Update dependency org.springframework.boot:spring-boot-starter-security to v3.5.11 #27

2025-11-20T17:02:52+01:00

renovate commented

2025-11-20 17:02:52 +01:00

This PR contains the following updates:

Package	Type	Update	Change
org.springframework.boot:spring-boot-starter-security (source)	compile	patch	`3.5.7` → `3.5.11`

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-security)

`v3.5.11`

Compare Source

🐞 Bug Fixes

Whitespace can be incorrectly removed when spring-boot-configuration-processor runs on multi-line javadoc #49039
server.jetty.threads.max is ignored when using virtual threads #48982
Docker credential helpers with file extensions cannot be executed on Windows #48965

📔 Documentation

Couchbase and Kafka are incorrectly listed as supporting SSL with Docker Compose #49211
Document that use of non idiomatic format for '@Value' still apply for environment variables #49054
Document naming convention for custom test-scoped starters #49014
LICENSE.txt and NOTICE.txt files have the wrong content in the latest releases #48996
ApplicationContextAssert documents a non-existent assertion in getFailure() #48973
Highlight the importance of the preStop hook when configuring Kubernetes probes #48936

🔨 Dependency Upgrades

Upgrade to AssertJ 3.27.7 #49075
Upgrade to Groovy 4.0.30 #49076
Upgrade to Hibernate 6.6.42.Final #49077
Upgrade to Jaybird 6.0.4 #49078
Upgrade to JBoss Logging 3.6.2.Final #49079
Upgrade to Jetty 12.0.32 #49080
Upgrade to jOOQ 3.19.30 #49081
Upgrade to Logback 1.5.32 #49243
Upgrade to Micrometer 1.15.9 #49064
Upgrade to Micrometer Tracing 1.5.9 #49065
Upgrade to MySQL 9.6.0 #49083
Upgrade to Netty 4.1.131.Final #49165
Upgrade to Postgresql 42.7.10 #49201
Upgrade to Reactor Bom 2024.0.15 #49066
Upgrade to Spring Authorization Server 1.5.6 #49067
Upgrade to Spring Data Bom 2025.0.9 #49068
Upgrade to Spring Framework 6.2.16 #49069
Upgrade to Spring GraphQL 1.4.5 #49070
Upgrade to Spring Integration 6.5.7 #49071
Upgrade to Spring Kafka 3.3.13 #49244
Upgrade to Spring LDAP 3.3.6 #49072
Upgrade to Spring Pulsar 1.2.15 #49073
Upgrade to Spring Security 6.5.8 #49225
Upgrade to Spring Session 3.5.5 #49074
Upgrade to Tomcat 10.1.52 #49084
Upgrade to Undertow 2.3.23.Final #49166

❤️ Contributors

Thank you to all the contributors who worked on this release:

@dsyer, @linkian209, @nosan, @quaff, @scordio, and @srt

`v3.5.10`

Compare Source

🐞 Bug Fixes

Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present #48836
When a bean condition references a type that is not present, it appears as ? in the condition evaluation report #48835
Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) #48810
DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image #48702
Application JAR created by extract command is not reproductible #48664
AOT processing of tests should not be disabled when 'skipTests' is set #48661
Fix zero-length byte buffer in InspectedContent #48649

📔 Documentation

Update documentation for Buildpack's AOT Cache support #48768
Document support for configuring arguments passed to Docker Compose #48657
Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file #48634
Fix grammar and typos in the reference guide #48596

🔨 Dependency Upgrades

Upgrade to Classmate 1.7.3 #48775
Upgrade to Hibernate 6.6.41.Final #48881
Upgrade to HttpClient5 5.5.2 #48777
Upgrade to Logback 1.5.25 #48882
Upgrade to Micrometer 1.15.8 #48705
Upgrade to Micrometer Tracing 1.5.8 #48706
Upgrade to Pooled JMS 3.1.9 #48779
Upgrade to Postgresql 42.7.9 #48883
Upgrade to R2DBC MSSQL 1.0.4.RELEASE #48847
Upgrade to Reactor Bom 2024.0.14 #48707
Upgrade to REST Assured 5.5.7 #48884
Upgrade to Spring AMQP 3.2.9 #48909
Upgrade to Spring Data Bom 2025.0.8 #48708
Upgrade to Spring Integration 6.5.6 #48921
Upgrade to Spring Kafka 3.3.12 #48709
Upgrade to Spring Pulsar 1.2.14 #48710
Upgrade to Undertow 2.3.22.Final #48848
Upgrade to WebJars Locator Lite 1.1.3 #48780

❤️ Contributors

Thank you to all the contributors who worked on this release:

@GaoSSR, @izeye, and @ngocnhan-tran1996

`v3.5.9`

Compare Source

🐞 Bug Fixes

RabbitHealthIndicator reports an error when version is missing from the connection's server properties #48486
Profiles retained during AOT processing are not configured in a native image #48475
NullPointerException in UndertowWebServer.destroy() when using @DirtiesContext and Citrus Spring Boot Simulator #48450
Redis health check reports an error when redis_version is missing from the INFO response #48326
Parent's MeterRegistry beans are closed when child context closes #48324
SpringBootTest.UseMainMethod.WHEN_AVAILABLE and ALWAYS are incompatible with package-private or parameter-less main method #48271

📔 Documentation

Documentation has an outdated reference to the Jackson Kotlin Module #48533
Caching documentation should clarify how to use a no-op implementation to run a test suite #48531
Document that the default rolling policy for Log4j2 requires logging.file.path to be set #48526
License header in build samples is displayed in the reference documentation #48477
Configuring Two DataSources How-To code sample is inconsistent #48448
Improve javadoc for when to use class names rather than class references #48395
Document that org.aspectj.weaver.Advice must be on the classpath to enable support for Micrometer's annotations #48359
Polish TestRestTemplate examples in the reference guide #48335
Fix links to javadoc in the reference documentation #48299
Clarify that @EnableBatchProcessing turns off all batch auto-configuration, including schema initialization #48265
Kotlin auto-configuration examples are not annotated with @AutoConfiguration #48227
Infinispan Cache Documentation is outdated #48217
Revise "Use Liquibase for test-only migrations" section in reference manual #48169

🔨 Dependency Upgrades

Prevent upgrade to Netty 4.1.129.Final #48508
Upgrade to AspectJ 1.9.25.1 #48557
Upgrade to Hibernate 6.6.39.Final #48540
Upgrade to Jetty 12.0.31 #48455
Upgrade to jOOQ 3.19.29 #48456
Upgrade to Logback 1.5.22 #48507
Upgrade to MariaDB 3.5.7 #48558
Upgrade to Micrometer 1.15.7 #48423
Upgrade to Micrometer Tracing 1.5.7 #48424
Upgrade to Netty 4.1.130.Final #48541
Upgrade to Pooled JMS 3.1.8 #48559
Upgrade to Pulsar 4.0.8 #48457
Upgrade to Quartz 2.5.2 #48458
Upgrade to Reactor Bom 2024.0.13 #48425
Upgrade to Spring Authorization Server 1.5.5 #48426
Upgrade to Spring Data Bom 2025.0.7 #48427
Upgrade to Spring Framework 6.2.15 #48428
Upgrade to Spring GraphQL 1.4.4 #48429
Upgrade to Spring Integration 6.5.5 #48560
Upgrade to Spring LDAP 3.3.5 #48430
Upgrade to Spring Pulsar 1.2.13 #48431
Upgrade to Spring Session 3.5.4 #48432
Upgrade to Testcontainers 1.21.4 #48542
Upgrade to UnboundID LDAPSDK 7.0.4 #48459

❤️ Contributors

Thank you to all the contributors who worked on this release:

@banseok1216, @berry120, @dmitrysulman, @geopark021, @noojung, @scottfrederick, @vpavic, and @youngledo

`v3.5.8`

Compare Source

⚠️ Noteworthy changes

This release contains a fix to get Testcontainers working with modern Docker versions. If this causes problems in your setup, you can downgrade the minimum Docker API, effectively reverting that change.

🐞 Bug Fixes

Gradle war task does not exclude starter POMs from lib-provided #48196
Testcontainers integration fails on Docker 29.0.0 #48192
SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #48180
Properties bound in the child management context ignore the parent's environment prefix #48176
ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #48153
Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #48129
New arm64 macbooks fail to bootBuildImage due to incorrect platform image #48127
NullPointerException when using @ConditionalOnSingleCandidate with multiple manually registered singletons #48123
Buildpack fails with recent Docker installs due to hardcoded version in URL #48102
Image building may fail when specifying a platform if an image has already been built with a different platform #48098
Undertow's ServletContext is destroy too early, making it unusable in @PreDestroy methods #48061
PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #48058
Auto-configured JCacheMetrics cannot be customized #48056
WebSecurityCustomizer beans are excluded by WebMvcTest #48054
Devtools Restarter does not work with a parameterless main method #47987
Setting 'max-uri-tags' does not prevent unlimited meter growth on any AutoConfiguredCompositeMeterRegistry #47923
Docker response 407 is not handled correctly resulting in no error message #47900
spring-boot-maven-plugin process-aot goal does not find package-private main method #47780

📔 Documentation

Revise AWS section of "Deploying to the Cloud" in reference manual #48156
Fix typo in PortInUseException Javadoc #48133
Correct section about required setters in "Type-safe Configuration Properties" #48130
Document EndpointObjectMapper and management.endpoints.jackson.isolated-object-mapper #48114
Document support for configuring servlet context init parameters using properties #48111
Clarify how warnings about soon-to-expire SSL certificates are reported #48062
Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #48052
Use since attribute in configuration properties deprecation consistently #47980
BootstrapContext#getOrElseThrow has incorrect reference to IllegalStateException #47905
Clarify when BootstrapContext get methods may return null rather than throwing an exception or calling the fallback supplier #47898
Document that Actuator endpoint may have at most one extension of each type #47873
Limit Kotlin API documentation to Kotlin-specific APIs #47859
Adapt AOTCache documentation to JEP 514 #47274

🔨 Dependency Upgrades

Downgrade to Cassandra Driver 4.19.0 #47926
Upgrade to AspectJ 1.9.25 #48005
Upgrade to Caffeine 3.2.3 #48006
Upgrade to Cassandra Driver 4.19.2 #48183
Upgrade to DB2 JDBC 12.1.3.0 #48083
Upgrade to Hibernate 6.6.36.Final #48148
Upgrade to Jackson Bom 2.19.4 #48008
Upgrade to Jetty 12.0.30 #48118
Upgrade to Jetty Reactive HTTPClient 4.0.13 #48149
Upgrade to jOOQ 3.19.28 #48084
Upgrade to Logback 1.5.21 #48085
Upgrade to Micrometer 1.15.6 #48009
Upgrade to Micrometer Tracing 1.5.6 #48010
Upgrade to MySQL 9.5.0 #48011
Upgrade to Neo4j Java Driver 5.28.10 #48044
Upgrade to Quartz 2.5.1 #48012
Upgrade to R2DBC Postgresql 1.0.9.RELEASE #48013
Upgrade to Reactor Bom 2024.0.12 #48014
Upgrade to Spring Data Bom 2025.0.6 #48039
Upgrade to Spring Framework 6.2.14 #48166
Upgrade to Spring Integration 6.5.4 #48040
Upgrade to Spring Kafka 3.3.11 #48041
Upgrade to Spring Pulsar 1.2.12 #48042
Upgrade to Spring Security 6.5.7 #48043
Upgrade to Tomcat 10.1.49 #48086

❤️ Contributors

Thank you to all the contributors who worked on this release:

@K-jun98, @TerryTaoYY, @hojooo, @linw-bai, @mipo256, @namest504, @ngocnhan-tran1996, @nosan, @scottfrederick, @siva-sai-udaygiri, @tschut, and @vpavic

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [org.springframework.boot:spring-boot-starter-security](https://spring.io/projects/spring-boot) ([source](https://github.com/spring-projects/spring-boot)) | compile | patch | `3.5.7` → `3.5.11` | --- ### Release Notes <details> <summary>spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-security)</summary> ### [`v3.5.11`](https://github.com/spring-projects/spring-boot/releases/tag/v3.5.11) [Compare Source](https://github.com/spring-projects/spring-boot/compare/v3.5.10...v3.5.11) #### :lady\_beetle: Bug Fixes - Whitespace can be incorrectly removed when spring-boot-configuration-processor runs on multi-line javadoc [#49039](https://github.com/spring-projects/spring-boot/pull/49039) - server.jetty.threads.max is ignored when using virtual threads [#48982](https://github.com/spring-projects/spring-boot/issues/48982) - Docker credential helpers with file extensions cannot be executed on Windows [#48965](https://github.com/spring-projects/spring-boot/pull/48965) #### :notebook\_with\_decorative\_cover: Documentation - Couchbase and Kafka are incorrectly listed as supporting SSL with Docker Compose [#49211](https://github.com/spring-projects/spring-boot/issues/49211) - Document that use of non idiomatic format for '`@Value`' still apply for environment variables [#49054](https://github.com/spring-projects/spring-boot/pull/49054) - Document naming convention for custom test-scoped starters [#49014](https://github.com/spring-projects/spring-boot/pull/49014) - LICENSE.txt and NOTICE.txt files have the wrong content in the latest releases [#48996](https://github.com/spring-projects/spring-boot/issues/48996) - ApplicationContextAssert documents a non-existent assertion in getFailure() [#48973](https://github.com/spring-projects/spring-boot/pull/48973) - Highlight the importance of the preStop hook when configuring Kubernetes probes [#48936](https://github.com/spring-projects/spring-boot/pull/48936) #### :hammer: Dependency Upgrades - Upgrade to AssertJ 3.27.7 [#49075](https://github.com/spring-projects/spring-boot/issues/49075) - Upgrade to Groovy 4.0.30 [#49076](https://github.com/spring-projects/spring-boot/issues/49076) - Upgrade to Hibernate 6.6.42.Final [#49077](https://github.com/spring-projects/spring-boot/issues/49077) - Upgrade to Jaybird 6.0.4 [#49078](https://github.com/spring-projects/spring-boot/issues/49078) - Upgrade to JBoss Logging 3.6.2.Final [#49079](https://github.com/spring-projects/spring-boot/issues/49079) - Upgrade to Jetty 12.0.32 [#49080](https://github.com/spring-projects/spring-boot/issues/49080) - Upgrade to jOOQ 3.19.30 [#49081](https://github.com/spring-projects/spring-boot/issues/49081) - Upgrade to Logback 1.5.32 [#49243](https://github.com/spring-projects/spring-boot/issues/49243) - Upgrade to Micrometer 1.15.9 [#49064](https://github.com/spring-projects/spring-boot/issues/49064) - Upgrade to Micrometer Tracing 1.5.9 [#49065](https://github.com/spring-projects/spring-boot/issues/49065) - Upgrade to MySQL 9.6.0 [#49083](https://github.com/spring-projects/spring-boot/issues/49083) - Upgrade to Netty 4.1.131.Final [#49165](https://github.com/spring-projects/spring-boot/issues/49165) - Upgrade to Postgresql 42.7.10 [#49201](https://github.com/spring-projects/spring-boot/issues/49201) - Upgrade to Reactor Bom 2024.0.15 [#49066](https://github.com/spring-projects/spring-boot/issues/49066) - Upgrade to Spring Authorization Server 1.5.6 [#49067](https://github.com/spring-projects/spring-boot/issues/49067) - Upgrade to Spring Data Bom 2025.0.9 [#49068](https://github.com/spring-projects/spring-boot/issues/49068) - Upgrade to Spring Framework 6.2.16 [#49069](https://github.com/spring-projects/spring-boot/issues/49069) - Upgrade to Spring GraphQL 1.4.5 [#49070](https://github.com/spring-projects/spring-boot/issues/49070) - Upgrade to Spring Integration 6.5.7 [#49071](https://github.com/spring-projects/spring-boot/issues/49071) - Upgrade to Spring Kafka 3.3.13 [#49244](https://github.com/spring-projects/spring-boot/issues/49244) - Upgrade to Spring LDAP 3.3.6 [#49072](https://github.com/spring-projects/spring-boot/issues/49072) - Upgrade to Spring Pulsar 1.2.15 [#49073](https://github.com/spring-projects/spring-boot/issues/49073) - Upgrade to Spring Security 6.5.8 [#49225](https://github.com/spring-projects/spring-boot/issues/49225) - Upgrade to Spring Session 3.5.5 [#49074](https://github.com/spring-projects/spring-boot/issues/49074) - Upgrade to Tomcat 10.1.52 [#49084](https://github.com/spring-projects/spring-boot/issues/49084) - Upgrade to Undertow 2.3.23.Final [#49166](https://github.com/spring-projects/spring-boot/issues/49166) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@dsyer](https://github.com/dsyer), [@linkian209](https://github.com/linkian209), [@nosan](https://github.com/nosan), [@quaff](https://github.com/quaff), [@scordio](https://github.com/scordio), and [@srt](https://github.com/srt) ### [`v3.5.10`](https://github.com/spring-projects/spring-boot/releases/tag/v3.5.10) [Compare Source](https://github.com/spring-projects/spring-boot/compare/v3.5.9...v3.5.10) #### :lady\_beetle: Bug Fixes - Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present [#48836](https://github.com/spring-projects/spring-boot/issues/48836) - When a bean condition references a type that is not present, it appears as ? in the condition evaluation report [#48835](https://github.com/spring-projects/spring-boot/issues/48835) - Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) [#48810](https://github.com/spring-projects/spring-boot/issues/48810) - DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image [#48702](https://github.com/spring-projects/spring-boot/issues/48702) - Application JAR created by extract command is not reproductible [#48664](https://github.com/spring-projects/spring-boot/issues/48664) - AOT processing of tests should not be disabled when 'skipTests' is set [#48661](https://github.com/spring-projects/spring-boot/issues/48661) - Fix zero-length byte buffer in InspectedContent [#48649](https://github.com/spring-projects/spring-boot/pull/48649) #### :notebook\_with\_decorative\_cover: Documentation - Update documentation for Buildpack's AOT Cache support [#48768](https://github.com/spring-projects/spring-boot/issues/48768) - Document support for configuring arguments passed to Docker Compose [#48657](https://github.com/spring-projects/spring-boot/issues/48657) - Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file [#48634](https://github.com/spring-projects/spring-boot/issues/48634) - Fix grammar and typos in the reference guide [#48596](https://github.com/spring-projects/spring-boot/pull/48596) #### :hammer: Dependency Upgrades - Upgrade to Classmate 1.7.3 [#48775](https://github.com/spring-projects/spring-boot/issues/48775) - Upgrade to Hibernate 6.6.41.Final [#48881](https://github.com/spring-projects/spring-boot/issues/48881) - Upgrade to HttpClient5 5.5.2 [#48777](https://github.com/spring-projects/spring-boot/issues/48777) - Upgrade to Logback 1.5.25 [#48882](https://github.com/spring-projects/spring-boot/issues/48882) - Upgrade to Micrometer 1.15.8 [#48705](https://github.com/spring-projects/spring-boot/issues/48705) - Upgrade to Micrometer Tracing 1.5.8 [#48706](https://github.com/spring-projects/spring-boot/issues/48706) - Upgrade to Pooled JMS 3.1.9 [#48779](https://github.com/spring-projects/spring-boot/issues/48779) - Upgrade to Postgresql 42.7.9 [#48883](https://github.com/spring-projects/spring-boot/issues/48883) - Upgrade to R2DBC MSSQL 1.0.4.RELEASE [#48847](https://github.com/spring-projects/spring-boot/issues/48847) - Upgrade to Reactor Bom 2024.0.14 [#48707](https://github.com/spring-projects/spring-boot/issues/48707) - Upgrade to REST Assured 5.5.7 [#48884](https://github.com/spring-projects/spring-boot/issues/48884) - Upgrade to Spring AMQP 3.2.9 [#48909](https://github.com/spring-projects/spring-boot/issues/48909) - Upgrade to Spring Data Bom 2025.0.8 [#48708](https://github.com/spring-projects/spring-boot/issues/48708) - Upgrade to Spring Integration 6.5.6 [#48921](https://github.com/spring-projects/spring-boot/issues/48921) - Upgrade to Spring Kafka 3.3.12 [#48709](https://github.com/spring-projects/spring-boot/issues/48709) - Upgrade to Spring Pulsar 1.2.14 [#48710](https://github.com/spring-projects/spring-boot/issues/48710) - Upgrade to Undertow 2.3.22.Final [#48848](https://github.com/spring-projects/spring-boot/issues/48848) - Upgrade to WebJars Locator Lite 1.1.3 [#48780](https://github.com/spring-projects/spring-boot/issues/48780) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@GaoSSR](https://github.com/GaoSSR), [@izeye](https://github.com/izeye), and [@ngocnhan-tran1996](https://github.com/ngocnhan-tran1996) ### [`v3.5.9`](https://github.com/spring-projects/spring-boot/releases/tag/v3.5.9) [Compare Source](https://github.com/spring-projects/spring-boot/compare/v3.5.8...v3.5.9) #### :lady\_beetle: Bug Fixes - RabbitHealthIndicator reports an error when version is missing from the connection's server properties [#48486](https://github.com/spring-projects/spring-boot/issues/48486) - Profiles retained during AOT processing are not configured in a native image [#48475](https://github.com/spring-projects/spring-boot/issues/48475) - NullPointerException in UndertowWebServer.destroy() when using `@DirtiesContext` and Citrus Spring Boot Simulator [#48450](https://github.com/spring-projects/spring-boot/issues/48450) - Redis health check reports an error when redis\_version is missing from the INFO response [#48326](https://github.com/spring-projects/spring-boot/issues/48326) - Parent's MeterRegistry beans are closed when child context closes [#48324](https://github.com/spring-projects/spring-boot/issues/48324) - SpringBootTest.UseMainMethod.WHEN\_AVAILABLE and ALWAYS are incompatible with package-private or parameter-less main method [#48271](https://github.com/spring-projects/spring-boot/issues/48271) #### :notebook\_with\_decorative\_cover: Documentation - Documentation has an outdated reference to the Jackson Kotlin Module [#48533](https://github.com/spring-projects/spring-boot/issues/48533) - Caching documentation should clarify how to use a no-op implementation to run a test suite [#48531](https://github.com/spring-projects/spring-boot/issues/48531) - Document that the default rolling policy for Log4j2 requires logging.file.path to be set [#48526](https://github.com/spring-projects/spring-boot/issues/48526) - License header in build samples is displayed in the reference documentation [#48477](https://github.com/spring-projects/spring-boot/issues/48477) - Configuring Two DataSources How-To code sample is inconsistent [#48448](https://github.com/spring-projects/spring-boot/issues/48448) - Improve javadoc for when to use class names rather than class references [#48395](https://github.com/spring-projects/spring-boot/issues/48395) - Document that org.aspectj.weaver.Advice must be on the classpath to enable support for Micrometer's annotations [#48359](https://github.com/spring-projects/spring-boot/issues/48359) - Polish TestRestTemplate examples in the reference guide [#48335](https://github.com/spring-projects/spring-boot/issues/48335) - Fix links to javadoc in the reference documentation [#48299](https://github.com/spring-projects/spring-boot/issues/48299) - Clarify that `@EnableBatchProcessing` turns off all batch auto-configuration, including schema initialization [#48265](https://github.com/spring-projects/spring-boot/issues/48265) - Kotlin auto-configuration examples are not annotated with `@AutoConfiguration` [#48227](https://github.com/spring-projects/spring-boot/issues/48227) - Infinispan Cache Documentation is outdated [#48217](https://github.com/spring-projects/spring-boot/issues/48217) - Revise "Use Liquibase for test-only migrations" section in reference manual [#48169](https://github.com/spring-projects/spring-boot/pull/48169) #### :hammer: Dependency Upgrades - Prevent upgrade to Netty 4.1.129.Final [#48508](https://github.com/spring-projects/spring-boot/issues/48508) - Upgrade to AspectJ 1.9.25.1 [#48557](https://github.com/spring-projects/spring-boot/issues/48557) - Upgrade to Hibernate 6.6.39.Final [#48540](https://github.com/spring-projects/spring-boot/issues/48540) - Upgrade to Jetty 12.0.31 [#48455](https://github.com/spring-projects/spring-boot/issues/48455) - Upgrade to jOOQ 3.19.29 [#48456](https://github.com/spring-projects/spring-boot/issues/48456) - Upgrade to Logback 1.5.22 [#48507](https://github.com/spring-projects/spring-boot/issues/48507) - Upgrade to MariaDB 3.5.7 [#48558](https://github.com/spring-projects/spring-boot/issues/48558) - Upgrade to Micrometer 1.15.7 [#48423](https://github.com/spring-projects/spring-boot/issues/48423) - Upgrade to Micrometer Tracing 1.5.7 [#48424](https://github.com/spring-projects/spring-boot/issues/48424) - Upgrade to Netty 4.1.130.Final [#48541](https://github.com/spring-projects/spring-boot/issues/48541) - Upgrade to Pooled JMS 3.1.8 [#48559](https://github.com/spring-projects/spring-boot/issues/48559) - Upgrade to Pulsar 4.0.8 [#48457](https://github.com/spring-projects/spring-boot/issues/48457) - Upgrade to Quartz 2.5.2 [#48458](https://github.com/spring-projects/spring-boot/issues/48458) - Upgrade to Reactor Bom 2024.0.13 [#48425](https://github.com/spring-projects/spring-boot/issues/48425) - Upgrade to Spring Authorization Server 1.5.5 [#48426](https://github.com/spring-projects/spring-boot/issues/48426) - Upgrade to Spring Data Bom 2025.0.7 [#48427](https://github.com/spring-projects/spring-boot/issues/48427) - Upgrade to Spring Framework 6.2.15 [#48428](https://github.com/spring-projects/spring-boot/issues/48428) - Upgrade to Spring GraphQL 1.4.4 [#48429](https://github.com/spring-projects/spring-boot/issues/48429) - Upgrade to Spring Integration 6.5.5 [#48560](https://github.com/spring-projects/spring-boot/issues/48560) - Upgrade to Spring LDAP 3.3.5 [#48430](https://github.com/spring-projects/spring-boot/issues/48430) - Upgrade to Spring Pulsar 1.2.13 [#48431](https://github.com/spring-projects/spring-boot/issues/48431) - Upgrade to Spring Session 3.5.4 [#48432](https://github.com/spring-projects/spring-boot/issues/48432) - Upgrade to Testcontainers 1.21.4 [#48542](https://github.com/spring-projects/spring-boot/issues/48542) - Upgrade to UnboundID LDAPSDK 7.0.4 [#48459](https://github.com/spring-projects/spring-boot/issues/48459) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@banseok1216](https://github.com/banseok1216), [@berry120](https://github.com/berry120), [@dmitrysulman](https://github.com/dmitrysulman), [@geopark021](https://github.com/geopark021), [@noojung](https://github.com/noojung), [@scottfrederick](https://github.com/scottfrederick), [@vpavic](https://github.com/vpavic), and [@youngledo](https://github.com/youngledo) ### [`v3.5.8`](https://github.com/spring-projects/spring-boot/releases/tag/v3.5.8) [Compare Source](https://github.com/spring-projects/spring-boot/compare/v3.5.7...v3.5.8) #### :warning: Noteworthy changes - This release [contains a fix](https://github.com/spring-projects/spring-boot/issues/48104) to get Testcontainers working with modern Docker versions. If this causes problems in your setup, [you can downgrade the minimum Docker API](https://docs.spring.io/spring-boot/3.4/how-to/testing.html#howto.testing.testcontainers-api-downgrade), effectively reverting that change. #### :lady\_beetle: Bug Fixes - Gradle war task does not exclude starter POMs from lib-provided [#48196](https://github.com/spring-projects/spring-boot/issues/48196) - Testcontainers integration fails on Docker 29.0.0 [#48192](https://github.com/spring-projects/spring-boot/issues/48192) - SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time [#48180](https://github.com/spring-projects/spring-boot/issues/48180) - Properties bound in the child management context ignore the parent's environment prefix [#48176](https://github.com/spring-projects/spring-boot/issues/48176) - ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles [#48153](https://github.com/spring-projects/spring-boot/pull/48153) - Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes [#48129](https://github.com/spring-projects/spring-boot/pull/48129) - New arm64 macbooks fail to bootBuildImage due to incorrect platform image [#48127](https://github.com/spring-projects/spring-boot/issues/48127) - NullPointerException when using `@ConditionalOnSingleCandidate` with multiple manually registered singletons [#48123](https://github.com/spring-projects/spring-boot/issues/48123) - Buildpack fails with recent Docker installs due to hardcoded version in URL [#48102](https://github.com/spring-projects/spring-boot/issues/48102) - Image building may fail when specifying a platform if an image has already been built with a different platform [#48098](https://github.com/spring-projects/spring-boot/issues/48098) - Undertow's ServletContext is destroy too early, making it unusable in `@PreDestroy` methods [#48061](https://github.com/spring-projects/spring-boot/issues/48061) - PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration [#48058](https://github.com/spring-projects/spring-boot/issues/48058) - Auto-configured JCacheMetrics cannot be customized [#48056](https://github.com/spring-projects/spring-boot/issues/48056) - WebSecurityCustomizer beans are excluded by WebMvcTest [#48054](https://github.com/spring-projects/spring-boot/issues/48054) - Devtools Restarter does not work with a parameterless main method [#47987](https://github.com/spring-projects/spring-boot/pull/47987) - Setting 'max-uri-tags' does not prevent unlimited meter growth on any AutoConfiguredCompositeMeterRegistry [#47923](https://github.com/spring-projects/spring-boot/issues/47923) - Docker response 407 is not handled correctly resulting in no error message [#47900](https://github.com/spring-projects/spring-boot/issues/47900) - spring-boot-maven-plugin process-aot goal does not find package-private main method [#47780](https://github.com/spring-projects/spring-boot/issues/47780) #### :notebook\_with\_decorative\_cover: Documentation - Revise AWS section of "Deploying to the Cloud" in reference manual [#48156](https://github.com/spring-projects/spring-boot/pull/48156) - Fix typo in PortInUseException Javadoc [#48133](https://github.com/spring-projects/spring-boot/issues/48133) - Correct section about required setters in "Type-safe Configuration Properties" [#48130](https://github.com/spring-projects/spring-boot/issues/48130) - Document EndpointObjectMapper and management.endpoints.jackson.isolated-object-mapper [#48114](https://github.com/spring-projects/spring-boot/issues/48114) - Document support for configuring servlet context init parameters using properties [#48111](https://github.com/spring-projects/spring-boot/issues/48111) - Clarify how warnings about soon-to-expire SSL certificates are reported [#48062](https://github.com/spring-projects/spring-boot/issues/48062) - Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries [#48052](https://github.com/spring-projects/spring-boot/issues/48052) - Use since attribute in configuration properties deprecation consistently [#47980](https://github.com/spring-projects/spring-boot/pull/47980) - BootstrapContext#getOrElseThrow has incorrect reference to IllegalStateException [#47905](https://github.com/spring-projects/spring-boot/issues/47905) - Clarify when BootstrapContext get methods may return null rather than throwing an exception or calling the fallback supplier [#47898](https://github.com/spring-projects/spring-boot/issues/47898) - Document that Actuator endpoint may have at most one extension of each type [#47873](https://github.com/spring-projects/spring-boot/issues/47873) - Limit Kotlin API documentation to Kotlin-specific APIs [#47859](https://github.com/spring-projects/spring-boot/issues/47859) - Adapt AOTCache documentation to JEP 514 [#47274](https://github.com/spring-projects/spring-boot/issues/47274) #### :hammer: Dependency Upgrades - Downgrade to Cassandra Driver 4.19.0 [#47926](https://github.com/spring-projects/spring-boot/issues/47926) - Upgrade to AspectJ 1.9.25 [#48005](https://github.com/spring-projects/spring-boot/issues/48005) - Upgrade to Caffeine 3.2.3 [#48006](https://github.com/spring-projects/spring-boot/issues/48006) - Upgrade to Cassandra Driver 4.19.2 [#48183](https://github.com/spring-projects/spring-boot/issues/48183) - Upgrade to DB2 JDBC 12.1.3.0 [#48083](https://github.com/spring-projects/spring-boot/issues/48083) - Upgrade to Hibernate 6.6.36.Final [#48148](https://github.com/spring-projects/spring-boot/issues/48148) - Upgrade to Jackson Bom 2.19.4 [#48008](https://github.com/spring-projects/spring-boot/issues/48008) - Upgrade to Jetty 12.0.30 [#48118](https://github.com/spring-projects/spring-boot/issues/48118) - Upgrade to Jetty Reactive HTTPClient 4.0.13 [#48149](https://github.com/spring-projects/spring-boot/issues/48149) - Upgrade to jOOQ 3.19.28 [#48084](https://github.com/spring-projects/spring-boot/issues/48084) - Upgrade to Logback 1.5.21 [#48085](https://github.com/spring-projects/spring-boot/issues/48085) - Upgrade to Micrometer 1.15.6 [#48009](https://github.com/spring-projects/spring-boot/issues/48009) - Upgrade to Micrometer Tracing 1.5.6 [#48010](https://github.com/spring-projects/spring-boot/issues/48010) - Upgrade to MySQL 9.5.0 [#48011](https://github.com/spring-projects/spring-boot/issues/48011) - Upgrade to Neo4j Java Driver 5.28.10 [#48044](https://github.com/spring-projects/spring-boot/issues/48044) - Upgrade to Quartz 2.5.1 [#48012](https://github.com/spring-projects/spring-boot/issues/48012) - Upgrade to R2DBC Postgresql 1.0.9.RELEASE [#48013](https://github.com/spring-projects/spring-boot/issues/48013) - Upgrade to Reactor Bom 2024.0.12 [#48014](https://github.com/spring-projects/spring-boot/issues/48014) - Upgrade to Spring Data Bom 2025.0.6 [#48039](https://github.com/spring-projects/spring-boot/issues/48039) - Upgrade to Spring Framework 6.2.14 [#48166](https://github.com/spring-projects/spring-boot/issues/48166) - Upgrade to Spring Integration 6.5.4 [#48040](https://github.com/spring-projects/spring-boot/issues/48040) - Upgrade to Spring Kafka 3.3.11 [#48041](https://github.com/spring-projects/spring-boot/issues/48041) - Upgrade to Spring Pulsar 1.2.12 [#48042](https://github.com/spring-projects/spring-boot/issues/48042) - Upgrade to Spring Security 6.5.7 [#48043](https://github.com/spring-projects/spring-boot/issues/48043) - Upgrade to Tomcat 10.1.49 [#48086](https://github.com/spring-projects/spring-boot/issues/48086) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@K-jun98](https://github.com/K-jun98), [@TerryTaoYY](https://github.com/TerryTaoYY), [@hojooo](https://github.com/hojooo), [@linw-bai](https://github.com/linw-bai), [@mipo256](https://github.com/mipo256), [@namest504](https://github.com/namest504), [@ngocnhan-tran1996](https://github.com/ngocnhan-tran1996), [@nosan](https://github.com/nosan), [@scottfrederick](https://github.com/scottfrederick), [@siva-sai-udaygiri](https://github.com/siva-sai-udaygiri), [@tschut](https://github.com/tschut), and [@vpavic](https://github.com/vpavic) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

renovate added 1 commit 2025-11-20 17:02:52 +01:00

Update dependency org.springframework.boot:spring-boot-starter-security to v3.5.8

continuous-integration/drone/push Build is passing

Details

continuous-integration/drone/pr Build is failing

Details

475ffcfd53

renovate force-pushed renovate/org.springframework.boot-spring-boot-starter-security-3.x from 475ffcfd53 to 8434cdbc1e

2025-12-18 13:03:19 +01:00

Compare

renovate changed title from ~~Update dependency org.springframework.boot:spring-boot-starter-security to v3.5.8~~ to Update dependency org.springframework.boot:spring-boot-starter-security to v3.5.9

2025-12-18 13:03:19 +01:00

renovate changed title from ~~Update dependency org.springframework.boot:spring-boot-starter-security to v3.5.9~~ to Update dependency org.springframework.boot:spring-boot-starter-security to v3.5.10

2026-01-22 14:02:02 +01:00

renovate force-pushed renovate/org.springframework.boot-spring-boot-starter-security-3.x from 8434cdbc1e to f91c370c70

2026-01-22 14:02:03 +01:00

Compare

renovate force-pushed renovate/org.springframework.boot-spring-boot-starter-security-3.x from f91c370c70 to 38d77faf68

2026-02-19 13:02:45 +01:00

Compare

renovate changed title from ~~Update dependency org.springframework.boot:spring-boot-starter-security to v3.5.10~~ to Update dependency org.springframework.boot:spring-boot-starter-security to v3.5.11

2026-02-19 13:02:46 +01:00

judas commented

2026-03-11 15:30:29 +01:00

🤖 judas CI Report

Result: ⛔ Not merged — CI failing

Check	Status
`continuous-integration/drone/push`	✅ success
`continuous-integration/drone/pr`	❌ failure

The PR CI check (drone/pr) is failing. Cannot merge until CI is fully green.

## 🤖 judas CI Report **Result: ⛔ Not merged — CI failing** | Check | Status | |---|---| | `continuous-integration/drone/push` | ✅ success | | `continuous-integration/drone/pr` | ❌ failure | The PR CI check (`drone/pr`) is failing. Cannot merge until CI is fully green.

judas added 1 commit 2026-03-11 15:32:57 +01:00

Merge branch 'main' into renovate/org.springframework.boot-spring-boot-starter-security-3.x

continuous-integration/drone/push Build was killed

Details

continuous-integration/drone/pr Build is passing

Details

6125ba7328

judas added 1 commit 2026-03-11 15:36:45 +01:00

Merge branch 'main' into renovate/org.springframework.boot-spring-boot-starter-security-3.x

continuous-integration/drone/pr Build is passing

Details

59d83cea15

judas merged commit ea1f3f3154 into main

2026-03-11 18:43:37 +01:00

judas deleted branch renovate/org.springframework.boot-spring-boot-starter-security-3.x

2026-03-11 18:43:37 +01:00

judas referenced this issue from a commit

2026-03-11 18:43:37 +01:00

Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-security to v3.5.11' (#27) from renovate/org.springframework.boot-spring-boot-starter-security-3.x into main

Sign in to join this conversation.

2 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: bea/release-hive#27