Sourced from gradle-wrapper's releases.

9.5.0

The Gradle team is excited to announce Gradle 9.5.0.

Here are the highlights of this release:

• Task provenance in reports and failure messages
• Type-safe accessors for precompiled Kotlin Settings plugins

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: atm1020, mataha, Adam, Attila Kelemen, Benedikt Ritter, Björn Kautler, Caro Silva Rode, CHANHAN, Dmitry Nezavitin, Eng Zer Jun, KugelLibelle, Madalin Valceleanu, Markus Gaisbauer, Oliver Kopp, Philip Wedemann, ploober, Roberto Perez Alcolea, Rohit Anand, Suvrat Acharya, Ujwal Suresh Vanjare, Victor Merkulov

Upgrade instructions

Switch your build to use Gradle 9.5.0 by updating your wrapper:

./gradlew wrapper --gradle-version=9.5.0 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

9.5.0 RC4

... (truncated)

• 3fe117d Update jdks.yaml (#37703)
• 33d145a Update jdks.yaml
• f7a05d1 Update Gradle wrapper to version 9.5.0-rc-4 (#37654)
• 266facd Update Gradle wrapper to version 9.5.0-rc-4
• 0ad6dd8 Suppress OSC taskbar reset on plain/piped stdout (#37646)
• 966025d Suppress OSC taskbar reset on plain/piped stdout
• e745573 Polish IP docs (#37642)
• d5cfd07 Ensure BuildOperationQueue will progress without extra leases (#37629)
• acdf0c3 Ensure BuildOperationQueue will progress without extra leases
• f7d0e4f Rename anchor
• Additional commits viewable in compare view

Sourced from org.jetbrains.kotlin:kotlin-gradle-plugin's releases.

Kotlin 2.3.21

Changelog

Backend. Wasm

• KT-84610 [Wasm] Failed to compile klibs in IC mode

Compiler

• KT-84566 Prevent launching Default dispatcher threads from IJ SDK in kotlin compiler
• KT-85358 Native: roll back the workaround for KT-84678 once MapLibre has been properly fixed
• KT-85626 @JvmRecord in commonMain breaks compileCommonMainKotlinMetadata with "Cannot access 'java.lang.Record'"
• KT-85405 Postpone/Revert DontIgnoreUpperBoundViolatedOnImplicitArguments
• KT-84678 K/N: Undefined symbol from SPM-added ObjC frameworks when linking iOS target
• KT-85021 False positive SUBCLASS_CANT_CALL_COMPANION_PROTECTED_NON_STATIC error in multi-module project

JavaScript

• KT-82395 Support top-level declarations from compiler plugins in JS incremental compilation
• KT-84475 K/JS: false-positive exportability warnings in multi-module project
• KT-84633 Kotlin/JS: "Serializer for class not found" error when IR output granularity is whole-program
• KT-85047 Kotlin/JS: @JsStatic on suspend fun of class companion generates incorrect d.ts
• KT-84517 K/JS: bad mappings data in outputted Kotlin stdlib source map

Libraries

• KT-71848 Kotlinx.metadata: Add CompilerPluginData into Km API

Native. C and ObjC Import

• KT-85399 Kotlin/Native: TypeCastException when casting ObjC Protocol MetaClass with genericSafeCasts enabled
• KT-85508 K/N: TypeCastException when using nw_parameters_create_secure_tcp block parameter on 2.3.20

Tools. Gradle

• KT-84729 Update Gradle plugin-publish version to enable configuration cache badge on Gradle plugins portal

Tools. Gradle. Compiler plugins

• KT-85257 AGP/Compose: MergeMappingFileTask clears R8 artifacts due to @OutputDirectory annotation on AGP 9.1+

Tools. Scripts

• KT-85105 Scripts: JVM backend internal error (IR lowering) when scratch file contains anonymous object
• KT-85103 Exception while generating code when explain destructuring decls
• KT-84842 scriptCompilationClasspathFromContext behavior changed from 2.3.10 to 2.3.20
• KT-85029 Kotlin Scripting: ScriptDiagnostic reports "at null" instead of error location

Tools. Statistics (FUS)

... (truncated)

Sourced from org.jetbrains.kotlin:kotlin-gradle-plugin's changelog.

2.3.21

Backend. Wasm

• KT-84610 [Wasm] Failed to compile klibs in IC mode

Compiler

• KT-84566 Prevent launching Default dispatcher threads from IJ SDK in kotlin compiler
• KT-85358 Native: roll back the workaround for KT-84678 once MapLibre has been properly fixed
• KT-85626 @JvmRecord in commonMain breaks compileCommonMainKotlinMetadata with "Cannot access 'java.lang.Record'"
• KT-85405 Postpone/Revert DontIgnoreUpperBoundViolatedOnImplicitArguments
• KT-84678 K/N: Undefined symbol from SPM-added ObjC frameworks when linking iOS target
• KT-85021 False positive SUBCLASS_CANT_CALL_COMPANION_PROTECTED_NON_STATIC error in multi-module project

JavaScript

• KT-82395 Support top-level declarations from compiler plugins in JS incremental compilation
• KT-84475 K/JS: false-positive exportability warnings in multi-module project
• KT-84633 Kotlin/JS: "Serializer for class not found" error when IR output granularity is whole-program
• KT-85047 Kotlin/JS: @JsStatic on suspend fun of class companion generates incorrect d.ts
• KT-84517 K/JS: bad mappings data in outputted Kotlin stdlib source map

Libraries

• KT-71848 Kotlinx.metadata: Add CompilerPluginData into Km API

Native. C and ObjC Import

• KT-85399 Kotlin/Native: TypeCastException when casting ObjC Protocol MetaClass with genericSafeCasts enabled
• KT-85508 K/N: TypeCastException when using nw_parameters_create_secure_tcp block parameter on 2.3.20

Tools. Gradle

• KT-84729 Update Gradle plugin-publish version to enable configuration cache badge on Gradle plugins portal

Tools. Gradle. Compiler plugins

• KT-85257 AGP/Compose: MergeMappingFileTask clears R8 artifacts due to @OutputDirectory annotation on AGP 9.1+

Tools. Scripts

• KT-85105 Scripts: JVM backend internal error (IR lowering) when scratch file contains anonymous object
• KT-85103 Exception while generating code when explain destructuring decls
• KT-84842 scriptCompilationClasspathFromContext behavior changed from 2.3.10 to 2.3.20
• KT-85029 Kotlin Scripting: ScriptDiagnostic reports "at null" instead of error location

Tools. Statistics (FUS)

• KT-85628 KGP: composite build FUS metrics fail on access of 'configurationTimeMetrics'

• fea1ad8 Add ChangeLog for 2.3.21-RC2
• 09c341e disable swift export execution tests in order to update macos
• 67a0868 Avoid accessing KotlinNativeLink taskProvider when task was not executed
• f89e5db [K/N] Disable TSAN in runtime tests
• 45d6c85 [K/N] Don't generate generic safe casts for Objective-C types
• 9261a6f [K/N][tests] Add a reproducer for KT-85508
• c9ab9db [K/N][tests] Add a reproducer for KT-85399
• 502e844 Explain: fix for destructuring declarations
• 0c26485 Explain: fix for object literals
• 68a9e3f [minor] fix testdata name in explain test
• Additional commits viewable in compare view

• 7914d2c [maven-release-plugin] prepare release jackson-module-kotlin-2.21.3
• 864b9de Prep for 2.21.3 release
• 84a0c1e Merge branch '2.21' of github.com:FasterXML/jackson-module-kotlin into 2.21
• c8fea00 Merge branch '2.20' into 2.21
• 2953344 Merge branch '2.19' into 2.20
• f68fe40 Merge branch '2.18' into 2.19
• c7765fc Post-release dep version bump
• b6aa92c [maven-release-plugin] prepare for next development iteration
• f91b6ac [maven-release-plugin] prepare release jackson-module-kotlin-2.18.7
• ef430b7 Prep for 2.18.7 release
• Additional commits viewable in compare view

Sourced from org.postgresql:postgresql's releases.

v42.7.11

Security

• fix: Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. See the Security Advisory for more detail. The following CVE-2026-42198 has been issued.

Changes

• fix: Add sources and javadocs to shaded published lib generation @​sehrope (#4043)
• update Changelog and website for release of 42.7.11 @​davecramer (#4042)
• Fix scram fix location in changelog and update published artifact developer list @​sehrope (#4041)
• Restrict test with scram_iterations to v16+ and release notes @​sehrope (#4040)
• chore(deps): update ubuntu:24.04 docker digest to 84e77de @​renovate-bot (#4017)
• test: add tests for QueryExecutor#getTransactionState @​vlsi (#4006)
• chore(deps): update actions/create-github-app-token action to v2.2.2 @​renovate-bot (#3983)
• fix: fix flaky CopyBothResponseTest by using WAL flush LSN @​vlsi (#3979)
• fix: fix flaky replication restart tests by waiting for confirmed_flush_lsn @​vlsi (#3975)
• test: fix flaky LogicalReplicationStatusTest by polling pg_stat_replication @​vlsi (#3974)
• chore: replace Appveyor with ikalnytskyi/action-setup-postgres @​vlsi (#3966)
• test: move test table creation from @​BeforeEach to @​BeforeAll @​vlsi (#3967)
• Return jsonb as PGObject fixes Issue #3926 @​davecramer (#3956)
• Update docker scripts @​davecramer (#3958)
• implement require_auth, this is pretty much how libpq does this. @​davecramer (#3895)
• docs: add SCRAM authentication test setup section to TESTING.md @​emmaeng700 (#3945)
• Add RequireServerVersion annotation for tests @​sehrope (#3939)

🐛 Bug Fixes

• fix: ensure extended protocol messages end with Sync message @​vlsi (#3728)
• fix: enable cursor-based fetching in extended protocol when transaction started via SQL command @​vlsi (#3996)
• fix: retry with SSL on IOException when sslMode=ALLOW @​vlsi (#3973)
• fix: allow fallback to non-SSL connection when sslMode=prefer and sslResponseTimeout kicks in @​vlsi (#3968)
• fix: catch SecurityException from setContextClassLoader on ForkJoinPool workers @​vlsi (#3962)
• fix: use compareTo for LogSequenceNumber comparison @​vlsi (#3961)
• fix: release COPY lock on IOException to prevent connection hang (#3957) @​vlsi (#3960)

🧰 Maintenance

• style: replace @​exception with @​throws in getBoolean javadoc @​vlsi (#4035)
• chore: use @​vlsi/github-actions-random-matrix npm package @​vlsi (#4008)
• chore: use tag names for pinning github actions, pin ikalnytskyi/action-setup-postgres @​vlsi (#4007)
• chore: bump errorprone to 2.48.0 @​vlsi (#4005)
• test: add @​DisableLogger annotation to suppress expected log warnings in tests @​vlsi (#3971)
• chore: suppress deprecations in test code to reduce build verbosity @​vlsi (#3972)
• chore: replace log warning in ConnectionFactory.closeStream with Throwable.addSuppressed @​vlsi (#3970)
• chore: use greedy pairwise coverage for CI matrix generation @​vlsi (#3965)
• chore: use full version tags in GitHub Actions comments @​vlsi (#3963)

⬆️ Dependencies

... (truncated)

Sourced from org.postgresql:postgresql's changelog.

[42.7.11] (2026-04-28)

Security

• fix: Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. See the Security Advisory for more detail. The following CVE-2026-42198 has been issued.

Added

• feat: implement require_auth connection property, aligning with libpq behavior [PR #3895](pgjdbc/pgjdbc#3895)

Changed

• chore: replace Appveyor CI with ikalnytskyi/action-setup-postgres [PR #3966](pgjdbc/pgjdbc#3966)
• chore: upgrade Gradle to v9 [PR #3978](pgjdbc/pgjdbc#3978)

Fixed

• fix: ensure extended protocol messages end with Sync message [PR #3728](pgjdbc/pgjdbc#3728)
• fix: enable cursor-based fetching in extended protocol when transaction started via SQL command [PR #3996](pgjdbc/pgjdbc#3996)
• fix: retry with SSL on IOException when sslMode=ALLOW [PR #3973](pgjdbc/pgjdbc#3973)
• fix: make sure the driver honours connectTimeout when retrying the connection [PR #3968](pgjdbc/pgjdbc#3968)
• fix: allow fallback to non-SSL connection when sslMode=prefer and sslResponseTimeout kicks in [PR #3968](pgjdbc/pgjdbc#3968)
• fix: catch SecurityException from setContextClassLoader on ForkJoinPool workers [PR #3962](pgjdbc/pgjdbc#3962)
• fix: use compareTo for LogSequenceNumber comparison to handle unsigned values correctly [PR #3961](pgjdbc/pgjdbc#3961)
• fix: release COPY lock on IOException to prevent connection hang [PR #3957](pgjdbc/pgjdbc#3957)
• fix: return jsonb as PGObject instead of String [PR #3956](pgjdbc/pgjdbc#3956)
• fix: align SSL key file permission check with libpq [PR #3952](pgjdbc/pgjdbc#3952)
• fix: guard connection closed flag with a reentrant lock to protect against concurrent close [PR #3905](pgjdbc/pgjdbc#3905)

• 78e261f fix: Add sources and javadocs to shaded published lib generation
• 1e09fa0 update Changelog and website for release of 42.7.11 (#4042)
• d479fa5 Fix scram fix location in changelog and update published artifact developer l...
• b04fc46 docs: Add scram max iters fix to changelog
• cf54822 test: Disable scram test on older version without scram_iterations GUC
• 7dbcc79 test: Add SCRAM max iteration tests
• c9d41d1 fix: Limit SCRAM PBKDF2 iterations accepted from the server
• a340cb2 style: replace @​exception with @​throws in getBoolean javadoc
• 77837f8 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
• 23af03b chore(deps): update actions/checkout action to v6
• Additional commits viewable in compare view

Sourced from com.mysql:mysql-connector-j's changelog.

Changelog

https://dev.mysql.com/doc/relnotes/connector-j/en/

Version 9.7.0

• Fix for Bug#119863 (Bug#38951042), Inaccurate decoding of negative TIME durations in Binary Protocol (Cursor Mode).

• WL#17215, Implement JDBC 4.3/4.5 Statement/Connection.enquote* methods.

• Fix for Bug#119245 (Bug#38599240), Select into fix breaks queries with 'into' in them. (reopened)

• Fix for Bug#119659 (Bug#38916595), BinaryResultsetReader fails to consume EOF packet after column definitions when EOF is not deprecated.

Version 9.6.0

• Fix for Bug#118002 (Bug#37843004), The setFetchSize() method in the Statement class may have a potential bug.

• Fix for Bug#113130 (Bug#36043125), getGeneratedKeys() returns a zero resultset with non-key-generating statements.

• Fix for Bug#113336 (Bug#36080226), Inconsistent getUpdateCount() Behavior with allowMultiQueries.

• Fix for Bug#118234 (Bug#37975837), A potential bugs in Mysql Connector/J.

• Fix for Bug#113413 (Bug#36107426), Connection.changeUser cannot be done after DriverManager.loginTimeout elapses. Thanks to Kazuhisa Kawashima for his contribution.

• Fix for Bug#119271 (Bug#38599496), Connector/J fails to accept legacy value zeroDateTimeBehavior=convertToNull on multi-host URLs (failover).

• Fix for Bug#119245 (Bug#38599240), Select into fix breaks queries with 'into' in them.

Version 9.5.0

• Fix for Bug#72036 (Bug#18403804), XA isSameRM() shouldn't take database into account.

• Fix for Bug#62693 (Bug#16722068), XAConnection savepoint capability.

• Fix for Bug#81128 (Bug#23146631), Master host list overwritten by slave list when loadBalanceConnectionGroup used.

• Fix for Bug#19887224, RUNNING THE TEST SUITE WITH SOCKSPROXY* PROPERTIES HANGS IN TEST TESTBUG56429.

• Fix for Bug#98699 (Bug#30932850), Allow empty keyStore file for keyStoreTypes that do not require files. Thanks to Kolbe Kegel for his contribution.

• Fix for Bug#118938 (Bug#38396227), DatabaseMetaDataInformationSchema#getSchemas has a bug.

• Fix for Bug#99292 (Bug#31195955), Contribution: Support Windows time zone 'Coordinated Universal Time'. Thanks to Frédéric Barrière for his contribution.

• Fix for Bug#107094 (Bug#34104230), NullPointerException when calling equals with null on MultiHostConnectionProxy.

... (truncated)

• 0aade1f Fix for Bug#119863 (Bug#38951042), Inaccurate decoding of negative TIME durat...
• b6d5baa Update for GPL license book.
• a7cc5a9 Fix for DateTimeTest failures after some of the work done for WL#16669 in MyS...
• 6a0c818 WL#17215, Implement JDBC 4.3/4.5 Statement/Connection.enquote* methods.
• 5f96e85 Fix for Bug#119245 (Bug#38599240), Select into fix breaks queries with 'into'...
• 8d779fc Fix for Bug#119659 (Bug#38916595), BinaryResultsetReader fails to consume EOF...
• 1391179 Copyright header year bump.
• 5c764b4 Post-release version bump.
• See full diff in compare view

Sourced from org.springframework.boot:spring-boot-autoconfigure's releases.

v4.0.6

🐞 Bug Fixes

• Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
• Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
• ApplicationPidFileWriter does not handle symlinks correctly #50185
• RandomValuePropertySource is not suitable for secrets #50183
• Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
• ApplicationTemp does not handle symlinks correctly #50178
• Remote DevTools performs comparison incorrectly #50176
• spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
• Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
• Classic starters are missing several modules #50071
• Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
• Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
• EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
• WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
• Imports on a containing test class are ignored when a nested class has imports #50012
• With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
• 500 response from env endpoint when supplied pattern is invalid #49946
• Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
• HTTP method is lost when configuring excludes in EndpointRequest #49943
• Honor HttpMethod for reactive additional endpoint paths #49880
• Docker Compose support doesn't work with apache/artemis image #49869
• Docker Compose support doesn't work with apache/activemq image #49866
• Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
• API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

• Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
• HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
• Link to the observability section of the Lettuce documentation is broken #50097
• Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
• MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
• Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
• Link to the Kubernetes documentation when discussing startup probes #50015
• Typo in JdbcSessionAutoConfiguration Javadoc #49873
• Clarify that configuration property default values are not available through the Environment #49851
• Document the need for Liquibase and Flyway starters #49839
• Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

• Upgrade to Elasticsearch Client 9.2.8 #50027
• Upgrade to Groovy 5.0.5 #49911
• Upgrade to Hibernate 7.2.12.Final #50134
• Upgrade to Jackson Bom 3.1.2 #50051
• Upgrade to Jaxen 2.0.1 #50104
• Upgrade to Jaybird 6.0.5 #49914

... (truncated)

• 8821ad2 Release v4.0.6
• 9e4048a Merge branch '3.5.x' into 4.0.x
• 20bb11c Next development version (v3.5.15-SNAPSHOT)
• 98daa8e Merge branch '3.5.x' into 4.0.x
• 9dc5aa2 Polish
• 874f629 Fix default security with actuator but without health
• e41b3bf Enable hostname verification for SSL connections to Elasticsearch
• ef8527b Merge branch '3.5.x' into 4.0.x
• f533a45 Do not follow symlinks when writing PID file
• 4a7bd33 Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

Sourced from org.springframework.boot:spring-boot-starter-validation's releases.

v4.0.6

🐞 Bug Fixes

• Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
• Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
• ApplicationPidFileWriter does not handle symlinks correctly #50185
• RandomValuePropertySource is not suitable for secrets #50183
• Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
• ApplicationTemp does not handle symlinks correctly #50178
• Remote DevTools performs comparison incorrectly #50176
• spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
• Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
• Classic starters are missing several modules #50071
• Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
• Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
• EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
• WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
• Imports on a containing test class are ignored when a nested class has imports #50012
• With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
• 500 response from env endpoint when supplied pattern is invalid #49946
• Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
• HTTP method is lost when configuring excludes in EndpointRequest #49943
• Honor HttpMethod for reactive additional endpoint paths #49880
• Docker Compose support doesn't work with apache/artemis image #49869
• Docker Compose support doesn't work with apache/activemq image #49866
• Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
• API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

• Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
• HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
• Link to the observability section of the Lettuce documentation is broken #50097
• Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
• MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
• Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
• Link to the Kubernetes documentation when discussing startup probes #50015
• Typo in JdbcSessionAutoConfiguration Javadoc #49873
• Clarify that configuration property default values are not available through the Environment #49851
• Document the need for Liquibase and Flyway starters #49839
• Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

• Upgrade to Elasticsearch Client 9.2.8 #50027
• Upgrade to Groovy 5.0.5 #49911
• Upgrade to Hibernate 7.2.12.Final #50134
• Upgrade to Jackson Bom 3.1.2 #50051
• Upgrade to Jaxen 2.0.1 #50104
• Upgrade to Jaybird 6.0.5 #49914

... (truncated)

• 8821ad2 Release v4.0.6
• 9e4048a Merge branch '3.5.x' into 4.0.x
• 20bb11c Next development version (v3.5.15-SNAPSHOT)
• 98daa8e Merge branch '3.5.x' into 4.0.x
• 9dc5aa2 Polish
• 874f629 Fix default security with actuator but without health
• e41b3bf Enable hostname verification for SSL connections to Elasticsearch
• ef8527b Merge branch '3.5.x' into 4.0.x
• f533a45 Do not follow symlinks when writing PID file
• 4a7bd33 Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

Sourced from org.springframework.boot:spring-boot-test's releases.

v4.0.6

🐞 Bug Fixes

• Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
• Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
• ApplicationPidFileWriter does not handle symlinks correctly #50185
• RandomValuePropertySource is not suitable for secrets #50183
• Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
• ApplicationTemp does not handle symlinks correctly #50178
• Remote DevTools performs comparison incorrectly #50176
• spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
• Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
• Classic starters are missing several modules #50071
• Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
• Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
• EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
• WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
• Imports on a containing test class are ignored when a nested class has imports #50012
• With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
• 500 response from env endpoint when supplied pattern is invalid #49946
• Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
• HTTP method is lost when configuring excludes in EndpointRequest #49943
• Honor HttpMethod for reactive additional endpoint paths #49880
• Docker Compose support doesn't work with apache/artemis image #49869
• Docker Compose support doesn't work with apache/activemq image #49866
• Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
• API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

• Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
• HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
• Link to the observability section of the Lettuce documentation is broken #50097
• Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
• MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
• Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
• Link to the Kubernetes documentation when discussing startup probes #50015
• Typo in JdbcSessionAutoConfiguration Javadoc #49873
• Clarify that configuration property default values are not available through the Environment #49851
• Document the need for Liquibase and Flyway starters #49839Description has been truncated