Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v4.0.7

🐞 Bug Fixes

• MailSender auto-configuration does not enable hostname verification #50746
• Artemis auto-configuration uses a predictable default location for the embedded broker's data #50744
• NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50640
• SSL should not be enabled when a SSL bundle is overridden to an empty string #50634
• Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50617
• RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50611
• NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50609
• Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50602
• Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50509
• ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50416
• Created StackTracePrinter instances have no access to the Environment #50413
• MappingsEndpoint reports the context's own ID as parentId when a parent exists #50411
• Buildpack module does not validate long-to-int casts #50409
• GraphQL WebSocket support does not configure allowed origins #50393
• Configuration property metadata includes incorrect class references #50375
• Spring Boot Loader Does Not Support RSA and EC Signed Jars #50297
• Meter registries are not removed from the global registry when the context is closed #50286
• Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50265
• EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50260
• Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50257
• ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50233
• NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50227
• Apply HTML escaping to timestamp attribute in Whitelabel error page #50215
• Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50201

📔 Documentation

• Fix reference to Gradle documentation for module replacement #50646
• Document SSL reloading with Let's Encrypt #50629
• Remove the use of Optional from Data Neo4j repository examples #50621
• Fix typos in documentation #50619
• Clarify dependency requirement for Bean Validation support #50613
• Document Java 25 requirement for AOT cache #50484
• Add links for Java CAS Client Spring Boot Starter #50281
• Document known testcontainers lifecycle issues #50219
• Document adding multiple connectors for Jetty #50217
• Polish InvalidConfigurationPropertyValueException constructor javadoc #50213
• Fix typo in Spring Security OAuth2 client registration documentation #50198

🔨 Dependency Upgrades

• Upgrade to Caffeine 3.2.4 #50322
• Upgrade to Cassandra Driver 4.19.3 #50681
• Upgrade to Glassfish JAXB 4.0.9 #50682
• Upgrade to Groovy 5.0.6 #50324
• Upgrade to Hibernate 7.2.19.Final #50733
• Upgrade to Jackson 2 Bom 2.21.4 #50684

... (truncated)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)