Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.4

:lady_beetle: Bug Fixes

• LambdaSafe.withFilter is not public #46474
• Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #46402
• Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #46398
• Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #46351
• Change in DefaultErrorAttributes alters the shape of API validation error responses #46260
• jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #46225
• developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #46205
• Hash calculation for uber archive entries that require unpacking is inefficient #46203
• Permissions are applied inconsistently when building uber archives with Gradle #46194
• Environment variables using legacy dash format can no longer be bound #46184
• EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #46180
• Executable JAR application class encounters performance issues #46177
• Executable JAR application class encounters performance issues #46176
• Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #46174
• Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #46170
• SslInfo does not use its Clock when checking certificate validity #46011

:notebook_with_decorative_cover: Documentation

• Fix description of spring.batch.job.enabled #46247
• Fix broken Kotlin examples in reference documentation #46168
• Add Logback Access Reactor Netty to community starters #46060

:hammer: Dependency Upgrades

• Upgrade to ActiveMQ 6.1.7 #46373
• Upgrade to Caffeine 3.2.2 #46432
• Upgrade to Couchbase Client 3.8.2 #46460
• Upgrade to GraphQL Java 24.1 #46395
• Upgrade to Groovy 4.0.28 #46516
• Upgrade to Hibernate 6.6.22.Final #46492
• Upgrade to HikariCP 6.3.1 #46493
• Upgrade to Infinispan 15.2.5.Final #46461
• Upgrade to Jackson Bom 2.19.2 #46494
• Upgrade to Jetty 12.0.23 #46375
• Upgrade to MariaDB 3.5.4 #46376
• Upgrade to Maven Invoker Plugin 3.9.1 #46377
• Upgrade to Micrometer 1.15.2 #46280
• Upgrade to Micrometer Tracing 1.5.2 #46281
• Upgrade to MSSQL JDBC 12.10.1.jre11 #46378
• Upgrade to MySQL 9.3.0 #46371
• Upgrade to Neo4j Java Driver 5.28.9 #46434
• Upgrade to Netty 4.1.123.Final #46435
• Upgrade to Prometheus Client 1.3.10 #46379
• Upgrade to Reactor Bom 2024.0.8 #46282
• Upgrade to RxJava3 3.1.11 #46380
• Upgrade to Spring AMQP 3.2.6 #46283

... (truncated)

• 925f9bc Release v3.5.4
• d82fb35 Merge branch '3.4.x' into 3.5.x
• 4b6064f Next development version (v3.4.9-SNAPSHOT)
• a39c8f0 Merge branch '3.4.x' into 3.5.x
• 99d53de Upgrade to Spring Integration 6.5.1
• 1b4aad5 Upgrade to Groovy 4.0.28
• 3f0f79b Upgrade to Spring Integration 6.4.6
• ff8443c Upgrade to Groovy 4.0.28
• aed8550 Merge branch '3.4.x' into 3.5.x
• 5406976 Apply commercial input consistently
• Additional commits viewable in compare view

Sourced from com.sap.cloud.security:java-bom's releases.

3.6.1

• Fix spring retry configuration for token service
• added documentation of retry feature to README
• Improve error message when client certificate for proof token validation is missing

Dependency upgrades

• Bump org.eclipse.jetty.version from 12.0.21 to 12.0.22
• bump caffeine version to 3.2.0
• Bump org.mockito:mockito-core from 5.17.0 to 5.18.0
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5
• Bump com.sap.cloud.environment.servicebinding:java-bom
• Bump org.json:json from 20250107 to 20250517
• Bump commons-io:commons-io from 2.18.0 to 2.19.0
• Bump spring.core.version from 6.2.5 to 6.2.7
• Bump io.github.hakky54:logcaptor from 2.10.2 to 2.11.0
• Bump spring.security.version from 6.4.4 to 6.4.5
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.3 to 5.4.4
• Bump spring.boot.version from 3.4.4 to 3.4.5
• Bump org.wiremock:wiremock-standalone from 3.12.1 to 3.13.0
• Bump org.eclipse.jetty.version from 12.0.19 to 12.0.21
• Bump io.projectreactor:reactor-test from 3.7.4 to 3.7.6
• Bump io.projectreactor:reactor-core from 3.7.4 to 3.7.6

Sourced from com.sap.cloud.security:java-bom's changelog.

3.6.1

• Fix spring retry configuration for token service
• added documentation of retry feature to README
• Improve error message when client certificate for proof token validation is missing

Dependency upgrades

Bump org.eclipse.jetty.version from 12.0.21 to 12.0.22 bump caffeine version to 3.2.0 Bump org.mockito:mockito-core from 5.17.0 to 5.18.0 Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5 Bump com.sap.cloud.environment.servicebinding:java-bom Bump org.json:json from 20250107 to 20250517 Bump commons-io:commons-io from 2.18.0 to 2.19.0 Bump spring.core.version from 6.2.5 to 6.2.7 Bump io.github.hakky54:logcaptor from 2.10.2 to 2.11.0 Bump spring.security.version from 6.4.4 to 6.4.5 Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.3 to 5.4.4 Bump spring.boot.version from 3.4.4 to 3.4.5 Bump org.wiremock:wiremock-standalone from 3.12.1 to 3.13.0 Bump org.eclipse.jetty.version from 12.0.19 to 12.0.21 Bump io.projectreactor:reactor-test from 3.7.4 to 3.7.6 Bump io.projectreactor:reactor-core from 3.7.4 to 3.7.6

• 6b0e5f3 remove repository config for old sonatype plugin (#1821)
• 594a6ec Maven central preparation (#1819)
• e2eb108 added version references to POMs and other minor informations (#1815)
• a52b788 Set release version to 3.6.1 (#1812)
• 4d50c95 Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.0 to 4.9.3.1 (#1799)
• f661cec Bump org.apache.maven.plugins:maven-pmd-plugin from 3.26.0 to 3.27.0 (#1800)
• fb1de53 Bump spring.security.version from 6.5.0 to 6.5.1 (#1797)
• db8bb45 Bump spring.boot.version from 3.5.0 to 3.5.3 (#1798)
• 1244f0b Bump log4j2.version from 2.24.3 to 2.25.0 (#1796)
• 0118972 Bump spring.core.version from 6.2.7 to 6.2.8 (#1795)
• Additional commits viewable in compare view

Sourced from org.codehaus.mojo:flatten-maven-plugin's releases.

1.7.2

🐛 Bug Fixes

• Create missing target directories, use NIO for file block operations (#471) @​slawekjaranowski

📝 Documentation updates

• Clarify example in usage about updatePomFile behavior (#477) @​slawekjaranowski

👻 Maintenance

• Add stale GitHub Action (#476) @​slawekjaranowski
• Add Maven 4 to build matrix on GitHub Actions (#474) @​slawekjaranowski
• Improve assertions in no-overwrite tests (#475) @​slawekjaranowski
• Add a missing plugin version in ITS (#473) @​slawekjaranowski
• Add integration test for install and deploy flattened pom (#472) @​slawekjaranowski

📦 Dependency updates

• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#470) @dependabot[bot]
• Bump mavenVersion from 3.9.10 to 3.9.11 (#467) @dependabot[bot]
• Bump com.fasterxml.jackson.core:jackson-core from 2.3.3 to 2.15.0 in /src/it/projects/bom-flattenMode/bom (#464) @dependabot[bot]
• Bump com.fasterxml.jackson.core:jackson-core from 2.13.0 to 2.15.0 in /src/it/projects/bom-pomElements/bom (#463) @dependabot[bot]

• 9d80041 [maven-release-plugin] prepare release 1.7.2
• 6c62863 Clarify example in usage about updatePomFile behavior
• fc35f4c Add stale GitHub Action
• 0fb1ea0 Add Maven 4 to build matrix on GitHub Actions (#474)
• 35e0e0c Improve assertions in no-overwrite tests
• e193a20 Add a missing plugin version in ITS
• 87009a4 Add integration test for install and deploy flattened pom
• e02117c Create missing target directories, use NIO for file block operations
• f9289bf Bump commons-io:commons-io from 2.19.0 to 2.20.0
• 227ae5e Bump mavenVersion from 3.9.10 to 3.9.11
• Additional commits viewable in compare view

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.6.1

🚀 New features and improvements

• Improve performance of transitive dependency checks (#904) @​harrisric

🐛 Bug Fixes

• Fix NPE when a classifier part is specified in bannedDependencies (#905) @​harrisric

📝 Documentation updates

• Move contributing information into README (#911) @​slawekjaranowski
• Rewrite CONTRIBUTING.md to use the Github issue tracker instead of JIRA (#898) @​elharo

👻 Maintenance

• Remove unused javax.annotations dependency (#899) @​elharo
• Remove unused methods (#900) @​elharo
• Remove the from parameter names (#901) @​elharo
• Fix a grab bag of typos and minor grammar errors (#897) @​elharo
• remove unneeded contains check as add already does that (#896) @​elharo

📦 Dependency updates

• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#910) @dependabot[bot]

• 9b9b705 [maven-release-plugin] prepare release enforcer-3.6.1
• 469f45c Move contributing information into README - fix cla link
• fec424a Move contributing information into README
• 3abe11d Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#910)
• d58be76 Improve performance of transitive dependency checks (#904)
• 1f7ac3c null analysis (#907)
• 3bfbff8 Fix some typos
• 8da0311 Remove unused javax.annotations dependency (#899)
• 06bcf29 Remove unused methods (#900)
• b25c800 Fix NPE when a classifier part is specified but an artifact classifier is nul...
• Additional commits viewable in compare view

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.4

:lady_beetle: Bug Fixes

• LambdaSafe.withFilter is not public #46474
• Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #46402
• Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #46398
• Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #46351
• Change in DefaultErrorAttributes alters the shape of API validation error responses #46260
• jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #46225
• developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #46205
• Hash calculation for uber archive entries that require unpacking is inefficient #46203
• Permissions are applied inconsistently when building uber archives with Gradle #46194
• Environment variables using legacy dash format can no longer be bound #46184
• EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #46180
• Executable JAR application class encounters performance issues #46177
• Executable JAR application class encounters performance issues #46176
• Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #46174
• Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #46170
• SslInfo does not use its Clock when checking certificate validity #46011

:notebook_with_decorative_cover: Documentation

• Fix description of spring.batch.job.enabled #46247
• Fix broken Kotlin examples in reference documentation #46168
• Add Logback Access Reactor Netty to community starters #46060

:hammer: Dependency Upgrades

• Upgrade to ActiveMQ 6.1.7 #46373
• Upgrade to Caffeine 3.2.2 #46432
• Upgrade to Couchbase Client 3.8.2 #46460
• Upgrade to GraphQL Java 24.1 #46395
• Upgrade to Groovy 4.0.28 #46516
• Upgrade to Hibernate 6.6.22.Final #46492
• Upgrade to HikariCP 6.3.1 #46493
• Upgrade to Infinispan 15.2.5.Final #46461
• Upgrade to Jackson Bom 2.19.2 #46494
• Upgrade to Jetty 12.0.23 #46375
• Upgrade to MariaDB 3.5.4 #46376
• Upgrade to Maven Invoker Plugin 3.9.1 #46377
• Upgrade to Micrometer 1.15.2 #46280
• Upgrade to Micrometer Tracing 1.5.2 #46281
• Upgrade to MSSQL JDBC 12.10.1.jre11 #46378
• Upgrade to MySQL 9.3.0 #46371
• Upgrade to Neo4j Java Driver 5.28.9 #46434
• Upgrade to Netty 4.1.123.Final #46435
• Upgrade to Prometheus Client 1.3.10 #46379
• Upgrade to Reactor Bom 2024.0.8 #46282
• Upgrade to RxJava3 3.1.11 #46380
• Upgrade to Spring AMQP 3.2.6 #46283

... (truncated)

• 925f9bc Release v3.5.4
• d82fb35 Merge branch '3.4.x' into 3.5.x
• 4b6064f Next development version (v3.4.9-SNAPSHOT)
• a39c8f0 Merge branch '3.4.x' into 3.5.x
• 99d53de Upgrade to Spring Integration 6.5.1
• 1b4aad5 Upgrade to Groovy 4.0.28
• 3f0f79b Upgrade to Spring Integration 6.4.6
• ff8443c Upgrade to Groovy 4.0.28
• aed8550 Merge branch '3.4.x' into 3.5.x
• 5406976 Apply commercial input consistently
• Additional commits viewable in compare view

Sourced from com.sap.cloud.security:java-bom's releases.

3.6.1

• Fix spring retry configuration for token service
• added documentation of retry feature to README
• Improve error message when client certificate for proof token validation is missing

Dependency upgrades

• Bump org.eclipse.jetty.version from 12.0.21 to 12.0.22
• bump caffeine version to 3.2.0
• Bump org.mockito:mockito-core from 5.17.0 to 5.18.0
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5
• Bump com.sap.cloud.environment.servicebinding:java-bom
• Bump org.json:json from 20250107 to 20250517
• Bump commons-io:commons-io from 2.18.0 to 2.19.0
• Bump spring.core.version from 6.2.5 to 6.2.7
• Bump io.github.hakky54:logcaptor from 2.10.2 to 2.11.0
• Bump spring.security.version from 6.4.4 to 6.4.5
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.3 to 5.4.4
• Bump spring.boot.version from 3.4.4 to 3.4.5
• Bump org.wiremock:wiremock-standalone from 3.12.1 to 3.13.0
• Bump org.eclipse.jetty.version from 12.0.19 to 12.0.21
• Bump io.projectreactor:reactor-test from 3.7.4 to 3.7.6
• Bump io.projectreactor:reactor-core from 3.7.4 to 3.7.6

Sourced from com.sap.cloud.security:java-bom's changelog.

3.6.1

• Fix spring retry configuration for token service
• added documentation of retry feature to README
• Improve error message when client certificate for proof token validation is missing

Dependency upgrades

Bump org.eclipse.jetty.version from 12.0.21 to 12.0.22 bump caffeine version to 3.2.0 Bump org.mockito:mockito-core from 5.17.0 to 5.18.0 Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5 Bump com.sap.cloud.environment.servicebinding:java-bom Bump org.json:json from 20250107 to 20250517 Bump commons-io:commons-io from 2.18.0 to 2.19.0 Bump spring.core.version from 6.2.5 to 6.2.7 Bump io.github.hakky54:logcaptor from 2.10.2 to 2.11.0 Bump spring.security.version from 6.4.4 to 6.4.5 Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.3 to 5.4.4 Bump spring.boot.version from 3.4.4 to 3.4.5 Bump org.wiremock:wiremock-standalone from 3.12.1 to 3.13.0 Bump org.eclipse.jetty.version from 12.0.19 to 12.0.21 Bump io.projectreactor:reactor-test from 3.7.4 to 3.7.6 Bump io.projectreactor:reactor-core from 3.7.4 to 3.7.6

• 6b0e5f3 remove repository config for old sonatype plugin (#1821)
• 594a6ec Maven central preparation (#1819)
• e2eb108 added version references to POMs and other minor informations (#1815)
• a52b788 Set release version to 3.6.1 (#1812)
• 4d50c95 Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.0 to 4.9.3.1 (#1799)
• f661cec Bump org.apache.maven.plugins:maven-pmd-plugin from 3.26.0 to 3.27.0 (#1800)
• fb1de53 Bump spring.security.version from 6.5.0 to 6.5.1 (#1797)
• db8bb45 Bump spring.boot.version from 3.5.0 to 3.5.3 (#1798)
• 1244f0b Bump log4j2.version from 2.24.3 to 2.25.0 (#1796)
• 0118972 Bump spring.core.version from 6.2.7 to 6.2.8 (#1795)
• Additional commits viewable in compare view

Sourced from org.codehaus.mojo:flatten-maven-plugin's releases.

1.7.2

🐛 Bug Fixes

• Create missing target directories, use NIO for file block operations (#471) @​slawekjaranowski

📝 Documentation updates

• Clarify example in usage about updatePomFile behavior (#477) @​slawekjaranowski

👻 Maintenance

• Add stale GitHub Action (#476) @​slawekjaranowski
• Add Maven 4 to build matrix on GitHub Actions (#474) @​slawekjaranowski
• Improve assertions in no-overwrite tests (#475) @​slawekjaranowski
• Add a missing plugin version in ITS (#473) @​slawekjaranowski
• Add integration test for install and deploy flattened pom (#472) @​slawekjaranowski

📦 Dependency updates

• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#470) @dependabot[bot]
• Bump mavenVersion from 3.9.10 to 3.9.11 (#467) @dependabot[bot]
• Bump com.fasterxml.jackson.core:jackson-core from 2.3.3 to 2.15.0 in /src/it/projects/bom-flattenMode/bom (#464) @dependabot[bot]
• Bump com.fasterxml.jackson.core:jackson-core from 2.13.0 to 2.15.0 in /src/it/projects/bom-pomElements/bom (#463) @dependabot[bot]

• 9d80041 [maven-release-plugin] prepare release 1.7.2
• 6c62863 Clarify example in usage about updatePomFile behavior
• fc35f4c Add stale GitHub Action
• 0fb1ea0 Add Maven 4 to build matrix on GitHub Actions (#474)
• 35e0e0c Improve assertions in no-overwrite tests
• e193a20 Add a missing plugin version in ITS
• 87009a4 Add integration test for install and deploy flattened pom
• e02117c Create missing target directories, use NIO for file block operations
• f9289bf Bump commons-io:commons-io from 2.19.0 to 2.20.0
• 227ae5e Bump mavenVersion from 3.9.10 to 3.9.11
• Additional commits viewable in compare view

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.6.1

🚀 New features and improvements

• Improve performance of transitive dependency checks (#904) @​harrisric

🐛 Bug Fixes

• Fix NPE when a classifier part is specified in bannedDependencies (#905) @​harrisric

📝 Documentation updates

• Move contributing information into README (#911) @​slawekjaranowski
• Rewrite CONTRIBUTING.md to use the Github issue tracker instead of JIRA (#898) @​elharo

👻 Maintenance

• Remove unused javax.annotations dependency (#899) @​elharo
• Remove unused methods (#900) @​elharo
• Remove the from parameter names (#901) @​elharo
• Fix a grab bag of typos and minor grammar errors (#897) @​elharo
• remove unneeded contains check as add already does that (#896) @​elharo

📦 Dependency updates

• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#910) @dependabot[bot]

• 9b9b705 [maven-release-plugin] prepare release enforcer-3.6.1
• 469f45c Move contributing information into README - fix cla link
• fec424a Move contributing information into README
• 3abe11d Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#910)
• d58be76 Improve performance of transitive dependency checks (#904)
• 1f7ac3c null analysis (#907)
• 3bfbff8 Fix some typos
• 8da0311 Remove unused javax.annotations dependency (#899)
• 06bcf29 Remove unused methods (#900)
• b25c800 Fix NPE when a classifier part is specified but an artifact classifier is nul...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions