bea/release-hive
1
0
Fork 0
Code Issues Pull Requests 9 Releases Activity

Update dependency org.springframework.boot:spring-boot-starter-security to v3.5.8 #27

Open
renovate wants to merge 1 commits from renovate/org.springframework.boot-spring-boot-starter-security-3.x into main
pull from: renovate/org.springframework.boot-spring-boot-starter-security-3.x
merge into: bea:main
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovate commented 2025-11-20 17:02:52 +01:00
Collaborator
Copy Link

This PR contains the following updates:

Package Type Update Change
org.springframework.boot:spring-boot-starter-security (source) compile patch 3.5.7 -> 3.5.8

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-security)

v3.5.8

Compare Source

⚠️ Noteworthy changes

🐞 Bug Fixes

  • Gradle war task does not exclude starter POMs from lib-provided #​48196
  • Testcontainers integration fails on Docker 29.0.0 #​48192
  • SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #​48180
  • Properties bound in the child management context ignore the parent's environment prefix #​48176
  • ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #​48153
  • Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #​48129
  • New arm64 macbooks fail to bootBuildImage due to incorrect platform image #​48127
  • NullPointerException when using @ConditionalOnSingleCandidate with multiple manually registered singletons #​48123
  • Buildpack fails with recent Docker installs due to hardcoded version in URL #​48102
  • Image building may fail when specifying a platform if an image has already been built with a different platform #​48098
  • Undertow's ServletContext is destroy too early, making it unusable in @PreDestroy methods #​48061
  • PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #​48058
  • Auto-configured JCacheMetrics cannot be customized #​48056
  • WebSecurityCustomizer beans are excluded by WebMvcTest #​48054
  • Devtools Restarter does not work with a parameterless main method #​47987
  • Setting 'max-uri-tags' does not prevent unlimited meter growth on any AutoConfiguredCompositeMeterRegistry #​47923
  • Docker response 407 is not handled correctly resulting in no error message #​47900
  • spring-boot-maven-plugin process-aot goal does not find package-private main method #​47780

📔 Documentation

  • Revise AWS section of "Deploying to the Cloud" in reference manual #​48156
  • Fix typo in PortInUseException Javadoc #​48133
  • Correct section about required setters in "Type-safe Configuration Properties" #​48130
  • Document EndpointObjectMapper and management.endpoints.jackson.isolated-object-mapper #​48114
  • Document support for configuring servlet context init parameters using properties #​48111
  • Clarify how warnings about soon-to-expire SSL certificates are reported #​48062
  • Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #​48052
  • Use since attribute in configuration properties deprecation consistently #​47980
  • BootstrapContext#getOrElseThrow has incorrect reference to IllegalStateException #​47905
  • Clarify when BootstrapContext get methods may return null rather than throwing an exception or calling the fallback supplier #​47898
  • Document that Actuator endpoint may have at most one extension of each type #​47873
  • Limit Kotlin API documentation to Kotlin-specific APIs #​47859
  • Adapt AOTCache documentation to JEP 514 #​47274

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​K-jun98, @​TerryTaoYY, @​hojooo, @​linw-bai, @​mipo256, @​namest504, @​ngocnhan-tran1996, @​nosan, @​scottfrederick, @​siva-sai-udaygiri, @​tschut, and @​vpavic

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [org.springframework.boot:spring-boot-starter-security](https://spring.io/projects/spring-boot) ([source](https://github.com/spring-projects/spring-boot)) | compile | patch | `3.5.7` -> `3.5.8` | --- ### Release Notes <details> <summary>spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-security)</summary> ### [`v3.5.8`](https://github.com/spring-projects/spring-boot/releases/tag/v3.5.8) [Compare Source](https://github.com/spring-projects/spring-boot/compare/v3.5.7...v3.5.8) #### :warning: Noteworthy changes - This release [contains a fix](https://github.com/spring-projects/spring-boot/issues/48104) to get Testcontainers working with modern Docker versions. If this causes problems in your setup, [you can downgrade the minimum Docker API](https://docs.spring.io/spring-boot/3.4/how-to/testing.html#howto.testing.testcontainers-api-downgrade), effectively reverting that change. #### :lady\_beetle: Bug Fixes - Gradle war task does not exclude starter POMs from lib-provided [#&#8203;48196](https://github.com/spring-projects/spring-boot/issues/48196) - Testcontainers integration fails on Docker 29.0.0 [#&#8203;48192](https://github.com/spring-projects/spring-boot/issues/48192) - SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time [#&#8203;48180](https://github.com/spring-projects/spring-boot/issues/48180) - Properties bound in the child management context ignore the parent's environment prefix [#&#8203;48176](https://github.com/spring-projects/spring-boot/issues/48176) - ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles [#&#8203;48153](https://github.com/spring-projects/spring-boot/pull/48153) - Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes [#&#8203;48129](https://github.com/spring-projects/spring-boot/pull/48129) - New arm64 macbooks fail to bootBuildImage due to incorrect platform image [#&#8203;48127](https://github.com/spring-projects/spring-boot/issues/48127) - NullPointerException when using `@ConditionalOnSingleCandidate` with multiple manually registered singletons [#&#8203;48123](https://github.com/spring-projects/spring-boot/issues/48123) - Buildpack fails with recent Docker installs due to hardcoded version in URL [#&#8203;48102](https://github.com/spring-projects/spring-boot/issues/48102) - Image building may fail when specifying a platform if an image has already been built with a different platform [#&#8203;48098](https://github.com/spring-projects/spring-boot/issues/48098) - Undertow's ServletContext is destroy too early, making it unusable in `@PreDestroy` methods [#&#8203;48061](https://github.com/spring-projects/spring-boot/issues/48061) - PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration [#&#8203;48058](https://github.com/spring-projects/spring-boot/issues/48058) - Auto-configured JCacheMetrics cannot be customized [#&#8203;48056](https://github.com/spring-projects/spring-boot/issues/48056) - WebSecurityCustomizer beans are excluded by WebMvcTest [#&#8203;48054](https://github.com/spring-projects/spring-boot/issues/48054) - Devtools Restarter does not work with a parameterless main method [#&#8203;47987](https://github.com/spring-projects/spring-boot/pull/47987) - Setting 'max-uri-tags' does not prevent unlimited meter growth on any AutoConfiguredCompositeMeterRegistry [#&#8203;47923](https://github.com/spring-projects/spring-boot/issues/47923) - Docker response 407 is not handled correctly resulting in no error message [#&#8203;47900](https://github.com/spring-projects/spring-boot/issues/47900) - spring-boot-maven-plugin process-aot goal does not find package-private main method [#&#8203;47780](https://github.com/spring-projects/spring-boot/issues/47780) #### :notebook\_with\_decorative\_cover: Documentation - Revise AWS section of "Deploying to the Cloud" in reference manual [#&#8203;48156](https://github.com/spring-projects/spring-boot/pull/48156) - Fix typo in PortInUseException Javadoc [#&#8203;48133](https://github.com/spring-projects/spring-boot/issues/48133) - Correct section about required setters in "Type-safe Configuration Properties" [#&#8203;48130](https://github.com/spring-projects/spring-boot/issues/48130) - Document EndpointObjectMapper and management.endpoints.jackson.isolated-object-mapper [#&#8203;48114](https://github.com/spring-projects/spring-boot/issues/48114) - Document support for configuring servlet context init parameters using properties [#&#8203;48111](https://github.com/spring-projects/spring-boot/issues/48111) - Clarify how warnings about soon-to-expire SSL certificates are reported [#&#8203;48062](https://github.com/spring-projects/spring-boot/issues/48062) - Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries [#&#8203;48052](https://github.com/spring-projects/spring-boot/issues/48052) - Use since attribute in configuration properties deprecation consistently [#&#8203;47980](https://github.com/spring-projects/spring-boot/pull/47980) - BootstrapContext#getOrElseThrow has incorrect reference to IllegalStateException [#&#8203;47905](https://github.com/spring-projects/spring-boot/issues/47905) - Clarify when BootstrapContext get methods may return null rather than throwing an exception or calling the fallback supplier [#&#8203;47898](https://github.com/spring-projects/spring-boot/issues/47898) - Document that Actuator endpoint may have at most one extension of each type [#&#8203;47873](https://github.com/spring-projects/spring-boot/issues/47873) - Limit Kotlin API documentation to Kotlin-specific APIs [#&#8203;47859](https://github.com/spring-projects/spring-boot/issues/47859) - Adapt AOTCache documentation to JEP 514 [#&#8203;47274](https://github.com/spring-projects/spring-boot/issues/47274) #### :hammer: Dependency Upgrades - Downgrade to Cassandra Driver 4.19.0 [#&#8203;47926](https://github.com/spring-projects/spring-boot/issues/47926) - Upgrade to AspectJ 1.9.25 [#&#8203;48005](https://github.com/spring-projects/spring-boot/issues/48005) - Upgrade to Caffeine 3.2.3 [#&#8203;48006](https://github.com/spring-projects/spring-boot/issues/48006) - Upgrade to Cassandra Driver 4.19.2 [#&#8203;48183](https://github.com/spring-projects/spring-boot/issues/48183) - Upgrade to DB2 JDBC 12.1.3.0 [#&#8203;48083](https://github.com/spring-projects/spring-boot/issues/48083) - Upgrade to Hibernate 6.6.36.Final [#&#8203;48148](https://github.com/spring-projects/spring-boot/issues/48148) - Upgrade to Jackson Bom 2.19.4 [#&#8203;48008](https://github.com/spring-projects/spring-boot/issues/48008) - Upgrade to Jetty 12.0.30 [#&#8203;48118](https://github.com/spring-projects/spring-boot/issues/48118) - Upgrade to Jetty Reactive HTTPClient 4.0.13 [#&#8203;48149](https://github.com/spring-projects/spring-boot/issues/48149) - Upgrade to jOOQ 3.19.28 [#&#8203;48084](https://github.com/spring-projects/spring-boot/issues/48084) - Upgrade to Logback 1.5.21 [#&#8203;48085](https://github.com/spring-projects/spring-boot/issues/48085) - Upgrade to Micrometer 1.15.6 [#&#8203;48009](https://github.com/spring-projects/spring-boot/issues/48009) - Upgrade to Micrometer Tracing 1.5.6 [#&#8203;48010](https://github.com/spring-projects/spring-boot/issues/48010) - Upgrade to MySQL 9.5.0 [#&#8203;48011](https://github.com/spring-projects/spring-boot/issues/48011) - Upgrade to Neo4j Java Driver 5.28.10 [#&#8203;48044](https://github.com/spring-projects/spring-boot/issues/48044) - Upgrade to Quartz 2.5.1 [#&#8203;48012](https://github.com/spring-projects/spring-boot/issues/48012) - Upgrade to R2DBC Postgresql 1.0.9.RELEASE [#&#8203;48013](https://github.com/spring-projects/spring-boot/issues/48013) - Upgrade to Reactor Bom 2024.0.12 [#&#8203;48014](https://github.com/spring-projects/spring-boot/issues/48014) - Upgrade to Spring Data Bom 2025.0.6 [#&#8203;48039](https://github.com/spring-projects/spring-boot/issues/48039) - Upgrade to Spring Framework 6.2.14 [#&#8203;48166](https://github.com/spring-projects/spring-boot/issues/48166) - Upgrade to Spring Integration 6.5.4 [#&#8203;48040](https://github.com/spring-projects/spring-boot/issues/48040) - Upgrade to Spring Kafka 3.3.11 [#&#8203;48041](https://github.com/spring-projects/spring-boot/issues/48041) - Upgrade to Spring Pulsar 1.2.12 [#&#8203;48042](https://github.com/spring-projects/spring-boot/issues/48042) - Upgrade to Spring Security 6.5.7 [#&#8203;48043](https://github.com/spring-projects/spring-boot/issues/48043) - Upgrade to Tomcat 10.1.49 [#&#8203;48086](https://github.com/spring-projects/spring-boot/issues/48086) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@&#8203;K-jun98](https://github.com/K-jun98), [@&#8203;TerryTaoYY](https://github.com/TerryTaoYY), [@&#8203;hojooo](https://github.com/hojooo), [@&#8203;linw-bai](https://github.com/linw-bai), [@&#8203;mipo256](https://github.com/mipo256), [@&#8203;namest504](https://github.com/namest504), [@&#8203;ngocnhan-tran1996](https://github.com/ngocnhan-tran1996), [@&#8203;nosan](https://github.com/nosan), [@&#8203;scottfrederick](https://github.com/scottfrederick), [@&#8203;siva-sai-udaygiri](https://github.com/siva-sai-udaygiri), [@&#8203;tschut](https://github.com/tschut), and [@&#8203;vpavic](https://github.com/vpavic) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xOC4wIiwidXBkYXRlZEluVmVyIjoiNDIuMTguMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
renovate added 1 commit 2025-11-20 17:02:52 +01:00
Update dependency org.springframework.boot:spring-boot-starter-security to v3.5.8
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is failing
Details
475ffcfd53
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is failing
Details
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/org.springframework.boot-spring-boot-starter-security-3.x:renovate/org.springframework.boot-spring-boot-starter-security-3.x
git checkout renovate/org.springframework.boot-spring-boot-starter-security-3.x
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
renovate bea
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: bea/release-hive#27
Delete Branch "renovate/org.springframework.boot-spring-boot-starter-security-3.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?