Prior to this commit, Actuator would sanitize properties values when
serializing them on the dedicated endpoint. Keys like "password" or
"secret" are entirely sanitized, but other keys like "uri" or "address"
are considered as URI types and only the password part of the user info
is sanitized.
This commit fixes the sanitization process where lists of such URI types
would not match the first entries of the list since they're starting
with `'['`. This commit improves the regexp matching process to sanitize
all URIs within a collection.
The documentation is also updated to better underline the processing
difference between complete sanitization and selective sanitization for
URIs.
Fixes gh-23037
This commit harmonizes dependency declarations for Jackson in the
actuator. Both Jackson and JSR 310 are back to optional in the core
actuator module and mandatory when using the auto-configuration.
Closes gh-22624
Prior to this commit, configuring a reactive Elasticsearch client would
auto-configure an Actuator Health check using a synchronous client, with
the default configuration properties (so tarting localhost:9200).
This would lead to false reports of unhealthy Elasticsearch clusters
when using reactive clients.
This commit reproduces the logic for MongoDB repositories: if a reactive
variant is available, it is selected for the health check
infrastructure.
See gh-21042
Previously, if TomcatMetricsBinder destroy() was called before it had
received an ApplicationStartedEvent an NPE would be thrown due to
TomcatMetrics being null. This NPE was then caught and logged at
warning level by the disposable bean adapter.
This prevents the NPE by checking that the TomcatMetrics instance is
null before calling close() on it.
See gh-22141
Previously, the thread dump endpoint's response could exceed
WebClient's in-memory buffer limt when there were a large number of
threads or the threads had large stacks.
This commit disables WebClient's in-memory buffer size limit so that
the test passing is not dependent on the number of active threads and
their stack sizes.
Closes gh-22101
Prior to Spring Data Redis version 2.2.8, the contents of the
Properties object returned from the
ReactiveRedisConnection.ServerCommands.info API were the same
for clustered and non-clustered Redis configurations, containing a set
of key/value pairs. This allowed ReactiveRedisHealthIndicator to get
a version property using a well-known key. Starting with Spring Data
Redis 2.2.8, the info property keys contain a host:port prefix in a
clustered Redis configuration. This prevented
ReactiveRedisHealthIndicator from getting the version property as
before and resulted in the health always being reported as DOWN.
This commit adjusts ReactiveRedisHealthIndicator to detect the
clustered configuration from Spring Data Redis and find the version
property for one of the reported cluster nodes.
Fixes gh-22061
Previously, Spring Boot's modules published Gradle Module Metadata
(GMM) the declared a platform dependency on spring-boot-dependencies.
This provided versions for each module's own dependencies but also had
they unwanted side-effect of pulling in spring-boot-dependencies
constraints which would influence the version of other dependencies
declared in the same configuration. This was undesirable as users
should be able to opt in to this level of dependency management, either
by using the dependency management plugin or by using Gradle's built-in
support via a platform dependency on spring-boot-dependencies.
This commit reworks how Spring Boot's build uses
spring-boot-dependencies and spring-boot-parent to provide its own
dependency management. Configurations that aren't seen by consumers are
configured to extend a dependencyManagement configuration that has an
enforced platform dependency on spring-boot-parent. This enforces
spring-boot-parent's version constraints on Spring Boot's build without
making them visible to consumers. To ensure that the versions that
Spring Boot has been built against are visible to consumers, the
Maven publication that produces pom files and GMM for the published
modules is configured to use the resolved versions from the module's
runtime classpath.
Fixes gh-21911
Update `EndpointDiscoverer` so that `@Endpoint` and `@EndpointExtension`
beans are created as late as possible.
Prior to this commit, endpoint beans and extension beans would be
created during the discovery phase which could cause early bean
initialization. The problem was especially nasty when using an embedded
servlet container since `ServletEndpointRegistrar` is loaded as the
container is initialized. This would trigger discovery and load all
endpoint beans, including the health endpoint, and all health indicator
beans.
Fixes gh-20714
Prior to this commit, there was a property server.error.include-details
that allowed configuration of the message and errors attributes in a
server error response.
This commit separates the control of the message and errors attributes
into two separate properties named server.error.include-message and
server.error.include-binding-errors. When the message attribute is
excluded from a servlet response, the value is changed from a
hard-coded text value to an empty value.
Fixes gh-20505