Skip to content

Update org.springframework.boot.version to v4.1.0#364

Open
xdev-renovate wants to merge 1 commit into
developfrom
renovate/org.springframework.boot.version
Open

Update org.springframework.boot.version to v4.1.0#364
xdev-renovate wants to merge 1 commit into
developfrom
renovate/org.springframework.boot.version

Conversation

@xdev-renovate

@xdev-renovate xdev-renovate commented Apr 24, 2026
edited
Loading

Copy link
Copy Markdown
Member

This PR contains the following updates:

Package Type Update Change
org.springframework.boot:spring-boot-dependencies (source) import minor 4.0.54.1.0
org.springframework.boot:spring-boot-maven-plugin (source) build minor 4.0.54.1.0
org.springframework.boot:spring-boot-starter-test (source) test minor 4.0.54.1.0

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-dependencies)

v4.1.0

Compare Source

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features
  • Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #​50211
  • Reduce memory consumption when repeatedly calling WritableJson.toByteArray #​49428
🐞 Bug Fixes
  • MailSender auto-configuration does not enable hostname verification #​50747
  • Artemis auto-configuration uses a predictable default location for the embedded broker's data #​50745
  • Embedded LDAP SSL should not be enabled when its bundle is empty #​50700
  • InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #​50668
  • NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #​50645
  • SSL should not be enabled when a SSL bundle is overridden to an empty string #​50635
  • Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #​50633
  • Configuration property metadata includes incorrect class references #​50632
  • Docker Compose support does not restore thread interrupt flag when catching InterruptedException #​50618
  • RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #​50612
  • NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #​50610
  • SpringJtaPlatform should have been deprecated since 4.1.0-M3 #​50592
  • Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #​50510
  • ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #​50417
  • Created StackTracePrinter instances have no access to the Environment #​50414
  • MappingsEndpoint reports the context's own ID as parentId when a parent exists #​50412
  • Buildpack module does not validate long-to-int casts #​50410
  • Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #​50405
  • GraphQL WebSocket support does not configure allowed origins #​50394
  • Spring Boot Loader Does Not Support RSA and EC Signed Jars #​50298
  • Meter registries are not removed from the global registry when the context is closed #​50287
  • DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #​50271
  • Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #​50266
  • Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #​50264
  • EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #​50261
  • Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #​50258
  • ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #​50234
  • NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #​50228
  • Missing dependency management for spring-boot-web-server-test #​50224
  • Spring Batch support for MongoDB modules are not included in dependency management #​50223
  • Apply HTML escaping to timestamp attribute in Whitelabel error page #​50216
  • GrpcServerHealthScheduler is not started in servlet environments #​50209
  • Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #​50204
📔 Documentation
  • Fix reference to Gradle documentation for module replacement #​50647
  • Document SSL reloading with Let's Encrypt #​50630
  • Remove the use of Optional from Data Neo4j repository examples #​50622
  • Fix typos in documentation #​50620
  • Clarify dependency requirement for Bean Validation support #​50614
  • Document Java 25 requirement for AOT cache #​50485
  • Add links for Java CAS Client Spring Boot Starter #​50285
  • Document known testcontainers lifecycle issues #​50220
  • Document adding multiple connectors for Jetty #​50218
  • Polish InvalidConfigurationPropertyValueException constructor javadoc #​50214
  • Fix typo in Spring Security OAuth2 client registration documentation #​50199
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Abdlatif-nabgha, @​DragonFSKY, @​Kapil-chn7, @​Kimgyuilli, @​SJvaca30, @​SebTardif, @​ares333, @​codingkiddo, @​dlwldnjs1009, @​eddumelendez, @​henriquejsza, @​igormukhin, @​johnnypwong, @​kwondh5217, @​leestana01, @​mheath, @​mmoayyed, @​msridhar, @​ngocnhan-tran1996, @​nosan, @​quaff, @​scordio, @​vinhhieu21, @​vpavic, @​won-seoop, and @​zxuhan

v4.0.7

Compare Source

🐞 Bug Fixes
  • MailSender auto-configuration does not enable hostname verification #​50746
  • Artemis auto-configuration uses a predictable default location for the embedded broker's data #​50744
  • NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #​50640
  • SSL should not be enabled when a SSL bundle is overridden to an empty string #​50634
  • Docker Compose support does not restore thread interrupt flag when catching InterruptedException #​50617
  • RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #​50611
  • NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #​50609
  • Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #​50602
  • Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #​50509
  • ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #​50416
  • Created StackTracePrinter instances have no access to the Environment #​50413
  • MappingsEndpoint reports the context's own ID as parentId when a parent exists #​50411
  • Buildpack module does not validate long-to-int casts #​50409
  • GraphQL WebSocket support does not configure allowed origins #​50393
  • Configuration property metadata includes incorrect class references #​50375
  • Spring Boot Loader Does Not Support RSA and EC Signed Jars #​50297
  • Meter registries are not removed from the global registry when the context is closed #​50286
  • Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #​50265
  • EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #​50260
  • Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #​50257
  • ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #​50233
  • NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #​50227
  • Apply HTML escaping to timestamp attribute in Whitelabel error page #​50215
  • Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #​50201
📔 Documentation
  • Fix reference to Gradle documentation for module replacement #​50646
  • Document SSL reloading with Let's Encrypt #​50629
  • Remove the use of Optional from Data Neo4j repository examples #​50621
  • Fix typos in documentation #​50619
  • Clarify dependency requirement for Bean Validation support #​50613
  • Document Java 25 requirement for AOT cache #​50484
  • Add links for Java CAS Client Spring Boot Starter #​50281
  • Document known testcontainers lifecycle issues #​50219
  • Document adding multiple connectors for Jetty #​50217
  • Polish InvalidConfigurationPropertyValueException constructor javadoc #​50213
  • Fix typo in Spring Security OAuth2 client registration documentation #​50198
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Abdlatif-nabgha, @​DragonFSKY, @​Kapil-chn7, @​Kimgyuilli, @​SJvaca30, @​SebTardif, @​ares333, @​codingkiddo, @​dlwldnjs1009, @​henriquejsza, @​igormukhin, @​johnnypwong, @​kwondh5217, @​leestana01, @​mheath, @​mmoayyed, @​msridhar, @​ngocnhan-tran1996, @​nosan, @​quaff, @​scordio, @​vinhhieu21, @​won-seoop, and @​zxuhan

v4.0.6

Compare Source

🐞 Bug Fixes
  • Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #​50188
  • Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #​50187
  • ApplicationPidFileWriter does not handle symlinks correctly #​50185
  • RandomValuePropertySource is not suitable for secrets #​50183
  • Cassandra auto-configuration misconfigures CqlSessionBuilder #​50180
  • ApplicationTemp does not handle symlinks correctly #​50178
  • Remote DevTools performs comparison incorrectly #​50176
  • spring.rabbitmq.ssl.verify-hostname is applied inconsistently #​50174
  • Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #​50077
  • Classic starters are missing several modules #​50071
  • Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #​50069
  • Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #​50064
  • EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #​50039
  • WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #​50017
  • Imports on a containing test class are ignored when a nested class has imports #​50012
  • With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #​49951
  • 500 response from env endpoint when supplied pattern is invalid #​49946
  • Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #​49945
  • HTTP method is lost when configuring excludes in EndpointRequest #​49943
  • Honor HttpMethod for reactive additional endpoint paths #​49880
  • Docker Compose support doesn't work with apache/artemis image #​49869
  • Docker Compose support doesn't work with apache/activemq image #​49866
  • Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #​49854
  • API versioning path strategy should be applied path last as it is not meant to yield #​49800
📔 Documentation
  • Update docs to encourage Java fundamentals for beginners that prefer to learn that way #​50146
  • HTTP Service Interface Clients still document that API versioning can be configured via properties #​50126
  • Link to the observability section of the Lettuce documentation is broken #​50097
  • Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #​50085
  • MySamlRelyingPartyConfiguration is missing a Kotlin sample #​50024
  • Incorrect default value for management.httpexchanges.recording.include in configuration metadata #​50019
  • Link to the Kubernetes documentation when discussing startup probes #​50015
  • Typo in JdbcSessionAutoConfiguration Javadoc #​49873
  • Clarify that configuration property default values are not available through the Environment #​49851
  • Document the need for Liquibase and Flyway starters #​49839
  • Kafka documentation refers to deprecated JSON serializer and deserializer classes #​49826
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GollapudiSrikanth, @​MohammedGhallab, @​bachhs, @​dlwldnjs1009, @​edwardsre, @​kodama-kcc, @​kwondh5217, @​ppapaj, @​quaff, @​refeccd, @​scordio, and @​xxxxxxjun

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@xdev-renovate xdev-renovate force-pushed the renovate/org.springframework.boot.version branch from 8624bfe to 1c944e3 Compare April 28, 2026 07:36
@xdev-renovate xdev-renovate force-pushed the renovate/org.springframework.boot.version branch 2 times, most recently from ff7d114 to 657a41b Compare May 7, 2026 05:19
@xdev-renovate xdev-renovate force-pushed the renovate/org.springframework.boot.version branch from 657a41b to 3480777 Compare May 19, 2026 05:34
@xdev-renovate xdev-renovate force-pushed the renovate/org.springframework.boot.version branch from 3480777 to e1d55b9 Compare June 11, 2026 05:47
@xdev-renovate xdev-renovate changed the title Update org.springframework.boot.version to v4.0.6 Update org.springframework.boot.version to v4.1.0 Jun 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xdev-renovate