Update dependency org.springframework.boot:spring-boot-starter-web to v3

[mend-for-github-com[bot]]

This PR contains the following updates:

Package	Type	Update	Change
org.springframework.boot:spring-boot-starter-web (source)	compile	major	1.4.0.RELEASE -> 3.2.1

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
Critical	10.0	CVE-2018-14721	#40
Critical	9.8	CVE-2016-1000027	#78
Critical	9.8	CVE-2017-15095	#31
Critical	9.8	CVE-2017-17485	#32
Critical	9.8	CVE-2017-5651	#22
Critical	9.8	CVE-2017-7525	#33
Critical	9.8	CVE-2018-11307	#34
Critical	9.8	CVE-2018-14718	#37
Critical	9.8	CVE-2018-14719	#38
Critical	9.8	CVE-2018-14720	#39
Critical	9.8	CVE-2018-19360	#41
Critical	9.8	CVE-2018-19361	#42
Critical	9.8	CVE-2018-19362	#43
Critical	9.8	CVE-2018-7489	#45
Critical	9.8	CVE-2018-8014	#26
Critical	9.8	CVE-2019-10202	#46
Critical	9.8	CVE-2019-14379	#50
Critical	9.8	CVE-2019-14540	#52
Critical	9.8	CVE-2019-14892	#53
Critical	9.8	CVE-2019-14893	#54
Critical	9.8	CVE-2019-16335	#55
Critical	9.8	CVE-2019-16942	#56
Critical	9.8	CVE-2019-16943	#57
Critical	9.8	CVE-2019-17267	#58
Critical	9.8	CVE-2019-17531	#59
Critical	9.8	CVE-2019-20330	#60
Critical	9.8	CVE-2020-8840	#74
Critical	9.8	CVE-2020-9546	#75
Critical	9.8	CVE-2020-9547	#76
Critical	9.8	CVE-2020-9548	#77
Critical	9.8	CVE-2022-22965	#146
Critical	9.1	CVE-2017-5648	#20
High	8.8	CVE-2020-10672	#61
High	8.8	CVE-2020-10673	#62
High	8.8	CVE-2020-10968	#63
High	8.8	CVE-2020-10969	#64
High	8.8	CVE-2020-11111	#65
High	8.8	CVE-2020-11112	#66
High	8.8	CVE-2020-11113	#67
High	8.3	CVE-2022-1471	#163
High	8.1	CVE-2016-5388	#12
High	8.1	CVE-2017-12617	#18
High	8.1	CVE-2018-5968	#44
High	8.1	CVE-2019-0232	#119
High	8.1	CVE-2020-10650	#152
High	8.1	CVE-2020-11619	#68
High	8.1	CVE-2020-11620	#69
High	8.1	CVE-2020-14060	#70
High	8.1	CVE-2020-14061	#71
High	8.1	CVE-2020-14062	#72
High	8.1	CVE-2020-14195	#73
High	8.1	CVE-2020-24616	#92
High	8.1	CVE-2020-24750	#94
High	8.1	CVE-2020-36179	#106
High	8.1	CVE-2020-36180	#98
High	8.1	CVE-2020-36181	#97
High	8.1	CVE-2020-36182	#100
High	8.1	CVE-2020-36183	#99
High	8.1	CVE-2020-36184	#102
High	8.1	CVE-2020-36185	#101
High	8.1	CVE-2020-36186	#104
High	8.1	CVE-2020-36187	#103
High	8.1	CVE-2020-36188	#96
High	8.1	CVE-2020-36189	#95
High	8.1	CVE-2021-20190	#105
High	8.1	CVE-2024-22243	#190
High	8.1	CVE-2024-22259	#182
High	8.1	CVE-2024-22262	#191
High	7.8	CVE-2022-27772	#144
High	7.5	CVE-2016-6797	#14
High	7.5	CVE-2016-6817	#16
High	7.5	CVE-2016-8745	#17
High	7.5	CVE-2016-9878	#86
High	7.5	CVE-2017-18640	#89
High	7.5	CVE-2017-5647	#19
High	7.5	CVE-2017-5650	#21
High	7.5	CVE-2017-5664	#23
High	7.5	CVE-2017-7675	#25
High	7.5	CVE-2018-11040	#80
High	7.5	CVE-2018-11040	#80
High	7.5	CVE-2018-12022	#35
High	7.5	CVE-2018-12023	#36
High	7.5	CVE-2018-1272	#30
High	7.5	CVE-2018-15756	#81
High	7.5	CVE-2018-8034	#88
High	7.5	CVE-2019-0199	#27
High	7.5	CVE-2019-10072	#28
High	7.5	CVE-2019-12086	#47
High	7.5	CVE-2019-14439	#51
High	7.5	CVE-2019-17563	#117
High	7.5	CVE-2020-13934	#93
High	7.5	CVE-2020-13935	#115
High	7.5	CVE-2020-17527	#172
High	7.5	CVE-2020-36518	#142
High	7.5	CVE-2021-25122	#114
High	7.5	CVE-2021-41079	#126
High	7.5	CVE-2022-25857	#153
High	7.5	CVE-2022-42003	#160
High	7.5	CVE-2022-42004	#159
High	7.5	CVE-2023-24998	#168
High	7.5	CVE-2023-44487	#179
High	7.5	CVE-2023-46589	#185
High	7.5	CVE-2024-23672	#187
High	7.5	CVE-2024-24549	#189
High	7.1	CVE-2016-6816	#15
High	7.1	CVE-2023-6378	#183
High	7.0	CVE-2017-7536	#9
High	7.0	CVE-2020-9484	#29
High	7.0	CVE-2021-25329	#111
Medium	6.6	CVE-2021-42550	#137
Medium	6.6	CVE-2021-42550	#137
Medium	6.5	CVE-2020-5421	#107
Medium	6.5	CVE-2021-30640	#171
Medium	6.5	CVE-2022-22950	#143
Medium	6.5	CVE-2022-38749	#157
Medium	6.5	CVE-2022-38750	#156
Medium	6.5	CVE-2022-38751	#155
Medium	6.5	CVE-2022-38752	#154
Medium	6.5	CVE-2023-20861	#174
Medium	6.5	CVE-2023-20863	#176
Medium	6.5	CVE-2024-38809	#-1
Medium	6.1	CVE-2019-0221	#118
Medium	6.1	CVE-2023-1932	#180
Medium	6.1	CVE-2023-41080	#177
Medium	5.9	CVE-2016-0762	#11
Medium	5.9	CVE-2018-11039	#79
Medium	5.9	CVE-2018-1271	#87
Medium	5.9	CVE-2019-12384	#48
Medium	5.9	CVE-2019-12814	#49
Medium	5.9	CVE-2021-24122	#113
Medium	5.8	CVE-2022-41854	#161
Medium	5.3	CVE-2016-6794	#13
Medium	5.3	CVE-2018-1199	#122
Medium	5.3	CVE-2020-10693	#10
Medium	5.3	CVE-2021-33037	#127
Medium	5.3	CVE-2022-22970	#151
Medium	5.3	CVE-2022-22970	#151
Medium	5.3	CVE-2023-34055	#181
Medium	5.3	CVE-2023-42795	#184
Medium	5.3	CVE-2023-45648	#186
Medium	5.3	WS-2018-0124	#82
Medium	4.8	CVE-2020-1935	#112
Medium	4.3	CVE-2017-7674	#24
Medium	4.3	CVE-2020-13943	#116
Medium	4.3	CVE-2021-22060	#169
Medium	4.3	CVE-2021-22096	#132
Medium	4.3	CVE-2021-22096	#132
Medium	4.3	CVE-2021-22096	#132
Medium	4.3	CVE-2023-28708	#170
Medium	4.3	CVE-2024-38808	#-1

---

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-web)

### [`v3.2.1`](https://togithub.com/spring-projects/spring-boot/releases/tag/v3.2.1) [Compare Source](https://togithub.com/spring-projects/spring-boot/compare/v3.2.0...v3.2.1) #### :warning: Noteworthy - This release upgrades to Hibernate 6.4.1.Final [#​38870](https://togithub.com/spring-projects/spring-boot/issues/38870) as official support has been dropped for the 6.3 generation #### :lady_beetle: Bug Fixes - HibernateJpaAutoConfiguration should be applied before DataSourceTransactionManagerAutoConfiguration [#​38880](https://togithub.com/spring-projects/spring-boot/issues/38880) - META-INF entries are duplicated under BOOT-INF/classes causing "Conflicting persistence unit definitions" error [#​38862](https://togithub.com/spring-projects/spring-boot/issues/38862) - logging.include-application-name has no effect when using log4j2 [#​38847](https://togithub.com/spring-projects/spring-boot/pull/38847) - Pulsar authentication param properties cause IllegalStateException with Pulsar Client 3.1.0 [#​38839](https://togithub.com/spring-projects/spring-boot/pull/38839) - Child context created with SpringApplicationBuilder runs parents runners [#​38837](https://togithub.com/spring-projects/spring-boot/issues/38837) - getSigners() info is lost for signed jars when using the new loader implementation with requiresUnpack [#​38833](https://togithub.com/spring-projects/spring-boot/issues/38833) - TestContainers parallel initialization doesn't work properly [#​38831](https://togithub.com/spring-projects/spring-boot/issues/38831) - Zip file closed exceptions can be thrown due to StaticResourceJars closing jars from cached connections [#​38770](https://togithub.com/spring-projects/spring-boot/issues/38770) - Multi-byte filenames in zip files can cause an endless loop in ZipString.hash [#​38751](https://togithub.com/spring-projects/spring-boot/issues/38751) - Gradle task "bootJar" fails with "Failed to get permissions" when using Gradle 8.6-milestone-1 [#​38741](https://togithub.com/spring-projects/spring-boot/issues/38741) - Custom binding converters are ignored when working with collection types [#​38734](https://togithub.com/spring-projects/spring-boot/issues/38734) - WebFlux and resource server auto-configuration may fail due to null authentication manager [#​38713](https://togithub.com/spring-projects/spring-boot/issues/38713) - It is unclear that Docker Compose services have not been started as one or more is already running [#​38661](https://togithub.com/spring-projects/spring-boot/issues/38661) - Spring Boot jar launcher does not work in folders containing certain chars [#​38660](https://togithub.com/spring-projects/spring-boot/issues/38660) - FileNotFoundException is thrown eagerly from unused SSL bundles [#​38659](https://togithub.com/spring-projects/spring-boot/issues/38659) - NoUniqueBeanDefinitionFailureAnalyzer does not account for the fact that missing '-parameters' may be the cause [#​38652](https://togithub.com/spring-projects/spring-boot/issues/38652) - Traces are propagated if tracing is disabled [#​38641](https://togithub.com/spring-projects/spring-boot/issues/38641) - Missing registry auto-configuration for JMS listener observation support [#​38613](https://togithub.com/spring-projects/spring-boot/issues/38613) - Class loading fails on an interrupted thread causing com.mongodb.event.ServerClosedEvent to fail to load when Mongo detects a cluster change [#​38611](https://togithub.com/spring-projects/spring-boot/issues/38611) - Failures due to code not being compiled with '-parameters' are hard to identify [#​38603](https://togithub.com/spring-projects/spring-boot/issues/38603) - System SSL certificates are not used by the Apache HTTP Client in a RestTemplate built with RestTemplateBuilder [#​38600](https://togithub.com/spring-projects/spring-boot/issues/38600) - ZipFileSystem throws "java.util.zip.ZipException: read CEN tables failed" with certain nested jars [#​38595](https://togithub.com/spring-projects/spring-boot/issues/38595) - Nested jar URLs cannot be split and reassembled resulting in errors with projects that use this technique (such as JobRunr) [#​38592](https://togithub.com/spring-projects/spring-boot/issues/38592) - NoSuchMethodError can be thrown from Session.getCookie() due to binary incompatibilty [#​38589](https://togithub.com/spring-projects/spring-boot/issues/38589) - management.metrics.tags has been deprecated without a replacement working for all metrics [#​38583](https://togithub.com/spring-projects/spring-boot/issues/38583) - NegativeArraySizeException can be thrown from org.springframework.boot.loader.zip.ZipContent$Loader [#​38572](https://togithub.com/spring-projects/spring-boot/issues/38572) - Migration form 3.1.5 to 3.2.0 : "Default" Tracer is not provided in test anymore [#​38568](https://togithub.com/spring-projects/spring-boot/issues/38568) - TomcatWebServer stop doesn't close sockets for additional connectors [#​38564](https://togithub.com/spring-projects/spring-boot/issues/38564) - Port is already in use when using `@SpringBootTest` with a separate management port and a mock web environment [#​38554](https://togithub.com/spring-projects/spring-boot/issues/38554) - Keep-alive property causes processAot step to never finish [#​38531](https://togithub.com/spring-projects/spring-boot/issues/38531) - Setting 'spring.task.scheduling.shutdown.await-termination-period' does not result in a call to SimpleAsyncTaskScheduler#taskTerminationTimeout [#​38530](https://togithub.com/spring-projects/spring-boot/issues/38530) - Setting 'spring.task.execution.shutdown.await-termination-period' does not result in a call to SimpleAsyncTaskExecutor#taskTerminationTimeout [#​38528](https://togithub.com/spring-projects/spring-boot/issues/38528) - Nested URLs return null from classLoader.getResource("") causing ClassPathResource failures [#​38524](https://togithub.com/spring-projects/spring-boot/issues/38524) - Spring Boot 3.2 is not compatible with older versions of Liquibase [#​38522](https://togithub.com/spring-projects/spring-boot/issues/38522) - Controller level exceptions not getting populated in HTTP server requests metrics [#​33731](https://togithub.com/spring-projects/spring-boot/issues/33731) #### :notebook_with_decorative_cover: Documentation - Fix typo [#​38879](https://togithub.com/spring-projects/spring-boot/issues/38879) - Add the LangChain4J Spring Boot Starter to the list of community starters [#​38776](https://togithub.com/spring-projects/spring-boot/pull/38776) - Document prerequisites for Docker Compose support [#​38764](https://togithub.com/spring-projects/spring-boot/issues/38764) - Update Dynatrace documentation links [#​38725](https://togithub.com/spring-projects/spring-boot/issues/38725) - Correct references to Jetty's HTTP2 server module [#​38632](https://togithub.com/spring-projects/spring-boot/pull/38632) - Fix Observation Filter docs [#​38586](https://togithub.com/spring-projects/spring-boot/issues/38586) - Reinstate mention of testAndDevelopmentOnly when using Testcontainers at dev time [#​38571](https://togithub.com/spring-projects/spring-boot/issues/38571) #### :hammer: Dependency Upgrades - Upgrade to AspectJ 1.9.21 [#​38797](https://togithub.com/spring-projects/spring-boot/issues/38797) - Upgrade to Dropwizard Metrics 4.2.23 [#​38798](https://togithub.com/spring-projects/spring-boot/issues/38798) - Upgrade to Groovy 4.0.16 [#​38799](https://togithub.com/spring-projects/spring-boot/issues/38799) - Upgrade to Hibernate 6.4.1.Final [#​38870](https://togithub.com/spring-projects/spring-boot/issues/38870) - Upgrade to HttpClient5 5.2.3 [#​38800](https://togithub.com/spring-projects/spring-boot/issues/38800) - Upgrade to HttpCore5 5.2.4 [#​38801](https://togithub.com/spring-projects/spring-boot/issues/38801) - Upgrade to Janino 3.1.11 [#​38802](https://togithub.com/spring-projects/spring-boot/issues/38802) - Upgrade to Jaybird 5.0.3.java11 [#​38803](https://togithub.com/spring-projects/spring-boot/issues/38803) - Upgrade to Jersey 3.1.5 [#​38804](https://togithub.com/spring-projects/spring-boot/issues/38804) - Upgrade to Jetty 12.0.5 [#​38871](https://togithub.com/spring-projects/spring-boot/issues/38871) - Upgrade to Kafka 3.6.1 [#​38806](https://togithub.com/spring-projects/spring-boot/issues/38806) - Upgrade to Kotlin 1.9.21 [#​38807](https://togithub.com/spring-projects/spring-boot/issues/38807) - Upgrade to Kotlin Serialization 1.6.2 [#​38808](https://togithub.com/spring-projects/spring-boot/issues/38808) - Upgrade to Logback 1.4.14 [#​38809](https://togithub.com/spring-projects/spring-boot/issues/38809) - Upgrade to Maven Javadoc Plugin 3.6.3 [#​38810](https://togithub.com/spring-projects/spring-boot/issues/38810) - Upgrade to Micrometer 1.12.1 [#​38693](https://togithub.com/spring-projects/spring-boot/issues/38693) - Upgrade to Micrometer Tracing 1.2.1 [#​38694](https://togithub.com/spring-projects/spring-boot/issues/38694) - Upgrade to Netty 4.1.104.Final [#​38872](https://togithub.com/spring-projects/spring-boot/issues/38872) - Upgrade to Pulsar Reactive 0.5.1 [#​38873](https://togithub.com/spring-projects/spring-boot/issues/38873) - Upgrade to R2DBC Postgresql 1.0.3.RELEASE [#​38812](https://togithub.com/spring-projects/spring-boot/issues/38812) - Upgrade to R2DBC Proxy 1.1.3.RELEASE [#​38813](https://togithub.com/spring-projects/spring-boot/issues/38813) - Upgrade to Reactor Bom 2023.0.1 [#​38695](https://togithub.com/spring-projects/spring-boot/issues/38695) - Upgrade to Spring AMQP 3.1.1 [#​38860](https://togithub.com/spring-projects/spring-boot/issues/38860) - Upgrade to Spring Authorization Server 1.2.1 [#​38696](https://togithub.com/spring-projects/spring-boot/issues/38696) - Upgrade to Spring Data Bom 2023.1.1 [#​38697](https://togithub.com/spring-projects/spring-boot/issues/38697) - Upgrade to Spring Framework 6.1.2 [#​38814](https://togithub.com/spring-projects/spring-boot/issues/38814) - Upgrade to Spring Integration 6.2.1 [#​38698](https://togithub.com/spring-projects/spring-boot/issues/38698) - Upgrade to Spring Kafka 3.1.1 [#​38874](https://togithub.com/spring-projects/spring-boot/issues/38874) - Upgrade to Spring LDAP 3.2.1 [#​38699](https://togithub.com/spring-projects/spring-boot/issues/38699) - Upgrade to Spring Pulsar 1.0.1 [#​38875](https://togithub.com/spring-projects/spring-boot/issues/38875) - Upgrade to Spring Retry 2.0.5 [#​38836](https://togithub.com/spring-projects/spring-boot/issues/38836) - Upgrade to Spring Security 6.2.1 [#​38700](https://togithub.com/spring-projects/spring-boot/issues/38700) - Upgrade to Spring Session 3.2.1 [#​38866](https://togithub.com/spring-projects/spring-boot/issues/38866) - Upgrade to Spring WS 4.0.9 [#​38876](https://togithub.com/spring-projects/spring-boot/issues/38876) - Upgrade to Tomcat 10.1.17 [#​38815](https://togithub.com/spring-projects/spring-boot/issues/38815) - Upgrade to UnboundID LDAPSDK 6.0.11 [#​38816](https://togithub.com/spring-projects/spring-boot/issues/38816) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@​SandraAhlgrimm](https://togithub.com/SandraAhlgrimm), [@​aleksandrserbin](https://togithub.com/aleksandrserbin), [@​cachescrubber](https://togithub.com/cachescrubber), [@​dependabot](https://togithub.com/dependabot)\[bot], [@​gavlyukovskiy](https://togithub.com/gavlyukovskiy), [@​ilies-bel](https://togithub.com/ilies-bel), [@​meiyese](https://togithub.com/meiyese), [@​onobc](https://togithub.com/onobc), [@​pirgeo](https://togithub.com/pirgeo), [@​quaff](https://togithub.com/quaff), [@​shin-mallang](https://togithub.com/shin-mallang), and [@​tomfrenken](https://togithub.com/tomfrenken) ### [`v3.2.0`](https://togithub.com/spring-projects/spring-boot/releases/tag/v3.2.0) [Compare Source](https://togithub.com/spring-projects/spring-boot/compare/v3.1.12...v3.2.0) #### :star: New Features - Auto-configure observations for RestClients [#​38500](https://togithub.com/spring-projects/spring-boot/issues/38500) - Add support for Oracle Free, the replacement for Oracle XE, with Testcontainers and Docker Compose [#​38476](https://togithub.com/spring-projects/spring-boot/issues/38476) - Provide dependency management for org.crac:crac [#​38378](https://togithub.com/spring-projects/spring-boot/issues/38378) - Add new properties for Liquibase 4.24.0 [#​38274](https://togithub.com/spring-projects/spring-boot/pull/38274) - Provide a way to create custom ApplicationContextFactory in SpringBootContextLoader [#​38205](https://togithub.com/spring-projects/spring-boot/issues/38205) - Report friendly error when failing to find AOT initializer [#​38188](https://togithub.com/spring-projects/spring-boot/pull/38188) #### :lady_beetle: Bug Fixes - Annotation based ConditionalOnBean checks can cause early initialization of FactoryBeans [#​38507](https://togithub.com/spring-projects/spring-boot/issues/38507) - CRaC restoration fails when Actuator's running on a separate port [#​38502](https://togithub.com/spring-projects/spring-boot/issues/38502) - App that depends on Tomcat and on Jetty's websocket-server module fails to start with IllegalStateException: WebSocketComponents has not been created [#​38286](https://togithub.com/spring-projects/spring-boot/issues/38286) - App fails to start with a NoSuchMethodError when using Flyway 10.0.0 [#​38268](https://togithub.com/spring-projects/spring-boot/issues/38268) - MeterRegistry throws BeanCreationNotAllowedException on shutdown [#​38240](https://togithub.com/spring-projects/spring-boot/issues/38240) - Resolution of productionRuntimeClasspath configuration may select the wrong variant and contain a dependency's source jar [#​38233](https://togithub.com/spring-projects/spring-boot/issues/38233) - Docker JSON parsing fails on certain locales [#​38220](https://togithub.com/spring-projects/spring-boot/issues/38220) - FileNotFoundException is thrown serving resources due to JarUrlConnection.getLastModified() returning zero [#​38204](https://togithub.com/spring-projects/spring-boot/issues/38204) - Failed to extract parameter names exception thrown when binding with non-enumerable property source [#​38201](https://togithub.com/spring-projects/spring-boot/issues/38201) - Spring Boot 3.2.0-RC1 application fails on JDK with CRaC but without a dependency on org.crac:crac [#​38186](https://togithub.com/spring-projects/spring-boot/issues/38186) - Missing configuration processing for PartEvent support [#​37642](https://togithub.com/spring-projects/spring-boot/issues/3