Update dependency org.springframework.boot:spring-boot to v2.7.12 - autoclosed

[dev-mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
org.springframework.boot:spring-boot (source)	compile	patch	2.7.5 -> 2.7.12

By merging this PR, the issue #5 will be automatically resolved and closed:

Severity	CVSS Score	CVE	Reachability
Medium	6.5	CVE-2023-20861
Medium	6.5	CVE-2023-20863

---

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot)

v2.7.12

Compare Source

🐞 Bug Fixes

• Welcome page may return a 404 when an acceptable response cannot be produced #​35552
• Invalid reference format error when tagging images using Podman #​35358
• FactoryBean.getObject for non-singleton executed when resetting mocks #​35324
• Can't use PEM encoded PKCS#8 EC keys with server.ssl.certificate-private-key #​35322
• Webflux server gracefulshutdown throws NullPointerException #​35264
• Health actuator mail details shows the port as -1 when using the default port #​35247
• SessionRepositoryFilterConfiguration can cause early initialization of SessionRepository beans including Redis #​35240
• Devtools main method search algorithm can find incorrect main method #​35214
• When a WebFlux app is deployed to Cloud Foundry some metrics are lost and numerous beans are ineligible for post-processing #​35163
• Liveness and readiness probes return down when lazy initialization is enabled #​35161
• Treating a null Flyway-specific password as an empty string prevents the use of PGPASS for authentication #​35110
• WebClient auto-configuration tries to use HttpComponentsClientHttpConnector when all required classes are not present #​34964
• MinIdle and MaxValidationTime properties missing for R2DBC pools #​34724

📔 Documentation

• Polish formatting of permitAll() endpoint security Kotlin example #​35454
• Wrong anchors in Maven plugin documentation #​35371
• Correct list of annotations that are equivalent to @SpringBootApplication #​35180
• Harmonize references to application.yaml files in reference docs #​34628

🔨 Dependency Upgrades

• Upgrade to Elasticsearch 7.17.10 #​35339
• Upgrade to Hazelcast 5.1.6 #​35440
• Upgrade to Johnzon 1.2.20 #​35340
• Upgrade to Json-smart 2.4.11 #​35549
• Upgrade to Micrometer 1.9.11 #​35290
• Upgrade to Netty 4.1.92.Final #​35441
• Upgrade to Reactor Bom 2020.0.32 #​35291
• Upgrade to Spring Data Bom 2021.2.12 #​35292
• Upgrade to Spring Integration 5.5.18 #​35294
• Upgrade to Tomcat 9.0.75 #​35442

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​JunJaBoy, @​aasaru, @​davin111, and @​ivandimitrov8080

v2.7.11

Compare Source

🐞 Bug Fixes

• CloudFoundry integration does not use endpoint path mappings #​35085
• Gradle Spring Boot plugin with Kotlin DSL does not support includeProjectDependencies in bootJar > layered > dependencies configuration #​35033
• Banner placeholders use default values too soon #​34764
• Cassandra default configuration substitutions don't resolve against configuration derived from spring.data.cassandra properties #​34643
• ApplicationAvailability bean is auto-configured even if a custom one is already present #​34347
• Nested test classes don't inherit properties from slice test annotations on enclosing class #​33317

📔 Documentation

• Use current Neo4j version in Testcontainers-based examples #​34775
• Clarify servlet container compatibility #​34697
• Document that optional dependencies are included by default in fat jars built with Maven #​34636

🔨 Dependency Upgrades

• Upgrade to DB2 JDBC 11.5.8.0 #​34906
• Upgrade to GraphQL Java 18.5 #​34995
• Upgrade to Groovy 3.0.17 #​34907
• Upgrade to Logback 1.2.12 #​34908
• Upgrade to Micrometer 1.9.10 #​34855
• Upgrade to MySQL 8.0.33 #​35057
• Upgrade to Netty 4.1.91.Final #​34909
• Upgrade to Reactor Bom 2020.0.31 #​34856
• Upgrade to Spring AMQP 2.4.12 #​34947
• Upgrade to Spring Data Bom 2021.2.11 #​34902
• Upgrade to Spring Framework 5.3.27 #​34857
• Upgrade to Spring Security 5.7.8 #​34948
• Upgrade to Spring WS 3.1.6 #​34949
• Upgrade to Tomcat 9.0.74 #​35058
• Upgrade to Undertow 2.2.24.Final #​34910

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​SeasonPanPan, @​acktsap, @​dreis2211, @​jgslima, @​krzyk, and @​meistermeier

v2.7.10

Compare Source

🐞 Bug Fixes

• Some of the deprecated spring.security.saml2.relyingparty.registration.*.identityprovider.* properties are ignored #​34525
• Maven plugin uses timezone-local timestamps when outputTimestamp is used #​34424
• Loading application.yml fails with NoSuchMethodError when using SnakeYAML 2.0 #​34405
• EmbeddedWebServerFactoryCustomizerAutoConfiguration should not run when embedded web server is not configured #​34332
• Image builds with podman fail when image buildpacks are configured #​34324
• org.springframework.boot.web.embedded.jetty.GracefulShutdown uses the wrong class to create its logger #​34220
• StandardConfigDataResource can import the same file twice if the classpath includes '.' #​34212

📔 Documentation

• Document support for Java 20 #​34642
• Update two references to old APIs #​34567
• Clarify conventions for custom error pages in WebFlux #​34534
• Add documentation tip showing how to configure publishRegistry Maven properties from the command line #​34517
• Document support for Gradle 8 #​34458
• Document how to get socket location for image building configuration with podman #​34435
• Fix typo in Encrypting Properties #​34386
• Use plugins DSL consistently in Spring Boot Gradle Plugin docs #​34048
• Add link to Failover starter #​32943

🔨 Dependency Upgrades

• Upgrade to Dropwizard Metrics 4.2.18 #​34648
• Upgrade to GraphQL Java 18.4 #​34717
• Upgrade to Groovy 3.0.16 #​34649
• Upgrade to Jetty 9.4.51.v20230217 #​34651
• Upgrade to Jetty Reactive HTTPClient 1.1.14 #​34650
• Upgrade to Json-smart 2.4.10 #​34652
• Upgrade to Micrometer 1.9.9 #​34528
• Upgrade to Netty 4.1.90.Final #​34653
• Upgrade to Reactor Bom 2020.0.30 #​34529
• Upgrade to Spring AMQP 2.4.11 #​34607
• Upgrade to Spring Data Bom 2021.2.10 #​34530
• Upgrade to Spring Framework 5.3.26 #​34531
• Upgrade to Spring GraphQL 1.0.4 #​34532
• Upgrade to Spring HATEOAS 1.5.4 #​34654
• Upgrade to Spring Integration 5.5.17 #​34722
• Upgrade to Spring Session Bom 2021.2.1 #​34533
• Upgrade to Tomcat 9.0.73 #​34655
• Upgrade to UnboundID LDAPSDK 6.0.8 #​34656

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​1993heqiang, @​anandmnair, @​anthonydahanne, @​dsyer, @​izeye, @​jongwooo, and @​terminux

v2.7.9

Compare Source

🐞 Bug Fixes

• Maven Plugin's PropertiesMergingResourceTransformer closes InputStream when it should not do so #​34063
• Actuator Health web endpoint broken with Gson and Java 17 #​34030
• Dependency management for Mongo's Java Driver is incomplete #​33941
• Using devtools with Reactive application results in slower restarts #​33855
• Spies are not reset after test execution when using @SpyBean #​33830
• Properties Migrator does not detect properties of Map type that are marked as deprecated #​27854

📔 Documentation

• Updated documentation for @ConfigurationProperties bean naming rules #​34029
• Restore "Use Jedis Instead of Lettuce" how-to documentation #​33994
• Add Redis application properties example #​33965
• Use Maven Central for release downloads in CLI installation documentation #​33962
• Actuator section is missing from documentation overview #​33932
• Add Javadoc since to OperationParameter.getAnnotation() #​33914
• Document additional configuration that is required for spring.mvc.throw-exception-if-no-handler-found=true to be effective #​31660

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 5.16.6 #​34238
• Upgrade to Byte Buddy 1.12.23 #​34239
• Upgrade to Dropwizard Metrics 4.2.16 #​34240
• Upgrade to Elasticsearch 7.17.9 #​34241
• Upgrade to Glassfish JAXB 2.3.8 #​34242
• Upgrade to Groovy 3.0.15 #​34243
• Upgrade to Hibernate 5.6.15.Final #​34244
• Upgrade to Jackson Bom 2.13.5 #​34245
• Upgrade to Jaybird 4.0.9.java8 #​34246
• Upgrade to Lombok 1.18.26 #​34247
• Upgrade to Micrometer 1.9.8 #​34141
• Upgrade to Netty 4.1.89.Final #​34248
• Upgrade to Reactor Bom 2020.0.28 #​34142
• Upgrade to Spring AMQP 2.4.10 #​34321
• Upgrade to Spring Batch 4.3.8 #​34143
• Upgrade to Spring Data Bom 2021.2.8 #​34144
• Upgrade to Spring HATEOAS 1.5.3 #​34249
• Upgrade to Spring Security 5.7.7 #​34145
• Upgrade to Undertow 2.2.23.Final #​34250

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Anubhav-2000, @​enimiste, @​izeye, @​jprinet, @​marcel-wollschlaeger, @​mhalbritter, @​michaldo, and @​sannanansari

v2.7.8

Compare Source

⭐ Noteworthy

• The coordinates of the MySQL JDBC driver have changed from mysql:mysql-connector-java to com.mysql:mysql-connector-j.

🐞 Bug Fixes

• Devtools sets non-existent property spring.reactor.debug #​33858
• Failing calls to reactive health indicators are not logged #​33774
• Failure analysis of NoUniqueBeanDefinitionException reports "defined in null" when bean definition has no resource description #​33765
• NPE in RabbitProperties when user is given, but password not #​33752
• SDKMAN should not use repo.spring.io for releases #​33708
• Homebrew and Scoop should not use repo.spring.io for releases #​33702
• EndpointRequestMatcher should have a toString method #​33690
• It is not possible to provide a custom TransactionProvider bean for JOOQ #​32899
• SpringBootMockResolver causes AopTestUtils.getUltimateTargetObject to recurse until the stack overflows when it calls it with Spring Security's authentication manager bean #​32632
• Inconsistent discovery of parameter names for selectors in custom actuator endpoints #​31240
• @DeprecatedConfigurationProperty has no effect when declared on a record component's accessor method #​29526
• Headless mode is forced when banner.* file is present. #​28803
• Diagnostics are poor when the JMX port used by the Maven start goal is in use #​24044

📔 Documentation

• Replace "via" in documentation and use "over" or "through" instead #​33878
• Fix typo in kotlin getting started documentation #​33867
• Update com.gorylenko.gradle-git-properties version to 2.4.1 in doc #​33838
• Fix 'the the' typos #​33736
• Fix typo in javadoc of org.springframework.boot.web.server.LocalServerPort #​33683
• Fix a typo in the ExitCodeGenerator documentation #​33658
• Fix typo in External Configuration documentation #​33630
• Update getting started documentation to use @SpringBootApplication #​32795
• Description of spring-boot-starter-websocket does not make it clear that it's Servlet-specific #​32493

🔨 Dependency Upgrades

• Upgrade to Byte Buddy 1.12.22 #​33887
• Upgrade to Dropwizard Metrics 4.2.15 #​33779
• Upgrade to FreeMarker 2.3.32 #​33888
• Upgrade to Groovy 3.0.14 #​33780
• Upgrade to Infinispan 13.0.15.Final #​33781
• Upgrade to Jolokia 1.7.2 #​33782
• Upgrade to MariaDB 3.0.10 #​33783
• Upgrade to Micrometer 1.9.7 #​33784
• Upgrade to MSSQL JDBC 10.2.3.jre8 #​33889
• Upgrade to MySQL 8.0.32 #​33890
• Upgrade to Netty 4.1.87.Final #​33891
• Upgrade to Reactor Bom 2020.0.27 #​33785
• Upgrade to Spring AMQP 2.4.9 #​33790
• Upgrade to Spring Data 2021.2.7 #​33788
• Upgrade to Spring Framework 5.3.25 #​33786
• Upgrade to Spring WS 3.1.5 #​33789
• Upgrade to Tomcat 9.0.71 #​33892
• Upgrade to XmlUnit2 2.9.1 #​33787

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​BartR96, @​devrishal, @​dreis2211, @​izeye, @​josephlane, @​kvmw, @​mhalbritter, @​sannanansari, @​sdeleuze, @​yyjstudy, and @​zhangyanyue

v2.7.7

Compare Source

🐞 Bug Fixes

• Fix typo in LocalDevToolsAutoConfiguration logging #​33569
• Web server fails to start due to "Resource location must not be null" when attempting to use a PKCS 11 KeyStore #​32179

📔 Documentation

• Improve gradle plugin tags documentation #​33614
• Improve maven plugin tags documentation #​33609
• Fix typo in tomcat accesslog checkExists doc #​33460
• Document that the shutdown endpoint is not intended for use when deploying a war to a servlet container #​17398

🔨 Dependency Upgrades

• Upgrade to Byte Buddy 1.12.20 #​33570
• Upgrade to Dropwizard Metrics 4.2.14 #​33571
• Upgrade to Elasticsearch 7.17.8 #​33572
• Upgrade to HttpClient 4.5.14 #​33573
• Upgrade to HttpCore 4.4.16 #​33574
• Upgrade to Infinispan 13.0.14.Final #​33575
• Upgrade to Jaybird 4.0.8.java8 #​33576
• Upgrade to Jetty 9.4.50.v20221201 #​33577
• Upgrade to MSSQL JDBC 10.2.2.jre8 #​33578
• Upgrade to Neo4j Java Driver 4.4.11 #​33579
• Upgrade to Netty 4.1.86.Final #​33580
• Upgrade to Reactor 2020.0.26 #​33543
• Upgrade to Spring Integration 5.5.16 #​33581
• Upgrade to Spring Security 5.7.6 #​33544
• Upgrade to Thymeleaf Extras SpringSecurity 3.0.5.RELEASE #​33582
• Upgrade to Tomcat 9.0.70 #​33583
• Upgrade to UnboundID LDAPSDK 6.0.7 #​33584
• Upgrade to Undertow 2.2.22.Final #​33585

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Artur-, @​aksh1618, @​cdanger, @​currenjin, @​jprinet, and @​shekharAggarwal

v2.7.6

Compare Source

🐞 Bug Fixes

• ScheduledBeanLazyInitializationExcludeFilter is auto-configured even when annotation-based scheduled has not been enabled #​33283
• SpringBootContextLoader prints banner twice when using a @ContextHierarchy #​33262
• Properties migrator causes an application to fail to start if it tries to map a property whose metadata data entry contains an invalid configuration property name #​33249
• Configuration property binding does not deal with bridge methods #​33211
• Configuring management.server.port via a config tree results in a ConverterNotFoundException when the management context is refreshed #​33168
• Dependency management for XMLUnit is incomplete #​32999
• Spring Boot's Lettuce metrics enable histrograms by default and it's hard to switch them off #​32989
• Dependency management for Selenium is incomplete #​32861
• NumberFormatException when configuring spring.redis.sentinel.nodes with an IPv6 address #​32836

📔 Documentation

• Align Tomcat multiple connectors example with recommendation to configure SSL declaratively #​33331
• ConditionalOnClass not working for Bean methods on Java 8 #​33328
• Actuator document is misleading about k8s startup probe #​33326
• Link to Micrometer's @Timed documentation #​33265
• Clarify use of the spring.cache.type property with Hazelcast #​33257
• Example git.commit.time in the Actuator API documentation is thousands of years in the future #​33255
• Links to Features describes sections that have moved elsewhere #​33213
• Fix kafka streams auto start description typo in reference docs #​33101
• OAuth 2 configuration example uses unrecognized value for authorization grant type #​33068
• Fix typos in logging.adoc #​32820
• Harmonize code sample in the "Type-safe Configuration Properties" section #​32818

🔨 Dependency Upgrades

• Upgrade to Byte Buddy 1.12.19 #​33272
• Upgrade to Dropwizard Metrics 4.2.13 #​33321
• Upgrade to Ehcache3 3.10.8 #​33322
• Upgrade to Elasticsearch 7.17.7 #​33171
• Upgrade to Hazelcast 5.1.5 #​33172
• Upgrade to Hibernate 5.6.14.Final #​33173
• Upgrade to HttpClient5 5.1.4 #​33323
• Upgrade to HttpCore5 5.1.5 #​33174
• Upgrade to Janino 3.1.9 #​33274
• Upgrade to Jaybird 4.0.7.java8 #​33175
• Upgrade to MariaDB 3.0.9 #​33176
• Upgrade to Micrometer 1.9.6 #​33129
• Upgrade to Netty 4.1.85.Final #​33177
• Upgrade to Postgresql 42.3.8 #​33338
• Upgrade to Reactor 2020.0.25 #​33130
• Upgrade to Spring AMQP 2.4.8 #​33223
• Upgrade to Spring Data 2021.2.6 #​33132
• Upgrade to Spring Framework 5.3.24 #​33131
• Upgrade to Spring GraphQL 1.0.3 #​33150
• Upgrade to Spring Kafka 2.8.11 #​33133
• Upgrade to Spring REST Docs 2.0.7.RELEASE #​33134
• Upgrade to Spring Security 5.7.5 #​33178
• Upgrade to Spring WS 3.1.4 #​33179
• Upgrade to Tomcat 9.0.69 #​33180

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​EricGao888, @​biergit, @​dreis2211, @​eurythmia, @​hpoettker, @​iamgd67, @​izeye, @​jamessoun93, and @​sdeleuze

---

• If you want to rebase/retry this PR, check this box