Apache Shiro

Last update: Jan 4, 2023

Overview

Apache Shiro

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications.

Documentation and Examples

http://shiro.apache.org

Tutorials

License

Apache License, Version 2.0

Comments

Use a ServiceLoader to discover WebEnvironments

The idea here is to lessen the touch points for frameworks when integrating with Shiro. A property file and a WebEnvironment implementation should be all that is needed. The WebEnvironment can then provide additional defaults or customizations specific to that framework.

https://issues.apache.org/jira/browse/SHIRO-608

opened by bdemers 30
[SHIRO-682] fix the potential threat when use "uri = uri + '/' " to bypassed shi…

hi, the potential threat found when use shiro filter. in spring web, the requestURI : /resource/menus and resource/menus/ both can access the resource, but the pathPattern match /resource/menus can not match resource/menus/ user can use requestURI + "/" to simply bypassed chain filter, to bypassed shiro protect

this pr fix it

opened by tomsun28 20
[SHIRO-552] Support base64 encoded salt in JdbcRealm

This fixes SPAP-552

The change has been tested in https://github.com/steinarb/authservice/ and worked as a drop in replacement for the existing AuthserviceDbRealm

Note that the change makes JdbcRealm expect salt to be base64 encoded by default. It is possible to get the original behaviour back, by setting the JdbcRealm saltIsBase64Encoded property to false.
pending-cla

opened by steinarb 18
Add IpFilter for restricting access IP ranges

Add IpFilter for restricting access to resources from those coming from without (or outside) specific IP ranges.

Add IpAddressMatcher taken from Spring Security used for range tests

opened by rswheeldon 18
[SHIRO-829]: beanPostProcessor and FactoryBean cause spring aop to fail …
When LifecycleBeanPostProcessor and ShiroFilterFactoryBean are defined in the same configuration class, Realm's dependency aop (@Transactional and cache) is invalidated.

BREAKING CHANGE: module:shiro-spring class:ShiroFilterFactoryBean

ISSUES CLOSED: #SHIRO-829

Following this checklist to help us incorporate your contribution quickly and easily:

[X] Make sure there is a JIRA issue filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes.

[X] Each commit in the pull request should have a meaningful subject line and body.

[X] Format the pull request title like [SHIRO-XXX] - Fixes bug in SessionManager, where you replace SHIRO-XXX with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message.

[X] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.

[x] Run mvn clean install apache-rat:check to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.

[X] If you have a group of commits related to the same change, please squash your commits into one and force push your branch using git rebase -i.

Trivial changes like typos do not require a JIRA issue (javadoc, comments...). In this case, just format the pull request title like (DOC) - Add javadoc in SessionManager.

If this is your first contribution, you have to read the Contribution Guidelines

If your pull request is about ~20 lines of code you don't need to sign an Individual Contributor License Agreement if you are unsure please ask on the developers list.

To make clear that you license your contribution under the Apache License Version 2.0, January 2004 you have to acknowledge this by using the following check-box.

[X] I hereby declare this contribution to be licenced under the Apache License Version 2.0, January 2004

[X] In any other case, please file an Apache Individual Contributor License Agreement.
opened by xczs666 17
[SHIRO-687] Adding Spring's Filters to ShiroFilterFactorBean when using Java config

In the days of XML this was defined, but was missed when we ported it to Java config

NOTE: This still needs tests. I put this in a PR so we wouldn't forget, but this was found based on a question from StackOverflow.

opened by bdemers 15
[SHIRO-792] Add name to ShiroFilter's @ConditionalOnMissingBean
This PR closes SHIRO-792. As agreed in the issue discussion, it adds a name element to the @ConditionalOnMissingBean annotation of org.apache.shiro.spring.config.web.autoconfigure.ShiroWebFilterConfiguration.filterShiroFilterRegistrationBean(). It also sets the name of the registered filter to shiroFilter.

Following this checklist to help us incorporate your contribution quickly and easily:

[x] Make sure there is a JIRA issue filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes.

[x] Each commit in the pull request should have a meaningful subject line and body.

[x] Format the pull request title like [SHIRO-XXX] - Fixes bug in SessionManager, where you replace SHIRO-XXX with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message.

[x] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.

[x] Run mvn clean install apache-rat:check to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.

[x] If you have a group of commits related to the same change, please squash your commits into one and force push your branch using git rebase -i. N/A

Trivial changes like typos do not require a JIRA issue (javadoc, comments...). In this case, just format the pull request title like (DOC) - Add javadoc in SessionManager.

If this is your first contribution, you have to read the Contribution Guidelines

If your pull request is about ~20 lines of code you don't need to sign an Individual Contributor License Agreement if you are unsure please ask on the developers list.

To make clear that you license your contribution under the Apache License Version 2.0, January 2004 you have to acknowledge this by using the following check-box.

[x] I hereby declare this contribution to be licenced under the Apache License Version 2.0, January 2004

[x] In any other case, please file an Apache Individual Contributor License Agreement.
opened by ricardolsmendes 14
[SHIRO-661] Add check for the principal of subject whether is null
When session is based on servlet container(such as tomcat),if the subject is authenticated，the session will contains AUTHENTICATED_SESSION_KEY and PRINCIPALS_SESSION_KEY。 When servlet container closed, it may will be persist session. But if the principal can not be serializable, it will not be persisted; when server restart, session will only contains AUTHENTICATED_SESSION_KEY info ,the PRINCIPALS_SESSION_KEY will be lost, it means the subject is authenticated, but the subject does not has principal。If the user code is

User u = subject.getPrincipal(); // because the u if null, it will be npe u.getName();

Recently, my project has happened such case, so I think add check for principal of subject whether is null can make application more powerful.
opened by plx927 14
[SHIRO-698] Improve build with maven profile
Hi @bdemers, I made some changes on the maven build:

move integration-tests and test-coverage to the ci profile

add a samples profile and move the module sampleinto

add a rat profile

This can improve the default maven clean install goal.

The build in Jenkins is now like this: mvn -e -Pci,docs,rat,samples install
opened by fpapon 12
[SHIRO-805] Spelling
This PR corrects misspellings identified by the check-spelling action.

The misspellings have been reported at https://github.com/jsoref/shiro/commit/c0e3b03bd1be9f936a8823fd9101593ec62bd8db#commitcomment-45334058

The action reports that the changes in this PR would make it happy: https://github.com/jsoref/shiro/commit/276884c5a738405cd8ef512f14d47b5dd5ce9e31

Note: this PR does not include the action. If you're interested in running a spell check on every PR and push, that can be offered separately.

Following this checklist to help us incorporate your contribution quickly and easily:

[x] Make sure there is a JIRA issue filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes.

[x] Each commit in the pull request should have a meaningful subject line and body.

[ ] Format the pull request title like [SHIRO-XXX] - Fixes bug in SessionManager, where you replace SHIRO-XXX with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message.

[x] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.

[ ] Run mvn clean install apache-rat:check to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.

[ ] If you have a group of commits related to the same change, please squash your commits into one and force push your branch using git rebase -i.

Trivial changes like typos do not require a JIRA issue (javadoc, comments...). In this case, just format the pull request title like (DOC) - Add javadoc in SessionManager.

If this is your first contribution, you have to read the Contribution Guidelines

If your pull request is about ~20 lines of code you don't need to sign an Individual Contributor License Agreement if you are unsure please ask on the developers list.

To make clear that you license your contribution under the Apache License Version 2.0, January 2004 you have to acknowledge this by using the following check-box.

[x] I hereby declare this contribution to be licenced under the Apache License Version 2.0, January 2004

[x] In any other case, please file an Apache Individual Contributor License Agreement.

I expect to squash this PR near the end. But it's much easier for me to address review comments before squashing rather than after, as they generally address individual word families.

If there are files that you don't want changed, please let me know -- dropping them is fairly easy.
opened by jsoref 11
[SHIRO-668] Catch unexpected errors which can lead to oom

Unexpected errors in the "run" method of the validation ExecutorServiceSessionValidationScheduler can kill the validation thread an it will not be executed anymore (see StackOverflow.) This can lead to OOM's through too much sessions and can be a security risk by never ending sessions. Catching "Throwable" is not the cleanest solution but it garant that the thread will be executed in the future.

opened by cpetzka 11
Name the authorizationCachingEnabled flag correctly
Rename parameter from authenticationCachingEnabled to authorizationCachingEnabled. The current name is confusing.

Following this checklist to help us incorporate your contribution quickly and easily:

[ ] Make sure there is a JIRA issue filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes.

[x] Each commit in the pull request should have a meaningful subject line and body.

[ ] Format the pull request title like [SHIRO-XXX] - Fixes bug in SessionManager, where you replace SHIRO-XXX with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message.

[ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.

[x] Run mvn clean install apache-rat:check to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.

[ ] If you have a group of commits related to the same change, please squash your commits into one and force push your branch using git rebase -i.

Trivial changes like typos do not require a JIRA issue (javadoc, comments...). In this case, just format the pull request title like (DOC) - Add javadoc in SessionManager.

If this is your first contribution, you have to read the Contribution Guidelines

If your pull request is about ~20 lines of code you don't need to sign an Individual Contributor License Agreement if you are unsure please ask on the developers list.

To make clear that you license your contribution under the Apache License Version 2.0, January 2004 you have to acknowledge this by using the following check-box.

[x] I hereby declare this contribution to be licenced under the Apache License Version 2.0, January 2004

[ ] In any other case, please file an Apache Individual Contributor License Agreement.
opened by mnd999 0
Bump easymock from 5.0.1 to 5.1.0
Bumps easymock from 5.0.1 to 5.1.0.

Release notes

Sourced from easymock's releases.

5.1.0

Main a performance fix caused by ByteBuddy causing OOME.

Change log

Typecache for create mock classes (#353)

Bump versions-maven-plugin from 2.14.1 to 2.14.2 (#352)

Bump wagon-ssh-external from 3.5.2 to 3.5.3 (#351)

Bump byte-buddy from 1.12.19 to 1.12.20 (#350)

Bump versions-maven-plugin from 2.14.0 to 2.14.1 (#349)

Bump versions-maven-plugin from 2.13.0 to 2.14.0 (#348)

Bump testng from 7.5 to 7.7.0 (#347)

Bump maven-dependency-plugin from 3.3.0 to 3.4.0 (#345)

Bump checkstyle from 10.4 to 10.5.0 (#344)

java.lang.NullPointerException at org.easymock.internal.ClassProxyFactory.classPackage(ClassProxyFactory.java:178) (#343)

EasyMock 5.0.1 OOM on large project (#338)

Bump spotbugs-maven-plugin from 4.7.2.1 to 4.7.3.0 (#337)

Bump checkstyle from 10.3.4 to 10.4 (#336)

Bump maven-shade-plugin from 3.4.0 to 3.4.1 (#335)

Add cache for mocked types. (#334)

Mock serialization doesn't work (#312)

Commits

f1b53a1 Move to version 5.1.0

b08bff3 Test fails. Probably PowerMock do not create null packages anymore

c9e2dd1 Make sure class without a package, like the ones PowerMock creates are workin...

8eaac71 Remove unused imports

a6f7834 Update github pages

a48158b Ignore animal sniffer when it goes wrong

94a5d5e Rename to ClassMockingData since it represents more reality

0c2b5c2 Mocks are now serializable

05d6994 We need to separate handlers between mocks of the same class but not need to ...

3e0ebf5 Attempt to use TypeCache. ClassProxyFactoryTest is failing

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies java
opened by dependabot[bot] 0
Bump easymock from 4.3 to 5.1.0
Bumps easymock from 4.3 to 5.1.0.

Release notes

Sourced from easymock's releases.

5.1.0

Main a performance fix caused by ByteBuddy causing OOME.

Change log

Typecache for create mock classes (#353)

Bump versions-maven-plugin from 2.14.1 to 2.14.2 (#352)

Bump wagon-ssh-external from 3.5.2 to 3.5.3 (#351)

Bump byte-buddy from 1.12.19 to 1.12.20 (#350)

Bump versions-maven-plugin from 2.14.0 to 2.14.1 (#349)

Bump versions-maven-plugin from 2.13.0 to 2.14.0 (#348)

Bump testng from 7.5 to 7.7.0 (#347)

Bump maven-dependency-plugin from 3.3.0 to 3.4.0 (#345)

Bump checkstyle from 10.4 to 10.5.0 (#344)

java.lang.NullPointerException at org.easymock.internal.ClassProxyFactory.classPackage(ClassProxyFactory.java:178) (#343)

EasyMock 5.0.1 OOM on large project (#338)

Bump spotbugs-maven-plugin from 4.7.2.1 to 4.7.3.0 (#337)

Bump checkstyle from 10.3.4 to 10.4 (#336)

Bump maven-shade-plugin from 3.4.0 to 3.4.1 (#335)

Add cache for mocked types. (#334)

Mock serialization doesn't work (#312)

5.0.1

Quick fix allowing package-private methods to be mocked.

Change log

Mocking package-private methods not working in 5.0.0 (#331)

Bump versions-maven-plugin from 2.12.0 to 2.13.0 (#333)

Bump nokogiri from 1.13.8 to 1.13.9 in /website (#332)

Bump spotbugs from 4.7.2 to 4.7.3 (#330)

Bump maven-javadoc-plugin from 3.2.0 to 3.4.1 (#329)

Bump nexus-staging-maven-plugin from 1.6.8 to 1.6.13 (#328)

Bump maven-compiler-plugin from 3.8.1 to 3.10.1 (#327)

Bump animal-sniffer-maven-plugin from 1.20 to 1.22 (#326)

Bump maven-deploy-plugin from 3.0.0-M1 to 3.0.0 (#325)

Bump maven-pmd-plugin from 3.14.0 to 3.19.0 (#324)

Bump maven-resources-plugin from 3.2.0 to 3.3.0 (#323)

Bump maven-site-plugin from 3.9.1 to 3.12.1 (#322)

Bump exec-maven-plugin from 3.0.0 to 3.1.0 (#321)

Bump maven-remote-resources-plugin from 1.7.0 to 3.0.0 (#319)

5.0.0

This major release announce the move from Cglib to ByteBuddy. Sadly good old Cglib can't cope with all the tricks needed to workaround JPMS and reflection limitations. It means you will most probably experience some issues until it stabilizes.

The good news are that this version is working up to Java 18.

Known issues:

... (truncated)

Commits

f1b53a1 Move to version 5.1.0

b08bff3 Test fails. Probably PowerMock do not create null packages anymore

c9e2dd1 Make sure class without a package, like the ones PowerMock creates are workin...

8eaac71 Remove unused imports

a6f7834 Update github pages

a48158b Ignore animal sniffer when it goes wrong

94a5d5e Rename to ClassMockingData since it represents more reality

0c2b5c2 Mocks are now serializable

05d6994 We need to separate handlers between mocks of the same class but not need to ...

3e0ebf5 Attempt to use TypeCache. ClassProxyFactoryTest is failing

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies java
opened by dependabot[bot] 0
Bump tomcat.version from 10.0.27 to 10.1.4
Bumps tomcat.version from 10.0.27 to 10.1.4. Updates tomcat-jasper from 10.0.27 to 10.1.4

Updates tomcat-jasper-el from 10.0.27 to 10.1.4

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies java
opened by dependabot[bot] 0
Bump aspectj.version from 1.9.7.M3 to 1.9.19
Bumps aspectj.version from 1.9.7.M3 to 1.9.19. Updates aspectjtools from 1.9.7.M3 to 1.9.19

Release notes

Sourced from aspectjtools's releases.

1.9.19

Java 19

Commits

See full diff in compare view

Updates aspectjrt from 1.9.7.M3 to 1.9.19

Release notes

Sourced from aspectjrt's releases.

1.9.19

Java 19

Commits

See full diff in compare view

Updates aspectjweaver from 1.9.7.M3 to 1.9.19

Release notes

Sourced from aspectjweaver's releases.

1.9.19

Java 19

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies java
opened by dependabot[bot] 0
Bump spring-boot.version from 2.7.4 to 3.0.1
Bumps spring-boot.version from 2.7.4 to 3.0.1. Updates spring-boot-starter from 2.7.4 to 3.0.1

Release notes

Sourced from spring-boot-starter's releases.

v3.0.1

:lady_beetle: Bug Fixes

Fix typo in LocalDevToolsAutoConfiguration logging #33615

No warning is given when <springProfile> is used in a Logback <root> block #33610

Auto-configure PropagationWebGraphQlInterceptor for tracing propagation #33542

WebClient instrumentation fails with IllegalArgumentException when adapting to WebClientExchangeTagsProvider #33483

Reactive observation auto-configuration does not declare order for WebFilter #33444

Web server fails to start due to "Resource location must not be null" when attempting to use a PKCS 11 KeyStore #33433

Actuator health endpoint for neo4j throws NoSuchElementException and always returns Status.DOWN #33428

Anchors in YAML configuration files throw UnsupportedOperationException #33404

ZipkinRestTemplateSender is not customizable #33399

AOT doesn't work with Logstash Logback Encoder #33387

Maven process-aot goal fails when release version is set in Maven compiler plugin #33382

DependsOnDatabaseInitializationPostProcessor re-declares bean dependencies at native image runtime #33374

@SpringBootTest now throws a NullPointerException rather than a helpful IllegalStateException when @SpringBootConfiguration is not found #33371

bootBuildImage always trys to create a native image due to bootJar always adding a META-INF/native-image/argfile to the jar #33363

:notebook_with_decorative_cover: Documentation

Improve gradle plugin tags documentation #33617

Improve maven plugin tags documentation #33616

Fix typo in tomcat accesslog checkExists doc #33512

Documented Java compiler level is wrong #33505

Fix typo in documentation #33453

Update instead of replace environment in bootBuildImage documentation #33424

Update the reference docs to document the need to declare the native-maven-plugin when using buildpacks to create a native image #33422

Document that the shutdown endpoint is not intended for use when deploying a war to a servlet container #33410

Reinstate GraphQL testing documentaion #33407

Description of NEVER in Sanitize Sensitive Values isn't formatted correctly #33398

:hammer: Dependency Upgrades

Upgrade to AspectJ 1.9.19 #33586

Upgrade to Byte Buddy 1.12.20 #33587

Upgrade to Couchbase Client 3.4.1 #33588

Upgrade to Dropwizard Metrics 4.2.14 #33589

Upgrade to Elasticsearch Client 8.5.3 #33590

Upgrade to Hibernate 6.1.6.Final #33591

Upgrade to HttpClient 4.5.14 #33592

Upgrade to HttpCore 4.4.16 #33593

Upgrade to Infinispan 14.0.4.Final #33594

Upgrade to Jaybird 4.0.8.java11 #33595

Upgrade to Jetty 11.0.13 #33596

Upgrade to jOOQ 3.17.6 #33597

Upgrade to Kotlin 1.7.22 #33598

Upgrade to Lettuce 6.2.2.RELEASE #33599

Upgrade to MongoDB 4.8.1 #33600

Upgrade to MSSQL JDBC 11.2.2.jre17 #33601

Upgrade to Native Build Tools Plugin 0.9.19 #33602

... (truncated)

Commits

837947c Release v3.0.1

5929d95 Merge branch '2.7.x'

b10b788 Next development version (v2.7.8-SNAPSHOT)

f588793 Update copyright year of changed files

0254619 Merge branch '2.7.x'

e4772cf Update copyright year of changed files

2e7ca6f Warning if <springProfile> is used in phase 2 model elements

2ed512d Use model.deepMarkAsSkipped in SpringProfileModelHandler

532fed3 Increase couchbase connection timeout for tests

9562a2c Merge branch '2.7.x'

Additional commits viewable in compare view

Updates spring-boot-autoconfigure from 2.7.4 to 3.0.1

Release notes

Sourced from spring-boot-autoconfigure's releases.

v3.0.1

:lady_beetle: Bug Fixes

Fix typo in LocalDevToolsAutoConfiguration logging #33615

No warning is given when <springProfile> is used in a Logback <root> block #33610

Auto-configure PropagationWebGraphQlInterceptor for tracing propagation #33542

WebClient instrumentation fails with IllegalArgumentException when adapting to WebClientExchangeTagsProvider #33483

Reactive observation auto-configuration does not declare order for WebFilter #33444

Web server fails to start due to "Resource location must not be null" when attempting to use a PKCS 11 KeyStore #33433

Actuator health endpoint for neo4j throws NoSuchElementException and always returns Status.DOWN #33428

Anchors in YAML configuration files throw UnsupportedOperationException #33404

ZipkinRestTemplateSender is not customizable #33399

AOT doesn't work with Logstash Logback Encoder #33387

Maven process-aot goal fails when release version is set in Maven compiler plugin #33382

DependsOnDatabaseInitializationPostProcessor re-declares bean dependencies at native image runtime #33374

@SpringBootTest now throws a NullPointerException rather than a helpful IllegalStateException when @SpringBootConfiguration is not found #33371

bootBuildImage always trys to create a native image due to bootJar always adding a META-INF/native-image/argfile to the jar #33363

:notebook_with_decorative_cover: Documentation

Improve gradle plugin tags documentation #33617

Improve maven plugin tags documentation #33616

Fix typo in tomcat accesslog checkExists doc #33512

Documented Java compiler level is wrong #33505

Fix typo in documentation #33453

Update instead of replace environment in bootBuildImage documentation #33424

Update the reference docs to document the need to declare the native-maven-plugin when using buildpacks to create a native image #33422

Document that the shutdown endpoint is not intended for use when deploying a war to a servlet container #33410

Reinstate GraphQL testing documentaion #33407

Description of NEVER in Sanitize Sensitive Values isn't formatted correctly #33398

:hammer: Dependency Upgrades

Upgrade to AspectJ 1.9.19 #33586

Upgrade to Byte Buddy 1.12.20 #33587

Upgrade to Couchbase Client 3.4.1 #33588

Upgrade to Dropwizard Metrics 4.2.14 #33589

Upgrade to Elasticsearch Client 8.5.3 #33590

Upgrade to Hibernate 6.1.6.Final #33591

Upgrade to HttpClient 4.5.14 #33592

Upgrade to HttpCore 4.4.16 #33593

Upgrade to Infinispan 14.0.4.Final #33594

Upgrade to Jaybird 4.0.8.java11 #33595

Upgrade to Jetty 11.0.13 #33596

Upgrade to jOOQ 3.17.6 #33597

Upgrade to Kotlin 1.7.22 #33598

Upgrade to Lettuce 6.2.2.RELEASE #33599

Upgrade to MongoDB 4.8.1 #33600

Upgrade to MSSQL JDBC 11.2.2.jre17 #33601

Upgrade to Native Build Tools Plugin 0.9.19 #33602

... (truncated)

Commits

837947c Release v3.0.1

5929d95 Merge branch '2.7.x'

b10b788 Next development version (v2.7.8-SNAPSHOT)

f588793 Update copyright year of changed files

0254619 Merge branch '2.7.x'

e4772cf Update copyright year of changed files

2e7ca6f Warning if <springProfile> is used in phase 2 model elements

2ed512d Use model.deepMarkAsSkipped in SpringProfileModelHandler

532fed3 Increase couchbase connection timeout for tests

9562a2c Merge branch '2.7.x'

Additional commits viewable in compare view

Updates spring-boot-configuration-processor from 2.7.4 to 3.0.1

Release notes

Sourced from spring-boot-configuration-processor's releases.

v3.0.1

:lady_beetle: Bug Fixes

Fix typo in LocalDevToolsAutoConfiguration logging #33615

No warning is given when <springProfile> is used in a Logback <root> block #33610

Auto-configure PropagationWebGraphQlInterceptor for tracing propagation #33542

WebClient instrumentation fails with IllegalArgumentException when adapting to WebClientExchangeTagsProvider #33483

Reactive observation auto-configuration does not declare order for WebFilter #33444

Web server fails to start due to "Resource location must not be null" when attempting to use a PKCS 11 KeyStore #33433

Actuator health endpoint for neo4j throws NoSuchElementException and always returns Status.DOWN #33428

Anchors in YAML configuration files throw UnsupportedOperationException #33404

ZipkinRestTemplateSender is not customizable #33399

AOT doesn't work with Logstash Logback Encoder #33387

Maven process-aot goal fails when release version is set in Maven compiler plugin #33382

DependsOnDatabaseInitializationPostProcessor re-declares bean dependencies at native image runtime #33374

@SpringBootTest now throws a NullPointerException rather than a helpful IllegalStateException when @SpringBootConfiguration is not found #33371

bootBuildImage always trys to create a native image due to bootJar always adding a META-INF/native-image/argfile to the jar #33363

:notebook_with_decorative_cover: Documentation

Improve gradle plugin tags documentation #33617

Improve maven plugin tags documentation #33616

Fix typo in tomcat accesslog checkExists doc #33512

Documented Java compiler level is wrong #33505

Fix typo in documentation #33453

Update instead of replace environment in bootBuildImage documentation #33424

Update the reference docs to document the need to declare the native-maven-plugin when using buildpacks to create a native image #33422

Document that the shutdown endpoint is not intended for use when deploying a war to a servlet container #33410

Reinstate GraphQL testing documentaion #33407

Description of NEVER in Sanitize Sensitive Values isn't formatted correctly #33398

:hammer: Dependency Upgrades

Upgrade to AspectJ 1.9.19 #33586

Upgrade to Byte Buddy 1.12.20 #33587

Upgrade to Couchbase Client 3.4.1 #33588

Upgrade to Dropwizard Metrics 4.2.14 #33589

Upgrade to Elasticsearch Client 8.5.3 #33590

Upgrade to Hibernate 6.1.6.Final #33591

Upgrade to HttpClient 4.5.14 #33592

Upgrade to HttpCore 4.4.16 #33593

Upgrade to Infinispan 14.0.4.Final #33594

Upgrade to Jaybird 4.0.8.java11 #33595

Upgrade to Jetty 11.0.13 #33596

Upgrade to jOOQ 3.17.6 #33597

Upgrade to Kotlin 1.7.22 #33598

Upgrade to Lettuce 6.2.2.RELEASE #33599

Upgrade to MongoDB 4.8.1 #33600

Upgrade to MSSQL JDBC 11.2.2.jre17 #33601

Upgrade to Native Build Tools Plugin 0.9.19 #33602

... (truncated)

Commits

837947c Release v3.0.1

5929d95 Merge branch '2.7.x'

b10b788 Next development version (v2.7.8-SNAPSHOT)

f588793 Update copyright year of changed files

0254619 Merge branch '2.7.x'

e4772cf Update copyright year of changed files

2e7ca6f Warning if <springProfile> is used in phase 2 model elements

2ed512d Use model.deepMarkAsSkipped in SpringProfileModelHandler

532fed3 Increase couchbase connection timeout for tests

9562a2c Merge branch '2.7.x'

Additional commits viewable in compare view

Updates spring-boot-test from 2.7.4 to 3.0.1

Release notes

Sourced from spring-boot-test's releases.

v3.0.1

:lady_beetle: Bug Fixes

Fix typo in LocalDevToolsAutoConfiguration logging #33615

No warning is given when <springProfile> is used in a Logback <root> block #33610

Auto-configure PropagationWebGraphQlInterceptor for tracing propagation #33542

WebClient instrumentation fails with IllegalArgumentException when adapting to WebClientExchangeTagsProvider #33483

Reactive observation auto-configuration does not declare order for WebFilter #33444

Web server fails to start due to "Resource location must not be null" when attempting to use a PKCS 11 KeyStore #33433

Actuator health endpoint for neo4j throws NoSuchElementException and always returns Status.DOWN #33428

Anchors in YAML configuration files throw UnsupportedOperationException #33404

ZipkinRestTemplateSender is not customizable #33399

AOT doesn't work with Logstash Logback Encoder #33387

Maven process-aot goal fails when release version is set in Maven compiler plugin #33382

DependsOnDatabaseInitializationPostProcessor re-declares bean dependencies at native image runtime #33374

@SpringBootTest now throws a NullPointerException rather than a helpful IllegalStateException when @SpringBootConfiguration is not found #33371

bootBuildImage always trys to create a native image due to bootJar always adding a META-INF/native-image/argfile to the jar #33363

:notebook_with_decorative_cover: Documentation

Improve gradle plugin tags documentation #33617

Improve maven plugin tags documentation #33616

Fix typo in tomcat accesslog checkExists doc #33512

Documented Java compiler level is wrong #33505

Fix typo in documentation #33453

Update instead of replace environment in bootBuildImage documentation #33424

Update the reference docs to document the need to declare the native-maven-plugin when using buildpacks to create a native image #33422

Document that the shutdown endpoint is not intended for use when deploying a war to a servlet container #33410

Reinstate GraphQL testing documentaion #33407

Description of NEVER in Sanitize Sensitive Values isn't formatted correctly #33398

:hammer: Dependency Upgrades

Upgrade to AspectJ 1.9.19 #33586

Upgrade to Byte Buddy 1.12.20 #33587

Upgrade to Couchbase Client 3.4.1 #33588

Upgrade to Dropwizard Metrics 4.2.14 #33589

Upgrade to Elasticsearch Client 8.5.3 #33590

Upgrade to Hibernate 6.1.6.Final #33591

Upgrade to HttpClient 4.5.14 #33592

Upgrade to HttpCore 4.4.16 #33593

Upgrade to Infinispan 14.0.4.Final #33594

Upgrade to Jaybird 4.0.8.java11 #33595

Upgrade to Jetty 11.0.13 #33596

Upgrade to jOOQ 3.17.6 #33597

Upgrade to Kotlin 1.7.22 #33598

Upgrade to Lettuce 6.2.2.RELEASE #33599

Upgrade to MongoDB 4.8.1 #33600

Upgrade to MSSQL JDBC 11.2.2.jre17 #33601

Upgrade to Native Build Tools Plugin 0.9.19 #33602

... (truncated)

Commits

837947c Release v3.0.1

5929d95 Merge branch '2.7.x'

b10b788 Next development version (v2.7.8-SNAPSHOT)

f588793 Update copyright year of changed files

0254619 Merge branch '2.7.x'

e4772cf Update copyright year of changed files

2e7ca6f Warning if <springProfile> is used in phase 2 model elements

2ed512d Use model.deepMarkAsSkipped in SpringProfileModelHandler

532fed3 Increase couchbase connection timeout for tests

9562a2c Merge branch '2.7.x'

Additional commits viewable in compare view

Updates spring-boot-starter-web from 2.7.4 to 3.0.1

Release notes

Sourced from spring-boot-starter-web's releases.

v3.0.1

:lady_beetle: Bug Fixes

Fix typo in LocalDevToolsAutoConfiguration logging #33615

No warning is given when <springProfile> is used in a Logback <root> block #33610

Auto-configure PropagationWebGraphQlInterceptor for tracing propagation #33542

WebClient instrumentation fails with IllegalArgumentException when adapting to WebClientExchangeTagsProvider #33483

Reactive observation auto-configuration does not declare order for WebFilter #33444

Web server fails to start due to "Resource location must not be null" when attempting to use a PKCS 11 KeyStore #33433

Actuator health endpoint for neo4j throws NoSuchElementException and always returns Status.DOWN #33428

Anchors in YAML configuration files throw UnsupportedOperationException #33404

ZipkinRestTemplateSender is not customizable #33399

AOT doesn't work with Logstash Logback Encoder #33387

Maven process-aot goal fails when release version is set in Maven compiler plugin #33382

DependsOnDatabaseInitializationPostProcessor re-declares bean dependencies at native image runtime #33374

@SpringBootTest now throws a NullPointerException rather than a helpful IllegalStateException when @SpringBootConfiguration is not found #33371

bootBuildImage always trys to create a native image due to bootJar always adding a META-INF/native-image/argfile to the jar #33363

:notebook_with_decorative_cover: Documentation

Improve gradle plugin tags documentation #33617

Improve maven plugin tags documentation #33616

Fix typo in tomcat accesslog checkExists doc #33512

Documented Java compiler level is wrong #33505

Fix typo in documentation #33453

Update instead of replace environment in bootBuildImage documentation #33424

Update the reference docs to document the need to declare the native-maven-plugin when using buildpacks to create a native image #33422

Document that the shutdown endpoint is not intended for use when deploying a war to a servlet container #33410

Reinstate GraphQL testing documentaion #33407

Description of NEVER in Sanitize Sensitive Values isn't formatted correctly #33398

:hammer: Dependency Upgrades

Upgrade to AspectJ 1.9.19 #33586

Upgrade to Byte Buddy 1.12.20 #33587

Upgrade to Couchbase Client 3.4.1 #33588

Upgrade to Dropwizard Metrics 4.2.14 #33589

Upgrade to Elasticsearch Client 8.5.3 #33590

Upgrade to Hibernate 6.1.6.Final #33591

Upgrade to HttpClient 4.5.14 #33592

Upgrade to HttpCore 4.4.16 #33593

Upgrade to Infinispan 14.0.4.Final #33594

Upgrade to Jaybird 4.0.8.java11 #33595

Upgrade to Jetty 11.0.13 #33596

Upgrade to jOOQ 3.17.6 #33597

Upgrade to Kotlin 1.7.22 #33598

Upgrade to Lettuce 6.2.2.RELEASE #33599

Upgrade to MongoDB 4.8.1 #33600

Upgrade to MSSQL JDBC 11.2.2.jre17 #33601

Upgrade to Native Build Tools Plugin 0.9.19 #33602

... (truncated)

Commits

837947c Release v3.0.1

5929d95 Merge branch '2.7.x'

b10b788 Next development version (v2.7.8-SNAPSHOT)

f588793 Update copyright year of changed files

0254619 Merge branch '2.7.x'

e4772cf Update copyright year of changed files

2e7ca6f Warning if <springProfile> is used in phase 2 model elements

2ed512d Use model.deepMarkAsSkipped in SpringProfileModelHandler

532fed3 Increase couchbase connection timeout for tests

9562a2c Merge branch '2.7.x'

Additional commits viewable in compare view

Updates spring-boot-maven-plugin from 2.7.4 to 3.0.1

Release notes

Sourced from spring-boot-maven-plugin's releases.

v3.0.1

:lady_beetle: Bug Fixes

Fix typo in LocalDevToolsAutoConfiguration logging #33615

No warning is given when <springProfile> is used in a Logback <root> block #33610

Auto-configure PropagationWebGraphQlInterceptor for tracing propagation #33542

WebClient instrumentation fails with IllegalArgumentException when adapting to WebClientExchangeTagsProvider #33483

Reactive observation auto-configuration does not declare order for WebFilter #33444

Web server fails to start due to "Resource location must not be null" when attempting to use a PKCS 11 KeyStore #33433

Actuator health endpoint for neo4j throws NoSuchElementException and always returns Status.DOWN #33428

Anchors in YAML configuration files throw UnsupportedOperationException #33404

ZipkinRestTemplateSender is not customizable #33399

AOT doesn't work with Logstash Logback Encoder #33387

Maven process-aot goal fails when release version is set in Maven compiler plugin #33382

DependsOnDatabaseInitializationPostProcessor re-declares bean dependencies at native image runtime #33374

@SpringBootTest now throws a NullPointerException rather than a helpful IllegalStateException when @SpringBootConfiguration is not found #33371

bootBuildImage always trys to create a native image due to bootJar always adding a META-INF/native-image/argfile to the jar #33363

:notebook_with_decorative_cover: Documentation

Improve gradle plugin tags documentation #33617

Improve maven plugin tags documentation #33616

Fix typo in tomcat accesslog checkExists doc #33512

Documented Java compiler level is wrong #33505

Fix typo in documentation #33453

Update instead of replace environment in bootBuildImage documentation #33424

Update the reference docs to document the need to declare the native-maven-plugin when using buildpacks to create a native image #33422

Document that the shutdown endpoint is not intended for use when deploying a war to a servlet container #33410

Reinstate GraphQL testing documentaion #33407

Description of NEVER in Sanitize Sensitive Values isn't formatted correctly #33398

:hammer: Dependency Upgrades

Upgrade to AspectJ 1.9.19 #33586

Upgrade to Byte Buddy 1.12.20 #33587

Upgrade to Couchbase Client 3.4.1 #33588

Upgrade to Dropwizard Metrics 4.2.14 #33589

Upgrade to Elasticsearch Client 8.5.3 #33590

Upgrade to Hibernate 6.1.6.Final #33591

Upgrade to HttpClient 4.5.14 #33592

Upgrade to HttpCore 4.4.16 #33593

Upgrade to Infinispan 14.0.4.Final #33594

Upgrade to Jaybird 4.0.8.java11 #33595

Upgrade to Jetty 11.0.13 #33596

Upgrade to jOOQ 3.17.6 #33597

Upgrade to Kotlin 1.7.22 #33598

Upgrade to Lettuce 6.2.2.RELEASE #33599

Upgrade to MongoDB 4.8.1 #33600

Upgrade to MSSQL JDBC 11.2.2.jre17 #33601

Upgrade to Native Build Tools Plugin 0.9.19 #33602

... (truncated)

Commits

837947c Release v3.0.1

5929d95 Merge branch '2.7.x'

b10b788 Next development version (v2.7.8-SNAPSHOT)

f588793 Update copyright year of changed files

0254619 Merge branch '2.7.x'

e4772cf Update copyright year of changed files

2e7ca6f Warning if <springProfile> is used in phase 2 model elements

2ed512d Use model.deepMarkAsSkipped in SpringProfileModelHandler

532fed3 Increase couchbase connection timeout for tests

9562a2c Merge branch '2.7.x'

Additional commits viewable in compare view

Updates spring-boot-starter-thymeleaf from 2.7.4 to 3.0.1

Release notes

Sourced from spring-boot-starter-thymeleaf's releases.

v3.0.1

:lady_beetle: Bug Fixes

Fix typo in LocalDevToolsAutoConfiguration logging #33615

No warning is given when <springProfile> is used in a Logback <root> block #33610

Auto-configure PropagationWebGraphQlInterceptor for tracing propagation #33542

WebClient instrumentation fails with IllegalArgumentException when adapting to WebClientExchangeTagsProvider #33483

Reactive observation auto-configuration does not declare order for WebFilter #33444

Web server fails to start due to "Resource location must not be null" when attempting to use a PKCS 11 KeyStore #33433

Actuator health endpoint for neo4j throws NoSuchElementException and always returns Status.DOWN #33428

Anchors in YAML configuration files throw UnsupportedOperationException #33404

ZipkinRestTemplateSender is not customizable #33399

AOT doesn't work with Logstash Logback Encoder #33387

Maven process-aot goal fails when release version is set in Maven compiler plugin #33382

DependsOnDatabaseInitializationPostProcessor re-declares bean dependencies at native image runtime #33374

@SpringBootTest now throws a NullPointerException rather than a helpful IllegalStateException when @SpringBootConfiguration is not found #33371

bootBuildImage always trys to create a native image due to bootJar always adding a META-INF/native-image/argfile to the jar #33363

:notebook_with_decorative_cover: Documentation

Improve gradle plugin tags documentation #33617

Improve maven plugin tags documentation #33616

Fix typo in tomcat accesslog checkExists doc #33512

Documented Java compiler level is wrong #33505

Fix typo in documentation #33453

Update instead of replace environment in bootBuildImage documentation #33424

Update the reference docs to document the need to declare the native-maven-plugin when using buildpacks to create a native image #33422

Document that the shutdown endpoint is not intended for use when deploying a war to a servlet container #33410

Reinstate GraphQL testing documentaion #33407

Description of NEVER in Sanitize Sensitive Values isn't formatted correctly #33398

:hammer: Dependency Upgrades

Upgrade to AspectJ 1.9.19 #33586

Upgrade to Byte Buddy 1.12.20 #33587

Upgrade to Couchbase Client 3.4.1 #33588

Upgrade to Dropwizard Metrics 4.2.14 #33589

Upgrade to Elasticsearch Client 8.5.3 #33590

Upgrade to Hibernate 6.1.6.Final #33591

Upgrade to HttpClient 4.5.14 #33592

Upgrade to HttpCore 4.4.16 #33593

Upgrade to Infinispan 14.0.4.Final #33594

Upgrade to Jaybird 4.0.8.java11 #33595

Upgrade to Jetty 11.0.13 #33596

Upgrade to jOOQ 3.17.6 #33597

Upgrade to Kotlin 1.7.22 #33598

Upgrade to Lettuce 6.2.2.RELEASE #33599

Upgrade to MongoDB 4.8.1 #33600

Upgrade to MSSQL JDBC 11.2.2.jre17 #33601

Upgrade to Native Build Tools Plugin 0.9.19 #33602

... (truncated)

Commits

837947c Release v3.0.1

5929d95 Merge branch '2.7.x'

b10b788 Next development version (v2.7.8-SNAPSHOT)

f588793 Update copyright year of changed files

0254619 Merge branch '2.7.x'

e4772cf Update copyright year of changed files

2e7ca6f Warning if <springProfile> is used in phase 2 model elements

2ed512d Use model.deepMarkAsSkipped in SpringProfileModelHandler

532fed3Description has been truncated dependencies java
opened by dependabot[bot] 0