaunchedClassLoader when threads are interrupted #40096

📔 Documentation

• Producible's javadoc has the wrong link text for @WriteOperation and @DeleteOperation #40386
• Clarify requirements for -parameters and constructor binding #40157

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 5.18.4 #40394
• Upgrade to AspectJ 1.9.22 #40293
• Upgrade to Awaitility 4.2.1 #40294
• Upgrade to Byte Buddy 1.14.13 #40295
• Upgrade to Groovy 4.0.21 #40296
• Upgrade to Hazelcast 5.3.7 #40297
• Upgrade to Jakarta Json Bind 3.0.1 #40298
• Upgrade to Jersey 3.1.6 #40299
• Upgrade to Jetty 12.0.8 #40300
• Upgrade to jOOQ 3.18.14 #40301
• Upgrade to Json-smart 2.5.1 #40302
• Upgrade to Kafka 3.6.2 #40303
• Upgrade to Lombok 1.18.32 #40304
• Upgrade to Maven Invoker Plugin 3.6.1 #40305
• Upgrade to Maven Source Plugin 3.3.1 #40306
• Upgrade to Micrometer 1.12.5 #40207
• Upgrade to Micrometer Tracing 1.2.5 #40208
• Upgrade to MongoDB 4.11.2 #40307
• Upgrade to Neo4j Java Driver 5.19.0 #40218
• Upgrade to Netty 4.1.109.Final #40395
• Upgrade to Pulsar Reactive 0.5.4 #40396
• Upgrade to R2DBC Postgresql 1.0.5.RELEASE #40309
• Upgrade to Reactor Bom 2023.0.5 #40209
• Upgrade to SLF4J 2.0.13 #40397
• Upgrade to Spring AMQP 3.1.4 #40210
• Upgrade to Spring Authorization Server 1.2.4 #40211
• Upgrade to Spring Data Bom 2023.1.5 #40212
• Upgrade to Spring Framework 6.1.6 #40213
• Upgrade to Spring GraphQL 1.2.6 #40310
• Upgrade to Spring HATEOAS 2.2.2 #40376
• Upgrade to Spring Integration 6.2.4 #40214
• Upgrade to Spring Kafka 3.1.4 #40377
• Upgrade to Spring LDAP 3.2.3 #40215
• Upgrade to Spring Pulsar 1.0.5 #40216
• Upgrade to Spring Security 6.2.4 #40217
• Upgrade to Tomcat 10.1.20 #40311

❤️ Contributors

Thank you to all the contributors who worked on this release:

@FelixDes, @dependabot[bot], @izeye, @mstahv, @ppkarwasz, @snicoll, and @spencergibb

🐞 Bug Fixes

• ClientObservationConventionAdapter overwrites WebClient request attributes #40330
• Loading of custom deny-all filter can cause a StackOverflowError when deploying to Tomcat with Log4j2 configured to use a single JVM-wide logger context #40235
• Log4j2LoggingSystem pollutes Log4j2's environment with a SpringEnvironmentPropertySource that is never removed #40178
• BindValidationFailureAnalyzer uses wrong target #40035
• When using Maven, configuring the spring-boot.excludes or spring-boot-includes user properties causes the build to fail with "Cannot find default setter" #39837
• @ServletComponentScan does not register servlet components in a mock web environment #39736

📔 Documentation

• Producible's javadoc has the wrong link text for @WriteOperation and @DeleteOperation #40385

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 5.18.4 #40388
• Upgrade to AspectJ 1.9.22 #40279
• Upgrade to Byte Buddy 1.14.13 #40280
• Upgrade to Groovy 4.0.21 #40281
• Upgrade to Hibernate 6.2.24.Final #40282
• Upgrade to Jakarta Json Bind 3.0.1 #40283
• Upgrade to Jersey 3.1.6 #40284
• Upgrade to jOOQ 3.18.14 #40285
• Upgrade to Lombok 1.18.32 #40286
• Upgrade to Micrometer 1.11.11 #40196
• Upgrade to Micrometer Tracing 1.1.12 #40197
• Upgrade to Neo4j Java Driver 5.19.0 #40205
• Upgrade to Netty 4.1.109.Final #40389
• Upgrade to R2DBC Postgresql 1.0.5.RELEASE #40390
• Upgrade to Reactor Bom 2022.0.18 #40198
• Upgrade to SLF4J 2.0.13 #40391
• Upgrade to Spring AMQP 3.0.13 #40373
• Upgrade to Spring Authorization Server 1.1.7 #40199
• Upgrade to Spring Data Bom 2023.0.11 #40200
• Upgrade to Spring Framework 6.0.19 #40201
• Upgrade to Spring GraphQL 1.2.6 #40288
• Upgrade to Spring HATEOAS 2.1.5 #40374
• Upgrade to Spring Integration 6.1.8 #40202
• Upgrade to Spring Kafka 3.0.16 #40375
• Upgrade to Spring LDAP 3.1.5 #40203
• Upgrade to Spring Security 6.1.9 #40204
• Upgrade to Tomcat 10.1.20 #40289

❤️ Contributors

Thank you to all the contributors who worked on this release:

@FelixDes, @dependabot[bot], @izeye, @mstahv, @ppkarwasz, and @spencergibb

⭐ New Features

• Add public getUndertow method to UndertowWebServer #39916
• Add TWENTY_TWO to JavaVersion enum #39827
• Implement SBOM actuator endpoint #39799
• Use optimized request predicates for GraphQL MVC and WebFlux endpoints #39652
• Auto-configure SSE transport on GraphQL MVC and WebFlux endpoints #39651
• Manage jakarta.inject:jakarta.inject-api #39587
• Improve exploded structure experience for efficient deployments #38276
• Support loading of base 64 encoded values from the Environment #36033
• Support mvn spring-boot:run with classpaths that exceeds Windows' length limits #17766

🐞 Bug Fixes

• Thread name prefix is not always set when using virtual threads #39961
• spring-boot-maven-plugin doesn't work with Java 22 #39934
• Jetty embedded web server includes a JNDI initial context when other servers do not #39932
• Remove virtual thread support for Undertow as it leaks memory #39812
• When using Logback, log messages appear in a single line when application name contains brackets #39802
• Resolving a BuildpackReference created from a URL-like String can fail on Windows #39794
• SpringProfile arbiter fails without a Spring's environment #39787
• bootStartScripts tasks should be an instance of org.gradle.api.tasks.application.CreateStartScripts rather than its superclass org.gradle.jvm.application.tasks.CreateStartScripts #39765

📔 Documentation

• Document support for Java 22 #40047
• Fix web session javadoc typo #39954
• Fix typo in Custom HTTP Exchange Recording section #39785
• Make description of virtual threads and JVM exit easier to understand by removing "no-non" double-negative #39738
• Switch to Antora Based Documentation #33766

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.0 #40014
• Upgrade to Angus Mail 2.0.3 #39991
• Upgrade to Brave 6.0.2 #39992
• Upgrade to Commons DBCP2 2.12.0 #39918
• Upgrade to Couchbase Client 3.6.0 #39951
• Upgrade to Elasticsearch Client 8.12.2 #39919
• Upgrade to Flyway 10.10 #40022
• Upgrade to Git Commit ID Maven Plugin 8.0.2 #40015
• Upgrade to Glassfish JAXB 4.0.5 #39993
• Upgrade to GraphQL Java 21.4 #40016
• Upgrade to Groovy 4.0.20 #39994
• Upgrade to Infinispan 15.0.0.Final #40017
• Upgrade to Jackson Bom 2.17.0 #39920
• Upgrade to Jakarta Activation 2.1.3 #39996
• Upgrade to Jakarta Mail 2.1.3 #39997
• Upgrade to Jakarta XML Bind 4.0.2 #39998
• Upgrade to Jaybird 5.0.4.java11 #39999
• Upgrade to Jetty 12.0.7 #40000
• Upgrade to jOOQ 3.19.6 #40001
• Upgrade to Kafka 3.7.0 #39952
• Upgrade to Kotlin 1.9.23 #40002
• Upgrade to Lettuce 6.3.2.RELEASE #40003
• Upgrade to Log4j2 2.23.1 #40004
• Upgrade to Maven Assembly Plugin 3.7.1 #40018
• Upgrade to Maven Compiler Plugin 3.13.0 #40019
• Upgrade to Micrometer 1.13.0-M2 #39889
• Upgrade to Micrometer Tracing 1.3.0-M2 #39890
• Upgrade to Mockito 5.11.0 #39922
• Upgrade to Neo4j Java Driver 5.18.0 #39933
• Upgrade to OpenTelemetry 1.36.0 #39923
• Upgrade to Postgresql 42.7.3 #40005
• Upgrade to Pulsar 3.2.1 #40006
• Upgrade to R2DBC MariaDB 1.2.0 #39925
• Upgrade to R2DBC MySQL 1.1.2 #40007
• Upgrade to Reactor Bom 2023.0.4 #39908
• Upgrade to Spring AMQP 3.1.3 #39891
• Upgrade to Spring Authorization Server 1.3.0-M3 #39892
• Upgrade to Spring Data Bom 2024.0.0-M2 #39893
• Upgrade to Spring Framework 6.1.5 #39894
• Upgrade to Spring HATEOAS 2.3.0-M1 #39953
• Upgrade to Spring Integration 6.3.0-M2 #39896
• Upgrade to Spring Kafka 3.2.0-M2 #39897
• Upgrade to Spring Pulsar 1.1.0-M2 #39898
• Upgrade to Spring Security 6.3.0-M3 #39899
• Upgrade to Spring Session 3.3.0-M3 #39900
• Upgrade to SQLite JDBC 3.45.2.0 #40008
• Upgrade to Testcontainers 1.19.7 #40009
• Upgrade to WebJars Locator Core 0.58 #39926

❤️ Contributors

Thank you to all the contributors who worked on this release:

@MazizEsa, @PiyalAhmed, @Roiocam, @TheSnoozer, @dreis2211, @eddumelendez, @izeye, @mattrpav, @mhalbritter, @onobc, @snicoll, @timgrohmann, and @wanger26

⭐ New Features

• Add TWENTY_TWO to JavaVersion enum #39825

🐞 Bug Fixes

• Thread name prefix is not always set when using virtual threads #39958
• spring-boot-maven-plugin doesn't work with Java 22 #39927
• Resolving a BuildpackReference created from a URL-like String can fail on Windows #39793
• SpringProfile arbiter fails without a Spring's environment #39786
• bootStartScripts tasks should be an instance of org.gradle.api.tasks.application.CreateStartScripts rather than its superclass org.gradle.jvm.application.tasks.CreateStartScripts #39764
• When using Logback, log messages appear in a single line when application name contains brackets #39564

📔 Documentation

• Document support for Java 22 #40046
• Fix web session javadoc typo #39821
• Fix typo in Custom HTTP Exchange Recording section #39784
• Make description of virtual threads and JVM exit easier to understand by removing "no-non" double-negative #39732

🔨 Dependency Upgrades

• Upgrade to Angus Mail 2.0.3 #39973
• Upgrade to Glassfish JAXB 4.0.5 #39975
• Upgrade to GraphQL Java 21.4 #40021
• Upgrade to Groovy 4.0.20 #39976
• Upgrade to Infinispan 14.0.27.Final #40026
• Upgrade to Jakarta Activation 2.1.3 #39978
• Upgrade to Jakarta Mail 2.1.3 #39979
• Upgrade to Jakarta XML Bind 4.0.2 #39980
• Upgrade to Jaybird 5.0.4.java11 #39981
• Upgrade to Jetty 12.0.7 #39982
• Upgrade to jOOQ 3.18.13 #39983
• Upgrade to Kotlin 1.9.23 #39984
• Upgrade to Lettuce 6.3.2.RELEASE #39985
• Upgrade to Micrometer 1.12.4 #39879
• Upgrade to Micrometer Tracing 1.2.4 #39880
• Upgrade to Neo4j Java Driver 5.18.0 #39936
• Upgrade to Postgresql 42.6.2 #39986
• Upgrade to Pulsar 3.1.3 #39987
• Upgrade to Reactor Bom 2023.0.4 #39907
• Upgrade to Spring AMQP 3.1.3 #39881
• Upgrade to Spring Authorization Server 1.2.3 #39915
• Upgrade to Spring Data Bom 2023.1.4 #39882
• Upgrade to Spring Framework 6.1.5 #39883
• Upgrade to Spring HATEOAS 2.2.1 #39950
• Upgrade to Spring Integration 6.2.3 #39884
• Upgrade to Spring Kafka 3.1.3 #39885
• Upgrade to Spring Pulsar 1.0.4 #39886
• Upgrade to Spring Security 6.2.3 #39887
• Upgrade to Spring Session 3.2.2 #39888
• Upgrade to Testcontainers 1.19.7 #39988

❤️ Contributors

Thank you to all the contributors who worked on this release:

@MazizEsa, @PiyalAhmed, @Roiocam, @dreis2211, @onobc, @snicoll, and @timgrohmann

🐞 Bug Fixes

• When graceful shutdown of Tomcat is aborted it may report that it completed successfully #39942
• Resolving a BuildpackReference created from a URL-like String can fail on Windows #39792
• bootStartScripts tasks should be an instance of org.gradle.api.tasks.application.CreateStartScripts rather than its superclass org.gradle.jvm.application.tasks.CreateStartScripts #39584
• SpringProfile arbiter fails without a Spring's environment #39403

📔 Documentation

• Fix typo in Custom HTTP Exchange Recording section #39777

🔨 Dependency Upgrades

• Upgrade to Awaitility 4.2.1 #39962
• Upgrade to Glassfish JAXB 4.0.5 #39963
• Upgrade to GraphQL Java 20.8 #40020
• Upgrade to Groovy 4.0.20 #39964
• Upgrade to Hazelcast 5.2.5 #39965
• Upgrade to Infinispan 14.0.27.Final #40025
• Upgrade to Jakarta Activation 2.1.3 #39967
• Upgrade to Jakarta Mail 2.1.3 #39968
• Upgrade to Jakarta XML Bind 4.0.2 #39969
• Upgrade to Jaybird 5.0.4.java11 #39970
• Upgrade to jOOQ 3.18.13 #39971
• Upgrade to Micrometer 1.11.10 #39870
• Upgrade to Micrometer Tracing 1.1.11 #39871
• Upgrade to Neo4j Java Driver 5.18.0 #39935
• Upgrade to Postgresql 42.6.2 #39972
• Upgrade to Reactor Bom 2022.0.17 #39906
• Upgrade to Spring AMQP 3.0.12 #39872
• Upgrade to Spring Authorization Server 1.1.6 #39914
• Upgrade to Spring Data Bom 2023.0.10 #39873
• Upgrade to Spring Framework 6.0.18 #39874
• Upgrade to Spring HATEOAS 2.1.4 #39949
• Upgrade to Spring Integration 6.1.7 #39875
• Upgrade to Spring Kafka 3.0.15 #39876
• Upgrade to Spring Security 6.1.8 #39877
• Upgrade to Spring Session 3.1.5 #39878

❤️ Contributors

Thank you to all the contributors who worked on this release:

@PiyalAhmed, @dreis2211, @snicoll, and @timgrohmann

⚠️ Noteworthy

• This release upgrades to Hibernate 6.4.4.Final. While it contains a number of valuable bug fixes, it does not work correctly in a native image. If you are using GraalVM, Hibernate should be temporarily downgraded to 6.4.2.Final using the hibernate.version property.

⭐ New Features

• Use ObservationRequestEventListener in order to support traces when using Jersey #39633
• Configure suitable TaskExecutor for WebSocket when virtual threads are enabled #39611
• Implement HttpClient based Zipkin sender #39545
• Switch to Jersey's jersey-micrometer module for Jersey metrics #39502
• Introduce @BatchTransactionManager to make it easier to configure Spring Batch to use a custom transaction manager #39473
• Add customizer callback for WebHttpHandlerBuilder #39467
• Makes it easier to customize a Servlet-based web server's mime mappings #39430
• Add nameIdFormat to Properties #39395
• Add service connection for Docker Compose and Testcontainers ActiveMQ #39363
• Add Artemis Service Connection for Docker Compose and Testcontainers #39311
• Unify 'observation-enabled' property defaults #39276
• Add ConnectionDetails and Service Connection and Docker-Compose support for LDAP #39258
• Include the environment's default profiles in the env endpoint's response #39257
• Use meta-annotations on @AutoConfigureWebMvc to compose it with @AutoConfigureJson #39253
• Add liquibase ui-service property #39227
• Add conditional bean for jOOQ exception translator #38762
• Add support for Bitnami container images with Docker Compose #35759
• Provide a reactive actuator endpoint for (username indexed) session repositories #32046

🐞 Bug Fixes

• Nested jar URLs can not be resolved if the path contains spaces #39690
• Image building runs for a long time when a long image name is used and the tag contains an illegal character #39639
• Banner printing doesn't respect set charset #39622
• "micrometer.observations.*" configuration properties should be "management.observations.*" #39603
• Metadata reading during configuration class parsing uses the default resource loader rather than the application's resource loader #39599
• WebFlux auto-configuration should only configure the blocking executor when virtual threads are enabled #39542
• Creating a RestClient from a RestTemplateBuilder-created RestTemplate requires double configuration of the baseUrl/rootUri #39536
• Several gson properties, including spring.gson.disable-html-escaping, do not behave correctly when set to false #39525
• Property placeholders aren't resolved when configuration property binding creates a Map from a property value using a converter #39516
• Gradle plugin allows the use of Gradle 7.4 but the documented and tested minimum is 7.5 #39514
• TestcontainersPropertySource assertion has typo #39450
• Webflux actuator endpoints respond with 500 when a parameter is missing #39445
• NoSuchMethod error when using the non-shaded Pulsar client and configuring authentications parameters #39424
• Jetty GracefulShutdown writes to System.out #39365
• Auto-configured ConcurrentPulsarListenerContainerFactory and PulsarConsumerFactory cannot be injected into injection points with specific generic type information #39356
• Building images fails with Docker 25.0 when custom buildpacks are configured #39348
• Startup failure when you have multiple @DynamicPropertySources in Spring Boot 3.2.2 #39346
• Mockito's MockedStatic isn't closed in all cases #39273
• TracingProperties exposes package-private PropagationType from public methods #39269

📔 Documentation

• Add note regarding mixing of bundle-based and direct SSL configuration #39642
• Document that task executor pool size properties are ignored when using virtual threads #39632
• Add link to Pulsar workaround when using environment variables for authentication #39631
• Document default value for show-value configuration properties #39597
• Clarify that configuration properties only apply to the auto-configured OpenTelemetry Resource bean #39517
• Add Javadoc for ServerProperties.mimeMappings #39503
• Update the Debugging Documentation of the Spring Boot Maven Plugin #39423
• Awaitility link in Test Scoped Dependencies is incorrect #39417
• Fixed NestedJarFile constructor javadoc #39338
• Endpoint documentation contains the typo 'Unuthorized' #39281
• Update Revved up by Develocity badge #39264

🔨 Dependency Upgrades

• Upgrade Pulsar to 3.2.0 and use Pulsar BOM #39408
• Upgrade to Artemis 2.32.0 #39695
• Upgrade to AssertJ 3.25.3 #39696
• Upgrade to Brave 6 and Zipkin Reporter 3 #39049
• Upgrade to Byte Buddy 1.14.12 #39697
• Upgrade to Commons Codec 1.16.1 #39698
• Upgrade to Couchbase Client 3.5.3 #39699
• Upgrade to Elasticsearch Client 8.11.4 #39700
• Upgrade to Groovy 4.0.18 #39701
• Upgrade to Hibernate 6.4.4.Final #39702
• Upgrade to HttpClient5 5.3.1 #39703
• Upgrade to Infinispan 14.0.24.Final #39704
• Upgrade to Janino 3.1.12 #39705
• Upgrade to Jetty 12.0.6 #39707
• Upgrade to Jetty Reactive HTTPClient 4.0.3 #39706
• Upgrade to jOOQ 3.19.4 #39708
• Upgrade to JsonPath 2.9.0 #39394
• Upgrade to JUnit Jupiter 5.10.2 #39709
• Upgrade to Kotlin Coroutines 1.8.0 #39710
• Upgrade to Kotlin Serialization 1.6.3 #39711
• Upgrade to Liquibase 4.26.0 #39712
• Upgrade to Log4j2 2.23.0 #39713
• Upgrade to MariaDB 3.3.3 #39714
• Upgrade to Maven Shade Plugin 3.5.2 [#39715](https://github.com/spring...

⚠️ Noteworthy

• This release upgrades to Hibernate 6.4.4.Final. While it contains a number of valuable bug fixes, it does not work correctly in a native image. If you are using GraalVM, Hibernate should be temporarily downgraded to 6.4.2.Final using the hibernate.version property.

🐞 Bug Fixes

• Nested jar URLs can not be resolved if the path contains spaces #39675
• Image building runs for a long time when a long image name is used and the tag contains an illegal character #39638
• Banner printing doesn't respect set charset #39621
• "micrometer.observations.*" configuration properties should be "management.observations.*" #39600
• Metadata reading during configuration class parsing uses the default resource loader rather than the application's resource loader #39598
• Several gson properties, including spring.gson.disable-html-escaping, do not behave correctly when set to false #39524
• Property placeholders aren't resolved when configuration property binding creates a Map from a property value using a converter #39515
• Gradle plugin allows the use of Gradle 7.4 but the documented and tested minimum is 7.5 #39513
• WebFlux auto-configuration should only configure the blocking executor when virtual threads are enabled #39469
• TestcontainersPropertySource assertion has typo #39449
• Webflux actuator endpoints respond with 500 when a parameter is missing #39444
• NoSuchMethod error when using the non-shaded Pulsar client and configuring authentications parameters #39389
• Jetty GracefulShutdown writes to System.out #39360
• Building images fails with Docker 25.0 when custom buildpacks are configured #39347
• Creating a RestClient from a RestTemplateBuilder-created RestTemplate requires double configuration of the baseUrl/rootUri #39317
• Auto-configured ConcurrentPulsarListenerContainerFactory and PulsarConsumerFactory cannot be injected into injection points with specific generic type information #39308
• Startup failure when you have multiple @DynamicPropertySources in Spring Boot 3.2.2 #39297
• Mockito's MockedStatic isn't closed in all cases #39272
• TracingProperties exposes package-private PropagationType from public methods #39268

📔 Documentation

• Add note regarding mixing of bundle-based and direct SSL configuration #39641
• Add link to Pulsar workaround when using environment variables for authentication #39630
• Document that task executor pool size properties are ignored when using virtual threads #39629
• Document default value for show-value configuration properties #39596
• Clarify that configuration properties only apply to the auto-configured OpenTelemetry Resource bean #39509
• Update the Debugging Documentation of the Spring Boot Maven Plugin #39422
• Awaitility link in Test Scoped Dependencies is incorrect #39415
• Fixed NestedJarFile constructor javadoc #39285
• Endpoint documentation contains the typo 'Unuthorized' #39280
• Update Revved up by Develocity badge #39263

🔨 Dependency Upgrades

• Upgrade to Byte Buddy 1.14.12 #39665
• Upgrade to Commons Codec 1.16.1 #39566
• Upgrade to Dropwizard Metrics 4.2.25 #39567
• Upgrade to Groovy 4.0.18 #39568
• Upgrade to Hibernate 6.4.4.Final #39569
• Upgrade to Infinispan 14.0.24.Final #39570
• Upgrade to Jackson Bom 2.15.4 #39666
• Upgrade to Janino 3.1.12 #39571
• Upgrade to Jetty 12.0.6 #39573
• Upgrade to Jetty Reactive HTTPClient 4.0.3 #39572
• Upgrade to jOOQ 3.18.11 #39667
• Upgrade to JsonPath 2.9.0 #39393
• Upgrade to JUnit Jupiter 5.10.2 #39575
• Upgrade to Kotlin Serialization 1.6.3 #39668
• Upgrade to MariaDB 3.3.3 #39669
• Upgrade to Maven Shade Plugin 3.5.2 #39670
• Upgrade to Micrometer 1.12.3 #39474
• Upgrade to Micrometer Tracing 1.2.3 #39475
• Upgrade to Neo4j Java Driver 5.17.0 #39534
• Upgrade to Netty 4.1.107.Final #39576
• Upgrade to Postgresql 42.6.1 #39671
• Upgrade to Pulsar Reactive 0.5.3 #39672
• Upgrade to Reactor Bom 2023.0.3 #39476
• Upgrade to SLF4J 2.0.12 #39577
• Upgrade to Spring AMQP 3.1.2 #39477
• Upgrade to Spring Authorization Server 1.2.2 #39478
• Upgrade to Spring Batch 5.1.1 #39479
• Upgrade to Spring Data Bom 2023.1.3 #39480
• Upgrade to Spring Framework 6.1.4 #39481
• Upgrade to Spring GraphQL 1.2.5 #39482
• Upgrade to Spring Integration 6.2.2 #39483
• Upgrade to Spring Kafka 3.1.2 #39484
• Upgrade to Spring LDAP 3.2.2 #39485
• Upgrade to Spring Pulsar 1.0.3 #39486
• Upgrade to Spring Security 6.2.2 #39487
• Upgrade to Testcontainers 1.19.5 #39578
• Upgrade to Tomcat 10.1.19 #39673
• Upgrade to Undertow 2.3.12.Final #39674

❤️ Contributors

Thank you to all the contributors who worked on this release:

@PiyalAhmed, @Tish17, @amritagg, @dependabot[bot], @eddumelendez, @erichaagdev, @gdmrw, @jonas-grgt, @kilink, @lukasdo, @okohub, @onobc, @ramilS, @slovi, @smurf667, @snicoll, @totti-dev, @vj-atlassian, @vjh0107, @wanger26, and @xpmxf4

⚠️ Noteworthy

• This release upgrades to Hibernate 6.2.22.Final. While it contains a number of valuable bug fixes, it does not work correctly in a native image. If you are using GraalVM, Hibernate should be temporarily downgraded to 6.2.20.Final using the hibernate.version property.

🐞 Bug Fixes

• Image building runs for a long time when a long image name is used and the tag contains an illegal character #39617
• Banner printing doesn't respect set charset #39601
• Gradle plugin allows the use of Gradle 7.4 but the documented and tested minimum is 7.5 #39508
• Property placeholders aren't resolved when configuration property binding creates a Map from a property value using a converter #39507
• Several gson properties, including spring.gson.disable-html-escaping, do not behave correctly when set to false #39504
• TestcontainersPropertySource assertion has typo #39440
• Building images fails with Docker 25.0 when custom buildpacks are configured #39323
• Metadata reading during configuration class parsing uses the default resource loader rather than the application's resource loader #39321
• Mockito's MockedStatic isn't closed in all cases #39271
• TracingProperties exposes package-private PropagationType from public methods #39265
• Webflux actuator endpoints respond with 500 when a parameter is missing #39236

📔 Documentation

• Add note regarding mixing of bundle-based and direct SSL configuration #39616
• Document default value for show-value configuration properties #39589
• Update the Debugging Documentation of the Spring Boot Maven Plugin #39392
• Endpoint documentation contains the typo 'Unuthorized' #39279
• Update Revved up by Develocity badge #39242

🔨 Dependency Upgrades

• Upgrade to Byte Buddy 1.14.12 #39659
• Upgrade to Dropwizard Metrics 4.2.25 #39553
• Upgrade to Groovy 4.0.18 #39554
• Upgrade to Hibernate 6.2.22.Final #39555
• Upgrade to Infinispan 14.0.24.Final #39556
• Upgrade to Jackson Bom 2.15.4 #39660
• Upgrade to Janino 3.1.12 #39557
• Upgrade to Jetty 11.0.20 #39559
• Upgrade to Jetty Reactive HTTPClient 3.0.12 #39558
• Upgrade to jOOQ 3.18.11 #39661
• Upgrade to JsonPath 2.9.0 #39328
• Upgrade to Micrometer 1.11.9 #39454
• Upgrade to Micrometer Tracing 1.1.10 #39455
• Upgrade to Neo4j Java Driver 5.17.0 #39551
• Upgrade to Netty 4.1.107.Final #39561
• Upgrade to Postgresql 42.6.1 #39662
• Upgrade to Reactor Bom 2022.0.16 #39456
• Upgrade to SLF4J 2.0.12 #39562
• Upgrade to Spring AMQP 3.0.11 #39457
• Upgrade to Spring Authorization Server 1.1.5 #39458
• Upgrade to Spring Batch 5.0.5 #39459
• Upgrade to Spring Data Bom 2023.0.9 #39460
• Upgrade to Spring Framework 6.0.17 #39461
• Upgrade to Spring GraphQL 1.2.5 #39462
• Upgrade to Spring Integration 6.1.6 #39463
• Upgrade to Spring Kafka 3.0.14 #39464
• Upgrade to Spring LDAP 3.1.4 #39465
• Upgrade to Spring Security 6.1.7 #39466
• Upgrade to Tomcat 10.1.19 #39663
• Upgrade to Undertow 2.3.12.Final #39664

❤️ Contributors

Thank you to all the contributors who worked on this release:

@amritagg, @dependabot[bot], @erichaagdev, @gdmrw, @lukasdo, @smurf667, @snicoll, @totti-dev, @vj-atlassian, @vjh0107, and @wanger26

⭐ New Features

• Auto-configure TypeDefinitionConfigurer beans for GraphQL apps #39118
• Create multiple registrations for beans that implement multiple Servlet API contracts #39056
• Remove APIs that were deprecated for removal in 3.3 #39039
• Remove dependency management for Dropwizard Metrics #39034
• Add configuration property "spring.task.execution.pool.shutdown.accept-tasks-after-context-close" #38968
• Autoconfigure Undertow/XNIO for virtual thread support #38819
• Add client-id and subscription-durable properties for JMS connections #38817
• Add property for maximum number of reactive sessions #38703
• Add support for the @SpanTag annotation #38662
• Add configuration option for path inclusion in DefaultErrorAttributes #38619
• Add configuration properties for cluster-level failover with Apache Pulsar #38559
• Change Health.down(Exception) factory method to Health.down(Throwable), aligning with Health.Builder.down(Throwable) #38550
• Make spring.config.activate.on-cloud-platform=none match when the current cloud platform is null #38510
• Add ProcessInfoContributor #38371
• Add possibility to configure a custom ExecutionContextSerializer in BatchAutoConfiguration #38328
• Remove deprecated support for FailureAnalyzer setter injection #38322
• Use unknown_service as default application name for OpenTelemetry #38219
• Auto-configure a JwtAuthenticationConverter #38105
• Fail configuration property metadata processing when additional metadata has unexpected content #37597
• Add local and tag correlation fields #37435
• Use request.requestPath().value() to populate path error attribute with WebFlux #37269
• Improve log messages to use the singular or plural forms instead of "noun(s)" #37017
• Add 'observation-enabled' properties for RabbitMQ #36451
• Make WebServers' started log messages more consistent #36149
• Add property to configure the queue size for Tomcat #36087

🐞 Bug Fixes

• Even when spring.security.user.name or spring.security.user.password has been configured, user details auto-configuration still backs off when resource server is on the classpath #39239
• JarEntry.getComment() returns incorrect result from NestedJarFile instances #39226
• Oracle OJDBC BOM version is flagged not for production use #39225
• MockRestServiceServerAutoConfiguration with RestTemplate and RestClient together throws incorrect exception #39198
• SslBundle implementations do not provide useful toString() results #39168
• Mixing PEM and JKS certificate material in server.ssl properties does not work #39159
• Containers are not started when using @ImportTestcontainers #39151
• Having AspectJ and Micrometer on the classpath is not a strong enough signal to enable support for Micrometer observation annotations #39132
• Actuator endpoints with no operations that use selectors are not accessible when mapped to / #39123
• spring-boot-maven-plugin repackage uber jar execution fails when jar is put on WSL network drive #39121
• Spring Boot 3.2 app that uses WebFlux, Security, and Actuator may fail to start due to a missing authentication manager #39117
• @ConfigurationPropertiesBinding converters that rely on initial CharSequence to String conversion no longer work #39115
• management.observations.http.server.requests.name no longer has any effect #39106
• Configuring server.jetty.max-connections has no effect #39080
• spring.rabbitmq.listener.stream.auto-startup property has no effect #39079
• Connection leak when using jOOQ and spring.jooq.sql-dialect has not been set #39077
• Error mark in the log message for PatternParseException is in the wrong place #39076
• Manifest attributes cannot be resolved with the new loader implementation #39071

📔 Documentation

• Improve "Sanitize Sensitive Values" section in reference documentation #39200
• Update CRaC support status link #39173
• Fix link to Log4j2's JDK logging adapter documentation #39172
• Document virtual threads limitations #39169
• Polish reference documentation #39157
• Use the term "tags" in documentation consistently #39152
• Update links to Micrometer docs in metrics section of reference docs #39150
• Remove entry for OCI starter as it is no longer maintained #39145
• Correct the documentation on injecting dependencies into FailureAnalyzer implementations #39101
• Fix typos #38983

🔨 Dependency Upgrades

• Upgrade to AssertJ 3.25.1 #38997
• Upgrade to Brave 5.17.1 #39201
• Upgrade to Build Helper Maven Plugin 3.5.0 #38999
• Upgrade to Byte Buddy 1.14.11 #39000
• Upgrade to Classmate 1.7.0 #39001
• Upgrade to Commons DBCP2 2.11.0 #39002
• Upgrade to Commons Lang3 3.14.0 #39003
• Upgrade to Groovy 4.0.17 #39005
• Upgrade to HikariCP 5.1.0 #39006
• Upgrade to InfluxDB Java 2.24 #39008
• Upgrade to Jackson Bom 2.16.1 #39009
• Upgrade to JMustache 1.16 #39011
• Upgrade to jOOQ 3.19.2 #39202
• Upgrade to Kotlin 1.9.22 #39013
• Upgrade to Lettuce 6.3.1.RELEASE #39203
• Upgrade to Liquibase 4.25.1 #39014
• Upgrade to Log4j2 2.22.1 #39015
• Upgrade to MariaDB 3.3.2 #39146
• Upgrade to MariaDB 3.3.2 #39016
• Upgrade to Maven Compiler Plugin 3.12.1 #39017
• Upgrade to Maven Failsafe Plugin 3.2.5 #39204
• Upgrade to Maven Surefire Plugin 3.2.5 #39205
• Upgrade to Micrometer 1.12.2 [#39097](https...