v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

• Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
• Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

• MailSender auto-configuration does not enable hostname verification #50747
• Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
• Embedded LDAP SSL should not be enabled when its bundle is empty #50700
• InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
• NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
• SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
• Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
• Configuration property metadata includes incorrect class references #50632
• Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
• RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
• NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
• SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
• Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
• ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
• Created StackTracePrinter instances have no access to the Environment #50414
• MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
• Buildpack module does not validate long-to-int casts #50410
• Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
• GraphQL WebSocket support does not configure allowed origins #50394
• Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
• Meter registries are not removed from the global registry when the context is closed #50287
• DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
• Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
• Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
• EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
• Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
• ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
• NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
• Missing dependency management for spring-boot-web-server-test #50224
• Spring Batch support for MongoDB modules are not included in dependency management #50223
• Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
• GrpcServerHealthScheduler is not started in servlet environments #50209
• Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

📔 Documentation

• Fix reference to Gradle documentation for module replacement #50647
• Document SSL reloading with Let's Encrypt #50630
• Remove the use of Optional from Data Neo4j repository examples #50622
• Fix typos in documentation #50620
• Clarify dependency requirement for Bean Validation support #50614
• Document Java 25 requirement for AOT cache #50485
• Add links for Java CAS Client Spring Boot Starter #50285
• Document known testcontainers lifecycle issues #50220
• Document adding multiple connectors for Jetty #50218
• Polish InvalidConfigurationPropertyValueException constructor javadoc #50214
• Fix typo in Spring Security OAuth2 client registration documentation #50199

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.2.6 #50652
• Upgrade to Byte Buddy 1.18.10 #50693
• Upgrade to Caffeine 3.2.4 #50338
• Upgrade to Cassandra Driver 4.19.3 #50654
• Upgrade to Couchbase Client 3.11.3 #50576
• Upgrade to Elasticsearch Client 9.4.2 #50655
• Upgrade to Glassfish JAXB 4.0.9 #50656
• Upgrade to Groovy 5.0.6 #50340
• Upgrade to Hibernate 7.4.1.Final #50732
• Upgrade to Infinispan 16.1.4 #50342
• Upgrade to Jackson 2 Bom 2.21.4 #50657
• Upgrade to Jackson Bom 3.1.4 #50658
• Upgrade to Jakarta Json Bind 3.0.2 #50659
• Upgrade to Jakarta XML Bind 4.0.5 #50345
• Upgrade to Jaxen 2.0.6 #50710
• Upgrade to Jetty 12.1.10 #50661
• Upgrade to Jetty Reactive HTTPClient 4.1.5 #50711
• Upgrade to jOOQ 3.21.5 #50712
• Upgrade to Kafka 4.2.1 #50662
• Upgrade to Kotlin 2.3.21 #50347
• Upgrade to Lettuce 7.5.2.RELEASE #50581
• Upgrade to Liquibase 5.0.3 #50582
• Upgrade to Logback 1.5.34 #50663
• Upgrade to Maven Enforcer Plugin 3.6.3 #50583
• Upgrade to Maven Failsafe Plugin 3.5.6 #50664
• Upgrade to Maven Surefire Plugin 3.5.6 #50665
• Upgrade to Micrometer 1.17.0 #50559
• Upgrade to Micrometer Tracing 1.7.0 #50560
• Upgrade to MongoDB 5.8.0 #50608
• Upgrade to Native Build Tools Plugin 1.1.1 #50585
• Upgrade to Neo4j Java Driver 6.1.0 #50586
• Upgrade to Netty 4.2.15.Final #50666
• Upgrade to OpenTelemetry 1.62.0 #50588
• Upgrade to Oracle Database 23.26.2.0.0 #50667
• Upgrade to Postgresql 42.7.11 #50349
• Upgrade to Protobuf Java 4.34.2 #50590
• Upgrade to Protobuf Maven Plugin 5.1.4 #50589
• Upgrade to Pulsar 4.2.2 #50713
• Upgrade to R2DBC MySQL 1.4.2 #50351
• Upgrade to Reactor Bom 2025.0.6 #50561
• Upgrade to SAAJ Impl 3.0.6 #50714
• Upgrade to SLF4J 2.0.18 #50591
• Upgrade to Spring AMQP 4.1.0 #50562
• Upgrade to Spring Batch 6.0.4 #50563
• Upgrade to Spring Data Bom 2026.0.0 #50564
• Upgrade to Spring Framework 7.0.8 #50565
• Upgrade to Spring GraphQL 2.0.4 #50741
• Upgrade to Spring gRPC 1.1.0 #50566
• Upgrade to Spring HATEOAS 3.1.1 #50567
• Upgrade to Spring Integration 7.1.0 #50568
• Upgrade to Spring Kafka 4.1.0 #50569
• Upgrade to Spring LDAP 4.1.0 #50570
• Upgrade to Spring Pulsar 2.0.6 #50571
• Upgrade to Spring RESTDocs 4.0.1 #50572
• Upgrade to Spring Security 7.1.0 #50573
• Upgrade to Spring Session 4.1.0 #50574
• Upgrade to Spring WS 5.0.2 #50575
• Upgrade to SQLite JDBC 3.53.2.0 #50715
• Upgrade to Tomcat 11.0.22 #50354

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Abdlatif-nabgha, @DragonFSKY, @Kapil-chn7, @Kimgyuilli, @SJvaca30, @SebTardif, @ares333, @codingkiddo, @dlwldnjs1009, @eddumelendez, @henriquejsza, @igormukhin, @johnnypwong, @kwondh5217, @leestana01, @mheath, @mmoayyed, @msridhar, @ngocnhan-tran1996, @nosan, @quaff, @scordio, @vinhhieu21, @vpavic, @won-seoop, and @zxuhan