-
Notifications
You must be signed in to change notification settings - Fork 40.8k
Spring Boot 2.7 Release Notes
Test property sources added by @SpringBootTest
using either the properties
attribute or the @TestPropertySource
annotation are now added above the command line property source. If you are in the unlikely situation of having a @SpringBootTest
that uses both properties
and args
(and with the same property name), you may need to change things around.
Spring Boot 2.7 upgrades to Flyway 8.5 (from 8.0). Since the 8.0 release, Flyway’s support for a number of databases has been extracted into new modules:
-
flyway-firebird
(Firebird) -
flyway-mysql
(MariaDB and MySQL) -
flyway-sqlserver
(SQL Server)
If you are using Flyway to manage the schema of one of the above databases, add a dependency on the appropriate new module.
Spring Boot 2.7 has upgraded to H2 2.1.120. H2 2.x is backwards incompatible and fixes a number of security vulnerabilities. See the H2 changelog and migration guide for details of the changes and how to handle the upgrade.
Unfortunately, there is no version of jOOQ that is compatible with both Java 8 and H2 2.x. If you are using Java 11, consider using the jooq.version
property to upgrade to jOOQ 3.16 or later. If you are using Java 8 and cannot upgrade, consider migrating from H2 to another database or, as a last resort, downgrading to H2 1.4.x.
Spring Boot 2.7 has upgrade the MSSQL driver from v9 to v10. The updated driver now enables encryption by default which may break existing applications. You can read about the change in the "Breaking Changes" section of this article.
The recommended advice is to either install a trusted certificate on your server or update your JDBC connection URL to include encrypt=false
.
As OkHttp 3 is no longer being maintained, Spring Boot 2.7 has upgraded to OkHTTP 4.
As part of this upgrade, the property used to control OkHttp’s version has changed from okhttp3.version
to okhttp.version
.
OkHttp 4 is intended to be backwards compatible with OkHttp 3.
If this is not the case in your application or wish to continue using OkHttp 3 for another reason, configure the okttp.version
property in your build.
Separate dependency management for netty-tcnative
has been removed in favor of the dependency management provided by Netty’s bom.
This ensures that the version of netty-tcnative
will align with the version that Netty uses by default.
As a result of this change, the netty-tcnative.version
property can no longer be used to override the version of netty-tcnative
.
The version can still be overridden by providing your own dependency management but it is recommended that it remains aligned with Netty’s default version.
Embedded Mongo 3.4 has dropped support for configuring Mongo features.
Reflecting this, the spring.mongodb.embedded.features
configuration property has been removed.
For advanced configuration where features were being specified to alter the command line used to launch Mongo, a custom MongodConfig
bean should be provided instead.
The following Mustache-related properties that are Servlet-specific have been deprecated:
-
spring.mustache.allow-request-override
-
spring.mustache.allow-session-override
-
spring.mustache.cache
-
spring.mustache.content-type
-
spring.mustache.expose-request-attributes
-
spring.mustache.expose-session-attributes
-
spring.mustache.expose-spring-macro-helpers
The following replacements have been introduced:
-
spring.mustache.servlet.allow-request-override
-
spring.mustache.servlet.allow-session-override
-
spring.mustache.servlet.cache
-
spring.mustache.servlet.content-type
-
spring.mustache.servlet.expose-request-attributes
-
spring.mustache.servlet.expose-session-attributes
-
spring.mustache.servlet.expose-spring-macro-helpers
The default indices options on the auto-configured ReactiveElasticsearchTemplate
have changed to align them with Spring Data Elasticsearch.
Previously, the defaults were strictExpandOpenAndForbidClosed
.
They are now strictExpandOpenAndForbidClosedIgnoreThrottled
.
To restore the old indices options, define your own reactiveElasticsearchTemplate
bean:
@Bean
ReactiveElasticsearchTemplate reactiveElasticsearchTemplate(ReactiveElasticsearchClient client,
ElasticsearchConverter converter) {
ReactiveElasticsearchTemplate template = new ReactiveElasticsearchTemplate(client, converter);
template.setIndicesOptions(IndicesOptions.strictExpandOpenAndForbidClosed());
return template;
}
Previously, if spring.data.mongodb.uri
was configured alongside any of the equivalent separate properties such as spring.data.mongodb.host
and spring.data.mongodb.port
an exception would be thrown.
The uri
property now takes precedence over any of the separate properties – they’re ignored when spring.data.mongodb.uri
is set.
This aligns the behavior with other similar properties such as spring.redis.url
.
The spring-boot:run
and spring-boot:start
goals of the Maven Plugin run your application in a forked processed by default.
It is possible to disable this behavior using the fork
attribute of the plugin.
This attribute is now deprecated with no replacement.
ExitCodeGenerator
s are now ordered based on their Ordered
implementation and @Order
annotation.
The first non-zero exit code that is generated is used.
Metric tag keys that were in camelCase
have been renamed to comply with Micrometer’s recommendation to use all lower-case and a .
separator.
The following metrics and tag keys are affected:
Metric | Old Tag Key | New Tag Key |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
If you need to restore the previous names, define a MeterFilter
bean that implements the map(Id)
method to modify the tag keys.
Elasticsearch has deprecated its RestHighLevelClient
.
In alignment with this, Spring Boot’s auto-configuration for RestHighLevelClient
has been deprecated.
Where possible, the auto-configured low-level RestClient
should be used instead.
Alternatively, consider manually configuring the new client.
In the Borca release, the group ID of r2dbc-postgresql
, the driver for PostgreSQL, has changed from io.r2dbc
to org.postgresql
. r2dbc-mysql
, the driver for MySQL, as been removed. Consider using r2dbc-mariadb
as a replacement.
Spring Boot 2.7 upgrades to Spring Security 5.7 which has deprecated WebSecurityConfigurerAdapter
. When configuring Spring Security without WebSecurityConfigurerAdapter
and using Spring Boot’s sliced tests such as @WebMvcTest
, you may need to make some changes to your application to make your SecurityFilterChain
beans available to your tests by @Import
ing your security configuration class. See the reference documentation for further details.
Classes, methods and properties that were deprecated in Spring Boot 2.5 have been removed in this release. Please ensure that you aren’t calling deprecated methods before upgrading.
Tip
|
Check the configuration changelog for a complete overview of the changes in configuration. |
Spring Boot 2.7 ships support for the Spring GraphQL project with a new spring-boot-starter-graphql
starter. You’ll find more information in the GraphQL section of the Spring Boot reference documentation.
A RabbitStreamTemplate
is auto-configured if a stream name is set using the spring.rabbitmq.stream.name
property.
A RabbitStreamTemplateConfigurer
is provided, similar to RabbitTemplateConfigurer
to customize additional instances whilst retaining auto-configuration.
The auto-configured Hazelcast embedded server now uses SpringManagerContext
by default.
This makes it possible to inject Spring managed beans into objects instantiated by Hazelcast.
A HazelcastConfigCustomizer
callback interface has also been introduced and can be used to further tune the Hazelcast server config.
An OsInfoContributor
can expose some information about the Operating System the application is running on:
{
"os": {
"name": "Linux",
"version": "5.4.0-1051-gke",
"arch": "amd64"
}
}
This new contributor is disabled by default.
It can be enabled using the management.info.os.enabled
property.
The existing JavaInfoContributor
has been improved to offer a dedicated section for the vendor information, including the vendor-specific version.
Rather than a top-level vendor
simple attribute, it is now a dedicated object with name
and version
attributes:
{
"java": {
"vendor": {
"name": "Eclipse Adoptium",
"version": "Temurin-17.0.1+12"
},
"..."
}
Note that not all vendors expose a java.vendor.version
system property so the version
attribute may be null
.
An RSocket handler method can now inject the @Authenticated
Principal
:
@MessageMapping ("test")
Mono<String> hello (@Authenticated Principal p){
return Mono.just ("Hello, " + p.getName()) ;
}
If you are using opaque token introspection in your OAuth2 resource server, the auto-configured introspector no longer requires a dependency on com.nimbusds:oauth2-oidc-sdk
.
Depending on other usages of the SDK, you may be able to remove the dependency from your application.
A new @DataCouchbaseTest
annotation for testing applications that use Spring Data Couchbase has been introduced. See the updated reference documentation for details.
A new @DataElasticsearchTest
annotation for testing applications that use Spring Data Elasticsearch has been introduced. See the updated reference documentation for details.
If you use Spring Security’s SAML2 support, you can configure RP-initiated or AP-initiated logout via configuration properties. See the updated reference documentation for details.
If you have created your own auto-configurations, you should move the registration from spring.factories
to a new file named META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
. Each line contains the fully qualified name of the auto-configuration. See the included auto-configurations for an example.
For backwards compatibility, entries in spring.factories
will still be honored.
A new @AutoConfiguration
annotation has been introduced. It should be used to annotate top-level auto-configuration classes that are listed in the new META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
file, replacing @Configuration
. Configuration classes that are nested within or imported by an @AutoConfiguration
class should continue to use @Configuration
as before.
For your convenience, @AutoConfiguration
also supports auto-configuration ordering via the after
, afterNames
, before
and beforeNames
attributes. This can be used as a replacement for @AutoConfigureAfter
and @AutoConfigureBefore
.
If you have created your own test-slices, you should move the registration from spring.factories
to the new place under META-INF/spring/<name of your test slice annotation>.imports
. The format is the same as the new file described in the "Auto-configuration Registration" section, see above.
FailureAnalyzer
implementations can now get access to the BeanFactory
and Environment
of the current application context by providing a constructor that takes one or both of these values as a parameter. Support for injecting the BeanFactory
by implementing BeanFactoryAware
and injecting the Environment
by implementing EnvironmentAware
in a FailureAnalyzer
is deprecated and will be removed in a future release.
Support for specifying a username for authenticating to Sentinel(s) has been added using the spring.redis.sentinel.username
property.
SanitizingFunction
beans are now called in order, stopping once a function has changed the value of the SanitizableData
.
If no SanitizingFunction
bean sanitizes the value, the built-in key-based sanitization is performed.
Functions are ordered through their @Order
annotations or their Ordered
implementation.
Dependency management and auto-configuration for Cache2k has been added.
Default cache settings can be customized by defining a Cache2kBuilderCustomizer
bean.
Auto-configuration for Jackson will now scan your application’s packages for classes annotated with @JsonMixin
.
Any class that are found are automatically registered as mixins with the auto-configured ObjectMapper
.
Embedded web servers can be configured to use SSL with PEM-encoded certificate and private key files using the properties server.ssl.certificate
and server.ssl.certificate-private-key
, as well as the optional server.ssl.trust-certificate
and server.ssl.trust-certificate-private-key
. Management endpoints can be secured using similar management.server.ssl.*
properties.
See the documentation for an example.
This is provided as an alternative to configuring SSL with Java KeyStore files.
Spring Boot 2.7 moves to new versions of several Spring projects:
-
Spring Session 2021.2
Numerous third-party dependencies have also been updated, some of the more noteworthy of which are the following:
-
Elasticsearch 7.17
-
Flyway 8.5
-
H2 2.1
-
Json 2.9
-
Json Path 2.7
-
Kafka 3.1
-
MariaDB 3.0
-
MongoDB 4.5
-
OkHTTP 4.9
-
REST Assured 4.5
Apart from the changes listed above, there have also been lots of minor tweaks and improvements including:
-
Kafka
idlePartitionEventInterval
can be configured using thespring.kafka.listener.idle-partition-event-interval
property. -
KafkaTemplate
transactionIdPrefix
property can be configured using thespring.kafka.template.transaction-id-prefix
property. -
Netty
maxKeepAliveRequests
can be configured using theserver.netty.max-keep-alive-requests
property. -
@DataJdbcTest
automatically scans forAbstractJdbcConfiguration
beans. -
A
UserDetailsService
bean is no longer auto-configured when SAML 2.0 Login is being used. -
The transaction isolation level of Spring Batch can be configured using the
spring.batch.jdbc.isolation-level-for-create
property. -
The filter used to record Spring MVC metrics can now be replaced by defining your own
FilterRegistrationBean<WebMvcMetricsFilter>
bean. -
The ID of
DatabaseDriver.MARIADB
has changed frommysql
tomariadb
-
The
InputStream
returned byRandomAccessDataFile
inspring-boot-loader
now implementsavailable()
. -
Spring Kafka’s
immediateStop
is configurable using thespring.kafka.listener.immediate-stop
property. -
A new property,
spring.mustache.reactive.media-types
, can be used to configure the media types supported by a reactive Mustache view. -
Elasticsearch
RestClientBuilder
andRestClient
beans are now auto-configured whenelasticsearch-rest-client
is on the classpath. Ifelasticsearch-rest-high-level-client
is on the classpath, aRestHighLevelClient
bean will still be auto-configured as before, but note that support forRestHighLevelClient
is now deprecated.
-
Loading auto-configurations from
spring.factories
is deprecated. See above for more details. -
DatabaseDriver.GAE
-
Properties under
spring.security.saml2.relyingparty.registration.{id}.identityprovider
have been moved tospring.security.saml2.relyingparty.registration.{id}.assertingparty
. Using the old property names result in log messages on WARN level on startup.