v2.7.10

Compare Source

Bug Fixes

• compiler-sfc: avoid deindent when lang is jsx/tsx (46ca7bc), closes #​12755
• fix parent of multi-nested HOC $el not updating (#​12757) (e0b26c4), closes #​12589
• types: Add missing type parameter constraints (#​12754) (810f6d1)

v2.7.9

Compare Source

Bug Fixes

• compiler-sfc: allow full hostnames in asset url base (#​12732) (5c742eb), closes #​12731
• compiler-sfc: rewriteDefault for class with decorators (#​12747) (5221d4d)
• directives shorthand normalize error (#​12744) (2263948), closes #​12743
• ensure render watcher of manually created instance is correctly tracked in owner scope (bd89ce5), closes #​12701
• fix effect scope tracking for manually created instances (7161176), closes #​12705
• ssr: fix on-component directives rendering (#​12661) (165a14a), closes #​10733
• types: allow attaching unknown options to defined component (b4bf4c5), closes #​12742
• types: fix missing error for accessing undefined instance properties (8521f9d), closes #​12718
• types: fix options suggestions when using defineComponent (4b37b56), closes #​12736
• types: Make SetupBindings optional on ExtendedVue and CombinedVueInstance (#​12727) (00458cd), closes #​12726 #​12717
• watch: avoid pre watcher firing on unmount (f0057b1), closes #​12703

Features

• types: enhance type for onErrorCaptured (#​12735) (bba6b3d)
• types: export DefineComponent (80d1baf), closes #​12748
• types: support mixins inference for new Vue() (#​12737) (89a6b5e), closes #​12730

v2.7.8

Compare Source

Bug Fixes

• reactivity: fix shallowReactive nested ref setting edge cases (2af751b), closes #​12688
• sfc: align <script setup> component resolution edge case with v3 (#​12687) (a695c5a), closes #​12685
• types: avoid circular type inference between v2 and v3 instance types (fabc1cf), closes #​12683
• types: export defineAsyncComponent type (#​12684) (ba7dd2c)

Features

• setup: support listeners on setup context + useListeners() helper (adf3ac8)

v2.7.7

Compare Source

Bug Fixes

• codegen: script setup should not attempt to resolve native elements as component (e8d3a7d), closes #​12674
• inject: fix edge case of provided with async-mutated getters (ea5d0f3), closes #​12667
• setup: ensure setup context slots can be accessed immediately (67760f8), closes #​12672
• types: vue.d.ts should use relative import to v3-component-public-instance (#​12668) (46ec648), closes #​12666
• watch: fix queueing multiple post watchers (25ffdb6), closes #​12664

v2.7.6

Compare Source

Bug Fixes

• types: $refs can also contain ComponentPublicInstance (#​12659) (fffbb9e)
• types: fix $children and $root instance types (52a5979), closes #​12655
• types: fix missing expose() type on setup context (e0a9546), closes #​12660

v2.7.5

Compare Source

Bug Fixes

• add missing export from vue.runtime.mjs (#​12648) (08fb4a2)
• detect property add/deletion on reactive objects from setup when used in templates (a6e7498)
• do not set currentInstance in beforeCreate (0825d30), closes #​12636
• reactivity: fix watch behavior inconsistency + deep ref shallow check (98fb01c), closes #​12643
• sfc: fix sfc name inference type check (04b4703), closes #​12637
• types: support Vue interface augmentations in defineComponent (005e52d), closes #​12642
• watch: fix deep watch for structures containing raw refs (1a2c3c2), closes #​12652

v2.7.4

Compare Source

Bug Fixes

• build: fix mjs dual package hazard (012e10c), closes #​12626
• compiler-sfc: use safer deindent default for compatibility with previous behavior (b70a258)
• pass element creation helper to static render fns for functional components (dc8a68e), closes #​12625
• ssr/reactivity: fix array setting error at created in ssr [#​12632] (#​12633) (ca7daef)
• types: fix missing instance properties on defineComponent this (f8de4ca), closes #​12628
• types: fix this.$slots type for defineComponent (d3add06)
• types: fix type inference when using components option (1d5a411)
• types: global component registration type compat w/ defineComponent (26ff4bc), closes #​12622
• watch: fix watchers triggered in mounted hook (8904ca7), closes #​12624

Features

• defineAsyncComponent (9d12106), closes #​12608
• support functional components in defineComponent (559600f), closes #​12619

v2.7.3

Compare Source

Bug Fixes

• add renderTracked/Triggered merge strategy (#​12616) (6d1dbee)
• ssr/reactivity: fix composition api behavior in SSR (360272b), closes #​12615
• types: allow slot attribute (94ccca2), closes #​12617

v2.7.2

Compare Source

Bug Fixes

• compiler-sfc: preserve old deindent behavior for pug (1294385), closes #​12611

Features

• allow passing directive definition directly to h() (#​12590) (d45bbea)
• types: define component improvements (#​12612) (fb93c1b)

v2.7.1

Compare Source

Bug Fixes

• compiler-sfc: avoid deindent when lang is jsx/tsx (46ca7bc), closes #​12755
• fix parent of multi-nested HOC $el not updating (#​12757) (e0b26c4), closes #​12589
• types: Add missing type parameter constraints (#​12754) (810f6d1)

v2.7.0

Compare Source

Backported Features

• Composition API
• SFC <script setup>
• SFC CSS v-bind

In addition, the following APIs are also supported:

• defineComponent() with improved type inference (compared to Vue.extend)

• h(), useSlot(), useAttrs(), useCssModules()

• set(), del() and nextTick() are also provided as named exports in ESM builds.

• The emits option is also supported, but only for type-checking purposes (does not affect runtime behavior)

  2.7 also supports using ESNext syntax in template expressions. When using a build system, the compiled template render function will go through the same loaders / plugins configured for normal JavaScript. This means if you have configured Babel for .js files, it will also apply to the expressions in your SFC templates.

Notes on API exposure

• In ESM builds, these APIs are provided as named exports (and named exports only):

  import Vue, { ref } from 'vue'
  
  Vue.ref // undefined, use named export instead
  

• In UMD and CJS builds, these APIs are exposed as properties on the global Vue object.

• When bundling with CJS builds externalized, bundlers should be able to handle ESM interop when externalizing CJS builds.

Behavior Differences from Vue 3

The Composition API is backported using Vue 2's getter/setter-based reactivity system to ensure browser compatibility. This means there are some important behavior differences from Vue 3's proxy-based system:

• All Vue 2 change detection caveats still apply.

• reactive(), ref(), and shallowReactive() will directly convert original objects instead of creating proxies. This means:

  // true in 2.7, false in 3.x
  reactive(foo) === foo
  

• readonly() does create a separate object, but it won't track newly added properties and does not work on arrays.

• Avoid using arrays as root values in reactive() because without property access the array's mutation won't be tracked (this will result in a warning).

• Reactivity APIs ignore properties with symbol keys.

In addition, the following features are explicitly NOT ported:

• ❌ createApp() (Vue 2 doesn't have isolated app scope)
• ❌ Top-level await in <script setup> (Vue 2 does not support async component initialization)
• ❌ TypeScript syntax in template expressions (incompatible w/ Vue 2 parser)
• ❌ Reactivity transform (still experimental)
• ❌ expose option is not supported for options components (but defineExpose() is supported in <script setup>).

TypeScript Changes

• defineComponent provides improved type inference similar to that of Vue 3. Note the type of this inside defineComponent() is not interoperable with this from Vue.extend().

• Similar to Vue 3, TSX support is now built-in. If your project previously had manual JSX type shims, make sure to remove them.

Upgrade Guide

Vue CLI / webpack

1. Upgrade local @vue/cli-xxx dependencies the latest version in your major version range (if applicable):

   • ~4.5.18 for v4
   • ~5.0.6 for v5

2. Upgrade vue to ^2.7.0. You can also remove vue-template-compiler from the dependencies - it is no longer needed in 2.7.

   Note: if you are using @vue/test-utils, you may need to keep it in the dependencies for now, but this requirement will also be lifted in a new release of test utils.

3. Check your package manager lockfile to ensure the following dependencies meet the version requirements. They may be transitive dependencies not listed in package.json.

   • vue-loader: ^15.10.0
   • vue-demi: ^0.13.1

   If not, you will need to remove node_modules and the lockfile and perform a fresh install to ensure they are bumped to the latest version.

4. If you were previously using @vue/composition-api, update imports from it to vue instead. Note that some APIs exported by the plugin, e.g. createApp, are not ported in 2.7.

5. Update eslint-plugin-vue to latest version (9+) if you run into unused variable lint errors when using <script setup>.

6. The SFC compiler for 2.7 now uses PostCSS 8 (upgraded from 7). PostCSS 8 should be backwards compatible with most plugins, but the upgrade may cause issues if you were previously using a custom PostCSS plugin that can only work with PostCSS 7. In such cases, you will need to upgrade the relevant plugins to their PostCSS 8 compatible versions.

Vite

2.7 support for Vite is provided via a new plugin: @​vitejs/plugin-vue2. This new plugin requires Vue 2.7 or above and supersedes the existing vite-plugin-vue2.

Note that the new plugin does not handle Vue-specific JSX / TSX transform, which is intentional. Vue 2 JSX / TSX transform should be handled in a separate, dedicated plugin, which will be provided soon.

Volar Compatibility

2.7 ships improved type definitions so it is no longer necessary to install @vue/runtime-dom just for Volar template type inference support. All you need now is the following config in tsconfig.json:

{
  // ...
  "vueCompilerOptions": {
    "target": 2.7
  }
}

Devtools Support

Vue Devtools 6.2.0 has added support for inspecting 2.7 Composition API state, but the extensions may still need a few days to go through review on respective publishing platforms.

Bug Fixes

• sfc: only include legacy decorator parser plugin when new plugin is not used (326d24a)

Sourced from lxml's changelog.

4.9.1 (2022-07-01)

Bugs fixed

• A crash was resolved when using iterwalk() (or canonicalize()) after parsing certain incorrect input. Note that iterwalk() can crash on valid input parsed with the same parser after failing to parse the incorrect input.

4.9.0 (2022-06-01)

Bugs fixed

• GH#341: The mixin inheritance order in lxml.html was corrected. Patch by xmo-odoo.

Other changes

• Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.

• Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35 (libxml2 2.9.12+ and libxslt 1.1.34 on Windows).

• GH#343: Windows-AArch64 build support in Visual Studio. Patch by Steve Dower.

• d01872c Prevent parse failure in new test from leaking into later test runs.
• d65e632 Prepare release of lxml 4.9.1.
• 86368e9 Fix a crash when incorrect parser input occurs together with usages of iterwa...
• 50c2764 Delete unused Travis CI config and reference in docs (GH-345)
• 8f0bf2d Try to speed up the musllinux AArch64 build by splitting the different CPytho...
• b9f7074 Remove debug print from test.
• b224e0f Try to install 'xz' in wheel builds, if available, since it's now needed to e...
• 897ebfa Update macOS deployment target version from 10.14 to 10.15 since 10.14 starts...
• 853c9e9 Prepare release of 4.9.0.
• d3f77e6 Add a test for https://bugs.launchpad.net/lxml/+bug/1965070 leaving out the a...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• f545bdb 3.0.1
• c57d4c2 fix a few old XO issues for backport
• 419250f Fix potential ReDoS (#37)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from node-forge's changelog.

1.3.1 - 2022-03-29

Fixes

• RFC 3447 and RFC 8017 allow for optional DigestAlgorithm NULL parameters for sha* algorithms and require NULL paramters for md2 and md5 algorithms.

1.3.0 - 2022-03-17

Security

• Three RSA PKCS#1 v1.5 signature verification issues were reported by Moosa Yahyazadeh ([email protected]).
• HIGH: Leniency in checking digestAlgorithm structure can lead to signature forgery.
  • The code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. For more information, please see "Bleichenbacher's RSA signature forgery based on implementation error" by Hal Finney.
  • CVE ID: CVE-2022-24771
  • GHSA ID: GHSA-cfm4-qjh2-4765
• HIGH: Failing to check tailing garbage bytes can lead to signature forgery.
  • The code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. For more information, please see "Bleichenbacher's RSA signature forgery based on implementation error" by Hal Finney.
  • CVE ID: CVE-2022-24772
  • GHSA ID: GHSA-x4jg-mjrx-434g
• MEDIUM: Leniency in checking type octet.
  • DigestInfo is not properly checked for proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.
  • CVE ID: CVE-2022-24773
  • GHSA ID: GHSA-2r2c-g63r-vccr

Fixed

• [asn1] Add fallback to pretty print invalid UTF8 data.
• [asn1] fromDer is now more strict and will default to ensuring all input bytes are parsed or throw an error. A new option parseAllBytes can disable this behavior.
  • NOTE: The previous behavior is being changed since it can lead to security issues with crafted inputs. It is possible that code doing custom DER parsing may need to adapt to this new behavior and optional flag.
• [rsa] Add and use a validator to check for proper structure of parsed ASN.1

... (truncated)

• a0a4a42 Release 1.3.1.
• a33830f Update changelog.
• 740954d Allow optional DigestAlgorithm parameters.
• 56f4316 Allow DigestInfo.DigestAlgorith.parameters to be optional
• cbf0bd5 Start 1.3.1-0.
• 6c5b901 Release 1.3.0.
• 0f3972a Update changelog.
• dc77b39 Fix error checking.
• bb822c0 Add advisory links.
• d4395fe Update changelog.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from spring-boot-starter-web's releases.

v2.6.6

:lady_beetle: Bug Fixes

• MustacheAutoConfiguration in a Servlet web application fails with a ClassNotFoundException when Spring MVC is not on the classpath #30475

:notebook_with_decorative_cover: Documentation

• Javadoc of org.springframework.boot.gradle.plugin.ResolveMainClassName.setClasspath(Object) is inaccurate #30469
• Document that @DefaultValue can be used on a record component #30465
• Remove redundant Javadoc #30446

:hammer: Dependency Upgrades

• Upgrade to Jackson Bom 2.13.2.20220328 #30478
• Upgrade to Spring Framework 5.3.18 #30492

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

• @​quaff
• @​vikeychen
• @​eddumelendez
• @​candrews

v2.6.5

:mega: Noteworthy

• This release upgrades to Kafka 3.0.1 which enables idempotence by default. See the updated Spring Boot 2.6 release notes for further details.

:star: New Features

• Add EIGHTEEN to JavaVersion enum #30132

:lady_beetle: Bug Fixes

• ConfigurationPropertyName#equals is not symmetric when adapt has removed trailing characters from an element #30392
• Thymeleaf auto-configuration in a reactive application can fail due to duplicate templateEngine beans #30385
• server.tomcat.keep-alive-timeout is not applied to HTTP/2 #30321
• Setting spring.mustache.enabled to false has no effect #30256
• bootWar is configured eagerly #30213
• Actuator @ReadOperation on Flux cancels request after first element emitted #30161
• Unnecessary allocations in Prometheus scraping endpoint #30125
• No metrics are bound for R2DBC ConnectionPools that have been wrapped #30100
• Condition evaluation report entry for a @ConditionalOnSingleCandidate that does not match due to multiple primary beans isn't as clear as it could be #30098
• Generated password are logged without an "unsuitable for production use" note #30070
• Dependency management for Netty tcNative is incomplete leading to possible version conflicts #30038
• Files in META-INF are not found when deploying a Gradle-built executable war to a servlet container #30036
• Dependency management for Apache Kafka is incomplete #30031
• spring-boot-configuration-processor fails compilation due to @DefaultValue with a long value and generates invalid metadata for byte and short properties with out-of-range default values #30022

... (truncated)

• 25c233f Release v2.6.6
• 546a7e5 Merge branch '2.5.x' into 2.6.x
• 17936b8 Polish
• 57f1169 Merge branch '2.5.x' into 2.6.x
• 7ccbdda Upgrade to Spring Framework 5.3.18
• 94c40c7 Upgrade to Spring Framework 5.3.18
• be716d8 Merge branch '2.5.x' into 2.6.x
• 8409c2f Upgrade CI to Docker 20.10.14
• a99fcec Upgrade Java 18 version in CI image
• 2e90fd2 Upgrade CI to Docker 20.10.14
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

v3.0.1

Compare Source

:lady_beetle: Bug Fixes

• Fix typo in LocalDevToolsAutoConfiguration logging #​33615
• No warning is given when <springProfile> is used in a Logback <root> block #​33610
• Auto-configure PropagationWebGraphQlInterceptor for tracing propagation #​33542
• WebClient instrumentation fails with IllegalArgumentException when adapting to WebClientExchangeTagsProvider #​33483
• Reactive observation auto-configuration does not declare order for WebFilter #​33444
• Web server fails to start due to "Resource location must not be null" when attempting to use a PKCS 11 KeyStore #​33433
• Actuator health endpoint for neo4j throws NoSuchElementException and always returns Status.DOWN #​33428
• Anchors in YAML configuration files throw UnsupportedOperationException #​33404
• ZipkinRestTemplateSender is not customizable #​33399
• AOT doesn't work with Logstash Logback Encoder #​33387
• Maven process-aot goal fails when release version is set in Maven compiler plugin #​33382
• DependsOnDatabaseInitializationPostProcessor re-declares bean dependencies at native image runtime #​33374
• @SpringBootTest now throws a NullPointerException rather than a helpful IllegalStateException when @SpringBootConfiguration is not found #​33371
• bootBuildImage always trys to create a native image due to bootJar always adding a META-INF/native-image/argfile to the jar #​33363

:notebook_with_decorative_cover: Documentation

• Improve gradle plugin tags documentation #​33617
• Improve maven plugin tags documentation #​33616
• Fix typo in tomcat accesslog checkExists doc #​33512
• Documented Java compiler level is wrong #​33505
• Fix typo in documentation #​33453
• Update instead of replace environment in bootBuildImage documentation #​33424
• Update the reference docs to document the need to declare the native-maven-plugin when using buildpacks to create a native image #​33422
• Document that the shutdown endpoint is not intended for use when deploying a war to a servlet container #​33410
• Reinstate GraphQL testing documentaion #​33407
• Description of NEVER in Sanitize Sensitive Values isn't formatted correctly #​33398

:hammer: Dependency Upgrades

• Upgrade to AspectJ 1.9.19 #​33586
• Upgrade to Byte Buddy 1.12.20 #​33587
• Upgrade to Couchbase Client 3.4.1 #​33588
• Upgrade to Dropwizard Metrics 4.2.14 #​33589
• Upgrade to Elasticsearch Client 8.5.3 #​33590
• Upgrade to Hibernate 6.1.6.Final #​33591
• Upgrade to HttpClient 4.5.14 #​33592
• Upgrade to HttpCore 4.4.16 #​33593
• Upgrade to Infinispan 14.0.4.Final #​33594
• Upgrade to Jaybird 4.0.8.java11 #​33595
• Upgrade to Jetty 11.0.13 #​33596
• Upgrade to jOOQ 3.17.6 #​33597
• Upgrade to Kotlin 1.7.22 #​33598
• Upgrade to Lettuce 6.2.2.RELEASE #​33599
• Upgrade to MongoDB 4.8.1 #​33600
• Upgrade to MSSQL JDBC 11.2.2.jre17 #​33601
• Upgrade to Native Build Tools Plugin 0.9.19 #​33602
• Upgrade to Netty 4.1.86.Final #​33603
• Upgrade to Reactor 2022.0.1 #​33475
• Upgrade to SLF4J 2.0.6 #​33604
• Upgrade to Spring for GraphQL 1.1.1 #​33477
• Upgrade to Spring Framework 6.0.3 #​33476
• Upgrade to Spring Integration 6.0.1 #​33605
• Upgrade to Spring Kafka 3.0.1 #​33480
• Upgrade to Spring Security 6.0.1 #​33479
• Upgrade to Thymeleaf 3.1.1.RELEASE #​33486
• Upgrade to Thymeleaf Extras SpringSecurity 3.1.1.RELEASE #​33606
• Upgrade to Tomcat 10.1.4 #​33167
• Upgrade to UnboundID LDAPSDK 6.0.7 #​33607
• Upgrade to Undertow 2.3.2.Final #​33608

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​Artur-, @​aksh1618, @​candrews, @​cdanger, @​currenjin, @​izeye, @​jprinet, @​lishangbu, @​ohdaeho, @​peter-janssen, and @​shekharAggarwal

v3.0.0

Compare Source

See the Release notes for 3.0 for upgrade instructions and details of new features.

:star: New Features

• Provide a configuration property for the observation patterns of Spring Integration components #​33099

:lady_beetle: Bug Fixes

• io.micrometer.tracing.Tracer on the classpath breaks AOT processing for tests #​33298
• Tracer library HTTP instrumentation is auto-configured unnecessarily #​33287
• Auto-configuration ignores user-provided ObservationConventions #​33285
• ScheduledBeanLazyInitializationExcludeFilter is auto-configured even when annotation-based scheduled has not been enabled #​33284
• SpringBootContextLoader prints banner twice when using a @ContextHierarchy #​33263
• Properties migrator causes an application to fail to start if it tries to map a property whose metadata data entry contains an invalid configuration property name #​33250
• Wavefront MeterRegistryCustomizer is not applying application tags from application.properties #​33244
• Actuator responses no longer format timestamps as ISO-8601 #​33236
• Configuration property is not bound in a native image when property has get, set, and is methods #​33232
• Configuration property binding does not deal with bridge methods #​33212
• Contribute missing resource hints for GraphQL schema files and GraphiQL HTML page #​33208
• Hints for ClientHttpRequestFactory should only be generated for matching methods #​33203
• Native profile should configure execution in pluginManagement #​33184
• Configuring management.server.port via a config tree results in a ConverterNotFoundException when the management context is refreshed #​33169
• JBoss logging does not route directly to SLF4J when using Logback #​33155
• Test with UseMainMethod.Always do not work with Kotlin main functions #​33114
• Maven process-aot does not specify source and target release when compiling generated sources #​33112
• Some Actuator beans are ineligible for post-processing #​33110
• AOT-generated source fails to compile when Actuator is enabled on a WebFlux project #​33106
• @ContextHierarchy should never be used with main method #​33078
• Maven process-aot fails when compiler plugin has been configured with --enable-preview #​33012
• Wavefront application tags differ from those used in a Spring Boot 2.x application #​32844
• Maven goal spring-boot:build-image runs package phase twice #​26455

:notebook_with_decorative_cover: Documentation

• Document observation for R2DBC #​33335
• Align Tomcat multiple connectors example with recommendation to configure SSL declaratively #​33333
• Actuator document is misleading about k8s startup probe #​33327
• Update documented for @Timed to reflect narrower support #​33282
• Update reference documentation to replace mentions of tags providers and contributors with their Observation-based equivalents #​33281
• Link to Micrometer's @Timed documentation #​33266
• Clarify use of the spring.cache.type property with Hazelcast #​33258
• Example git.commit.time in the Actuator API documentation is thousands of years in the future #​33256
• Update Spring Security filter dispatcher types docs to reflect change in default value #​33252
• Documentation for nested configuration properties in a native image uses @NestedConfigurationProperty too widely #​33239
• Document that the jar task should not be disabled when building a native image #​33238
• Document nesting configuration properties using records or Kotlin data classes and how and when to use @NestedConfigurationProperty #​33235
• Links to Features describes sections that have moved elsewhere #​33214
• Fix broken links in docs #​33209
• Document the need for compilation with -parameters when targeting a native image #​33182
• Remove outdated native image documentation #​33109
• Mention @RegisterReflectionForBinding in the docs #​32903

:hammer: Dependency Upgrades

• Upgrade to Byte Buddy 1.12.19 #​33302
• Upgrade to Caffeine 3.1.2 #​33339
• Upgrade to Dropwizard Metrics 4.2.13 #​33303
• Upgrade to Ehcache3 3.10.8 #​33304
• Upgrade to Elasticsearch Client 8.5.1 #​33225
• Upgrade to Glassfish JSTL 3.0.1 #​33305
• Upgrade to Hazelcast 5.1.5 #​33187
• Upgrade to HttpClient5 5.1.4 #​33306
• Upgrade to HttpCore5 5.1.5 #​33188
• Upgrade to Jackson 2.14.1 #​33289
• Upgrade to Jackson Bom 2.14.0 #​33189
• Upgrade to Janino 3.1.9 #​33307
• Upgrade to Jaybird 4.0.7.java11 #​33190
• Upgrade to Kotlin 1.7.21 #​33191
• Upgrade to Logback 1.4.5 #​33308
• Upgrade to MariaDB 3.0.9 #​33192
• Upgrade to Micrometer 1.10.2 #​33334
• Upgrade to MongoDB 4.8.0 #​33193
• Upgrade to Native Build Tools 0.9.18 #​33301
• Upgrade to Netty 4.1.85.Final #​33194
• Upgrade to Postgresql 42.5.1 #​33340
• Upgrade to R2DBC H2 1.0.0.RELEASE #​33195
• Upgrade to R2DBC Pool 1.0.0.RELEASE #​33196
• Upgrade to R2DBC Postgresql 1.0.0.RELEASE #​33197
• Upgrade to R2DBC Proxy 1.0.1.RELEASE #​33309
• Upgrade to REST Assured 5.2.1 #​33310
• Upgrade to SLF4J 2.0.4 #​33311
• Upgrade to Spring AMQP 3.0.0 #​33141
• Upgrade to Spring Batch 5.0.0 #​33148
• Upgrade to Spring Data 2022.0.0 #​33140
• Upgrade to Spring Framework 6.0.0 #​33136
• Upgrade to Spring Framework 6.0.2 #​33286
• Upgrade to Spring GraphQL 1.1.0 #​33145
• Upgrade to Spring HATEOAS 2.0.0 #​33137
• Upgrade to Spring Integration 6.0.0 #​33146
• Upgrade to Spring Kafka 3.0.0 #​33142
• Upgrade to Spring LDAP 3.0.0 #​33138
• Upgrade to Spring REST Docs 3.0.0 #​33143
• Upgrade to Spring Retry 2.0.0 #​33149
• Upgrade to Spring Security 6.0.0 #​33144
• Upgrade to Spring Session 3.0.0 #​33147
• Upgrade to Spring WS 4.0.0 #​33139
• Upgrade to SQLite JDBC 3.39.4.1 #​33312
• Upgrade to Thymeleaf 3.1.0.RELEASE #​33313
• Upgrade to Thymeleaf Extras SpringSecurity 3.1.0.RELEASE #​33314
• Upgrade to Yasson 3.0.2 #​33201

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​artembilan, @​dreis2211, @​hpoettker, @​izeye, @​jonatan-ivanov, @​oppegard, @​sdeleuze, @​ttddyy, @​tumit, and @​vpavic

v2.7.7

Compare Source

:lady_beetle: Bug Fixes

• Fix typo in LocalDevToolsAutoConfiguration logging #​33569
• Web server fails to start due to "Resource location must not be null" when attempting to use a PKCS 11 KeyStore #​32179

:notebook_with_decorative_cover: Documentation

• Improve gradle plugin tags documentation #​33614
• Improve maven plugin tags documentation #​33609
• Fix typo in tomcat accesslog checkExists doc #​33460
• Document that the shutdown endpoint is not intended for use when deploying a war to a servlet container #​17398

:hammer: Dependency Upgrades

• Upgrade to Byte Buddy 1.12.20 #​33570
• Upgrade to Dropwizard Metrics 4.2.14 #​33571
• Upgrade to Elasticsearch 7.17.8 #​33572
• Upgrade to HttpClient 4.5.14 #​33573
• Upgrade to HttpCore 4.4.16 #​33574
• Upgrade to Infinispan 13.0.14.Final #​33575
• Upgrade to Jaybird 4.0.8.java8 #​33576
• Upgrade to Jetty 9.4.50.v20221201 #​33577
• Upgrade to MSSQL JDBC 10.2.2.jre8 #​33578
• Upgrade to Neo4j Java Driver 4.4.11 #​33579
• Upgrade to Netty 4.1.86.Final #​33580
• Upgrade to Reactor 2020.0.26 #​33543
• Upgrade to Spring Integration 5.5.16 #​33581
• Upgrade to Spring Security 5.7.6 #​33544
• Upgrade to Thymeleaf Extras SpringSecurity 3.0.5.RELEASE #​33582
• Upgrade to Tomcat 9.0.70 #​33583
• Upgrade to UnboundID LDAPSDK 6.0.7 #​33584
• Upgrade to Undertow 2.2.22.Final #​33585

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​Artur-, @​aksh1618, @​cdanger, @​currenjin, @​jprinet, and @​shekharAggarwal

v2.7.6

Compare Source

:lady_beetle: Bug Fixes

• ScheduledBeanLazyInitializationExcludeFilter is auto-configured even when annotation-based scheduled has not been enabled #​33283
• SpringBootContextLoader prints banner twice when using a @ContextHierarchy #​33262
• Properties migrator causes an application to fail to start if it tries to map a property whose metadata data entry contains an invalid configuration property name #​33249
• Configuration property binding does not deal with bridge methods #​33211
• Configuring management.server.port via a config tree results in a ConverterNotFoundException when the management context is refreshed #​33168
• Dependency management for XMLUnit is incomplete #​32999
• Spring Boot's Lettuce metrics enable histrograms by default and it's hard to switch them off #​32989
• Dependency management for Selenium is incomplete #​32861
• NumberFormatException when configuring spring.redis.sentinel.nodes with an IPv6 address #​32836

:notebook_with_decorative_cover: Documentation

• Align Tomcat multiple connectors example with recommendation to configure SSL declaratively #​33331
• ConditionalOnClass not working for Bean methods on Java 8 #​33328
• Actuator document is misleading about k8s startup probe #​33326
• Link to Micrometer's @Timed documentation #​33265
• Clarify use of the spring.cache.type property with Hazelcast #​33257
• Example git.commit.time in the Actuator API documentation is thousands of years in the future #​33255
• Links to Features describes sections that have moved elsewhere #​33213
• Fix kafka streams auto start description typo in reference docs #​33101
• OAuth 2 configuration example uses unrecognized value for authorization grant type #​33068
• Fix typos in logging.adoc #​32820
• Harmonize code sample in the "Type-safe Configuration Properties" section #​32818

:hammer: Dependency Upgrades

• Upgrade to Byte Buddy 1.12.19 #​33272
• Upgrade to Dropwizard Metrics 4.2.13 #​33321
• Upgrade to Ehcache3 3.10.8 #​33322
• Upgrade to Elasticsearch 7.17.7 #​33171
• Upgrade to Hazelcast 5.1.5 #​33172
• Upgrade to Hibernate 5.6.14.Final #​33173
• Upgrade to HttpClient5 5.1.4 #​33323
• Upgrade to HttpCore5 5.1.5 #​33174
• Upgrade to Janino 3.1.9 #​33274
• Upgrade to Jaybird 4.0.7.java8 #​33175
• Upgrade to MariaDB 3.0.9 #​33176
• Upgrade to Micrometer 1.9.6 #​33129
• Upgrade to Netty 4.1.85.Final #​33177
• Upgrade to Postgresql 42.3.8 #​33338
• Upgrade to Reactor 2020.0.25 #​33130
• Upgrade to Spring AMQP 2.4.8 #​33223
• Upgrade to Spring Data 2021.2.6 #​33132
• Upgrade to Spring Framework 5.3.24 #​33131
• Upgrade to Spring GraphQL 1.0.3 #​33150
• Upgrade to Spring Kafka 2.8.11 #​33133
• Upgrade to Spring REST Docs 2.0.7.RELEASE #​33134
• Upgrade to Spring Security 5.7.5 #​33178
• Upgrade to Spring WS 3.1.4 #​33179
• Upgrade to Tomcat 9.0.69 #​33180

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​EricGao888, @​biergit, @​dreis2211, @​eurythmia, @​hpoettker, @​iamgd67, @​izeye, @​jamessoun93, and @​sdeleuze

v2.7.7

Compare Source

:lady_beetle: Bug Fixes

• Fix typo in LocalDevToolsAutoConfiguration logging #​33569
• Web server fails to start due to "Resource location must not be null" when attempting to use a PKCS 11 KeyStore #​32179

:notebook_with_decorative_cover: Documentation

• Improve gradle plugin tags documentation #​33614
• Improve maven plugin tags documentation #​33609
• Fix typo in tomcat accesslog checkExists doc #​33460
• Document that the shutdown endpoint is not intended for use when deploying a war to a servlet container #​17398

:hammer: Dependency Upgrades

• Upgrade to Byte Buddy 1.12.20 #​33570
• Upgrade to Dropwizard Metrics 4.2.14 #​33571
• Upgrade to Elasticsearch 7.17.8 #​33572
• Upgrade to HttpClient 4.5.14 #​33573
• Upgrade to HttpCore 4.4.16 #​33574
• Upgrade to Infinispan 13.0.14.Final #​33575
• Upgrade to Jaybird 4.0.8.java8 #​33576
• Upgrade to Jetty 9.4.50.v20221201 #​33577
• Upgrade to MSSQL JDBC 10.2.2.jre8 #​33578
• Upgrade to Neo4j Java Driver 4.4.11 #​33579
• Upgrade to Netty 4.1.86.Final #​33580
• Upgrade to Reactor 2020.0.26 #​33543
• Upgrade to Spring Integration 5.5.16 #​33581
• Upgrade to Spring Security 5.7.6 #​33544
• Upgrade to Thymeleaf Extras SpringSecurity 3.0.5.RELEASE #​33582
• Upgrade to Tomcat 9.0.70 #​33583
• Upgrade to UnboundID LDAPSDK 6.0.7 #​33584
• Upgrade to Undertow 2.2.22.Final #​33585

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​Artur-, @​aksh1618, @​cdanger, @​currenjin, @​jprinet, and @​shekharAggarwal

v2.7.6

Compare Source

:lady_beetle: Bug Fixes

• ScheduledBeanLazyInitializationExcludeFilter is auto-configured even when annotation-based scheduled has not been enabled #​33283
• SpringBootContextLoader prints banner twice when using a @ContextHierarchy #​33262
• Properties migrator causes an application to fail to start if it tries to map a property whose metadata data entry contains an invalid configuration property name #​33249
• Configuration property binding does not deal with bridge methods #​33211
• Configuring management.server.port via a config tree results in a ConverterNotFoundException when the management context is refreshed #​33168
• Dependency management for XMLUnit is incomplete #​32999
• Spring Boot's Lettuce metrics enable histrograms by default and it's hard to switch them off #​32989
• Dependency management for Selenium is incomplete #​32861
• NumberFormatException when configuring spring.redis.sentinel.nodes with an IPv6 address #​32836

:notebook_with_decorative_cover: Documentation

• Align Tomcat multiple connectors example with recommendation to configure SSL declaratively #​33331
• ConditionalOnClass not working for Bean methods on Java 8 #​33328
• Actuator document is misleading about k8s startup probe #​33326
• Link to Micrometer's @Timed documentation #​33265
• Clarify use of the spring.cache.type property with Hazelcast #​33257
• Example git.commit.time in the Actuator API documentation is thousands of years in the future #​33255
• Links to Features describes sections that have moved elsewhere #​33213
• Fix kafka streams auto start description typo in reference docs #​33101
• OAuth 2 configuration example uses unrecognized value for authorization grant type #​33068
• Fix typos in logging.adoc #​32820
• Harmonize code sample in the "Type-safe Configuration Properties" section #​32818

:hammer: Dependency Upgrades

• Upgrade to Byte Buddy 1.12.19 #​33272
• Upgrade to Dropwizard Metrics 4.2.13 #​33321
• Upgrade to Ehcache3 3.10.8 #​33322
• Upgrade to Elasticsearch 7.17.7 #​33171
• Upgrade to Hazelcast 5.1.5 #​33172
• Upgrade to Hibernate 5.6.14.Final #​33173
• Upgrade to HttpClient5 5.1.4 #​33323
• Upgrade to HttpCore5 5.1.5 #​33174
• Upgrade to Janino 3.1.9 #​33274
• Upgrade to Jaybird 4.0.7.java8 #​33175
• Upgrade to MariaDB 3.0.9 #​33176
• Upgrade to Micrometer 1.9.6 #​33129
• Upgrade to Netty 4.1.85.Final #​33177
• Upgrade to Postgresql 42.3.8 #​33338
• Upgrade to Reactor 2020.0.25 #​33130
• Upgrade to Spring AMQP 2.4.8 #​33223
• Upgrade to Spring Data 2021.2.6 #​33132
• Upgrade to Spring Framework 5.3.24 #​33131
• Upgrade to Spring GraphQL 1.0.3 #​33150
• Upgrade to Spring Kafka 2.8.11 #​33133
• Upgrade to Spring REST Docs 2.0.7.RELEASE #​33134
• Upgrade to Spring Security 5.7.5 #​33178
• Upgrade to Spring WS 3.1.4 #​33179
• Upgrade to Tomcat 9.0.69 #​33180

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​EricGao888, @​biergit, @​dreis2211, @​eurythmia, @​hpoettker, @​iamgd67, @​izeye, @​jamessoun93, and @​sdeleuze

v6.0.3

Compare Source

:star: New Features

• Throw PessimisticLockingFailureException/CannotAcquireLockException instead of plain ConcurrencyFailureException #​29675
• Introduce additional constructors in MockClientHttpRequest and MockClientHttpResponse #​29670
• Fall back to JdkClientHttpConnector as ClientHttpConnector #​29645
• Optimize object creation in RequestMappingHandlerMapping#handleNoMatch #​29634
• Align multipart codecs on client and server #​29630
• Deprecate "application/graphql+json" media type after spec changes #​29617
• HTTP interface client does not call FormHttpMessageWriter when writing form data #​29615
• ProblemDetail doesn't override the equals method #​29606
• Add title to SockJS iFrames for accessibility compliance #​29594
• Forbid loading of a test's ApplicationContext in AOT mode if AOT processing failed #​29579
• Deprecate JettyWebSocketClient in favor of StandardWebSocketClient #​29576
• Improve options to expose MessageSource formatted errors for a ProblemDetail response #​29574
• Make @ModelAttribute and @InitBinder annotations @Reflective #​29572
• Update BindingReflectionHintsRegistrar to support properties on records #​29571

:lady_beetle: Bug Fixes

• Cannot use WebDAV methods in Spring MVC 6.0 anymore #​29689
• AnnotatedElementUtils.findMergedRepeatableAnnotations does not fetch results when other attributes exist in container annotation #​29685
• BeanWrapperImpl NPE in setWrappedInstance after invoking getPropertyValue #​29681
• SpEL ConstructorReference does not generate AST representation of arrays #​29665
• NullPointerException in BindingReflectionHintsRegistrar for anonymous classes #​29657
• DataBufferInputStream violates InputStream contract #​29642
• Component scanning no longer uses component index for @Named, @ManagedBean, and other Jakarta annotations #​29641
• Fix canWrite in PartHttpMessageWriter #​29631
• NoHandlerFoundException mistakenly returns request headers from ErrorResponse#getHeaders #​29626
• URI override for @HttpExchange doesn't work if there are both URI and @PathVariable method parameters #​29624
• Unnecessary parameter name introspection for constructor-arg resolution (leading to LocalVariableTableParameterNameDiscoverer warnings) #​29612
• Set detail from reason in both constructors of ResponseStatusException #​29608
• SpEL string literal misses single quotation marks in toStringAST() #​29604
• AOT code generation fails for bean of type boolean #​29598
• request-scoped bean with @Lazy fails in native image (due to missing detection of CGLIB lazy resolution proxies) #​29584
• 500 error from WebFlux when parsing Content-Type leads to InvalidMediaTypeException #​29565
• ConcurrentLruCache implementation is using too much heap memory #​29520
• Duplicate key violation gets translated to DataIntegrityViolationException instead of DuplicateKeyException in Spring 6 #​29511
• SpEL: Two double quotes are replaced by one double quote in single quoted String literal (and vice versa) #​28356

:notebook_with_decorative_cover: Documentation

• Fix ErrorResponse#type documentation #​29632
• Fix typo in observability documentation #​29590
• Consistent documentation references to Jakarta WebSocket (2.1) #​29581
• Unrendered asciidoc headings in reference documentation #​29569
• Document observability support #​29524

:hammer: Dependency Upgrades

• Upgrade to Apache HttpClient 5.2 #​29627
• Upgrade to Gradle 7.6 #​29583
• Upgrade to Micrometer 1.10.2 #​29678
• Upgrade to Reactor 2022.0.1 #​29679

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​Aashay-Chapatwala, @​CoderYellow, @​ShenFeng312, @​Spark61, @​divcon, @​izeye, @​koo-taejin, @​mdeinum, @​mhalbritter, @​quaff, and @​singhbaljit

v6.0.2

Compare Source

:star: New Features

• Rely on standard parameter name resolution in Bean Validation 3.0 #​29566

:lady_beetle: Bug Fixes

• ResponseStatusException does not use the reason to set the "detail" field #​29567
• LocalVariableTableParameterNameDiscoverer logs many warnings with Hibernate validation #​29563

:notebook_with_decorative_cover: Documentation

• org.springframework.web.multipart.commons not found #​29562

v6.0.1

Compare Source

:star: New Features

• Make SourceHttpMessageConverter optional #​29535
• Deprecate LocalVariableTableParameterNameDiscoverer completely (avoiding its exposure in native images) #​29531
• Make GeneratorStrategy.generate unreachable on native #​29521
• Update LogAdapter to allow build-time code removal #​29506

:lady_beetle: Bug Fixes

• Unhandled exceptions should mark Servlet observation outcome as error #​29512

:notebook_with_decorative_cover: Documentation

• Broken link in documentation section 6.10 #​29554
• Fix Javadoc link text in BindingResult #​29551
• Fix some typos in Kotlin WebClient example code #​29538
• Fix link to Bean Utils Light Library in BeanUtils Javadoc #​29534
• Fix link to WebFlux section in reference manual #​29525
• Document RuntimeHints testing strategies #​29523
• Reorganize and modularize the Testing chapter in the reference manual #​29522
• Document switch to SQLExceptionSubclassTranslator in the upgrade guide #​29518
• Update documentation to mention Java 17+ baseline #​29514
• Link to Spring WebFlux section is broken #​29513
• Update javadoc of Jackson-based decoders to reflect 2.14 baseline #​29508
• Code example has callout from a different code example #​29505
• Code listing callouts are displayed incorrectly in core-beans.adoc #​29457
• Fix a syntax error in an XML listing in core-validation.adoc #​29456

:hammer: Dependency Upgrades

• Upgrade to Jackson 2.14.1 #​29539
• Upgrade to Kotlin 1.7.21 #​29543

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​Encyclopedias, @​andregasser, @​davidcostanzo, @​divcon, @​jiangying000, @​mdeinum, and @​wilkinsona

v6.0.0

Compare Source

See What's New in Spring Framework 6.x and Upgrading to Spring Framework 6.x for upgrade instructions and details of new features.

:star: New Features

• Avoid direct URL construction and URL equality checks #​29486
• Simplify creating RFC 7807 responses from functional endpoints #​29462
• Allow test classes to provide runtime hints via declarative mechanisms #​29455

:notebook_with_decorative_cover: Documentation

• Align javadoc of DefaultParameterNameDiscoverer with its behavior #​29494
• Document AOT support in the TestContext framework #​29482
• Document Ahead of Time processing in the reference guide #​29350

:hammer: Dependency Upgrades

• Upgrade to Reactor 2022.0.0 #​29465

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​ophiuhus and @​wilkinsona

v5.3.24

Compare Source

:star: New Features

• Avoid reflection for annotation method invocations #​29448
• Avoid unnecessary allocations in StompDecoder#unescape #​29443
• Avoid String allocations in MediaType.checkParameters #​29428
• Reduce allocations caused by producible media types #​29412
• Provide optional SimpleBeanInfoFactory for better introspection performance in 5.3.x #​29330
• Filter out null WebSocket session attributes #​29315
• Introduce TestSocketUtils as a replacement for SocketUtils #​29132
• Avoid Commons Logging API for using LoggingCacheErrorHandler with a custom logger #​28678

:lady_beetle: Bug Fixes

• Missing SessionFactory property (filter AutoCloseable from PropertyDescriptors) #​29480
• SpEL ternary and Elvis expressions are missing enclosing parentheses in toStringAST() #​29463
• If-Unmodified-Since header check removes Last-Modified and Etag headers from response, even if condition passes #​29362
• Annotation searches fail for non-public repeatable annotations #​29301
• AbstractBeanFactory's interaction with BeanPostProcessorCacheAwareList is not fully thread-safe #​29299
• WebTestClient cannot assert custom HTTP status code #​29283
• Body token not expected error when trying to upload a large multipart file #​29227
• Avoid resizing of Maps created by CollectionUtils #​29190
• DefaultWebClient logging sensitive information in URI #​29148
• Fix SimpleMailMessage nullability annotations #​29139
• Webflux fails to apply the rule for controller methods returning void to kotlin suspend functions returning Unit #​27629
• Resource.isFile() return true when the resource path actually not exists #​26707
• AnnotatedElementUtils does not find merged repeatable annotations on other repeatable annotations #​20279

:notebook_with_decorative_cover: Documentation

• Fix two typos in integration.adoc and webflux.adoc #​29469
• Fix typo: "as describe in" -> "as described in" #​29393
• Fix typos #​29364
• Correct documentation for "other return values" from a web controller method #​29349
• Document how to use WebJars without webjars-locator-core dependency #​29322
• Update RestTemplate Javadoc with regards to setting interceptors on startup vs at runtime #​29311
• Document how to switch to the default set of TestExecutionListeners #​29281
• Document limitation of AopTestUtils.getUltimateTargetObject() regarding non-static TargetSource #​29276
• Fix typo in WebSocket reference doc regarding subscription header #​29228
• Fix MockMvc sample setup #​29201

:hammer: Dependency Upgrades

• Upgrade to Reactor 2020.0.25 #​29464

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

• @​sangmin7648
• @​izeye
• @​dreis2211
• @​catmug
• @​inabajunmr
• @​iamgd67
• @​davidcostanzo
• @​jprinet
• @​stgerhardt
• @​onobc
• @​vpavic

v5.2.3

Compare Source

Fixes

🎨 CSS

• #​37377: Import root in bootstrap-utilities
• #​37425: Fix deprecation warning with sass 1.56.0
• #​37266: Carousel: Fix RTL translate() direction

☕️ JavaScript

• #​37235: fix tooltip/popper disposal inconsistencies