This is a drop-in security patch. No public API changes — Spring Boot 3.x applications can upgrade by simply bumping the dependency version to 2.0.1.
🔒 Security
- Upgraded Spring Boot
3.3.4→3.5.15, pulling in patched transitive dependencies — Tomcat 10.1.55, Spring Framework 6.2.19, Jackson 2.21.4 — resolving all 50 outstanding Dependabot alerts, including several Critical and High severity CVEs intomcat-embed-core. - Bumped the PostgreSQL JDBC driver used by the examples
42.7.5→42.7.11(CVE-2025-49146, CVE-2026-42198).
🧹 Maintenance
- Removed hard-coded JUnit version pins and the custom Surefire/Failsafe overrides so the JUnit toolchain is managed coherently by the Spring Boot BOM.
- Pinned a literal project version in the parent POM so reactor builds resolve the in-tree parent.
📦 Dependency
<dependency>
<groupId>io.github.jchejarla</groupId>
<artifactId>spring-batch-db-cluster-core</artifactId>
<version>2.0.1</version>
</dependency>Full changelog: v2.0.0...v2.0.1