Skip to content

Bump spring.version from 3.5.7 to 4.0.1 #180

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ato merged 4 commits into from
Jan 16, 2026
Merged

Bump spring.version from 3.5.7 to 4.0.1 #180

ato merged 4 commits into from
Jan 16, 2026

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 1, 2026

Bumps spring.version from 3.5.7 to 4.0.1.
Updates org.springframework.boot:spring-boot-dependencies from 3.5.7 to 4.0.1

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v4.0.1

⚠️ Noteworthy changes

  • Hibernate has been upgraded to 7.2.0.Final in response to Hibernate 7.1 moving to limited support
  • spring-boot-starter-kotlin-serialization has been renamed to to spring-boot-starter-kotlinx-serialization-json and spring-boot-starter-kotlin-serialization-test has been renamed to spring-boot-starter-kotlinx-serialization-json-test. This change aligns the starters' names with those of their respective modules
  • Using TestRestTemplate now requires a dependency on spring-boot-restclient

🐞 Bug Fixes

  • JsonMixinModuleEntriesBeanRegistrationAotProcessor does not handle deprecated code #48564
  • JdbcSessionAutoConfiguration may not match when using the auto-configured DataSource #48552
  • @ServiceConnection for LgtmStackContainer fails when logging endpoint is configured due to multiple OtlpLoggingConnectionDetails beans #48536
  • WebApplicationType does not consider modules when deduced from classpath #48517
  • Spring Session auto-configuration fails in a war deployment as ServerProperties is not available #48493
  • Opentelemetry logging export requires actuator module #48488
  • RabbitHealthIndicator reports an error when version is missing from the connection's server properties #48487
  • Actuator Info class has inconsistent nullability annotations and cannot be built with null value #48480
  • Profiles retained during AOT processing are not configured in a native image #48476
  • Security matchers and WebServerNamespace resolution can fail with NoClassDefFoundError when used in a traditional WAR deployment #48388
  • HealthEndpointGroupMembershipValidator does not consider reactive health indicators causing NoSuchHealthContributorException to be thrown #48387
  • spring.jackson.default-property-inclusion is not applied to content inclusion #48343
  • TestRestTemplate.getRootUri() returns empty string #48330
  • Redis health check reports an error when redis_version is missing from the INFO response #48328
  • Parent's MeterRegistry beans are closed when child context closes #48325
  • HttpMessageConverters picks up converter beans for both client and server #48310
  • Conditions to auto-configure a RestClient are outdated with the modularization #48308
  • A custom JwtTypeValidator that replaces the default can no longer be configured #48301
  • PropertiesRestClientHttpServiceGroupConfigurer has highest precedence, preventing other configurers from being ordered ahead of it #48296
  • SpringBootTest.UseMainMethod.WHEN_AVAILABLE and ALWAYS are incompatible with package-private or parameter-less main method #48275
  • Conditions to auto-configure RestClient-based HTTP service clients are outdated with the modularization #48274
  • Starter for Kotlinx Serialization Json is misnamed #48262
  • ApplicationServletEnvironment is no longer configured in war deployments #48254
  • RestClient.Builder bean present in @SpringBootTest due to spring-boot-starter-webmvc-test, but missing at runtime without restclient starter #48253
  • ProblemDetail is rendered to XML incorrectly #48222

📔 Documentation

  • Harmonize Kotlin example for HTTP Service client support #48577
  • Document HttpMessageConverters detection changes in 4.0.1 #48574
  • Improve javadoc for when to use class names rather than class references #48569
  • Documentation has an outdated reference to the Jackson Kotlin Module #48534
  • Caching documentation should clarify how to use a no-op implementation to run a test suite #48532
  • Document that the default rolling policy for Log4j2 requires logging.file.path to be set #48527
  • Review documentation and migration guide about changes in @AutoConfigureCache #48522
  • License header in build samples is displayed in the reference documentation #48478
  • Configuring Two DataSources How-To code sample is inconsistent #48449
  • Fix links to source files on GitHub #48398
  • Documentation contains broken links to GitHub source files #48394
  • Document that org.aspectj.weaver.Advice must be on the classpath to enable support for Micrometer's annotations #48360
  • Correct the annotation in the Kotlin @ConfigurationPropertiesSource example #48357
  • Polish TestRestTemplate examples in the reference guide #48336

... (truncated)

Commits
  • b2bc463 Release v4.0.1
  • 252b218 Correct renaming of Kotlinx Serialization JSON starters
  • 2fa73c2 Merge pull request #48577 from jwalter
  • 3e68988 Polish "Harmonize Kotlin example for HTTP Service client support"
  • 423373b Harmonize Kotlin example for HTTP Service client support
  • f61ac29 Document HttpMessageConverters detection changes
  • 2519a5d Merge branch '3.5.x'
  • 4fc3ca3 Next development version (v3.5.10-SNAPSHOT)
  • aaf66f4 Merge branch '3.5.x'
  • 08e2cab Polish javadoc for when to use class names rather than class references
  • Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-maven-plugin from 3.5.7 to 4.0.1

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v4.0.1

⚠️ Noteworthy changes

  • Hibernate has been upgraded to 7.2.0.Final in response to Hibernate 7.1 moving to limited support
  • spring-boot-starter-kotlin-serialization has been renamed to to spring-boot-starter-kotlinx-serialization-json and spring-boot-starter-kotlin-serialization-test has been renamed to spring-boot-starter-kotlinx-serialization-json-test. This change aligns the starters' names with those of their respective modules
  • Using TestRestTemplate now requires a dependency on spring-boot-restclient

🐞 Bug Fixes

  • JsonMixinModuleEntriesBeanRegistrationAotProcessor does not handle deprecated code #48564
  • JdbcSessionAutoConfiguration may not match when using the auto-configured DataSource #48552
  • @ServiceConnection for LgtmStackContainer fails when logging endpoint is configured due to multiple OtlpLoggingConnectionDetails beans #48536
  • WebApplicationType does not consider modules when deduced from classpath #48517
  • Spring Session auto-configuration fails in a war deployment as ServerProperties is not available #48493
  • Opentelemetry logging export requires actuator module #48488
  • RabbitHealthIndicator reports an error when version is missing from the connection's server properties #48487
  • Actuator Info class has inconsistent nullability annotations and cannot be built with null value #48480
  • Profiles retained during AOT processing are not configured in a native image #48476
  • Security matchers and WebServerNamespace resolution can fail with NoClassDefFoundError when used in a traditional WAR deployment #48388
  • HealthEndpointGroupMembershipValidator does not consider reactive health indicators causing NoSuchHealthContributorException to be thrown #48387
  • spring.jackson.default-property-inclusion is not applied to content inclusion #48343
  • TestRestTemplate.getRootUri() returns empty string #48330
  • Redis health check reports an error when redis_version is missing from the INFO response #48328
  • Parent's MeterRegistry beans are closed when child context closes #48325
  • HttpMessageConverters picks up converter beans for both client and server #48310
  • Conditions to auto-configure a RestClient are outdated with the modularization #48308
  • A custom JwtTypeValidator that replaces the default can no longer be configured #48301
  • PropertiesRestClientHttpServiceGroupConfigurer has highest precedence, preventing other configurers from being ordered ahead of it #48296
  • SpringBootTest.UseMainMethod.WHEN_AVAILABLE and ALWAYS are incompatible with package-private or parameter-less main method #48275
  • Conditions to auto-configure RestClient-based HTTP service clients are outdated with the modularization #48274
  • Starter for Kotlinx Serialization Json is misnamed #48262
  • ApplicationServletEnvironment is no longer configured in war deployments #48254
  • RestClient.Builder bean present in @SpringBootTest due to spring-boot-starter-webmvc-test, but missing at runtime without restclient starter #48253
  • ProblemDetail is rendered to XML incorrectly #48222

📔 Documentation

  • Harmonize Kotlin example for HTTP Service client support #48577
  • Document HttpMessageConverters detection changes in 4.0.1 #48574
  • Improve javadoc for when to use class names rather than class references #48569
  • Documentation has an outdated reference to the Jackson Kotlin Module #48534
  • Caching documentation should clarify how to use a no-op implementation to run a test suite #48532
  • Document that the default rolling policy for Log4j2 requires logging.file.path to be set #48527
  • Review documentation and migration guide about changes in @AutoConfigureCache #48522
  • License header in build samples is displayed in the reference documentation #48478
  • Configuring Two DataSources How-To code sample is inconsistent #48449
  • Fix links to source files on GitHub #48398
  • Documentation contains broken links to GitHub source files #48394
  • Document that org.aspectj.weaver.Advice must be on the classpath to enable support for Micrometer's annotations #48360
  • Correct the annotation in the Kotlin @ConfigurationPropertiesSource example #48357
  • Polish TestRestTemplate examples in the reference guide #48336

... (truncated)

Commits
  • b2bc463 Release v4.0.1
  • 252b218 Correct renaming of Kotlinx Serialization JSON starters
  • 2fa73c2 Merge pull request #48577 from jwalter
  • 3e68988 Polish "Harmonize Kotlin example for HTTP Service client support"
  • 423373b Harmonize Kotlin example for HTTP Service client support
  • f61ac29 Document HttpMessageConverters detection changes
  • 2519a5d Merge branch '3.5.x'
  • 4fc3ca3 Next development version (v3.5.10-SNAPSHOT)
  • aaf66f4 Merge branch '3.5.x'
  • 08e2cab Polish javadoc for when to use class names rather than class references
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jan 1, 2026
@dependabot
Bump spring.version from 3.5.7 to 4.0.1
35c35e9 
Bumps `spring.version` from 3.5.7 to 4.0.1.

Updates `org.springframework.boot:spring-boot-dependencies` from 3.5.7 to 4.0.1
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.7...v4.0.1)

Updates `org.springframework.boot:spring-boot-maven-plugin` from 3.5.7 to 4.0.1
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.7...v4.0.1)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-dependencies
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: org.springframework.boot:spring-boot-maven-plugin
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jan 1, 2026
@dependabot dependabot bot mentioned this pull request Jan 1, 2026
Closed
@ato ato requested a review from Copilot January 16, 2026 08:29
@ato
Copy link
Member

ato commented Jan 16, 2026

@copilot can you fix this spring update?

Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/DatabaseStartupConfig.java:[3,54] package org.springframework.boot.autoconfigure.orm.jpa does not exist
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/DatabaseStartupConfig.java:[26,19] cannot find symbol
Error:    symbol:   class EntityManagerFactoryDependsOnPostProcessor
Error:    location: class bamboo.config.DatabaseStartupConfig
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[26,60] cannot find symbol
Error:    symbol:   class AntPathRequestMatcher
Error:    location: package org.springframework.security.web.util.matcher
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[26,1] static import only from classes and interfaces
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/DatabaseStartupConfig.java:[27,20] cannot find symbol
Error:    symbol:   class EntityManagerFactoryDependsOnPostProcessor
Error:    location: class bamboo.config.DatabaseStartupConfig
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[45,38] cannot find symbol
Error:    symbol:   method antMatcher(java.lang.String)
Error:    location: class bamboo.config.SecurityConfig
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[46,38] cannot find symbol
Error:    symbol:   method antMatcher(java.lang.String)
Error:    location: class bamboo.config.SecurityConfig
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[49,38] cannot find symbol
Error:    symbol:   method antMatcher(java.lang.String)
Error:    location: class bamboo.config.SecurityConfig
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[50,38] cannot find symbol
Error:    symbol:   method antMatcher(java.lang.String)
Error:    location: class bamboo.config.SecurityConfig
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[51,38] cannot find symbol
Error:    symbol:   method antMatcher(java.lang.String)
Error:    location: class bamboo.config.SecurityConfig
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[53,38] cannot find symbol
Error:    symbol:   method antMatcher(java.lang.String)
Error:    location: class bamboo.config.SecurityConfig
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[54,38] cannot find symbol
Error:    symbol:   method antMatcher(java.lang.String)
Error:    location: class bamboo.config.SecurityConfig
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[56,38] cannot find symbol
Error:    symbol:   method antMatcher(java.lang.String)
Error:    location: class bamboo.config.SecurityConfig
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[57,38] cannot find symbol
Error:    symbol:   method antMatcher(java.lang.String)
Error:    location: class bamboo.config.SecurityConfig
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[58,38] cannot find symbol
Error:    symbol:   method antMatcher(java.lang.String)
Error:    location: class bamboo.config.SecurityConfig
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[59,38] cannot find symbol
Error:    symbol:   method antMatcher(java.lang.String)
Error:    location: class bamboo.config.SecurityConfig
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[61,38] cannot find symbol
Error:    symbol:   method antMatcher(java.lang.String)
Error:    location: class bamboo.config.SecurityConfig
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[62,38] cannot find symbol
Error:    symbol:   method antMatcher(java.lang.String)
Error:    location: class bamboo.config.SecurityConfig
Error:  /home/runner/work/bamboo/bamboo/ui/src/bamboo/config/SecurityConfig.java:[63,38] cannot find symbol
Error:    symbol:   method antMatcher(java.lang.String)
Error:    location: class bamboo.config.SecurityConfig

Copilot AI mentioned this pull request Jan 16, 2026
Merged
Copy link
Contributor

Copilot AI commented Jan 16, 2026

@ato I've opened a new pull request, #183, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI reviewed Jan 16, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR upgrades Spring Boot from version 3.5.7 to 4.0.1, bringing bug fixes, security improvements, and a Hibernate upgrade from 7.1 to 7.2.0.Final. The change affects only the UI module's Spring Boot dependency management.

Changes:

  • Updated spring.version property from 3.5.7 to 4.0.1 in ui/pom.xml
  • This upgrade includes Hibernate 7.2.0.Final, various bug fixes, and security improvements

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI and others added 3 commits January 16, 2026 17:47
@ato
Fix Spring Boot 4.0.1 compatibility issues
2c8cda6 
- Update DatabaseStartupConfig to use BeanFactoryPostProcessor for EntityManagerFactory dependency
- Update SecurityConfig to remove deprecated AntPathRequestMatcher.antMatcher() calls
- Update MethodSecurityConfig to use @EnableMethodSecurity instead of deprecated @EnableGlobalMethodSecurity
- Update WebTest to import AutoConfigureMockMvc from new package
- Add spring-boot-starter-webmvc-test dependency
- Update springdoc-openapi to 3.0.0 for Spring Boot 4.0 compatibility

Co-authored-by: ato <[email protected]>
@ato
Add spring-boot-starter-hateoas needed by springdoc-openapi
90b6a3a
@ato
WebTest: change mockuser to admin to fix failing test
1956ac4 
I guess the mock user setup stuff doesn't work anymore in Sprint Boot 4.
@ato ato merged commit cb09114 into master Jan 16, 2026
5 of 8 checks passed
@dependabot dependabot bot deleted the dependabot/maven/spring.version-4.0.1 branch January 16, 2026 09:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

Copilot code review Copilot

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ato