Remove casting "timestamp" to `java.util.Date` in
`ErrorMvcAutoConfiguration` as the cast is not necessary and it
prevents other types (e.g. `java.time`) from being used.
See gh-23256
Prior to this commit, Actuator would sanitize properties values when
serializing them on the dedicated endpoint. Keys like "password" or
"secret" are entirely sanitized, but other keys like "uri" or "address"
are considered as URI types and only the password part of the user info
is sanitized.
This commit fixes the sanitization process where lists of such URI types
would not match the first entries of the list since they're starting
with `'['`. This commit improves the regexp matching process to sanitize
all URIs within a collection.
The documentation is also updated to better underline the processing
difference between complete sanitization and selective sanitization for
URIs.
Fixes gh-23037
Previous to this commit the connection idle timeout and heartbeat
interval were mapped to seconds whereas Cassandra expects ms for all
duration types.
This commit fixes the mapping and removes the default duration unit
since it should be considered ms like every other duration properties.
Closes gh-23249
This commit updates the Gradle Plugin to filter dependencies based on
the Spring-Boot-Jar-Type entry in their manifest. Jars with a
Spring-Boot-Jar-Type of dependencies-starter are excluded. Unlike the
Maven plugin, jars with a type of annotation-processor are not
excluded. It is not necessary with Gradle as use of the
annotationProcessor configuration for such dependencies already ensures
that they are not included.
See gh-22036
This commit updates the Maven Plugin to filter dependencies based on
the Spring-Boot-Jar-Type entry in their manifest. Jars with a
Spring-Boot-Jar-Type of dependencies-starter or annotation-processor
are excluded.
See gh-22036
The commit also includes an upgrade to Nimbus JOSE JWT 9.0. Spring
Security requires 9.0 and it is not backwards compatible with 8.19.
Closes gh-23225
Closes gh-23242
Previously, PropertiesLauncher would close each archive that it
iterated over when creating its ClassLoader. This was not aligned
with JarLauncher's behaviour and left the ClassLoader with closed
archives. The close was introduced in [1] and became more apparent
following the change to fail operations on closed archives [2].
This commit updates Launcher to remove the close() that was added in
[1]. This aligns the behavior of PropertiesLauncher with JarLauncher
and ensures that the ClassLoader does not have entries backed by
closed archives on its classpath.
Fixes gh-23165
[1] ad72f86bdb
[2] ed7a5db174
Add repeatable `@ImportConfigurationPropertiesBean` annotation that can
be used to import types and treat them as `@ConfigurationProperties`
beans. This annotation is specifically designed to support third-party
classes that can't contain any Spring annotations.
Closes gh-23172
Prior to this commit, the `WebClientExchangeTags`, when given a request
without a string template, would only get the request path to create the
"uri" tag for metrics. This is inconsistent with the
`RestTemplateExchangeTags`, which are taking the full request URI minus
the protocol+host+port.
This commit aligns the `WebClientExchangeTags` behavior in this case.
Closes gh-22832
This commit deprecates the
`"spring.resources.chain.html-application-cache"` configuration property
and its support, since the feature has been deprecated in Spring
Framework.
The app-cache manifest feature is being removed from browsers in favor
of web workers.
Closes gh-23228
With the introduction of health indicators that only require the
CqlSession, this commit deprecates the health indicators that require
Spring Data since the latter build on top of the former.
Closes gh-23226
ReactiveDataAccessStrategy has been deprecated in Spring Data R2BC in
favor of R2dbcConverter (and StatementMapper and UpdateMapper). When
not using Boot, an R2dbcConverter bean is now defined by
AbstractR2dbcConfiguration. This commit updates
R2dbcDataAutoConfiguration to replace the definition of a
ReactiveDataAccessStrategy bean with the definition of an
R2dbcConverter bean.
See gh-23197
Prior to this commit, Spring Boot would auto-configure both
Elasticsearch variants: `RestClient` ("Low Level" client) and
`RestHighLevelClient` ("High Level" client).
Since one can be derived from the other, this would create complex and
unclear situations depending on what developers provided with their
configuration.
`RestHighLevelClient` is mostly for actual use of the Elasticsearch API,
with support for specific methods and (de)serialization. On the other
hand, `RestClient` is merely wrapping the Apache HTTP client for
load-balancing support and low level HTTP features.
This commit completely removes the support for `RestClient` in Spring
Boot and now requires the presence of the
`org.elasticsearch.client:elasticsearch-rest-high-level-client`
dependency for REST client support with Elasticsearch.
Closes gh-22358
This commit builds on top of gh-22603 and exposes data collected by the
`BufferingApplicationStartup` on a dedicated `"/startup"` Actuator
endpoint.
Closes gh-23213
As of spring-projects/spring-framework#24878, Spring Framework provides
an `ApplicationStartup` infrastructure that applications can use to
collect and track events during the application startup phase.
This commit adds a new `BufferingApplicationStartup` implementation that
buffer `StartupStep`s and tracks their execution time. Once buffered,
these steps can be pushed to an external metrics system or drained
through a web endpoint, to a file...
Closes gh-22603
This commit adds a protected method that lets an override customize the
configuration of the ClassPathScanningCandidateComponentProvider used
to scan entities.
Closes gh-23154
Update `OriginTrackedYamlLoader` to remove node limits and recursive
parsing restrictions. SnakeYAML 1.26 introduced these options in order
to protect against the "billion laugh attacks" but since we consider
`application.yml` files to be trusted, we don't need these restrictions.
Fixes gh-23096
Extend `initializeSystem` to search the exception stack for a
FileNotFoundException before reporting the error. This allows
us to provide a similar stack trace to the one that used to be
thrown when we had the `ResourceUtils.getURL` check.
See gh-22946
Remove `ResourceUtils.getURL` checking from `LoggingApplicationListener`
so that logging systems can implement custom location support.
Prior to this commit, we checked in the listener if the specified config
location could be opened as a URL. This unfortunately prevents Log4J
extensions such as `log4j-spring-cloud-config-client` from implementing
configurable SSL and credentials support.
See gh-22946
In some cases, a call to the Docker image load API will fail but
return a 200 OK response status code and an empty response. This
commit detects that the response from this call is empty and
treats this condition as an error instead of a silent failure.
Fixes gh-23130
Allow `ConfigDataLocationResolvers` to access `Origin` information for
locations so that they can be used as a parent origin of loaded items.
The `ResourceConfigData...` classes have been reworked so that loaded
`PropertySources` include the parent origin.
See gh-23018
Update the `Origin` interface to include a default `getParent()` method
which can be used to get the parent origin. The `TextResourceOrigin`
has been updated to implement the method against the source `Resource`.
A new `OriginTrackedResource` implementation allows any `Resource` to
be decorated and carry an optional `Origin`.
Ultimately this will allow us to include parent `Origin` information
on properties loaded via a `PropertySourceLoader` without needing any
changes to that interface.
See gh-23018
Update `DefaultBindConstructorProvider` so that binding to objects with
multiple constructors is allowed, as long as there is only one
non-public candidate.
Closes gh-23117
Support a `spring.config.all-locations-optional` property which can be
set to `true` if all config data locations should be considered
optional.
Closes gh-23097
Update config data processing code so that import locations are
mandatory by default. Any import request will now throw a
`ConfigDataLocationNotFoundException` if the specified import
location cannot be found. For optional imports, the user can
use the `optional:` prefix to indicate that the application should
continue to start, even if the location does not exist.
Closes gh-23032
Previous to this commit, an auto-configuration would create a
PlatformTransactionManager if none is present and others conditions are
met. Spring Framework now has the notion of TransactionManager, a parent
interface that gathers both PlatformTransactionManager and
ReactiveTransactionManager.
Spring Boot should not be in a situation where both managers are defined
out-of-the-box. This commit makes sure to back-off if any
TransactionManager is available.
Closes gh-22851
Previously to this commit, a project that has several classpath
locations matching the template path may lead to some of those
locations to be ignored if one of them is a directory. This can easily
happen if you run your tests in your IDE.
This commit changes the default of "preferFileSystemAccess" to
false so that the complete classpath is always considered.
Closes gh-23051
Allow `${..}` property placeholders to be used in `spring.config.import`
properties. Prior to this commit, placeholders were not resolved when
binding the `ConfigDataProperty` instance. Furthermore, binding happened
too early for all placeholders to be resolved correctly. The
`ConfigDataEnvironmentContributor` class now has two states for imported
contributors, `UNBOUND_IMPORT` has the initial unbound state and is
eventually replaced with a `BOUND_IMPORT`.
Closes gh-23020
Expose the `BootstrapRegisty` to both `ConfigDataLocationResolver` and
`ConfigDataLoader` implementations. The registry is exposed via the
context interfaces and may be used to reuse instances that are expensive
to create. It may also be used to ultimately register beans with the
`ApplicationContext`.
Closes gh-22956
Add a simple `BootstrapRegistry` that can be used to store and share
object instances across `EnvironmentPostProcessors`. The registry
can be injected into the constructor of any `EnvironmentPostProcessor`.
Registrations can also perform additional actions when the
`ApplicationContext` has been prepared. For example, they could register
the the bootstrap instances as beans so that they become available to
the application.
See gh-22956
This commit changes the path used to invoke lifecycle binaries in
CNB builders from `/lifecycle` to `/cnb/lifecycle` to conform to
the CNB spec. This will ensure the build plugin image-building
goals and tasks are compatible with future versions of builders
that may not support both paths.
See gh-23009
Update `BuildImageMojo` so that commons HTTP wire logging is configured
to ERROR. Without this update, running `mvn -X` will produce a great
deal of logging since by default HTTP Client logs all bytes transfered
at DEBUG and Maven will enable DEBUG for all logs.
Closes gh-22674
Update `Repackager` to ensure that `getLayout` is called before we
backup the source file. This restores earlier behavior that some
custom `ModuleFactory` implementations were relying on.
Closes gh-22995
This commit adds a check to the `layertools extract` command to
ensure that the jar file being processed is readable and has a
valid directory.
Fixes gh-22993
Create a new `JarFileWrapper` class so that we can wrap and existing
`JarFile` and offer a version that can be safely closed.
Prior to this commit, we provided wrapper functionality in the `JarFile`
class itself. Unfortunately, because we override `close` and also create
a lot of wrappers this caused memory issues when running on Java 11.
With Java 11 `java.util.zip.ZipFile` class uses `FinalizableResource`
for any implementation that overrides `close()`. This means that any
wrapper classes will not be garbage collected until the JVM finalizer
thread runs.
Closes gh-22991
Rename `CompositeMeterRegistryAutoConfiguration` to
`MeterRegistryAutoConfiguration` since it can also create non-composite
registries.
Closes gh-22988
Update metrics auto-configurations so that they are auto-configured
after `CompositeMeterRegistryAutoConfiguration` in order to ensure
the `MeterRegistry` bean has been defined.
Prior to this commit, metrics auto-configurations that depended on a
`MeterRegistry` has `@AutoConfigureAfter(MetricsAutoConfiguration.class)`
which is not sufficient since `MetricsAutoConfiguration` does not export
a `MeterRegistry`.
See gh-21134
Prior to this commit, values from MongoProperties would always
overwrite matching fields in MongoClientSettings. This commit
preserves all values in MongoClientSettings if the client app
provides the MongoClientSettings bean, and only overwrites from
MongoProperties if no MongoClientSettings bean is provided.
Fixes gh-22321
The current arrangement with Neo4j does not allow us to know for sure
that the user intends to use `@Transactional` for reactive or imperative
operations.
The main reason for that is that the only trigger for the reactive
auto-configuration is the presence of reactor on the classpath given
that the Neo4j driver ships with both styles in the same jar. And
reactor can be on the classpath for a number of reasons that are
unrelated to imperative access (typically `WebClient`).
This commits removes the auto-configuration of the
ReactiveNeo4jAutoConfiguration and makes sure that if the user defines
one, the regular `PlatformTransactionManager` backs off. This is
a temporarily situation until we can provide a better signal that the
user intends to primarily use imperative repositories.
Closes gh-22940
This commit adds a pullPolicy option to the configuration of the Maven
plugin spring-boot:build-image goal and the Gradle plugin bootBuildImage
task. The new option gives users control over pulling the builder image
and run image from a remote image registry to the local Docker daemon.
See gh-22736
This commit switches the deprecation level of several properties in the
spring.data.neo4j namespace from error and warning. The server URI and
basic authentication can be used in a deprecated fashion to configure
the new neo4j driver.
Closes gh-22653
Update `SharedMetadataReaderFactoryContextInitializer` to optionally
support a `ConfigurationClassPostProcessor` provided via an instance
`Supplier`.
If the instance supplier is available then we can use that to set the
`MetadataReaderFactory` non-reflectively, instead of using a
`PropertyValue` (and the `BeanWrapper` eventually).
The previous behavior is left as a fallback and without a change in
Spring Framework will continue to be the default for most applications.
See gh-22858
Update `SpringApplicationRunListeners` so that the step action
is optional and does not need to call `end()`.
This commit also introduces a test for the failure case showing
that there is a missed call to end with the initial solution.
See gh-22845
With the upgrade to the new Couchbase SDK and the related changes in
Spring Data Couchbase, CacheManagerCustomizer can no longer be used to
customize the Couchbase cache manager as it is an immutable class.
This commit introduces a dedicated callback for the
CouchbaseCacheManagerBuilder that is used by the auto-configuration and
update the documentation to refer to it with a sample usage.
Closes gh-22573
Previously, UrlPathHelper's full path optimization was enabled when
there was a dispatcher servlet mapped to /. The UrlPathHelper is used
across Spring MVC and if there are multiple dispatcher servlets they
all share the sample UrlPathHelper. This meant that any additional
dispatcher servlets mapping to locations other than / would not be able
to map requests correctly as the UrlPathHelper would use the full path,
ignoring the url mapping of the dispatcher servlet.
This commit updates the MVC auto-configuration so that use of the full
path is only enabled if there's a single dispatcher servlet
registration.
Fixes gh-22682