Spring Boot 2.1 Release Notes
Classes, methods and properties that were deprecated in Spring Boot 2.0 have been removed in this release. Please ensure that you aren’t calling deprecated methods before upgrading.
Spring Boot 2.1 uses Spring Framework 5.1. Please refer to its upgrade guide for any changes that may affect your application.
Bean overriding has been disabled by default to prevent a bean being accidentally overridden.
If you are relying on overriding, you will need to set spring.main.allow-bean-definition-overriding to true.
Exclusions are now applied consistently rather than only being applied locally. This applies to any exclusion defined on @EnableAutoConfiguration, @SpringBootApplication, @ImportAutoConfiguration or the spring.autoconfigure.exclude property.
If spring-security is on the classpath without any security configuration, /info and /health are now exposed publicly for consistency.
If you have spring-security on your classpath and do not provide any security configuration, you will need to explicitly secure them.
The server.servlet.path property has moved to spring.mvc.servlet.path.
If you were relying on that property programmatically to know the path of the DispatcherServlet please use DispatcherServletPath instead.
User configuration is now included automatically with web slice tests. @WebMvcTest looks for WebSecurityConfigurer beans while @WebFluxTest looks for ServerHttpSecurity beans.
Spring Framework 5.1 revisited the debug logging output while working on web applications (Spring MVC or Spring WebFlux).
If you are trying to debug an application and you want to restore Spring Boot 2.0 style logging you should add the following to your application.properties:
logging.level.web=debugYou might also want to set spring.http.log-request-details to true to log actual request details.
By default this property is false as it can potentially expose sensitive information.
The Narayana support has been removed in favor of the official support that is more aligned with Narayana releases.
If you were using spring-boot-starter-jta-narayana, the new coordinates are the following:
<dependency>
<groupId>me.snowdrop</groupId>
<artifactId>narayana-spring-boot-starter</artifactId>
<version>2.0.1</version>
</dependency>Check the documentation for more details.
If you were using activemq-pool, support has been removed in this release in favor of pooled-jms that offers the same features while being JMS 2.0 compliant.
You can update your build as follows:
<dependency>
<groupId>org.messaginghub</groupId>
<artifactId>pooled-jms</artifactId>
</dependency>HttpPutFormContentFilter has been deprecated in favor of FormContentFilter.
As a result the spring.mvc.formcontent.putfilter.enabled property is no longer defined.
If you were using this feature, please update to spring.mvc.formcontent.filter.enabled.
The structure of the spring.security.oauth2.client.registration has been reworked in a single tree rather than having an authorizationcode and clientcredentials sub namespace.
The description of management.metrics.distribution.sla wrongly described that a all meter ID could be used to set a SLA for all metrics.
This feature couldn’t be implemented properly given that the unit may differ based on the meter type.
Previously, declaring a OkHttpClient.Builder bean was enough to customize the client used by InfluxDB.
To make sure such customizations are isolated, please define a InfluxDbOkHttpClientBuilderProvider bean instead.
The finalName property is no longer customizable to align with the behavior of standard Maven plugins.
If you were customizing the repackage goal, the main execution has now an id of repackage that must be specified, see the updated sample.
The spring.version property defined in the spring-boot-dependencies POM has been renamed.
To override the Spring Framework version you should now use the spring-framework.version property instead.
We generally recommend that you stick with the managed framework version unless absolutely necessary.
A starter could declare a META-INF/spring.provides so that an IDE can figure out what dependencies it provides.
Scanning the starter POM for the immediate dependencies that it declares should be enough of an indication.
If you are responsible of a third-party starter and you declare this file, it can be removed.
Dependency management and auto-configuration for Thymeleaf’s Spring Security Extras module has switched from thymeleaf-extras-springsecurity4 to thymeleaf-extras-springsecurity5.
If you were using the module, you should update your pom.xml or build.gradle to depend upon thymeleaf-extras-springsecurity5.
Dependency management for json-simple is no longer provided and the JsonParser implementation using it has been removed.
If you are using hibernate-ehcache to use EhCache 2 as a second-level cache provider with Hibernate, it is deprecated as of Hibernate 5.3.
If you have developed your own actuator @Endpoint beans you should ensure that they following the tighter naming rules introduced in Spring Boot 2.1.
Specifically, IDs should be alpha-numeric only and must start with a letter (see the EndpointId class documentation for full details).
If you use - or . characters Spring Boot 2.1 will log a warning and ask you to migrate to the correct format.
Spring Boot 2.1 has upgraded to Lombok 1.18.x from 1.16.x. In 1.18, Lombok will no longer generate a private, no-args constructor by default. It can be enabled by setting lombok.noArgsConstructor.extraPrivate=true in a lombok.config configuration file. For further information about changes in Lombok, please refer to its changelog.
As part of upgrading to Hibernate 5.3, the managed Java Persistence API dependency has changed from org.hibernate.javax.persistence:hibernate-jpa-2.1-api to javax.persistence:javax.persistence-api. If you are using spring-boot-starter-data-jpa or depending on the API transitively via Hibernate, you will be unaffected by this change.
Hibernate-specific properties have been moved from JpaProperties into a separate class named HibernateProperties. If you were using JpaProperties.getHibernateProperties(HibernateSettings) you
should now inject both HibernateProperties and JpaProperties to determine the properties:
Map<String, Object> properties = hibernateProperties.determineHibernateProperties(
jpaProperties.getProperties(), new HibernateSettings());|
Tip
|
Check the configuration changelog for a complete overview of the changes in configuration. |
Spring Boot 2.1 builds on and requires Spring Framework 5.1.
We’ve upgraded to the latest stable releases of other third-party jars wherever possible. Some notable dependency upgrades in this release include:
-
Tomcat 9
-
Undertow 2
-
Hibernate 5.3
-
JUnit 5.2
-
Micrometer 1.1
Spring Boot 2.1 remains compatible with Java 8 but now also supports Java 11. We have continuous integration configured to build and test Spring Boot against the latest Java 11 release.
If a property needs to express a size in bytes or similar convenient unit, it can expose a org.springframework.util.unit.DataSize property.
Similar to our Duration support introduced in Spring Boot 2.0, the data size supports an easy format (i.e. 10MB for 10 megabytes) and metadata support.
All relevant configuration properties have been updated to use the new type.
The ApplicationConversionService is now registered by default with the Environment and BeanFactory created by SpringApplication.
This allows you to use application converters directly with core Spring Framework items such as the @Value annotation:
@Value("${my.duration:10s}")
private Duration duration;Profile matching has been improved to support an expression format.
For instance production & (us-east | eu-central) indicates a match if the production profile is active and either the us-east or eu-central profiles are active.
Profile expression can be used as follows:
-
Enable componets using
@Profile -
Enable Logback configuration using
<springProfile>
Spring Boot now provides auto-configuration for ThreadPoolTaskExecutor.
If you are using @EnableAsync, your custom TaskExecutor can be removed in favor of customizations available from the spring.task.execution namespace.
Custom ThreadPoolTaskExecutor can be easily created using TaskExecutorBuilder.
Similarly to the new task execution support, Spring Boot auto-configures a ThreadPoolTaskScheduler when @EnableScheduling is specified.
The task scheduler can be customized using the spring.task.scheduling namespace.
A TaskSchedulerBuilder is also available by default.
Logger groups can be defined to allow related loggers to be configured in one go.
For example, you could declare a tomcat group that allows you to configure org.apache.catalina, org.apache.coyote and org.apache.tomcat loggers with a single key:
# define the group
logging.group.tomcat=org.apache.catalina, org.apache.coyote, org.apache.tomcat
# use the group (possibly in a different configuration file)
logging.level.tomcat=TRACEConvenient web and sql groups are provided out-of-the-box. See the reference guide for details.
Specifying arguments has been improved with dedicated options for system properties and environment variables.
It is also possible to repackage and replace a classified artifact, see the updated documentation of the classifier attribute.
Spring Data Lovelace introduces a 'bootstrap mode' for the repositories. Spring Boot exposes a property that can be set to control the boostrap mode of JPA repositories. For instance, to defer initialization of JPA repositories, simply add the following to your configuration:
spring.data.jpa.repositories.bootstrap-mode=deferredWhen setting the mode to deferred or lazy, JPA setup happens in a separate thread.
Auto-configuration is now provided for Kafa Streams when a org.apache.kafka:kafka-streams dependency is declared.
See the updated Spring Boot documentation and the Spring Kafka documentation for details.
Spring Data includes repository support for JDBC and will automatically generate SQL for the methods on CrudRepository.
Spring Boot will auto-configure Spring Data’s JDBC repositories when the necessary dependencies are on the classpath.
They can be added to your project with a single dependency on spring-boot-starter-data-jdbc.
For complete details of Spring Data JDBC, please refer to the reference documentation.
The auto-configured ConnectionFactory is cached by default using CachingConnectionFactory until the pooling option is enabled or spring.jms.cache.enabled is set to false.
Pooling option has also been extended to Artemis (see spring.jms.artemis.pool.*).
As an alternative option to Jest, auto-configurations for RestClient and RestHighLevelClient are provided with configurable options from the spring.elasticsearch.rest.* namespace.
All @…Test annotations are meta-annotated with @ExtendWith(SpringExtension.class) so this redundant part of the setup can be removed if you’re using JUnit 5.
Spring Boot also uses a maven-surefire-plugin version that does not require any custom setup to use JUnit 5.
Support for WebFlux OAuth2 login has been added.
OpenID Connect providers are easier to configure using an issuer-uri which is the URI that the it asserts as its Issuer Identifier.
If you have spring-security-oauth2-resource-server on your classpath, Spring Boot can set up an OAuth2 Resource Server as long as a JWK Set URI is specified.
For instance:
spring.security.oauth2.resource.jwt.jwk.set-uri=https://example.com/oauth2/default/v1/keysThis is supported for both MVC and WebFlux applications.
It’s now easier to write non-web OAuth applications as we provide an auto-configured InMemoryReactiveClientRegistrationRepository bean regardless of the application type.
If you’re writing an application that doesn’t use an embedded web server (such as a CLI application) you can now inject and use the configured registration repository directly.
A new /actuator/caches endpoint lists the available CacheManager instances and their respective caches with basic metadata.
See the API for more details.
If you are using Spring Integration, a graph representation of all Spring Integration components can be exposed at /actuator/integrationgraph.
Please see the API for more details.
An HealthIndicatorRegistry bean is now available to add and remove HealthIndicator at runtime.
The health endpoint has also been improved to query a specific indicator if necessary.
For instance /actuator/health/db executes only the "db" HealthIndicator.
Please see the API for more details.
A reactive HealthIndicator for Apache Cassandra is available.
Common tags can be applied to all meters declaratively as show in the following example:
management.metrics.tags.region=us-east-1
management.metrics.tags.stack=prodThe example above adds a region and stack tags to all meters with a value of us-east-1 and prod respectively.
Metrics coverage has been improved to include:
-
Hibernate metrics
-
Spring Framework’s
WebClient -
Kafka consumer metrics
-
Log4j2 metrics
-
Jetty server thread pool metrics
-
Server-side Jersey HTTP request metrics
The following metrics registries are now auto-configured when on the classpath:
-
AppOptics
-
Humio
-
KariosDB
Additionally, support for Prometheus push gateway has been added.
As well as the changes listed above, there have also been lots of minor tweaks and improvements including:
-
Jackson visibility can be configured using
spring.jackson.visiblity.*. -
It is easier to create a
WebServiceTemplateusing an auto-configuredWebServiceTemplateBuilder. -
Error page shows stacktraces when Devtools is in use.
-
It is no longer necessary to export a dummy
ResourceConfigto enable Jersey support. -
JNDI lookups have been improved to enable
resourceRefby default. -
Customization of the
RetryTemplateused by the Rabbit infrastructure is available viaRabbitRetryTemplateCustomizer. -
The receive queue of the default
RabbitTemplateis now configurable -
Tomcat’s max swallow size is now configurable using a property
-
HTTP/2 with Reactor Netty Server is now supported.
-
Kafka auto-configuation now supports
errorHandlertransactionManagerandafterRollbackProcessorbeans. -
Support has been added for generating unique JMX ObjectNames globally (rather than limiting this feature to Actuator Endpoints)
-
Configuration property meta-data is now ordered, with deprecated items appearing last.
-
The
withDetailsmethod onHealth.Buildernow also accepts aMap. -
A reactive
ReactiveJwtDecoderis now auto-configured when you have an issuer url defined. -
The
BackgroundPreinitializercan be disabled for if aspring.backgroundpreinitializer.ignoresystem property is set -
HiddenHttpMethodFiltercan be disabled using a property -
The JAP starter POM now works out-of-the-box on Java 9+
-
MongoDB auto-configuration will now back-off when a
com.mongodb.client.MongoClientbean is defined (as well as the more usualcom.mongodb.MongoClient). -
You can now optionally use Jetty RS as HTTP driver for WebClient
-
Several configuration options have been added in the
spring.quartznamespace. -
@ConditionalOnEnabledEndpointcan be used on any component (e.g. something that is only required by the endpoint and shouldn’t be created if the endpoint is disabled). -
@ConditionalOnMissingServletFilteris available to respectFilterRegistrationbeans when testing if aFilterbean is missing -
@WebMvcTestauto-configures Spring Data REST as well (e.g. support forSortandPageablerequest arguments). -
Slice tests now all have a
propertiesattribute to consistently customize the environment if necessary -
Support has been added for multiple
RestDocsMockMvcConfigurationCustomizer -
Security configuration is now applied to
WebTestClient. For more information on testing secured endpoints, please refer to the relevant section of Spring Security’s reference documentation. -
WebExceptionHandlersare now supported by@WebFluxTest -
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)can now generate a separate random port for the management server. -
Auto-configuration exclusions are now applied consistently.
-
setConnectTimeout(int)andsetReadTimeout(int)have been deprecated in favor of similar methods that take aDuration. -
Methods used to set a data size using
inthave been deprecated and replaced with variants that take aDataSize. -
management.endpoints.jmx.unique-namesis deprecated in favor ofspring.jmx.unique-names -
The
secureattribute on@AutoConfigureMockMvchas been deprecated in favor of using Spring Security’s@WithMockUserannotation. -
RestTemplateBuilder.basicAuthorizationhas been deprecated in favor ofbasicAuthentication. -
REQUEST_WRAPPER_FILTER_MAX_ORDERinAbstractFilterRegistrationBeanandFilterRegistrationBeanhave been replaced byOrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER.
-
The
spring.security.oauth2.client.registration.login.*.redirect-uri-templateproperty is deprecated in favor ofspring.security.oauth2.client.registration.login.*.redirect-uri -
The
spring.security.oauth2.resource.jwt.jwk.set-uriproperty has been renamed tospring.security.oauth2.resourceserver.jwt.jwk-set-uri -
The
spring.cloud.enabledproperty has been removed (excludeCloudServiceConnectorsAutoConfigurationif you need to disable cloud connectors) -
All
management.metrics.binders.*.enabledproperties have been removed in favor of directly excluding the auto-configuration.