Bump the java group with 11 updates

[dependabot]

Bumps the java group with 11 updates:

Package	From	To
ch.qos.logback:logback-core	1.5.20	1.5.21
ch.qos.logback:logback-classic	1.5.20	1.5.21
org.apache.commons:commons-lang3	3.19.0	3.20.0
org.sonarsource.scanner.maven:sonar-maven-plugin	5.2.0.4988	5.3.0.6276
org.apache.maven.plugins:maven-jar-plugin	3.4.2	3.5.0
org.springframework.boot:spring-boot-maven-plugin	3.5.7	3.5.8
org.springframework.boot:spring-boot-dependencies	3.5.7	3.5.8
commons-validator:commons-validator	1.10.0	1.10.1
org.springframework:spring-web	6.2.12	6.2.14
io.swagger.core.v3:swagger-annotations-jakarta	2.2.40	2.2.41
org.springframework.boot:spring-boot-starter-test	3.5.7	3.5.8

Updates ch.qos.logback:logback-core from 1.5.20 to 1.5.21

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.21

2025-11-10 Release of logback version 1.5.21

• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of Logger with the contents of the LoggingEvent, typically via the fluent API. This fixes issues/871.

• Removed reentry-guard in most subclasses of UnsynchronizedAppenderBase where it was not needed.

• Initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• JsonEncoder is now friendlier to derivation by sub-classes as requested in issues/979.

• Fixed XMLLayout thread safety issue reported in LOGBACK-427.

• Removed superfluous buffering in Zip, GZ and XZ compression code.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit fed6f37ffe3449e40f6a9fffe050936a33116bd1 associated with the tag v_1.5.21. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• fed6f37 prepare release 1.5.21
• b111e89 Initialization procedure has been simplified by removing the step
• 1cd2df4 fix issues/871
• dea5b95 minor - remove superflous call to Objects.requireNonNull
• 3cecf29 add comment for the TurboFilter list ACCEPT case
• 1497142 improve performance for 2 or more turbo filters
• 04a7ba5 most subclasses of UnsynchronizedAppenderBase do not need a reentry guard
• ab6a006 add maven cache to github CI, update .github/FUNDING.yml
• 2bf5557 fix failed LegacyPatternLayoutTest#subPattern test due to TZ discrepancies, u...
• 2ca8c52 update funding info
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.20 to 1.5.21

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.21

2025-11-10 Release of logback version 1.5.21

• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of Logger with the contents of the LoggingEvent, typically via the fluent API. This fixes issues/871.

• Removed reentry-guard in most subclasses of UnsynchronizedAppenderBase where it was not needed.

• Initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• JsonEncoder is now friendlier to derivation by sub-classes as requested in issues/979.

• Fixed XMLLayout thread safety issue reported in LOGBACK-427.

• Removed superfluous buffering in Zip, GZ and XZ compression code.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit fed6f37ffe3449e40f6a9fffe050936a33116bd1 associated with the tag v_1.5.21. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• fed6f37 prepare release 1.5.21
• b111e89 Initialization procedure has been simplified by removing the step
• 1cd2df4 fix issues/871
• dea5b95 minor - remove superflous call to Objects.requireNonNull
• 3cecf29 add comment for the TurboFilter list ACCEPT case
• 1497142 improve performance for 2 or more turbo filters
• 04a7ba5 most subclasses of UnsynchronizedAppenderBase do not need a reentry guard
• ab6a006 add maven cache to github CI, update .github/FUNDING.yml
• 2bf5557 fix failed LegacyPatternLayoutTest#subPattern test due to TZ discrepancies, u...
• 2ca8c52 update funding info
• Additional commits viewable in compare view

Updates org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0

Updates org.sonarsource.scanner.maven:sonar-maven-plugin from 5.2.0.4988 to 5.3.0.6276

Release notes

Sourced from org.sonarsource.scanner.maven:sonar-maven-plugin's releases.

5.3.0.6276

Release notes - Sonar Scanner for Maven - 5.3

Bug

SCANMAVEN-283 Mvn 4.0.0-rc-3 breaks scanner because change of API

SCANMAVEN-308 Toolchains are not properly discovered by the scanner with Maven 4

Task

SCANMAVEN-297 Update README.md with copy from Product Marketing

SCANMAVEN-301 PrepareNextIteration.yml: add recent improvements

SCANMAVEN-302 Update GH release and releasability actions

SCANMAVEN-303 Delete mend_scan_task

SCANMAVEN-305 Migrate Cirrus build to Github actions

SCANMAVEN-307 Migrate QA from Cirrus to Github action

SCANMAVEN-309 Prevent injection in PrepareNextIteration GHA

SCANMAVEN-310 Exclude test projects from SCA

SCANMAVEN-311 Upgrade dependencies

SCANMAVEN-314 Fix ProxyTest on GitHub actions

SCANMAVEN-315 Rework QA: split invoker-based ITs and Orchestrator-based e2e

SCANMAVEN-325 Update license header from SonarSource SA to SonarSource Sàrl

SCANMAVEN-326 Delete Cirrus CI config

SCANMAVEN-327 Use explicit build number

Commits

• 4fcd9b1 SCANMAVEN-326 Delete Cirrus CI config (#345)
• b38cf6e SCANMAVEN-327 Use explicit build number (#346)
• 3cc18b9 SCANMAVEN-325 Update license header from SonarSource SA to SonarSource Sàrl
• 472f0c3 SCANMAVEN-310 Exclude E2E test projects from sca analysis after move
• 4a248b4 SCANMAVEN-314 Fix ProxyTest on GitHub Actions
• c4a3521 SCANMAVEN-315 Split invoker-based ITs and Orchestrator-based e2e
• 1d568c1 SCANMAVEN-308 Fix toolchains support in Maven 4
• 7c181df SCANMAVEN-283 Code refactoring, to avoid using mutable lists
• 44e3b0c SCANMAVEN-311 Upgrade orchestrator to version 5.6.2.2625
• 479c11d SCANMAVEN-311 Upgrade jsonassert to version 1.5.3
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-jar-plugin from 3.4.2 to 3.5.0

Release notes

Sourced from org.apache.maven.plugins:maven-jar-plugin's releases.

3.5.0

🚀 New features and improvements

• Add new "attach" configuration parameter (3.x port of #482) (#483) @​hgschmie
• add Java-Version to MANIFEST.MF (#465) @​hboutemy

🐛 Bug Fixes

• Fix detecting java version for toolchains and JDK 1.8 (#500) @​slawekjaranowski
• Ignore stderr when parsing javac version from toolchain (#471) @​jaredstehler

👻 Maintenance

• Update site descriptor to 2.0.0 (#501) @​slawekjaranowski
• chore: remove junit3 references (#494) @​slawekjaranowski
• Migrate component injection to JSR-330 (#492) @​slawekjaranowski
• Add PR Automation to 3.x (#132) @​slawekjaranowski
• Improve release-drafter configuration (#128) @​slawekjaranowski
• Fix for Maven 4.0.0-rc-3 (#130) @​slawekjaranowski
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#119) @​Bukama

🔧 Build

• Bump m-invoker-p to 3.9.1 for Java 25 (#480) @​hboutemy

📦 Dependency updates

• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#499) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#498) @dependabot[bot]
• Use maven-plugin-testing-harness version 3.4.0 (#491) @​slawekjaranowski
• Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.15.1 to 3.15.2 (#488) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#478) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#464) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 42 to 45 (#452) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.4 (#461) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#457) @dependabot[bot]
• Bump mavenVersion from 3.9.10 to 3.9.11 (#456) @dependabot[bot]
• Bump mavenVersion from 3.9.9 to 3.9.10 (#146) @dependabot[bot]
• Bump org.apache.maven.shared:file-management from 3.1.0 to 3.2.0 (#143) @dependabot[bot]
• Bump mavenVersion from 3.6.3 to 3.9.9 (#107) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#140) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.1 to 2.18.0 (#114) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#109) @dependabot[bot]

Commits

• 68d00f1 [maven-release-plugin] prepare release maven-jar-plugin-3.5.0
• 357b9bf Update site descriptor to 2.0.0
• 340249c Fix detecting java version for toolchains and JDK 1.8
• 06a6245 chore: remove junit3 references
• d302b2c Bump commons-io:commons-io from 2.20.0 to 2.21.0
• 6081bdb Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
• ef8ed4c Migrate component injection to JSR-330
• 704a35c Ignore stderr when parsing javac version from toolchain (#471)
• 0beb969 Use maven-plugin-testing-harness version 3.4.0
• c2624c8 Bump org.apache.maven.plugin-tools:maven-plugin-annotations (#488)
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-maven-plugin from 3.5.7 to 3.5.8

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v3.5.8

⚠️ Noteworthy changes

• This release contains a fix to get Testcontainers working with modern Docker versions. If this causes problems in your setup, you can downgrade the minimum Docker API, effectively reverting that change.

🐞 Bug Fixes

• Gradle war task does not exclude starter POMs from lib-provided #48196
• Testcontainers integration fails on Docker 29.0.0 #48192
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #48180
• Properties bound in the child management context ignore the parent's environment prefix #48176
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #48153
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #48129
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #48127
• NullPointerException when using @ConditionalOnSingleCandidate with multiple manually registered singletons #48123
• Buildpack fails with recent Docker installs due to hardcoded version in URL #48102
• Image building may fail when specifying a platform if an image has already been built with a different platform #48098
• Undertow's ServletContext is destroy too early, making it unusable in @PreDestroy methods #48061
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #48058
• Auto-configured JCacheMetrics cannot be customized #48056
• WebSecurityCustomizer beans are excluded by WebMvcTest #48054
• Devtools Restarter does not work with a parameterless main method #47987
• Setting 'max-uri-tags' does not prevent unlimited meter growth on any AutoConfiguredCompositeMeterRegistry #47923
• Docker response 407 is not handled correctly resulting in no error message #47900
• spring-boot-maven-plugin process-aot goal does not find package-private main method #47780

📔 Documentation

• Revise AWS section of "Deploying to the Cloud" in reference manual #48156
• Fix typo in PortInUseException Javadoc #48133
• Correct section about required setters in "Type-safe Configuration Properties" #48130
• Document EndpointObjectMapper and management.endpoints.jackson.isolated-object-mapper #48114
• Document support for configuring servlet context init parameters using properties #48111
• Clarify how warnings about soon-to-expire SSL certificates are reported #48062
• Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #48052
• Use since attribute in configuration properties deprecation consistently #47980
• BootstrapContext#getOrElseThrow has incorrect reference to IllegalStateException #47905
• Clarify when BootstrapContext get methods may return null rather than throwing an exception or calling the fallback supplier #47898
• Document that Actuator endpoint may have at most one extension of each type #47873
• Limit Kotlin API documentation to Kotlin-specific APIs #47859
• Adapt AOTCache documentation to JEP 514 #47274

🔨 Dependency Upgrades

• Downgrade to Cassandra Driver 4.19.0 #47926
• Upgrade to AspectJ 1.9.25 #48005
• Upgrade to Caffeine 3.2.3 #48006
• Upgrade to Cassandra Driver 4.19.2 #48183
• Upgrade to DB2 JDBC 12.1.3.0 #48083
• Upgrade to Hibernate 6.6.36.Final #48148

... (truncated)

Commits

• 17f22c3 Release v3.5.8
• 4f03b44 Merge branch '3.4.x' into 3.5.x
• 3d15c13 Next development version (v3.4.13-SNAPSHOT)
• 3b539aa Merge branch '3.4.x' into 3.5.x
• ee70d55 Upgrade to Spring Framework 6.2.14
• f7b4a8b Merge branch '3.4.x' into 3.5.x
• 4a8d01d Exclude starter POMs from lib-provided when using Gradle
• 0bb0d53 Merge branch '3.4.x' into 3.5.x
• 4625534 Force Testcontainers Docker API version for Docker 29.0.0+ compatibility
• 7891ebf Merge branch '3.4.x' into 3.5.x
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-dependencies from 3.5.7 to 3.5.8

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v3.5.8

⚠️ Noteworthy changes

• This release contains a fix to get Testcontainers working with modern Docker versions. If this causes problems in your setup, you can downgrade the minimum Docker API, effectively reverting that change.

🐞 Bug Fixes

• Gradle war task does not exclude starter POMs from lib-provided #48196
• Testcontainers integration fails on Docker 29.0.0 #48192
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #48180
• Properties bound in the child management context ignore the parent's environment prefix #48176
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #48153
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #48129
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #48127
• NullPointerException when using @ConditionalOnSingleCandidate with multiple manually registered singletons #48123
• Buildpack fails with recent Docker installs due to hardcoded version in URL #48102
• Image building may fail when specifying a platform if an image has already been built with a different platform #48098
• Undertow's ServletContext is destroy too early, making it unusable in @PreDestroy methods #48061
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #48058
• Auto-configured JCacheMetrics cannot be customized #48056
• WebSecurityCustomizer beans are excluded by WebMvcTest #48054
• Devtools Restarter does not work with a parameterless main method #47987
• Setting 'max-uri-tags' does not prevent unlimited meter growth on any AutoConfiguredCompositeMeterRegistry #47923
• Docker response 407 is not handled correctly resulting in no error message #47900
• spring-boot-maven-plugin process-aot goal does not find package-private main method #47780

📔 Documentation

• Revise AWS section of "Deploying to the Cloud" in reference manual #48156
• Fix typo in PortInUseException Javadoc #48133
• Correct section about required setters in "Type-safe Configuration Properties" #48130
• Document EndpointObjectMapper and management.endpoints.jackson.isolated-object-mapper #48114
• Document support for configuring servlet context init parameters using properties #48111
• Clarify how warnings about soon-to-expire SSL certificates are reported #48062
• Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #48052
• Use since attribute in configuration properties deprecation consistently #47980
• BootstrapContext#getOrElseThrow has incorrect reference to IllegalStateException #47905
• Clarify when BootstrapContext get methods may return null rather than throwing an exception or calling the fallback supplier #47898
• Document that Actuator endpoint may have at most one extension of each type #47873
• Limit Kotlin API documentation to Kotlin-specific APIs #47859
• Adapt AOTCache documentation to JEP 514 #47274

🔨 Dependency Upgrades

• Downgrade to Cassandra Driver 4.19.0 #47926
• Upgrade to AspectJ 1.9.25 #48005
• Upgrade to Caffeine 3.2.3 #48006
• Upgrade to Cassandra Driver 4.19.2 #48183
• Upgrade to DB2 JDBC 12.1.3.0 #48083
• Upgrade to Hibernate 6.6.36.Final #48148

... (truncated)

Commits

• 17f22c3 Release v3.5.8
• 4f03b44 Merge branch '3.4.x' into 3.5.x
• 3d15c13 Next development version (v3.4.13-SNAPSHOT)
• 3b539aa Merge branch '3.4.x' into 3.5.x
• ee70d55 Upgrade to Spring Framework 6.2.14
• f7b4a8b Merge branch '3.4.x' into 3.5.x
• 4a8d01d Exclude starter POMs from lib-provided when using Gradle
• 0bb0d53 Merge branch '3.4.x' into 3.5.x
• 4625534 Force Testcontainers Docker API version for Docker 29.0.0+ compatibility
• 7891ebf Merge branch '3.4.x' into 3.5.x
• Additional commits viewable in compare view

Updates commons-validator:commons-validator from 1.10.0 to 1.10.1

Changelog

Sourced from commons-validator:commons-validator's changelog.

Apache Commons Validator 1.10.1 RELEASE NOTES

The Apache Commons Validator team is pleased to announce the release of Apache Commons Validator 1.10.1.

Apache Commons Validator provides the building blocks for both client-side and server-side data validation. It may be used standalone or with a framework like Struts.

This is a feature and maintenance release. Java 8 or later is required.

For complete information on Apache Commons Validator, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Validator website:

https://commons.apache.org/proper/commons-validator/

Download page: https://commons.apache.org/proper/commons-validator/download_validator.cgi

Changes in this version

Fixed Bugs

• VALIDATOR-502: Circular dependency in static initialization causes NullPointerException in GenericValidator.isCreditCard(). Thanks to Mark Miller, Gary Gregory.

Changes

•             Bump org.apache.commons:commons-parent from 85 to 92 [#361](https://github.com/apache/commons-validator/issues/361), [#370](https://github.com/apache/commons-validator/issues/370). Thanks to Gary Gregory, Dependabot.
  

•             Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.19.0 [#346](https://github.com/apache/commons-validator/issues/346). Thanks to Dependabot, Gary Gregory.
  

•             Bump org.apache.commons:commons-csv from 1.14.0 to 1.14.0. Thanks to Dependabot, Gary Gregory.
  

Historical list of changes: https://commons.apache.org/proper/commons-validator/changes.html

Enjoy! -Apache Commons Validator team

---

Commits

• 0290614 Prepare for the release candidate 1.10.1 RC1
• a94909f Inherit POM /scm from parent POM
• 0f072cd Prepare for the next release candidate
• b7ce69d Bump org.apache.commons:commons-parent from 91 to 92
• 4c9a066 Restore issueManagement/url (doesn't work for issue links, needs a
• 43b0964 Fix issue links in the generated site's release history page
• 63924bf Better action description
• b1d98fe Update site menu to match other components
• caf2693 Remove obsolete Ant section
• ddc5c65 Add security page
• Additional commits viewable in compare view

Updates org.springframework:spring-web from 6.2.12 to 6.2.14

Release notes

Sourced from org.springframework:spring-web's releases.

v6.2.14

⭐ New Features

• Add resetCaches() method to Caffeine/ConcurrentMapCacheManager #35841
• Fix single-check idiom in UnmodifiableMultiValueMap #35831
• Fix Spliterator characteristics in ConcurrentReferenceHashMap #35828

🐞 Bug Fixes

• MissingPathVariableException produces wrong status code in ProblemDetail #35856
• Fix getCacheNames() concurrent access in NoOpCacheManager #35844
• Annotation discovery regression for interfaces extending BeanNameAware and co. #35838
• Fix HtmlUtils unescape for supplementary chars #35832

📔 Documentation

• Fix cross-reference links in HtmlUnit sections #35857
• Remove @see Javadoc references to deprecated PropertiesBeanDefinitionReader #35854

v6.2.13

⭐ New Features

• Support response encoding in select and options JSP form tags #35783
• Preserve Connection readOnly state for DataSource with defaultReadOnly configuration #35743
• Optimize resource URL resolution in SortedResourcesFactoryBean #35687
• Relax multiple segment matching constraints in PathPattern #35686
• Support wildcard path elements at the start of path patterns #35679
• Validating byte[]s may produce OutOfMemoryError #35675
• Update in FragmentsRendering to names of static methods #33974

🐞 Bug Fixes

• ConcurrentReferenceHashMap misses dedicated computeIfAbsent, computeIfPresent, compute, merge implementations #35794
• Avoid unnecessary bridge method resolution around getMostSpecificMethod #35780
• Fix multi-release JAR issue with VirtualThreadDelegate #35773
• ContentNegotiationManager not finding media type when request includes quality parameter #35754
• Race condition in BufferingClientHttpResponseWrapper.getBody() #35745
• Deprecate setConnectTimeout on HttpComponentsClientHttpRequestFactory #35748
• Fix PathMatchingResourcePatternResolver to handle absolute paths in JAR manifests #35732
• BeanDefinitionBuilder.addAutowiredProperty causes error during AOT processing #35731
• Improve HttpServiceMethod support for Kotlin suspending functions returning Flow #35718
• Exception translation does not expose original BatchUpdateException anymore #35717
• Add hints for entities package-private methods #35711
• Fix concurrency permit leak causing deadlock in SimpleAsyncTaskExecutor #35708
• Remove jibx-marshaller element from spring-oxm.xsd #35699
• NullPointerException When Handling 407 with JdkClientHttpConnector in WebClient #35692
• Method-based Map injection fails against target Map with incomplete generics despite bean name or qualifier match #35690
• JUnit Jupiter TEST_METHOD ExtensionContextScope is not fully supported #35680
• Introduce isAutowirableConstructor(Executable, PropertyProvider) in TestConstructorUtils and deprecate existing variants #35676
• Reflection on java.sql.Types without runtime hints #35674

... (truncated)

Commits

• 1ab9f7a Release v6.2.14
• 59025c5 Lazily initialize ProblemDetail for picking up actual status code
• e5de8b9 Fix link to MockMvc test in HtmlUnit section
• e146e80 Polishing
• ff62e73 Fix cross-reference links in HtmlUnit sections
• 4e97013 Polishing
• bd10b7a Remove javadoc references to deprecated PropertiesBeanDefinitionReader
• e428817 Fix getCacheNames() concurrent access in NoOpCacheManager
• 8545a75 Add resetCaches() method to Caffeine/ConcurrentMapCacheManager
• f94645d Narrow Aware interface exclusion check to BeanFactoryAware only
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-dependencies from 3.5.7 to 3.5.8

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v3.5.8

⚠️ Noteworthy changes

• This release contains a fix to get Testcontainers working with modern Docker versions. If this causes problems in your setup, you can downgrade the minimum Docker API, effectively reverting that change.

🐞 Bug Fixes

• Gradle war task does not exclude starter POMs from lib-provided #48196
• Testcontainers integration fails on Docker 29.0.0 #48192
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #48180
• Properties bound in the child management context ignore the parent's environment prefix #48176
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #48153
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #48129
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #48127
• NullPointerException when using @ConditionalOnSingleCandidate with multiple manually registered singletons #48123
• Buildpack fails with recent Docker installs due to hardcoded version in URL #48102
• Image building may fail when specifying a platform if an image has already been built with a different platform #48098
• Undertow's ServletContext is destroy too early, making it unusable in @PreDestroy methods #48061
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #48058
• Auto-configured JCacheMetrics cannot be customized #48056
• WebSecurityCustomizer beans are excluded by WebMvcTest #48054
• Devtools Restarter does not work with a parameterless main method #47987
• Setting 'max-uri-tags' does not prevent unlimited meter growth on any AutoConfiguredCompositeMeterRegistry #47923
• Docker response 407 is not handled correctly resulting in no error message #47900
• spring-boot-maven-plugin process-aot goal does not find package-private main method #47780

📔 Documentation

• Revise AWS section of "Deploying to the Cloud" in reference manual #48156
• Fix typo in PortInUseException Javadoc #48133
• Correct section about required setters in "Type-safe Configuration Properties" #48130
• Document EndpointObjectMapper and management.endpoints.jackson.isolated-object-mapper #48114
• Document support for configuring servlet context init parameters using properties #48111
• Clarify how warnings about soon-to-expire SSL certificates are reported #48062
• Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #48052
• Use since attribute in configuration properties deprecation consistently #47980
• BootstrapContext#getOrElseThrow has incorrect reference to IllegalStateException #47905
• Clarify when BootstrapContext get methods may return null rather than throwing an exception or calling the fallback supplier #47898
• Document that Actuator endpoint may have at most one extension of each type #47873
• Limit Kotlin API documentation to Kotlin-specific APIs #47859
• Adapt AOTCache documentation to JEP 514 #47274

🔨 Dependency Upgrades

• Downgrade to Cassandra Driver 4.19.0 #47926
• Upgrade to AspectJ 1.9.25 #48005
• Upgrade to Caffeine 3.2.3 #48006
• Upgrade to Cassandra Driver 4.19.2 #48183
• Upgrade to DB2 JDBC 12.1.3.0 #48083
• Upgrade to Hibernate 6.6.36.Final #48148

... (truncated)

Commits

• 17f22c3 Release v3.5.8
• 4f03b44 Merge branch '3.4.x' into 3.5.x
• 3d15c13 Next development version (v3.4.13-SNAPSHOT)
• 3b539aa Merge branch '3.4.x' into 3.5.x
• ee70d55 Upgrade to Spring Framework 6.2.14
• f7b4a8b Merge branch '3.4.x' into 3.5.x
• 4a8d01d Exclude starter POMs from lib-provided when using Gradle
• 0bb0d53 Merge branch '3.4.x' into 3.5.x
• 4625534 Force Testcontainers Docker API version for Docker 29.0.0+ compatibility
• 7891ebf Merge branch '3.4.x' into 3.5.x
• Additional commits viewable in compare view

Updates io.swagger.core.v3:swagger-annotations-jakarta from 2.2.40 to 2.2.41

Updates org.springframework.boot:spring-boot-starter-test from 3.5.7 to 3.5.8

Release notes

Sourced from org.springframework.boot:spring-boot-starter-test's releases.

v3.5.8

⚠️ Noteworthy changes

• This release contains a fix to get Testcontainers working with modern Docker versions. If this causes problems in your setup, you can downgrade the minimum Docker API, effectively reverting that change.

🐞 Bug Fixes

• Gradle war task does not exclude starter POMs from lib-provided #48196
• Testcontainers integration fails on Docker 29.0.0 #48192
• SslMeterBinder doesn't regis...

  Description has been truncated