Sourced from org.springframework.boot:spring-boot-starter-web's releases.

v3.5.3

🐞 Bug Fixes

• Binder context does not restore previous source causing missing data on Spring Boot 3.5 or above #46040

v3.5.2

🐞 Bug Fixes

• IllegalArgumentException: 'name' must not be null thrown when property source filtering applied twice #46032

v3.5.1

⚠️Noteworthy Changes

• This release upgrades to Tomcat 10.1.42 which has introduced limits for part count and header size in multipart/form-data requests. These limits can be customized using server.tomcat.max-part-count and server.tomcat.max-part-header-size respectively.

⭐ New Features

• Allow Specifying ConfigData.Options On ConfigDataEnvironmentContributors #42932

🐞 Bug Fixes

• Executable JAR application class encounters performance issues when classpath URLs reference a host #46028
• Loading from spring.factories may fail with a ClassNotFoundException when the TCCL changes between calls #46019
• spring.couchbase.authentication.jks.private-key-password has no effect #46006
• Actuator heapdump endpoint is failing on modern OpenJ9 JVMs #46005
• UnboundConfigurationPropertiesException is no longer thrown from IndexedElementsBinder #45994
• DataSouceBuilder can fail with a NPE when the driver is null #45992
• JSON writer incorrectly escapes forward slash which can cause structure logging issues #45980
• ManagementContextAutoConfiguration adds a property source that degrades binding performance #45968
• ClientHttpConnectorAutoConfiguration fails to load when 'java.net.http.HttpClient' is unavailable #45955
• It is not possible to opt-out of profile validation or use profile names that contain '.' #45947
• GraphQlProperties.DeprecatedSse is not annotated as deprecated #45878
• SpringApplication.setEnvironmentPrefix is ignored when reading MANAGEMENT_SERVER_PORT #45857
• Write and delete operations no longer work in the Cloud Foundry actuator support with Spring Security due to CSRF protection #45848
• ConditionalOnAvailableEndpoint does not use the ConditionContext's ClassLoader to load exposure outcome contributors #45803
• Binding no longer works with sytem environment properties that are not upper case #45741
• ManagementWebServerFactoryCustomizer and ManagementErrorPageCustomizer should not have the same order #45736
• Default version of Awailitility is not compatible with Kotlin 1.9 baseline #45673
• Spring Boot 3.5's dependency management should have been upgraded to Lettuce 6.6.0.RELEASE #45670
• Spring Boot 3.5's dependency management should have been upgraded to Jedis 6.0.0 #45669
• SAML2 autoconfiguration is not imported by @WebMvcTest #45666
• Spring Boot 3.5's dependency management should have been upgraded to MongoDB 5.5.0 #45660

📔 Documentation

• Fix Docker security options links in Packaging OCI images sections #46021
• Improve documentation for configuring Spring Security with '/error' #46009
• Timestamps in Retrieving Audit Events examples do not match the accompanying text #45997
• Add SSL response structure to actuator info endpoint documentation #45921
• Update javadoc of test slice annotations to suggest MockitoBean rather than MockBean #45915
• Include configuration classes from all modules in the "Auto-configuration Classes" appendix #45863

... (truncated)

• 0ec7194 Release v3.5.3
• 18e5e06 Merge branch '3.4.x'
• cb9cf45 Restore previous source in Context.withSource calls
• 01a23c3 Next development version (v3.5.3-SNAPSHOT)
• 7b553d9 Protect against null names when filter is applied more than once
• 440ea79 Next development version (v3.5.2-SNAPSHOT)
• a816518 Merge branch '3.4.x'
• 05906cc Next development version (v3.4.8-SNAPSHOT)
• 74fe4ad Upgrade to HttpClient5 5.5
• 98632a1 Merge branch '3.4.x'
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)