Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v4.0.2

Noteworthy Changes

• The dependency on org.eclipse.jetty.ee11:jetty-ee11-servlets has been removed from spring-boot-jetty as it was unnecessary and unused. If your application code depends on a class from jetty-ee11-servlets, declare a dependency on it in your build configuration. #48677

Bug Fixes

• No TransactionAutoConfiguration with spring-boot-starter-kafka for Spring Boot 4 #48880
• Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present #48840
• When a bean condition references a type that is not present, it appears as ? in the condition evaluation report #48838
• SessionAutoConfiguration creates a DefaultCookieSerializer with a default SameSite of null instead of Lax #48830
• Setting graphql schema location to "classpath*:graphql/**/" causes failure due to incorrectly packaged test resource #48829
• Message interpolation by MVC and WebFlux's Validators does not work correctly in a native image #48828
• CloudFoundry integration fails in Servlet-based web app without a dependency on spring-boot-starter-restclient #48826
• RestTestClientAutoConfiguration and TestRestTemplateAutoConfiguration should be package-private #48820
• SSL metrics are no longer auto-configured #48819
• Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) #48812
• DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image #48703
• The spring-boot-cloudfoundry module should only have an optional dependency on spring-boot-security #48685
• Application JAR created by extract command is not reproductible #48678
• AOT processing of tests should not be disabled when 'skipTests' is set #48662
• @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) is no longer applied to the management server #48653
• Fix zero-length byte buffer in InspectedContent #48650
• Can no longer override JacksonJsonHttpMessageConverter with ServerHttpMessageConvertersCustomizer #48635
• HttpServiceClientProperties incorrectly uses the @ConfigurationProperties annotation on a LinkedHashMap class #48616
• spring-boot-micrometer-tracing-opentelemetry fails if spring-boot-opentelemetry isn't there #48585
• App fails to start with starter-webmvc and starter-zipkin #48581
• Micrometer test modules should have an api dependency on micrometer-observation-test #48386

Documentation

• Fix typo in REST client documentation #48907
• Remove duplicate word #48874
• Document support for configuring arguments passed to Docker Compose #48806
• The documentation related to EnvironmentPostProcessor links to deprecated interface #48803
• Update documentation for Buildpack's AOT Cache support #48769
• Correct docs to use new location for error handling configuration properties #48767
• Document spring-boot-starter-cloudfoundry on Cloud Foundry Support Page #48675
• Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file #48659
• Example using excludeDevtools property should document that optional dependencies should be enabled #48641
• Fix grammar and typos in the reference guide #48601
• Update Tracing section for Spring Boot 4's modularity #48576

Dependency Upgrades

• Upgrade to Classmate 1.7.3 #48783
• Upgrade to Elasticsearch Client 9.2.3 #48721
• Upgrade to Hibernate 7.2.1.Final #48857
• Upgrade to HttpClient5 5.5.2 #48784
• Upgrade to Jackson 2 Bom 2.20.2 #48910

... (truncated)

• fae3545 Release v4.0.2
• 9fde744 Merge branch '3.5.x' into 4.0.x
• 650236d Remove breaking and unnecessary Undertow TLS with RSA test
• 547bc77 Upgrade to Spring Batch 6.0.2
• 4387cbb Upgrade to Jackson Bom 3.0.4
• abec26e Polish
• f677fba Upgrade to Spring Integration 7.0.2
• 849c2ee Upgrade to Spring GraphQL 2.0.2
• facd456 Upgrade to Nullability Plugin 0.0.10
• e99c08f Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)