Spring Boot 2.6.1 reached end of life in November 2023 and no longer receives security patches. The project should upgrade to Spring Boot 3.2 to stay on a supported release line.
This upgrade involves:
- Spring Boot 2.6.1 → 3.2.0
- Java baseline 1.8 → 17 (required by Spring Boot 3.x)
- Jakarta EE 10 migration (
javax.* → jakarta.* for servlet, annotation, mail, validation, activation)
- Spring Security 6 — deprecated APIs removed (lambda DSL required)
- Lombok 1.18.20 → 1.18.36 with explicit annotation processor configuration (required for Java 17+)
- AspectJ Maven Plugin
org.codehaus.mojo → dev.aspectj 1.14.1 with aspectjtools 1.9.24 (old plugin doesn't support Java 17 compliance)
- Jakarta Mail —
com.sun.mail handler references updated to org.eclipse.angus.mail
- maven-compiler-plugin 3.3 → 3.11.0
The bulk of the change is mechanical namespace renames across ~50 Java files and Lombok annotation processor configuration across ~130 POM files. The Spring Security and AspectJ changes require targeted fixes in a handful of files.
Spring Boot 2.6.1 reached end of life in November 2023 and no longer receives security patches. The project should upgrade to Spring Boot 3.2 to stay on a supported release line.
This upgrade involves:
javax.*→jakarta.*for servlet, annotation, mail, validation, activation)org.codehaus.mojo→dev.aspectj1.14.1 withaspectjtools1.9.24 (old plugin doesn't support Java 17 compliance)com.sun.mailhandler references updated toorg.eclipse.angus.mailThe bulk of the change is mechanical namespace renames across ~50 Java files and Lombok annotation processor configuration across ~130 POM files. The Spring Security and AspectJ changes require targeted fixes in a handful of files.