Spring Boot 2.6 Release Notes
Pages 168
-
- Spring Boot 2.6 Release Notes
- Upgrading from Spring Boot 2.5
- Deprecations from Spring Boot 2.4
- Circular References Prohibited by Default
- PathPattern Based Path Matching Strategy for Spring MVC
- Actuator Env InfoContributor Disabled by Default
- Application Startup
- Web Resources Configuration
- Dependency Management Removals
- JBoss Transaction SPI
- Nimbus DS
- HAL Browser
- Prometheus Version Property
- Embedded Mongo
- Oracle Database Driver Dependency Management
- Vault-related Flyway Properties Removed
- WebFlux Session Properties
- Elasticsearch Property Consolidation
- @Persistent no longer considered with Spring Data Couchbase
- Maven Build Info’s Default Time
- Records and @ConfigurationProperties
- Deferred OpenID Connect Discovery
- Minimum Requirements Changes
- New and Noteworthy
- SameSite Cookie Attribute Servlet Support
- Reactive Server Session Properties
- Pluggable Sanitization Rules
- Java Runtime Information
- Build Info Property Exclusions
- Health Support
- Additional Path on Main or Management Port
- Composite Contributor Include/Exclude Support
- Metrics Support
- Application Startup
- Disk Space
- Task Execution and Scheduling
- Jetty Connection and SSL
- Exporting to the Dynatrace v2 API
- Docker Image Building Support
- Additional Image Tags
- Network Configuration
- Cache Configuration
- Auto-configuration for Spring Data Envers
- Redis Connection Pooling
- Auto-configuration for spring-rabbit-stream
- Support for PEM format in Kafka SSL Properties
- Improved Configuration of the Maven Plugin’s Start Goal
- Auto-configured Spring Web Service Server Tests
- MessageSource-based Interpolation of Bean Validation Messages
- Using WebTestClient for Testing Spring MVC
- Spring Integration PollerMetadata Properties
- Support for Log4j2’s Composite Configuration
- Dependency Upgrades
- Miscellaneous
- Deprecations in Spring Boot 2.6.0
Clone this wiki locally
Spring Boot 2.6 Release Notes
Upgrading from Spring Boot 2.5
Deprecations from Spring Boot 2.4
Classes, methods and properties that were deprecated in Spring Boot 2.4 have been removed in this release. Please ensure that you aren’t calling deprecated methods before upgrading.
Circular References Prohibited by Default
Circular references between beans are now prohibited by default.
If your application fails to start due to a BeanCurrentlyInCreationException you are strongly encouraged to update your configuration to break the dependency cycle.
If you are unable to do so, circular references can be allowed again by setting spring.main.allow-circular-references to true, or using the new setter methods on SpringApplication and SpringApplicationBuilder
This will restore 2.5’s behaviour and automatically attempt to break the dependency cycle.
PathPattern Based Path Matching Strategy for Spring MVC
The default strategy for matching request paths against registered Spring MVC handler mappings has changed from AntPathMatcher to PathPatternParser.
If you are using Spring Security, you should review your use of mvcMatchers to ensure that your matchers continue to meet your needs.
With AntPathMatcher, authorizeRequests.mvcMatchers("hello").permitAll() would grant access to /hello.
The more precise matching of PathPatternParser requires the use of authorizeRequests.mvcMatchers("/hello").permitAll() (note the leading /) instead.
If you need to switch the default back to AntPathMatcher, you can set spring.mvc.pathmatch.matching-strategy to ant-path-matcher.
The actuator endpoints now also use PathPattern based URL matching.
Note that the path matching strategy for actuator endpoints is not configurable via a configuration property.
If you are using Actuator and Springfox, this may result in your application failing to start. Please see this Springfox issue for further details.
Actuator Env InfoContributor Disabled by Default
The env info contributor is now disabled by default.
This contributor exposes any property from the Spring Environment whose name starts with info.
If you have any properties starting with info and would like them to appear them in the InfoEndpoint, set management.info.env.enabled to true.
Application Startup
The spring.boot.application.running startup step logged to ApplicationStartup has been renamed to spring.boot.application.ready.
If you are processing files generated from FlightRecorderApplicationStartup or BufferingApplicationStartup you will need to use the new name.
Web Resources Configuration
Injecting Resources directly no longer works as this configuration has been harmonized in WebProperties. If you need to access this information, you need to inject WebProperties instead.
Dependency Management Removals
JBoss Transaction SPI
Dependency management for org.jboss:jboss-transaction-spi has been removed.
If you are using org.jboss:jboss-transaction-spi you should define your own dependency management that meets your application’s needs.
Nimbus DS
Dependency management for com.nimbusds:oauth2-oidc-sdk and com.nimbusds:nimbus-jose-jwt has been removed.
If you are using Spring Security you should rely on the versions that it will pull in as transitive dependencies.
If you are not using Spring Security you should define your own dependency management that meets your application’s needs.
Prometheus Version Property
The property to control the version of Prometheus has changed from prometheus-pushgateway.version to prometheus-client.version. This is to reflect the fact that the property manages the version of every module in Prometheus’s client, not just the pushgateway.
Embedded Mongo
To use embedded mongo, the spring.mongodb.embedded.version property must now be set.
This helps to ensure that the MongoDB version that is used by the embedded support matches the MongoDB version that your application will use in production.
Oracle Database Driver Dependency Management
The dependency management for the Oracle database driver has been streamlined.
If you are still relying on the old com.oracle.ojdbc groupId, you need to upgrade to the com.oracle.database.jdbc group as we have removed dependency management for the former.
Vault-related Flyway Properties Removed
The 7.12 release of Flyway moved the Vault-related settings to a closed-source extension. Unfortunately, this prevents Spring Boot from configuring them. As a result, the corresponding spring.flyway.vault-secrets, spring.flyway.vault-token, and spring.flyway.vault-url properties have been removed. If you are a Flyway Teams user, the settings can be configured via a FlywayConfigurationCustomizer bean, FluentConfigiguration.getExtensionConfiguration and the Vault ApiExtension
WebFlux Session Properties
The spring.webflux.session property group has been deprecated and relocated to server.reactive.session.
The old properties will continue to work, but you should migrate to the new ones if possible.
Elasticsearch Property Consolidation
The configuration properties used to configure an Elasticsearch client have been consolidated.
Previously, a number of common properties for configuring the blocking high-level REST client and the reactive REST client were duplicated across spring.elasticsearch.rest and spring.data.elasticsearch.clients.reactive.
If you are using the blocking REST client, the following table lists the old properties and their replacements:
| Deprecated Property | Replacement |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
If you are using the reactive client, the following table lists the old properties and their replacements: |
| Deprecated Property | Replacement |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Persistent no longer considered with Spring Data Couchbase
To align the default behavior with Spring Data Couchbase, @Persistent-annotated types are no longer considered.
If you are relying on that annotation, @Document can be used instead.
Maven Build Info’s Default Time
The Maven plugin’s build info support now uses the value of the project.build.outputTimestamp property as the default build time.
If the property is not set, the the build session’s start time is used as it was previously.
As before, the time can be disabled entirely by setting it to off.
Records and @ConfigurationProperties
If you are using @ConfigurationProperties with a Java 16 record and the record has a single constructor, it no longer needs to be annotated with @ConstructorBinding.
If your record has multiple constructors, @ConstructorBinding should still be used to identify the constructor to use for property binding.
Deferred OpenID Connect Discovery
For a resource server application using spring-security-oauth2-resource-server which is configured with an OpenID connect issuer-uri, Spring Boot now auto-configures a SupplierJwtDecoder instead of a NimbusJwtDecoder.
This enables Spring Security’s lazy OIDC discovery support which improves startup time.
Similarly, for reactive applications, a ReactiveSupplierJwtDecoder is auto-configured.
New and Noteworthy
|
Tip
|
Check the configuration changelog for a complete overview of the changes in configuration. |
SameSite Cookie Attribute Servlet Support
You can now configure SameSite attributes on session cookies for servlet applications using the server.servlet.session.cookie.same-site property.
This works with auto-configured Tomcat, Jetty and Undertow servers.
In addition, the CookieSameSiteSupplier interface can be used if you want to apply a SameSite attribute to other cookies.
See the updated documentation for more details and some example code.
Reactive Server Session Properties
The session properties supported for reactive servers (previously under spring.webflux.session) have been expanded with this release.
The new properties are available under server.reactive.session and now offer parity with the servlet versions.
Pluggable Sanitization Rules
Spring Boot sanitizes sensitive values present in the /env and /configprops endpoints.
While it was possible to configure which properties get sanitized via configuration properties, users might want to apply sanitization rules based on which PropertySource the property originated from.
For example, Spring Cloud Vault uses vault to store encrypted values and load them into the Spring environment.
Since all values are encrypted, it would make sense to blank the values of every key in an entire property source.
Such sanitization customizations can be configured by adding a @Bean of type SanitizingFunction.
Java Runtime Information
The info endpoint can now expose Java Runtime information under the java key, as shown in the following example:
{
"java": {
"vendor": "BellSoft",
"version": "17",
"runtime": {
"name": "OpenJDK Runtime Environment",
"version": "17+35-LTS"
},
"jvm": {
"name": "OpenJDK 64-Bit Server VM",
"vendor": "BellSoft",
"version": "17+35-LTS"
}
}
}To expose this information in the info endpoint’s response, set the management.info.java.enabled property to true.
Build Info Property Exclusions
It’s now possible to exclude specific properties from being added to the build-info.properties file generated by the Spring Boot Maven or Gradle plugin.
Maven users can exclude the standard group, artifact, name, version or time properties using the <excludeInfoProperties> tag.
For example, to exclude the version property the following configuration can be used:
<configuration>
<excludeInfoProperties>
<excludeInfoProperty>version</excludeInfoProperty>
</excludeInfoProperties>
</configuration>Gradle users can use null values with the properties block of the DSL:
task buildInfo(type: org.springframework.boot.gradle.tasks.buildinfo.BuildInfo) {
destinationDir project.buildDir
properties {
version = null
}
}Health Support
Additional Path on Main or Management Port
Health groups can be made available at an additional path on either the main or management port. This is useful in cloud environments such as Kubernetes, where it is quite common to use a separate management port for the actuator endpoints for security purposes. Having a separate port could lead to unreliable health checks because the main application might not work properly even if the health check is successful. A typical configuration would have all the actuator endpoints on a separate port and health groups that are used for liveness and readiness available at an additional path on the main port.
Composite Contributor Include/Exclude Support
Health groups can be configured to include/exclude parts of a CompositeHealthContributor.
This can be done by specifying the fully qualified path to the component.
For example, a component spring which is nested inside a composite named test, can be included using test/spring.
Application Startup
Auto-configuration exposes two metrics related to application startup:
-
application.started.time: time taken to start the application. -
application.ready.time: time taken for the application to be ready to service requests.
Disk Space
Micrometer’s DiskSpaceMetrics are now auto-configured.
disk.free and disk.total metrics are provided for the partition identified by the current working directory.
To change the path that is used, define your own DiskSpaceMetrics bean.
Task Execution and Scheduling
Micrometer’s ExecutorServiceMetrics are now auto-configured for all ThreadPoolTaskExecutor and ThreadPoolTaskScheduler beans, as long as the underlying ThreadPoolExecutor is available.
Metrics are tagged with the name of the executor derived from its bean name.
Jetty Connection and SSL
Micrometer’s JettyConnectionMetrics are now auto-configured.
Additionally, when server.ssl.enabled is set to true, Micrometer’s JettySslHandshakeMetrics are also auto-configured.
Exporting to the Dynatrace v2 API
Support for exporting metrics to the Dynatrace v2 API has been added.
With a local OneAgent running on the host, a dependency on io.micrometer:micrometer-registry-dynatrace is all that is required.
Without a local OneAgent, the management.metrics.export.dynatrace.uri and management.metrics.export.dynatrace.api-token properties must be configured.
Other settings that are specific to the v2 API can be configured using the management.metrics.export.dynatrace.v2 properties.
Please refer to the updated reference documentation for further details.
Docker Image Building Support
Additional Image Tags
The Maven and Gradle plugins now support applying additional tags to a generated image after it is built using a tags configuration parameter.
Auto-configuration for Spring Data Envers
Auto-configuration for Spring Data Envers is now provided.
To use it, add a dependency on org.springframework.data:spring-data-envers and update your JPA repositories to extend from RevisionRepository.
Redis Connection Pooling
Redis (both Jedis and Lettuce) will now automatically enable pooling when commons-pool2 is on the classpath.
Set spring.redis.jedis.pool.enabled or spring.redis.lettuce.pool.enabled to false to disable pooling if required.
Auto-configuration for spring-rabbit-stream
Auto-configuration for Spring AMQP’s new spring-rabbit-stream module has been added.
A StreamListenerContainer is auto-configured when the spring.rabbitmq.listener.type property is set to stream.
The spring.rabbitmq.stream.* properties can be used to configure access to the broker and spring.rabbitmq.listener.stream.native-listener can be used to enable native listener support.
Support for PEM format in Kafka SSL Properties
Previously, Kafka only supported file-based key and trust stores for SSL. With KIP-651, it is now possible to use the PEM format. Spring Boot has added the following properties that allow configuring SSL certificates and private keys using the PEM format:
-
spring.kafka.ssl.key-store-key -
spring.kafka.ssl.key-store-certificate-chain -
spring.kafka.ssl.trust-store-certificates
Improved Configuration of the Maven Plugin’s Start Goal
The Maven Plugin’s start goal has been made more configurable from the command line.
Its wait and maxAttempts properties can be specified using spring-boot.start.wait and spring-boot.start.maxAttempts respectively.
Auto-configured Spring Web Service Server Tests
A new annotation, @WebServiceServerTest, that can be used to test Web Service @Endpoint beans has been introduced.
The annotation creates a test slice containing @Endpoint beans and auto-configures a MockWebServiceClient bean that can be used to test your web service endpoints.
MessageSource-based Interpolation of Bean Validation Messages
The application’s MessageSource is now used when resolving {parameters} in constraint messages.
This allows you to use your application’s messages.properties files for Bean Validation messages.
Once the parameters have been resolved, message interpolation is completed using Bean Validation’s default interpolator.
Using WebTestClient for Testing Spring MVC
Developers could use WebTestClient to test WebFlux apps in mock environments, or any Spring web app against live servers. This change also enables WebTestClient for Spring MVC in mock environments: classes annotated with @AutoConfigureMockMvc can get injected a WebTestClient. This makes our support complete, you can now use a single API to drive all your web tests!
Spring Integration PollerMetadata Properties
Spring Integration PollerMetadata (poll unbounded number of messages every second) can now be customized with spring.integration.poller.* configuration properties.
Support for Log4j2’s Composite Configuration
Log4j2’s composite configuration is now supported.
To use it, configure the logging.log4j2.config.override property with a comma-separated list of secondary configuration files that will override the main configuration. The main configuration is sourced from Spring Boot’s defaults, a well-known standard location such as log4j2.xml, or the location specified by the logging.config property as before.
Dependency Upgrades
Spring Boot 2.6 moves to new versions of several Spring projects:
Numerous third-party dependencies have also been updated, some of the more noteworthy of which are the following:
-
Commons DBCP 2.9
-
Commons Pool 2.11
-
SnakeYAML 1.29
Miscellaneous
Apart from the changes listed above, there have also been lots of minor tweaks and improvements including:
-
The failure analysis for a
NoSuchMethodErrornow includes information about the location from which the calling class was loaded. -
A
ClientResourcesBuilderCustomizerbean can now be defined to customize Lettuce’sClientResourceswill retaining the default auto-configuration. -
Configuration properties for Flyway’s
detectEncoding,failOnMissingLocations, andignoreMigrationPatternsconfiguration settings have been added. -
A custom
ResourceLoaderto be used by the application can be provided when creating aSpringApplicationBulder. -
A
WebSessionIdResolvercan now be defined to customize the resolver that will be used by the auto-configuredWebSessionManager. -
Any
RSocketConnectorConfigurerbeans are now automatically applied to the auto-configuredRSocketRequester.Builder. -
spring-boot-configuration-processorcan now generate metadata for classes annotated with Lombok’s@Value. -
A new
server.tomcat.reject-illegal-headerconfiguration property can be set to true to configure Tomcat to accept illegal headers. -
When using Stackdriver, labels can now be configured on the monitor resource by setting
management.metrics.export.stackdriver.resource-labels.*configuration properties. -
@EntityScannow supports comma-separated values in itsbasePackagesattribute. -
A new configuration property,
server.netty.idle-timeout, that can be used to control Reactor Netty’s idle timeout has been added. -
The location from which Devtools loads its global settings can now be configured using the
spring.devtools.homesystem property or theSPRING_DEVTOOLS_HOMEenvironment variable. -
The setter methods on
RabbitTemplateConfigurerare nowpublic -
The
heapdumpendpoint is now supported on OpenJ9 where it will produce a heap dump in PHD format. -
New configuration properties are now supported for multipart support in WebFlux, under
spring.webflux.multipart.* -
Any
ContainerCustomizerbean is now called to configure the auto-configured Spring AMQPMessageListenerContainer -
Jackson’s default leniency can be configured using the
spring.jackson.default-leniencyproperty. -
Distribution statistic’s expiry and buffer length are now configurable.
-
Command Latency metrics for Lettuce are now auto-configured.
-
Disk space metrics can be configured with one or more paths using the
management.metrics.system.diskspace.pathsproperty. -
Users can take control over the Redis auto-configuration by providing a
RedisStandaloneConfigurationbean. -
The URLs of all available data sources is now logged when the H2 console is auto-configured.
-
A new configuration property,
spring.integration.management.default-logging-enabled, can be used to disable Spring Integration’s default logging by setting its value tofalse. -
Auto-configuration for
UserDetailsServicewill now back off in the presence of anAuthenticationManagerProviderbean.
Deprecations in Spring Boot 2.6.0
-
AbstractDataSourceInitializerhas been deprecated in favor ofDataSourceScriptDatabaseInitializer. Similarly, subclasses ofAbstractDataSourceInitializerhave been deprecated in favour of newDataSourceScriptDatabaseInitializer-based equivalents. -
SpringPhysicalNamingStrategyhas been deprecated in favor of Hibernate 5.5’sCamelCaseToUnderscoresNamingStrategy -
Three methods on
AbstractApplicationContextRunnerhave been deprecated in favor of newRunnerConfiguration-based equivalents -
The
startedandrunningmethods inSpringApplicationRunListenerhave been replaced with versions that accept aDuration. -
Constructors in
ApplicationStartedEventandApplicationReadyEventhave been replaced with versions that accept aDuration. -
The
EnvironmentEndpoint.sanitizehas been deprecated for removal.