🗒️ Noteworthy Changes
Nimbus JOSE JWT
In versions 5.4.4 and earlier, Spring Security 5.4.x depended on versions of oauth2-oidc-sdk
and nimbus-jose-jwt
that were not compatible with each other. This was corrected in Spring Security 5.4.5 by downgrading from nimbus-jose-jwt
9.x to 8.x. A similar change has been made to Spring Boot's dependency management in this release. If you were relying on nimbus-jose-jwt
9.x, you can restore the 9.x version using the nimbus-jose-jwt.version
property.
🪲 Bug Fixes
- DataSourceBuilder no longer invokes setUser on org.postgresql.ds.PGSimpleDataSource #25363
- DatabaseDriver does not detect Amazon Redshift correctly #25312
- Migrations performed by Flyway or Liquibase may not have completed before the database is accessed via jOOQ #25310
- No error message when using spring.profiles.include in a profile-specific config file if it's written as a YAML list #25309
- Dependency management for Hibernate's new hibernate-micrometer module is missing #25305
- DataSourceBuilder no longer invokes setUser on org.h2.jdbcx.JdbcDataSource #25263
- Missing RabbitMQ metrics if bean is defined as a ConnectionFactory #25185
- A ContextRefreshedEvent from a child context may result in deadlock when using JPA deferred repositories #25174
- Gradle plugin does not include transitive project dependencies into application layer #25163
- initQueryTimeout and ildeTimeout defaults are not aligned with Cassandra defaults #25150
- Remote application from devtools does not work with security filter in WebSecurityConfigurerAdapter #25147
- TestRestTemplate exchange triggers UnsupportedOperationException when using a UriTemplateRequestEntity #25097
- WebMvcTest and WebFluxTest ignore user-provided Thymeleaf IDialect beans #25072
- Managed versions of oauth2-oidc-sdk and nimbus-jose-jwt are incompatible #25070
- BeanCreationException thrown creating 'neo4jMappingContext' with Spring Boot 2.4.2 when combined with MongoDB #25069
- Collection conversion doesn't work for configtree properties #25057
- ConfigData with Option.IGNORE_IMPORTS can cause NPE #25029
- spring.config.activate.on-profile cannot be used in profile specific file #24990
- ConfigDataLoaders cannot have a DeferredLogFactory injected preventing their subcomponents from logging accurately #24988
- Spring Data Solr support is not flagged as deprecated #24943
- Since 2.4.2, the Logback charset defaults to UTF-8 rather than the OS's default #24894
- InvalidConfigDataPropertyException thrown when server processed ConfigData contains profiles #24890
- When spring.mvc.pathmatch.matching-strategy is set to path-pattern-parser, the error handling of a management server listening on a separate port is broken #24877
- mappings endpoint fails due to an NPE when spring.mvc.pathmatch.matching-strategy is set to path-pattern-parser #24874
- Failures when recording metrics in MetricsClientHttpRequestInterceptor may interfere with RestTemplate's main behaviour #24872
- Auto-configured DataSourceTransactionManager uses spring.dao.exceptiontranslation.enable rather than spring.dao.exceptiontranslation.enabled to control exception translation #24867
- Illegal reflective access by org.springframework.cglib.core.ReflectUtils #24857
- Configuration metadata for logging.charset.* has invalid reference for java.nio.charset.Charset #24851
- Asynchronous deserialization performed by Hazelcast may fail due to the wrong ClassLoader being used #24836
📔 Documentation
- Update the Gradle plugin documentation to recommend the maven-publish plugin over the maven plugin #25307
- Document Kafka Streams metrics support #25297
- Default values of integer properties in the application properties appendix are rendered as decimals #25176
- Clarify usage of BufferingApplicationStartup #25075
- Since 2.3.8 and 2.4.2, the documented index format does not match the implementation #25066
- Clarify when retaining . characters in property keys requires bracket notation to be used #25064
- Highlight that Duration and Period conversion is provided by the ApplicationConversionService and, by default, is not available for web conversion #25061
- Document logging.register-shutdown-hook and why you may want to enable it #25044
- bootRun project property command line example is incomplete #25042
- Document the need to use the launcher to be able to use application.* properties in a custom banner #25040
- Add some guidance to the reference documentation about diagnosing unexpected property values #25038
- WebMvcProperties.MatchingStrategy should be documented as being since 2.4.0 #24875
- CONTRIBUTING.adoc contains broken link to spring-javaformat-intellij-idea-plugin #24869
- Add version to reference docs index #24854
- Remove YAML shortcomings section as it no longer applies #24620
🔨 Dependency Upgrades
- Upgrade to ActiveMQ 5.16.1 #25205
- Upgrade to AppEngine SDK 1.9.86 #25206
- Upgrade to Byte Buddy 1.10.20 #25207
- Upgrade to FreeMarker 2.3.31 #25338
- Upgrade to Hibernate 5.4.28.Final #25208
- Upgrade to Infinispan 11.0.9.Final #25209
- Upgrade to Janino 3.1.3 #25210
- Upgrade to Jaybird 3.0.10 #25211
- Upgrade to Jetty 9.4.36.v20210114 #25212
- Upgrade to Johnzon 1.2.10 #25213
- Upgrade to jOOQ 3.14.7 #25214
- Upgrade to JUnit 4.13.2 #25339
- Upgrade to JUnit Jupiter 5.7.1 #25215
- Upgrade to Kotlin 1.4.30 #25216
- Upgrade to Lombok 1.18.18 #25217
- Upgrade to MariaDB 2.7.2 #25218
- Upgrade to Micrometer 1.6.4 #25291
- Upgrade to MySQL 8.0.23 #25219
- Upgrade to Netty 4.1.59.Final #25220
- Upgrade to Reactor 2020.0.4 #25286
- Upgrade to RxJava2 2.2.21 #25340
- Upgrade to Spring AMQP 2.3.5 #25290
- Upgrade to Spring Data 2020.0.5 #25002
- Upgrade to Spring Framework 5.3.4 #24998
- Upgrade to Spring HATEOAS 1.2.4 #25341
- Upgrade to Spring Integration 5.4.4 #25289
- Upgrade to Spring Kafka 2.6.6 #25292
- Upgrade to Spring Security 5.4.5 #25221
- Upgrade to Spring Session Bom 2020.0.3 #25222
- Upgrade to Tomcat 9.0.43 #25223
- Upgrade to Undertow 2.2.4.Final #25224
❤️ Contributors
We'd like to thank all the contributors who worked on this release!