Stay Informed
This week, read about:
- Why We’re Moving to a Source Available License.
- Italy’s Privacy Watchdog Fines OpenAI for ChatGPT’s Violations in Collecting Users Personal Data.
- Top 10 Cybersecurity Trends to Expect in 2025.
- Changes and Improvements in MariaDB 11.8.
- OpenLogic's Long-Term Support for End-of-Life Software.
- OpenLogic OpenJDK 2024 Release Downloads for Versions 8, 11, 17, 21 and 22 Are Now Available.
Security Based Updates
- No News
Non-Security Based Updates
Angular 19.0.5
core:
- [fix - 3793218e77] | avoid triggering `on timer` and `on idle` on the server (#59177)
- [fix - cfc96ed82c] | Fix nested timer serialization (#59173)
platform-server:
- [fix - 9085a8fbd8] | Warn user when transfer state happens more than once (#58935)
Apache Activemq Artemis 2.39.0
Bugs Fixed:
- ARTEMIS-5104 - Remove unused variables
- ARTEMIS-5106 - Exception thrown from plugin in beforeSend method is not propagated to AMQP tx clients on commit
- ARTEMIS-5116 - SslAutoReload not working in kubernetes environment
- ARTEMIS-5135 - AMQP Address federation consumer can fail to attach if previous detach response delayed
- ARTEMIS-5150 - ActiveMQServerControlImpl.getHAPolicy() gets NullPointerException
- ARTEMIS-5155 - AMQP LargeMessage file can be deleted in error on connection drop if final frame is being processed
- ARTEMIS-5172 - Reduce the permissions on temp file
- ARTEMIS-5187 - ArtemisRbacMBeanServerBuilder causes AMQ229031 errors after authentication failures
- ARTEMIS-5199 - Create directory race on shared storage
Improvements:
- ARTEMIS-5093 - Support configurable onMessage timeout when closing consumer
- ARTEMIS-5110 - Add ability to identify retired IDs in log annotations
- ARTEMIS-5117 - Freshen up releasing doc
- ARTEMIS-5118 - Expose HelpCreate on the CLI Jar
- ARTEMIS-5151 - Clarify transfer command parameter descriptions
- ARTEMIS-5153 - Mark AMQP federation events and control queues as internal
- ARTEMIS-5157 - Add management capabilities for AMQP Federation and its Broker Connection
- ARTEMIS-5158 - brokerProperties - storeConfiguration.dataSourceProperties are not exposed
- ARTEMIS-5168 - Improve remoting to brokers from Artemis shell
- ARTEMIS-5201 - Allow Artemis cli to system exit(1) on exception like the Artemis boot
- ARTEMIS-5206 - Provide description = “” instead of null in certain exception instances
Tasks:
- ARTEMIS-3410 - the Karaf integration tests dont work on Java 16+
- ARTEMIS-5132 - consolidate ActiveMQQueueLogger into ActiveMQServerLogger
- ARTEMIS-5170 - Fix AutoCreateExpiryResourcesTest and document expiry of expiry situation
- ARTEMIS-5171 - remove unusual relativePath from base pom
- ARTEMIS-5202 - Require Java 17+ (i.e drop support for Java 11)
Docker Compose v2.32.1
What's Changed
Fixes:
- only check volume mounts for updated config by @ndeloof in
- e2e test to prevent future regression by @ndeloof in
Gitlab-org Gitlab-foss v17.7.0
Added (178 changes)
Fixed (181 changes)
Changed (227 changes)
Deprecated (3 changes)
Removed (21 changes)
Security (25 changes):
- [Update rails-html-sanitizer to 1.6.1](https://gitlab.com/gitlab-org/gitlab/-/commit/8348dea582fdcaed297c3fd773e1c313c459fe1d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174860))
- [Revert "Merge branch '456922-confidential-issue' into 'master'"](https://gitlab.com/gitlab-org/gitlab/-/commit/e45d8f0cd351e0ce70880d281ff957925527767d)
- [Update file GITLAB_KAS_VERSION](https://gitlab.com/gitlab-org/gitlab/-/commit/7fcc3c48a14c1c1009e89065932af8a605368893)
- [Fix: unsubscribe from actioncable channel when PAT is revoked](https://gitlab.com/gitlab-org/gitlab/-/commit/52a0a4e49bc9655ee4c84ec89615bbab8fd56810)
- [HTML injection in vulnerability details, leads to XSS on self hosted servers](https://gitlab.com/gitlab-org/gitlab/-/commit/558af31a582d5f2136ad90ece53bb4c17d38918b)
- [Add timeout around Parslet in template parser](https://gitlab.com/gitlab-org/gitlab/-/commit/514bfb082fa1ec64a85921167b0d0cd038f096ea)
- [Add authorization check to protectableBranches field](https://gitlab.com/gitlab-org/gitlab/-/commit/9d856d297b1d7bc903988eb604077fe982056e31)
- [Ignore titles for GFM links in rich text editor](https://gitlab.com/gitlab-org/gitlab/-/commit/4fa9c1041a27ad7b795b0c1c551ebba6dead4542)
- [Add query to filter_parameters](https://gitlab.com/gitlab-org/gitlab/-/commit/99f19ca570e8cff641c0fcd3fd00c886e3b39d15)
- [Restrict user and group creation when same pages unique domain exist](https://gitlab.com/gitlab-org/gitlab/-/commit/fced55b8da2c99ff87eeb111a03ec9bd46a5964a)
- [Check harbor name & digest for path traversal](https://gitlab.com/gitlab-org/gitlab/-/commit/85dcd3a30d82b2551f4abbfc8ac3d612caff4252)
- [Added invalid redirect fragment check](https://gitlab.com/gitlab-org/gitlab/-/commit/0f9bdea0c2844cee90181c3ce4c2f54490cb9962)
- [Do not set session cookie for /v2 endpoints in the response](https://gitlab.com/gitlab-org/gitlab/-/commit/703bf4e4210bf18a02d58a9255d0abd758adf086)
- [DoS by repeatedly sending unauthenticated requests for diff-files of a commit or merge request](https://gitlab.com/gitlab-org/gitlab/-/commit/5581b0d0d1e95309d72ecca3b59650f28a29077c)
- [Make confidential threads unresolvable via new issue](https://gitlab.com/gitlab-org/gitlab/-/commit/fa33b0d8d6e80aed6f5c020b7240ddf59c7f94f0)
- [Reduce REGEXP_TIMEOUT_SECONDS to 45 seconds](https://gitlab.com/gitlab-org/gitlab/-/commit/86af7aa48d977c9f1d84c43197ca0273912880e8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174854))
- [Update rails to version 7.0.8.6](https://gitlab.com/gitlab-org/gitlab/-/commit/ca1651d20a8e081ca4dce6f8e9356c5859b2b5b1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174107))
- [Upgrade fugit to 1.11.1](https://gitlab.com/gitlab-org/gitlab/-/commit/898763f8ae3785bce797ec9f1af0852abf5bf69d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174037))
- [Add size check for harbor registry](https://gitlab.com/gitlab-org/gitlab/-/commit/30ae381d5f8a02d14f2be63ca5150de2852a206a)
- [Allow a LFS token to be used only for LFS related requests](https://gitlab.com/gitlab-org/gitlab/-/commit/d4d72811d27c8388bc8c7a276a1eb18535dec57f)
- [Adding JobArtifactReport class to pre-emptively validate job artifacts](https://gitlab.com/gitlab-org/gitlab/-/commit/88b5c418116227a84bec2ec0b9b797d449d83096)
- [Move allow_access_with_scope to class level](https://gitlab.com/gitlab-org/gitlab/-/commit/4ab578aa290b27427661908105019643a4eb0e9a)
- [Fix possible DOS with TOML file parsing](https://gitlab.com/gitlab-org/gitlab/-/commit/394176de261c7f5cc32cc5b6cb75871e65211e43)
- [Update cross-spawn to resolve CVE-2024-21538](https://gitlab.com/gitlab-org/gitlab/-/commit/12bb2a586f3ed990d7b026b14d3b25dde694867a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173661))
- [Update webrick to 1.8.2](https://gitlab.com/gitlab-org/gitlab/-/commit/fcbe6a7d54cf1d4537262f446c6307c924bc3907) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173439))
Performance (9 changes):
- [Resolve N+1 queries in Groups::ChildrenController](https://gitlab.com/gitlab-org/gitlab/-/commit/5001959406c3b49e0de144f0d35047a9ff2adb6a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175220))
- [Add responsive throttling for ph reassignment](https://gitlab.com/gitlab-org/gitlab/-/commit/21938997574721ec91ba67a6f8e3e9641b036701) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173292))
- [Improve performance of rendering fork button](https://gitlab.com/gitlab-org/gitlab/-/commit/9c36ab9e1cfce110ae18a578fae3d56bd4216b36) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175075))
- [Improve performance of feature checks with actor](https://gitlab.com/gitlab-org/gitlab/-/commit/02172915fd9c375eb68bb2b22e40a6bd45827e92) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174947)) **GitLab Enterprise Edition**
- [Stop creating keep-arounds on merge-request notes](https://gitlab.com/gitlab-org/gitlab/-/commit/c9bc01f9967ab5633a8e03622cec1addc6f3aaca) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174925))
- [Fetch sidebar counts async](https://gitlab.com/gitlab-org/gitlab/-/commit/0d6b2ad5c7d790cd97caebc6cc2414b8704ebbc3) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173817))
- [Stop creating keep-arounds in cleanup ref service](https://gitlab.com/gitlab-org/gitlab/-/commit/2518396b63bb22be9b8071aa40926cf2eea196d4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173938))
- [Remove billed_project_members_performance_improvement feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/c674351dbaaf95ea7b8843572014b59385236a87) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173799)) **GitLab Enterprise Edition**
- [Optimize packages lookup in the deprecate npm packages service](https://gitlab.com/gitlab-org/gitlab/-/commit/d2d7dc9246c5ef21e712e53687cce2215e8728a2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/172430))
- Other (143 changes)
Jenins 2.491
Bug fixes:
- Revert "Update dependency hotkeys-js to v3.13.9" (#10070) @timja
- All contributors: @Vlatombe, @janfaracik, @jenkins-release-bot, @renovate, @renovate[bot] and @timja
Jenkins 2.490
New features and improvements:
- Add icons to Command Palette (#10049) @janfaracik
- [JENKINS-73539] - Disable YUI by default (#10045) @timja
Bug fixes:
- [JENKINS-75003] - Zip-based tool installer configuration incorrectly rejects non-HTTP(S) URLs (regression in 2.379) (#10065) @basil
- [JENKINS-73942] - Downloading tgz artifacts in Firefox is broken (#9951) @basil
- Fix scrolling with keyboard (#10054) @timja
Changes for plugin developers:
- Recover views after error in `Jenkins.load` (#10023) @jglick
Nodejs Node v23.5.0
Notable Changes
WebCryptoAPI Ed25519 and X25519 algorithms are now stable:
- Following the merge of Curve25519 into the [Web Cryptography API Editor's Draft] the `Ed25519` and `X25519` algorithm identifiers are now stable and will no longer emit an ExperimentalWarning upon use. Contributed by Filip Skokan in [#56142]
On-thread hooks are back:
- This release introduces `module.registerHooks()` for registering module loader customization hooks that are run for all modules loaded by `require()`, `import` and functions returned by `createRequire()` in the same thread, which makes them easier for CJS monkey-patchers to migrate to.
```mjs
import assert from 'node:assert';
import { registerHooks, createRequire } from 'node:module';
import { writeFileSync } from 'node:fs';
writeFileSync('./bar.js', 'export const id = 123;', 'utf8');
registerHooks({
resolve(specifier, context, nextResolve) {
const replaced = specifier.replace('foo', 'bar');
return nextResolve(replaced, context);
},
load(url, context, nextLoad) {
const result = nextLoad(url, context);
return {
...result,
source: result.source.toString().replace('123', '456'),
};
},
});
Checks that it works with require.
- const require = createRequire(import.meta.url);
- const required = require('./foo.js'); // Redirected by resolve hook to bar.js
- assert.strictEqual(required.id, 456); // Replaced by load hook to 456
Checks that it works with import.
- const imported = await import('./foo.js'); // Redirected by resolve hook to bar.js
- assert.strictEqual(imported.id, 456); // Replaced by load hook to 456```
- This complements the `module.register()` hooks - the new hooks fit better internally and cover all corners in the module graph; whereas `module.register()` previously could not cover `require()` while it was on-thread, and still cannot cover `createRequire()` after being moved off-thread. They are also run in the same thread as the modules being loaded and where the hooks are registered, which means they are easier to debug (no more `console.log()` getting lost) and do not have the many deadlock issues haunting the `module.register()` hooks. The new API also takes functions directly so that it's easier for intermediate loader packages to take user options from files that the hooks can't be aware of, like many existing CJS monkey-patchers do.
PHP 8.3.15
Calendar:
- Fixed jdtogregorian overflow.
- Fixed cal_to_jd julian_days argument overflow.
COM:
- Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults).
Core:
- Fail early in *nix configuration build script.
- Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)).
- Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469).
- Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs).
- Fix is_zend_ptr() huge block comparison.
- Fixed potential OOB read in zend_dirname() on Windows.
Curl:
- Fixed bug GH-16802 (open_basedir bypass using curl extension).
- Fix various memory leaks in curl mime handling.
DOM:
- Fixed bug GH-16777 (Calling the constructor again on a DOM object after it is in a document causes UAF).
- Fixed bug GH-16906 (Reloading document can cause UAF in iterator).
FPM:
- Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status).
GD:
- Fixed GH-16776 (imagecreatefromstring overflow).
GMP:
- Fixed bug GH-16890 (array_sum() with GMP can loose precision (LLP64)).
Hash:
- Fixed GH-16711: Segfault in mhash().
Opcache:
- Fixed bug GH-16770 (Tracing JIT type mismatch when returning UNDEF).
- Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads).
- Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64).
OpenSSL:
- Prevent unexpected array entry conversion when reading key.
- Fix various memory leaks related to openssl exports.
- Fix memory leak in php_openssl_pkey_from_zval().
PDO:
- Fixed memory leak of `setFetchMode()`.
Phar:
- Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks).
- PHPDBG:
- Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()).
SAPI:
- Fixed bug GH-16998 (UBSAN warning in rfc1867).
SimpleXML:
- Fixed bug GH-16808 (Segmentation fault in RecursiveIteratorIterator ->current() with a xml element input).
SOAP:
- Fix make check being invoked in ext/soap.
Standard:
- Fixed bug GH-16905 (Internal iterator functions can't handle UNDEF properties).
- Fixed bug GH-16957 (Assertion failure in array_shift with self-referencing array).
Streams:
- Fixed network connect poll interuption handling.
Windows:
- Fixed bug GH-16849 (Error dialog causes process to hang).
PHP 8.4.2
BcMath:
- Fixed bug GH-16978 (Avoid unnecessary padding with leading zeros) (Saki Takamachi)
Calendar:
- Fixed jdtogregorian overflow.
- Fixed cal_to_jd julian_days argument overflow.
COM:
- Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults).
Core:
- Fail early in *nix configuration build script.
- Fixed bug GH-16344 (setRawValueWithoutLazyInitialization() and skipLazyInitialization() may change initialized proxy).
- Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)).
- Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469).
- Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs).
- Fix is_zend_ptr() huge block comparison.
- Fixed potential OOB read in zend_dirname() on Windows.
- Fixed bug GH-15964 (printf() can strip sign of -INF).
Curl:
- Fixed bug GH-16802 (open_basedir bypass using curl extension).
- Fix various memory leaks in curl mime handling.
DBA:
- Fixed bug GH-16990 (dba_list() is now zero-indexed instead of using resource ids) (kocsismate)
DOM:
- Fixed bug GH-16777 (Calling the constructor again on a DOM object after it is in a document causes UAF).
- Fixed bug GH-16906 (Reloading document can cause UAF in iterator).
FPM:
- Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status).
- Fixed bug GH-16932 (wrong FPM status output).
GD:
- Fixed GH-16776 (imagecreatefromstring overflow).
GMP:
- Fixed bug GH-16890 (array_sum() with GMP can loose precision (LLP64)).
Hash:
- Fixed GH-16711: Segfault in mhash().
Opcache:
- Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads).
- Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64).
- Fixed bug GH-16879 (JIT dead code skipping does not update call_level).
OpenSSL:
- Prevent unexpected array entry conversion when reading key.
- Fix various memory leaks related to openssl exports.
- Fix memory leak in php_openssl_pkey_from_zval().
PDO:
- Fixed memory leak of `setFetchMode()`.
Phar:
- Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks).
PHPDBG:
- Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()).
SAPI:
- Fixed bug GH-16998 (UBSAN warning in rfc1867).
SimpleXML:
- Fixed bug GH-16808 (Segmentation fault in RecursiveIteratorIterator ->current() with a xml element input).
SOAP:
- Fix make check being invoked in ext/soap.
Standard:
- Fixed bug GH-16905 (Internal iterator functions can't handle UNDEF properties).
- Fixed bug GH-16957 (Assertion failure in array_shift with self-referencing array).
Streams:
- Fixed network connect poll interuption handling.
Windows:
- Fixed bug GH-16849 (Error dialog causes process to hang).
- Windows Server 2025 is now properly reported.
PHP 8.2.27
Calendar:
- Fixed jdtogregorian overflow.
- Fixed cal_to_jd julian_days argument overflow.
COM:
- Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults).
Core:
- Fail early in *nix configuration build script.
- Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)).
- Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469).
- Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs).
- Fix is_zend_ptr() huge block comparison.
- Fixed potential OOB read in zend_dirname() on Windows.
Curl:
- Fix various memory leaks in curl mime handling.
FPM:
- Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status).
GD:
- Fixed GH-16776 (imagecreatefromstring overflow).
GMP:
- Revert gmp_pow() overly restrictive overflow checks.
Hash:
- Fixed GH-16711: Segfault in mhash().
Opcache:
- Fixed bug GH-16770 (Tracing JIT type mismatch when returning UNDEF).
- Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads).
- Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64).
OpenSSL:
- Prevent unexpected array entry conversion when reading key.
- Fix various memory leaks related to openssl exports.
- Fix memory leak in php_openssl_pkey_from_zval().
PDO:
- Fixed memory leak of `setFetchMode()`.
Phar:
- Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks).
PHPDBG:
- Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()).
SAPI:
- Fixed bug GH-16998 (UBSAN warning in rfc1867).
SimpleXML:
- Fixed bug GH-16808 (Segmentation fault in RecursiveIteratorIterator ->current() with a xml element input).
SNMP:
- Fixed bug GH-16959 (snmget modifies the object_id array).
Standard:
- Fixed bug GH-16905 (Internal iterator functions can't handle UNDEF properties).
Streams:
- Fixed network connect poll interuption handling.
Windows:
- Fixed bug GH-16849 (Error dialog causes process to hang).
Spring-boot v3.4.1
Bug Fixes:
- KafkaProperties fail to build SSL properties when the bundle name is an empty string [#43563]
- Diagnostics are poor when property resolution throws a ConversionFailedException [#43559]
- SpringApplicationShutdownHandlers do not run in deterministic order [#43536]
- Unable to find a `@SpringBootConfiguration` results in misleading error message [#43507]
- With multiple ResourceHandlerRegistrationCustomizer beans in the context, only one of them is used [#43497]
- Unable to use Docker Compose support when mixing dedicated and shared services [#43472]
- Kafka dependency management does not include the kafka-server module [#43454]
- Docker API version is incorrectly reported when '/\_ping` calls fail and version should be fixed [#43452]
- Methods to build producer / consumer properties from KafkaProperties are inconvienenent to use without an SSL bundle [#43448]
- Failures in -Djarmode=tools do not consistently return a non-zero exit [#43436]
- HttpComponentsClientHttpRequestFactoryBuilder replaces the existing defaultRequestConfigCustomizer rather than adding to it [#43429]
- spring-boot-maven-plugin sets imagePlatform even if it's empty [#43424]
- OnBeanCondition fails to match on annotations when using Scoped Proxies [#43423]
- Failure analysis for InvalidConfigurationPropertyValueException doesn't correctly handle fuzzy matching of environment variables [#43382]
- H2ConsoleAutoConfiguration causes early initialization of DataSource beans [#43359]
- Accept progress on numbers >2GB [#43356]
- Servlet-based UserDetailsServiceAutoConfiguration is active in a reactive app [#43334]
- StructuredLoggingJsonMembersCustomizer implementations declared in spring.factories with a generic type more specific than Object are not called [#43312]
- Overriding log level with an environment variable does not work when using an environment prefix [#43307]
- Management endpoint access and enabled properties are ignored unless the endpoint ID is an exact match [#43302]
- UnsupportedOperationException when starting a Maven shaded application on Java 21 with virtual threads enabled [#43291]
- JmsListener failing with Narayana (pooled ConnectionFactory) since 3.4.0 [#43277]
- SslBundle can no longer open store file locations without using a 'file:' prefix [#43274]
- TestRestTemplate does not allow redirects to be customized [#43258]
- Testcontainers start() methods may be started multiple times [#43253]
Documentation:
- Fix typo in documentation [#43558]
- Document that server.ssl.cipher and server.ssl.enabled-protocols are not fallbacks used with SSL bundles [#43552]
- Use `<annotationProcessorPaths>` in Maven examples for configuring an annotation processor [#43544]
- Fix typo [#43519]
- Links to logback javadoc are incorrect [#43456]
- Fix JUnit javadoc links [#43428]
- Reference documentation incorrectly uses 'disabled' rather than 'none' for access restrictions [#43351]
- Restore System property in Logging section of the reference documentation [#43342]
- Fix link to proxyBeanMethods in `@AutoConfiguration` javadoc [#43325]
- Fix links to Servlet and JPA javadoc [#43324]
- Link to `@EnableMethodSecurity` instead of the deprecated `@EnableGlobalMethodSecurity` [#43315]
- Document that StructuredLoggingJsonMembersCustomizer implementations may optionally take constructor parameters [#43314]
- Update javadoc of StructuredLoggingJsonMembersCustomizer to note that implementations can registered through spring.factories [#43313]
- Fix Javadoc link for Hikari [#43311]
- Document how to use structured logging with custom log configuration [#43301]
- Update Javadoc since for OtlpMetricsProperties and OtlpTracingProperties [#43249]
Spring-boot v3.3.7
Bug Fixes:
- KafkaProperties fail to build SSL properties when the bundle name is an empty string [#43561]
- With multiple ResourceHandlerRegistrationCustomizer beans in the context, only one of them is used [#43494]
- Kafka dependency management does not include the kafka-server module [#43450]
- Failures in -Djarmode=tools do not consistently return a non-zero exit [#43435]
- SpringApplicationShutdownHandlers do not run in deterministic order [#43430]
- Failure analysis for InvalidConfigurationPropertyValueException doesn't correctly handle fuzzy matching of environment variables [#43380]
- Diagnostics are poor when property resolution throws a ConversionFailedException [#43378]
- Unable to find a `@SpringBootConfiguration` results in misleading error message [#43357]
- H2ConsoleAutoConfiguration causes early initialization of DataSource beans [#43337]
- Accept progress on numbers >2GB [#43328]
- Overriding log level with an environment variable does not work when using an environment prefix [#43304]
- Methods to build producer / consumer properties from KafkaProperties are inconvienenent to use without an SSL bundle [#43300]
- UnsupportedOperationException when starting a Maven shaded application on Java 21 with virtual threads enabled [#43284]
- Unable to use Docker Compose support when mixing dedicated and shared services [#40139]
Documentation:
- Fix typo in documentation [#43557]
- Fix typo [#43512]
- Links to logback javadoc are incorrect [#43439]
- Fix JUnit javadoc links [#43383]
- Document that server.ssl.cipher and server.ssl.enabled-protocols are not fallbacks used with SSL bundles [#43353]
- Restore System property in Logging section of the reference documentation [#43341]
- Use `<annotationProcessorPaths>` in Maven examples for configuring an annotation processor [#43329]
- Fix link to proxyBeanMethods in `@AutoConfiguration` javadoc [#43323]
- Fix links to Servlet and JPA javadoc [#43320]
- Link to `@EnableMethodSecurity` instead of the deprecated `@EnableGlobalMethodSecurity` [#43308]
- Fix Javadoc link for Hikari [#43305]