Stay Informed

This week, read about:

Security Based Updates

No News

Non-Security Based Updates

Angular 19.1.7
common:

[fix - e9f10eb4c9] | clean up `urlChanges` subscribers when root scope is destroyed (#59703)

compiler-cli:

[fix - 16fc074689] | avoid crash in isolated transform operations (#59869)

forms:

[fix - ec1e4c3d94] | Fix typing on `FormRecord`. (#59993)

Docker/Compose v2.33.1
What's Changed
Improvements:

Add support for gw_priority, enable_ipv4 (requires docker v28.0) by @thaJeztah in

Fixes:

Run watch standalone if menu fails to start by @ndeloof in
Report error using non-file secret|config with read-only service by @ndeloof in
Don't display bake suggestion when using --progress with quiet or json option by @glours in
Fix pull --parallel and --no-parallel deprecation warnings missing by @maxproske in
Fix error message when detach is implied by wait by @ndeloof in

Dependencies:

build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @dependabot in
build(deps): bump google.golang.org/grpc from 1.68.1 to 1.70.0 by @dependabot in
go.mod: update to docker v28.0.0 by @thaJeztah in

Gitlab-org/Gitlab-foss v17.8.3
Fixed (2 changes):

[Use primary DB when authenticating via job token in jobs API](https://gitlab.com/gitlab-org/gitlab/-/commit/6eee5c6811cac82981252280f1b08316ae8c1fd5) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/181872))
[Revert stricter workhorse route regexes](https://gitlab.com/gitlab-org/gitlab/-/commit/aba07e94e0587dd378dccbdf18dfe839f09078bf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/181358))

Gitlab-org/Gitlab-foss v17.7.5
Fixed (1 change):

[Revert stricter workhorse route regexes](https://gitlab.com/gitlab-org/gitlab/-/commit/9f1a05217022094de570ca4e4afd5b96b9b68c56) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/181359))

Gitlab-org/Gitlab-foss v17.9.0
Added (202 changes)
Fixed (242 changes)
Changed (273 changes)
Deprecated (5 changes)
Removed (24 changes)
Security (15 changes):

[Revert "Update Kas version to the lastest sha"](https://gitlab.com/gitlab-org/gitlab/-/commit/c89db5ed4a62eb58c81030f453d25741a138dc03)
[Do not allow Planner role to update or delete incidents](https://gitlab.com/gitlab-org/gitlab/-/commit/96c29d4cea022495546617429116226c65b6c779)
[Reduce number of object allocations on PAT endpoint](https://gitlab.com/gitlab-org/gitlab/-/commit/6f4aea90bd0b6bfe61109173aaeb422d05e6f870)
[Prevent SSRF attacks for Workspaces](https://gitlab.com/gitlab-org/gitlab/-/commit/277faf3747bcc4b6d4beb9d04548c1037ac28840)
[Security Duo Chat Escape Unknown Domain Hyperlinks](https://gitlab.com/gitlab-org/gitlab/-/commit/babc054870124dc9faad58f9580ca5cd1d48d9c4)
[Fixes XSS on the target branch in the merge request widget](https://gitlab.com/gitlab-org/gitlab/-/commit/e5f4d1cdbaf813741491013e4c2ab2a5ec758ba0)
[Prevent read code access when repository is disabled](https://gitlab.com/gitlab-org/gitlab/-/commit/047963e52d1905b2c053c02e014f09c4150a7682)
[Unsubscribe from actioncable channel when PAT is revoked](https://gitlab.com/gitlab-org/gitlab/-/commit/74adac8edd65cd3cb830e1674f540ee2566d749c)
[Update Kas version to the lastest sha](https://gitlab.com/gitlab-org/gitlab/-/commit/55609a21ea82501fb0ec4ce8b33e318c764a9e6c)
[Add offset optimization to audits event API](https://gitlab.com/gitlab-org/gitlab/-/commit/d6fa8fa871e821f805e55f65405ba23bb977d6eb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/178619)) **GitLab Enterprise Edition**
[Fix protected variable exfiltration](https://gitlab.com/gitlab-org/gitlab/-/commit/cea3d30eca2ebb9aedd749a4f43f98e328eef350) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/179611))
[Avoid recursive sidekiq calls on cyclic work item hierarchies](https://gitlab.com/gitlab-org/gitlab/-/commit/9d135851bac232665aeadceba56c12104c9ea625) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/179611))
[Enhance rich viewer sanitization](https://gitlab.com/gitlab-org/gitlab/-/commit/2841af0777cef60413aae3ce6844871defa41a4d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/179611))
[Respect the private profile constraints](https://gitlab.com/gitlab-org/gitlab/-/commit/d589410f5a99fc6a5c0b6e524e7255f6f0b6a49b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/179611))
[Reduce REGEXP_TIMEOUT_SECONDS to 40 seconds](https://gitlab.com/gitlab-org/gitlab/-/commit/d2fc6336b69f407a85791ec3b7c5196e3102a31d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177104))

Performance (11 changes)
Other (283 changes)

Jenkinsci/Jenkins jenkins-2.498

This is an automatically generated changelog draft for Jenkins weekly releases. See for the official changelog for this release._

Major features and improvements:

Add experimental 'Details' widget for builds (#10147) @janfaracik

Bug fixes:

[JENKINS-75255] - Tolerate `AccessDeniedException` in `AtomicFileWriter` (#10271) @jglick
[JENKINS-75265] - Fix notification for l:task (#10261) @mawinter69
[JENKINS-75259] - Fix tooltip and console link in progessbar of non pipeline jobs in the executors widget (#10259) @mawinter69
All contributors: @daniel-beck, @janfaracik, @jenkins-release-bot, @jglick, @krisstern, @mawinter69, @renovate[bot], @timja and [renovate[bot]]

Nodejs/Node v18.20.7
Notable Changes:

[`ea5eb0e98b`] - **crypto**: update root certificates to NSS 3.107 (Node.js GitHub Bot) [#56566]

Commits:

[`bb2977ca6c`] - **build**: use glob for dependencies of out/Makefile (Richard Lau) [#55789]
[`92896945b8`] - **build**: support python 3.13 (Chengzhong Wu) [#53190]
[`ea5eb0e98b`] - **crypto**: update root certificates to NSS 3.107 (Node.js GitHub Bot) [#56566]
[`d03a23577d`] - **deps**: V8: cherry-pick 26fd1dfa9cd6 (Shu-yu Guo) [#55873]
[`53bb21b093`] - **deps**: V8: backport ae5a4db8ad86 (Shu-yu Guo) [#55873]
[`5eb6dfe284`] - **deps**: update zlib to 1.3.0.1-motley-82a5fec (Node.js GitHub Bot) [#55980]
[`734515a0f7`] - **deps**: update zlib to 1.3.0.1-motley-7e2e4d7 (Node.js GitHub Bot) [#54432]
[`d64cc98324`] - **deps**: update simdutf to 5.6.4 (Node.js GitHub Bot) [#56255]
[`9eab21dd1d`] - **deps**: update simdutf to 5.6.3 (Node.js GitHub Bot) [#55973]
[`2e3367b46a`] - **deps**: update simdutf to 5.6.2 (Node.js GitHub Bot) [#55889]
[`df74d66207`] - **deps**: update simdutf to 5.6.1 (Node.js GitHub Bot) [#55850]
[`ade37ee0b3`] - **deps**: update acorn to 8.14.0 (Node.js GitHub Bot) [#55699]
[`a3c367adbd`] - **deps**: update corepack to 0.31.0 (Node.js GitHub Bot) [#56795]
[`2cff6a8428`] - **deps**: update corepack to 0.30.0 (Node.js GitHub Bot) [#55977]
[`8b8c9a2cf5`] - **doc**: update macOS and Xcode versions for releases (Michaël Zasso) [#56337]
[`706af28113`] - **doc**: add "Skip to content" button (Antoine du Hamel) [#56750]
[`634a6b3a14`] - **doc**: improve accessibility of expandable lists (Antoine du Hamel) [#56749]
[`f0b60c5bf9`] - **doc**: fix arrow vertical alignment in HTML version (Akash Yeole) [#52193]
[`91cce27ebb`] - **doc**: remove flicker on page load on dark theme (Dima Demakov) [#50942]
[`522fbb00a8`] - **doc**: make theme consistent across api and other docs (Dima Demakov) [#50877]
[`1486465520`] - **doc**: save user preference for JS flavor (Vidar Eldøy) [#49526]
[`d74cff7e59`] - **doc**: rename possibly confusing variable and CSS class (Antoine du Hamel) [#49536]
[`4829d976fe`] - **doc**: add main ARIA landmark to API docs (Rich Trott) [#49882]
[`6c4ce1f1d4`] - **doc**: add navigation ARIA landmark to doc ToC (Rich Trott) [#49882]
[`33548f8c1f`] - **doc**: add history entries for JSON modules stabilization (Antoine du Hamel) [#55855]
[`e12bdf6141`] - **meta**: bump `actions/upload-artifact` from 4.4.3 to 4.6.0 (dependabotbot]) [#56861]
[`6f44ef388b`] - **meta**: bump actions/upload-artifact from 4.4.0 to 4.4.3 (dependabotbot]) [#55685]
[`ae39211117`] - **meta**: bump actions/upload-artifact from 4.3.4 to 4.4.0 (dependabotbot]) [#54703]
[`4cf80b37c7`] - **meta**: bump `actions/upload-artifact` from 4.3.3 to 4.3.4 (dependabotbot]) [#54166]
[`4d402b79cb`] - **meta**: bump `actions/download-artifact` from 4.1.7 to 4.1.8 (dependabotbot]) [#54167]
[`1c01f93497`] - **meta**: bump actions/upload-artifact from 4.3.1 to 4.3.3 (dependabotbot]) [#52785]
[`6558a516ec`] - **meta**: bump actions/download-artifact from 4.1.4 to 4.1.7 (dependabotbot]) [#52784]
[`dd70860ec8`] - **meta**: bump actions/download-artifact from 4.1.3 to 4.1.4 (dependabotbot]) [#52314]
[`4a24d92a45`] - **meta**: bump actions/upload-artifact from 4.3.0 to 4.3.1 (dependabotbot]) [#51941]
[`655b9071b9`] - **meta**: bump actions/download-artifact from 4.1.1 to 4.1.3 (dependabotbot]) [#51938]
[`0e6ad795aa`] - **meta**: bump actions/download-artifact from 4.1.0 to 4.1.1 (dependabotbot]) [#51644]
[`61babc5037`] - **meta**: bump actions/upload-artifact from 4.0.0 to 4.3.0 (dependabotbot]) [#51643]
[`8b16d80029`] - **meta**: update artifact actions to v4 (Michaël Zasso) [#51219]
[`d47e8cb86d`] - **test**: do not use deprecated import assertions (Antoine du Hamel) [#55873]
[`06c523d693`] - **test**: mark `test-inspector-stop-profile-after-done` as flaky (Antoine du Hamel) [#57001]
[`dafea86962`] - **test**: mark `test-perf-hooks` as flaky on macOS (Antoine du Hamel) [#57001]
[`8e53f1f43d`] - **test**: mark test-inspector-multisession-ws as flaky (Antoine du Hamel) [#57001]
[`350eb50bbe`] - **test**: mark `test-performance-function` as flaky (Antoine du Hamel) [#57001]
[`a1f428a343`] - **test**: skip `test-perf-hooks` on SmartOS (Antoine du Hamel) [#57001]
[`199f52fcc0`] - **test**: make test-crypto-hash compatible with OpenSSL > 3.4.0 (Jelle van der Waa) [#56160]
[`b08ce67d48`] - **test**: compare paths on Windows without considering case (Early Riser) [#53993]
[`6e84d211a1`] - **test**: deflake test-perf-hooks.js (Joyee Cheung) [#49892]
[`a7f565fc7f`] - **tools**: fix failing `lint-sh` workflow (Antoine du Hamel) [#56995]

Postgres/Postgres REL_13_20
E.1. Release 13.20:

This release contains a few fixes from 13.19. For information about new features in major release 13, see Section E.21 .
The PostgreSQL community will stop releasing updates for the 13.X release series in November 2025. Users are encouraged to update to a newer release branch soon.

E.1.1. Migration to Version 13.20:

A dump/restore is not required for those running 13.X. However, if you are upgrading from a version earlier than 13.17, see Section E.4.

E.1.2. Changes:

Improve behavior of libpq's quoting functions (Andres Freund, Tom Lane). The changes made for CVE-2025-1094 had one serious oversight: PQescapeLiteral() and PQescapeIdentifier() failed to honor their string length parameter, instead always reading to the input string's trailing null. This resulted in including unwanted text in the output, if the caller intended to truncate the string via the length parameter. With very bad luck it could cause a crash due to reading off the end of memory. In addition, modify all these quoting functions so that when invalid encoding is detected, an invalid sequence is substituted for just the first byte of the presumed character, not all of it. This reduces the risk of problems if a calling application performs additional processing on the quoted string.
Fix crash involving triggers on partitioned tables that make use of transition tables (Kyotaro Horiguchi). If there are both AFTER UPDATE and AFTER DELETE triggers, the need for transition tables was determined incorrectly, leading to a crash during cross-partition updates.

Postgres/Postgres REL_14_17
E.1. Release 14.17:

This release contains a few fixes from 14.16. For information about new features in major release 14, see Section E.18 .

E.1.1. Migration to Version 14.17:

A dump/restore is not required for those running 14.X. However, if you are upgrading from a version earlier than 14.14, see Section E.4 .

E.1.2. Changes:

Improve behavior of libpq's quoting functions (Andres Freund, Tom Lane). The changes made for CVE-2025-1094 had one serious oversight: PQescapeLiteral() and PQescapeIdentifier() failed to honor their string length parameter, instead always reading to the input string's trailing null. This resulted in including unwanted text in the output, if the caller intended to truncate the string via the length parameter. With very bad luck it could cause a crash due to reading off the end of memory. In addition, modify all these quoting functions so that when invalid encoding is detected, an invalid sequence is substituted for just the first byte of the presumed character, not all of it. This reduces the risk of problems if a calling application performs additional processing on the quoted string.
Fix crash involving triggers on partitioned tables that make use of transition tables (Kyotaro Horiguchi). If there are both AFTER UPDATE and AFTER DELETE triggers, the need for transition tables was determined incorrectly, leading to a crash during cross-partition updates.

Postgres/Postgres REL_15_12
E.1. Release 15.12:

This release contains a few fixes from 15.11. For information about new features in major release 15, see Section E.13 .

E.1.1. Migration to Version 15.12:

A dump/restore is not required for those running 15.X. However, if you are upgrading from a version earlier than 15.9, see Section E.4.

E.1.2. Changes:

Improve behavior of libpq's quoting functions (Andres Freund, Tom Lane). The changes made for CVE-2025-1094 had one serious oversight: PQescapeLiteral() and PQescapeIdentifier() failed to honor their string length parameter, instead always reading to the input string's trailing null. This resulted in including unwanted text in the output, if the caller intended to truncate the string via the length parameter. With very bad luck it could cause a crash due to reading off the end of memory. In addition, modify all these quoting functions so that when invalid encoding is detected, an invalid sequence is substituted for just the first byte of the presumed character, not all of it. This reduces the risk of problems if a calling application performs additional processing on the quoted string.

Postgres/Postgres REL_16_8
E.1. Release 16.8:

This release contains a few fixes from 16.7. For information about new features in major release 16, see Section E.9 .

E.1.1. Migration to Version 16.8:

A dump/restore is not required for those running 16.X. However, if you are upgrading from a version earlier than 16.5, see Section E.4.

E.1.2. Changes:

Improve behavior of libpq's quoting functions (Andres Freund, Tom Lane). The changes made for CVE-2025-1094 had one serious oversight: PQescapeLiteral() and PQescapeIdentifier() failed to honor their string length parameter, instead always reading to the input string's trailing null. This resulted in including unwanted text in the output, if the caller intended to truncate the string via the length parameter. With very bad luck it could cause a crash due to reading off the end of memory. In addition, modify all these quoting functions so that when invalid encoding is detected, an invalid sequence is substituted for just the first byte of the presumed character, not all of it. This reducesvthe risk of problems if a calling application performs additional processing on the quoted string.
Fix meson build system to correctly detect availability of the bsd_auth.h system header (NazirvBilal Yavuz)

Postgres/Postgres REL_17_4
E.1. Release 17.4:

This release contains a few fixes from 17.3. For information about new features in major release 17, see Section E.5 .

E.1.1. Migration to Version 17.4:

A dump/restore is not required for those running 17.X. However, if you are upgrading from a version earlier than 17.1, see Section E.4.

E.1.2. Changes:

Improve behavior of libpq's quoting functions (Andres Freund, Tom Lane). The changes made for CVE-2025-1094 had one serious oversight: PQescapeLiteral() and PQescapeIdentifier() failed to honor their string length parameter, instead always reading to the input string's trailing null. This resulted in including unwanted text in the output, if the caller intended to truncate the string via the length parameter. With very bad luck it could cause a crash due to reading off the end of memory. In addition, modify all these quoting functions so that when invalid encoding is detected, an invalid sequence is substituted for just the first byte of the presumed character, not all of it. This reduces the risk of problems if a calling application performs additional processing on the quoted string.
Fix small memory leak in pg_createsubscriber (Ranier Vilela)
Fix meson build system to correctly detect availability of the bsd_auth.h system header (Nazir Bilal Yavuz)

Prometheus/Prometheus v3.2.0
Prometheus v3.2.0 Changelog:

[CHANGE] relabel: Replace actions can now use UTF-8 characters in `targetLabel` field. Note that `$<chars>` or `${<chars>}` will be expanded. This also apply to `replacement` field for `LabelMap` action. #15851
[CHANGE] rulefmt: Rule names can use UTF-8 characters, except `{` and `}` characters (due to common mistake checks). #15851
[FEATURE] remote/otlp: Add feature flag `otlp-deltatocumulative` to support conversion from delta to cumulative. #15165
[ENHANCEMENT] openstack SD: Discover Octavia loadbalancers. #15539
[ENHANCEMENT] scrape: Add metadata for automatic metrics to WAL for `metadata-wal-records` feature. #15837
[ENHANCEMENT] promtool: Support linting of scrape interval, through lint option `too-long-scrape-interval`. #15719
[ENHANCEMENT] promtool: Add --ignore-unknown-fields option. #15706
[ENHANCEMENT] ui: Make "hide empty rules" and hide empty rules" persistent #15807
[ENHANCEMENT] web/api: Add a limit parameter to `/query` and `/query_range`. #15552
[ENHANCEMENT] api: Add fields Node and ServerTime to `/status`. #15784
[PERF] Scraping: defer computing labels for dropped targets until they are needed by the UI. #15261
[BUGFIX] remotewrite2: Fix invalid metadata bug for metrics without metadata. #15829
[BUGFIX] remotewrite2: Fix the unit field propagation. #15825
[BUGFIX] scrape: Fix WAL metadata for histograms and summaries. #15832
[BUGFIX] ui: Merge duplicate "Alerts page settings" sections. #15810
[BUGFIX] PromQL: Fix `<aggr_over_time>` functions with histograms. #15711

Spring-projects/Spring-boot v3.4.3
New Features:

Add TWENTY\_FOUR to JavaVersion enum [#44209]

Fixes:

Console output may be lost when using Log4j2 with something that replaces System.out [#44380]
Maven plugin does not consistently use ArgFile for classpath argument on Windows [#44328]
Reactive Jetty web server does not fail fast when configured to use a server name bundle which Jetty does not support [#44319]
When web server application context refresh fails, the original failure is lost if stopping or destroying the web server throws an exception [#44317]
View resolver for Thymeleaf should back off if spring-webmvc is not present [#44296]
WebServer is not destroyed when ReactiveWebServerApplicationContext refresh fails [#44294]
Non-default DataSource candidates are not considered in H2ConsoleAutoConfiguration [#44293]
Banner placeholder and defaults do not work during development [#44255]
Mustache templates return with ISO-8859-1 charset rather than UTF-8 in Content-Type response header [#44193]
Servlet EndpointRequest doesn't match web server namespace correctly [#44188]
java.lang.ClassCastException when using default management security with WebFlux and health probes enabled [#44052]
Logback configuration that relies on inner-classes does not work in a native image [#44025]
IllegalStateException: Unable to register SSL bundle after 3.3.8 or 3.4.2 [#43989]
Metrics and health do not include non-default candidate beans [#43481]

Documentation:

Document that auto-configuration classes should be identified using their binary names [#44303]
Correct typo in MVC security when explaining when UserDetailsService auto-configuration will back off [#44301]
Link to JarLauncher's javadoc [#44170]
When using observability annotations, recommend that care is taken to avoid double instrumentation [#44145]
Fix typo in Running Your Application [#44035]
Document Kubernetes preStop handler when using a Docker image without a shell [#44022]
Source snippet in Developing Your First Spring Boot Application section uses the root package [#43983]
Correct the location of MyApplication.java in "Developing Your First Spring Boot Application" [#43975]
Add links to Jackson Javadoc [#43971]
Warn that some Quartz database schema scripts must be modified before use [#43958]

Dependency Upgrades:

Upgrade to Commons Pool2 2.12.1 [#44173]
Upgrade to Couchbase Client 3.7.8 [#44269]
Upgrade to Groovy 4.0.25 [#44174]
Upgrade to Hibernate 6.6.8.Final [#44332]
Upgrade to HttpClient5 5.4.2 [#44176]
Upgrade to HttpCore5 5.3.3 [#44177]
Upgrade to Infinispan 15.0.13.Final [#44178]
Upgrade to jOOQ 3.19.19 [#44368]
Upgrade to Json-smart 2.5.2 [#44264]
Upgrade to Maven Clean Plugin 3.4.1 [#44349]
Upgrade to Micrometer 1.14.4 [#44115]
Upgrade to Micrometer Tracing 1.4.3 [#44116]
Upgrade to Native Build Tools Plugin 0.10.5 [#44179]
Upgrade to Neo4j Java Driver 5.28.1 [#44195]
Upgrade to Netty 4.1.118.Final [#44221]
Upgrade to Prometheus Client 1.3.6 [#44280]
Upgrade to R2DBC MySQL 1.3.2 [#44180]
Upgrade to Reactor Bom 2024.0.3 [#44117]
Upgrade to REST Assured 5.5.1 [#44281]
Upgrade to RSocket 1.1.5 [#44181]
Upgrade to Spring AMQP 3.2.3 [#44278]
Upgrade to Spring Authorization Server 1.4.2 [#44118]
Upgrade to Spring Data Bom 2024.1.3 [#44119]
Upgrade to Spring Framework 6.2.3 [#44120]
Upgrade to Spring GraphQL 1.3.4 [#44121]
Upgrade to Spring Integration 6.4.2 [#44122]
Upgrade to Spring Kafka 3.3.3 [#44123]
Upgrade to Spring LDAP 3.2.11 [#44124]
Upgrade to Spring Pulsar 1.2.3 [#44125]
Upgrade to Spring Security 6.4.3 [#44126]
Upgrade to Spring Session 3.4.2 [#44127]
Upgrade to Testcontainers 1.20.5 [#44369]
Upgrade to Testcontainers Redis Module 2.2.4 [#44370]
Upgrade to Tomcat 10.1.36 [#44333]

Contributors:

Thank you to all the contributors who worked on this release:
@Ru311, @ashishkujoy, @izeye, @jearton, @ngocnhan-tran1996, @nosan, @quaff, and @timotheeandres

Spring-projects/Spring-boot v3.3.9
Bug Fixes:

Reactive Jetty web server does not fail fast when configured to use a server name bundle which Jetty does not support [#44316]
When web server application context refresh fails, the original failure is lost if stopping or destroying the web server throws an exception [#44310]
Maven plugin does not consistently use ArgFile for classpath argument on Windows [#44305]
View resolver for Thymeleaf should back off if spring-webmvc is not present [#44259]
Banner placeholder and defaults do not work during development [#44137]
WebServer is not destroyed when ReactiveWebServerApplicationContext refresh fails [#44134]
Mustache templates return with ISO-8859-1 charset rather than UTF-8 in Content-Type response header [#44053]
Logback configuration that relies on inner-classes does not work in a native image [#44021]
IllegalStateException: Unable to register SSL bundle after 3.3.8 or 3.4.2 [#43966]

Documentation:

Document that auto-configuration classes should be identified using their binary names [#44298]
Correct typo in MVC security when explaining when UserDetailsService auto-configuration will back off [#44267]
Link to JarLauncher's javadoc [#44168]
When using observability annotations, recommend that care is taken to avoid double instrumentation [#44037]
Fix typo in Running Your Application [#44032]
Source snippet in Developing Your First Spring Boot Application section uses the root package [#43982]
Correct the location of MyApplication.java in "Developing Your First Spring Boot Application" [#43965]
Add links to Jackson Javadoc [#43961]
Warn that some Quartz database schema scripts must be modified before use [#43955]
Document Kubernetes preStop handler when using a Docker image without a shell [#43830]

Dependency Upgrades:

Upgrade to Commons Pool2 2.12.1 [#44138]
Upgrade to Groovy 4.0.25 [#44139]
Upgrade to Infinispan 15.0.13.Final [#44140]
Upgrade to jOOQ 3.19.19 [#44367]
Upgrade to Json-smart 2.5.2 [#44263]
Upgrade to Micrometer 1.13.11 [#44102]
Upgrade to Micrometer Tracing 1.3.9 [#44103]
Upgrade to Native Build Tools Plugin 0.10.5 [#44141]
Upgrade to Netty 4.1.118.Final [#44218]
Upgrade to Reactor Bom 2023.0.15 [#44104]
Upgrade to RSocket 1.1.5 [#44041]
Upgrade to Spring AMQP 3.1.9 [#44277]
Upgrade to Spring Authorization Server 1.3.5 [#44105]
Upgrade to Spring Data Bom 2024.0.9 [#44106]
Upgrade to Spring Framework 6.1.17 [#44107]
Upgrade to Spring GraphQL 1.3.4 [#44108]
Upgrade to Spring Integration 6.3.8 [#44109]
Upgrade to Spring Kafka 3.2.7 [#44110]
Upgrade to Spring LDAP 3.2.11 [#44111]
Upgrade to Spring Pulsar 1.1.9 [#44112]
Upgrade to Spring Security 6.3.7 [#44113]
Upgrade to Spring Session 3.3.6 [#44114]
Upgrade to Tomcat 10.1.36 [#44331]

Contributors:

Thank you to all the contributors who worked on this release:
@Ru311, @ashishkujoy, @izeye, @jearton, @ngocnhan-tran1996, @nosan, and @timotheeandres

View all OpenUpdate editions >

February 27, 2025

Stay Informed

Security Based Updates

Non-Security Based Updates