search

pferron / maven-pom

0 stars 0 forks source link

Update dependency org.springframework.boot:spring-boot-starter-web to v2.7.1 (main) - autoclosed #14

Closed mend-for-github-com[bot] closed 1 year ago

mend-for-github-com[bot] commented 1 year ago

This PR contains the following updates:

Package Type Update Change
org.springframework.boot:spring-boot-starter-web (source) compile minor 2.6.14 -> 2.7.1

By merging this PR, the issue #6 will be automatically resolved and closed:

Severity CVSS Score CVE
High High 7.5 CVE-2022-25857
Medium Medium 6.5 CVE-2022-38749
Medium Medium 6.5 CVE-2022-38751
Medium Medium 6.5 CVE-2022-38752
Medium Medium 6.5 CVE-2022-41854
Medium Medium 6.5 CVE-2023-20861
Medium Medium 5.5 CVE-2022-38750

Release Notes

spring-projects/spring-boot ### [`v2.7.1`](https://togithub.com/spring-projects/spring-boot/releases/tag/v2.7.1) [Compare Source](https://togithub.com/spring-projects/spring-boot/compare/v2.7.0...v2.7.1) #### :lady_beetle: Bug Fixes - Values in a spring.data.cassandra.config file can't override some defaults defined in CassandraProperties [#​31503](https://togithub.com/spring-projects/spring-boot/issues/31503) - `@RestControllerAdvice` `@ExceptionHandler` Inconsistent behavior with `@RestControllerEndpoint` [#​31501](https://togithub.com/spring-projects/spring-boot/issues/31501) - Malformed json causes BasicJsonParser to throw a NullPointerException [#​31499](https://togithub.com/spring-projects/spring-boot/issues/31499) - Metadata generated by the configuration properties annotation processor can miss inherited properties from nested classes [#​31484](https://togithub.com/spring-projects/spring-boot/issues/31484) - JarFile implementation calls close early which breaks verification of signed unpacked nested jars on Oracle JDK [#​31395](https://togithub.com/spring-projects/spring-boot/issues/31395) - Health indicators that take a long time to respond are difficult to diagnose [#​31384](https://togithub.com/spring-projects/spring-boot/issues/31384) - Custom Converter annotated with `@ConfigurationPropertiesBinding` does not get selected if targetType has a static factory method different return type [#​31341](https://togithub.com/spring-projects/spring-boot/issues/31341) - Tomcat server.max-http-header-size property is ignored when using HTTP/2 [#​31329](https://togithub.com/spring-projects/spring-boot/issues/31329) - OAuth2 Resource Server Auto-Configuration can only configure a single JWS algorithm [#​31321](https://togithub.com/spring-projects/spring-boot/issues/31321) - Maven shade plugin configuration in spring-boot-starter-parent does not append META-INF/spring/\*.imports files [#​31316](https://togithub.com/spring-projects/spring-boot/issues/31316) - GraphQL RouterFunctions are unordered which prevents other functions from being ordered after them [#​31314](https://togithub.com/spring-projects/spring-boot/issues/31314) - spring-boot-dependencies manages spring-ldap-ldif-batch which no longer exists [#​31254](https://togithub.com/spring-projects/spring-boot/issues/31254) - Dependency task can fail due to BootJar and BootWar afterResolve hooks [#​31213](https://togithub.com/spring-projects/spring-boot/issues/31213) - MimeMappings does not include application/wasm [#​31188](https://togithub.com/spring-projects/spring-boot/issues/31188) - spring-configuration-metadata.json is missing for additional-spring-configuration-metadata.json after switching from `@Configuration` to `@AutoConfiguration` [#​31186](https://togithub.com/spring-projects/spring-boot/issues/31186) - Binder(ConfigurationPropertySource... sources) does not assert that sources contains only non-null elements [#​31183](https://togithub.com/spring-projects/spring-boot/issues/31183) - WebMvcMetricsFilter stopped working since 2.7.0 [#​31150](https://togithub.com/spring-projects/spring-boot/issues/31150) - Dependency management for mimepull is redundant and the managed version is incompatible with Java 8 [#​31145](https://togithub.com/spring-projects/spring-boot/pull/31145) - layers.xsd is out of sync with the documentation and implementation for including and excluding module dependencies [#​31128](https://togithub.com/spring-projects/spring-boot/issues/31128) #### :notebook_with_decorative_cover: Documentation - Make SpringApplication Kotlin samples idiomatic [#​31463](https://togithub.com/spring-projects/spring-boot/pull/31463) - Harmonize Kotlin example [#​31458](https://togithub.com/spring-projects/spring-boot/pull/31458) - Remove duplicate content from "The Spring WebFlux Framework" section [#​31381](https://togithub.com/spring-projects/spring-boot/issues/31381) - Document that property placeholders should use the canonical property name form [#​31369](https://togithub.com/spring-projects/spring-boot/issues/31369) - Fix typos in the reference documentation [#​31366](https://togithub.com/spring-projects/spring-boot/issues/31366) - Enable Links for the Javadoc of the Gradle Plugin [#​31362](https://togithub.com/spring-projects/spring-boot/issues/31362) - Remove "earlier in this chapter" from places where content is now elsewhere in the documentation [#​31360](https://togithub.com/spring-projects/spring-boot/issues/31360) - Restore custom favicon documentation [#​31358](https://togithub.com/spring-projects/spring-boot/issues/31358) - Document that when using Lombok it must be configured to run before spring-boot-configuration-processor [#​31356](https://togithub.com/spring-projects/spring-boot/issues/31356) - Use Lambda-based API in Spring Security examples [#​31354](https://togithub.com/spring-projects/spring-boot/issues/31354) - Fix typo in name of imports file in javadoc of ImportCandidates.from [#​31277](https://togithub.com/spring-projects/spring-boot/pull/31277) - Typos in documentation ("spring-factories" instead of "spring.factories") [#​31206](https://togithub.com/spring-projects/spring-boot/issues/31206) - Fix Custom Layers Configuration section title in Maven plugin docs [#​31180](https://togithub.com/spring-projects/spring-boot/issues/31180) - org.springframework.boot.actuate.autoconfigure.metrics.graphql has no package info [#​31140](https://togithub.com/spring-projects/spring-boot/pull/31140) - Update Dynatrace Micrometer registry documentation [#​31132](https://togithub.com/spring-projects/spring-boot/pull/31132) #### :hammer: Dependency Upgrades - Upgrade to AppEngine SDK 1.9.97 [#​31421](https://togithub.com/spring-projects/spring-boot/issues/31421) - Upgrade to Byte Buddy 1.12.11 [#​31508](https://togithub.com/spring-projects/spring-boot/issues/31508) - Upgrade to Couchbase Client 3.3.1 [#​31422](https://togithub.com/spring-projects/spring-boot/issues/31422) - Upgrade to Dropwizard Metrics 4.2.10 [#​31488](https://togithub.com/spring-projects/spring-boot/issues/31488) - Upgrade to Elasticsearch 7.17.4 [#​31423](https://togithub.com/spring-projects/spring-boot/issues/31423) - Upgrade to Embedded Mongo 3.4.6 [#​31424](https://togithub.com/spring-projects/spring-boot/issues/31424) - Upgrade to Flyway 8.5.13 [#​31425](https://togithub.com/spring-projects/spring-boot/issues/31425) - Upgrade to Groovy 3.0.11 [#​31426](https://togithub.com/spring-projects/spring-boot/issues/31426) - Upgrade to H2 2.1.214 [#​31427](https://togithub.com/spring-projects/spring-boot/issues/31427) - Upgrade to Hazelcast 5.1.2 [#​31428](https://togithub.com/spring-projects/spring-boot/issues/31428) - Upgrade to Jetty 9.4.48.v20220622 [#​31509](https://togithub.com/spring-projects/spring-boot/issues/31509) - Upgrade to jOOQ 3.14.16 [#​31429](https://togithub.com/spring-projects/spring-boot/issues/31429) - Upgrade to Kotlin Coroutines 1.6.3 [#​31490](https://togithub.com/spring-projects/spring-boot/issues/31490) - Upgrade to MariaDB 3.0.5 [#​31431](https://togithub.com/spring-projects/spring-boot/issues/31431) - Upgrade to Micrometer 1.9.1 [#​31372](https://togithub.com/spring-projects/spring-boot/issues/31372) - Upgrade to MongoDB 4.6.1 [#​31432](https://togithub.com/spring-projects/spring-boot/issues/31432) - Upgrade to Neo4j Java Driver 4.4.6 [#​31433](https://togithub.com/spring-projects/spring-boot/issues/31433) - Upgrade to Netty 4.1.78.Final [#​31434](https://togithub.com/spring-projects/spring-boot/issues/31434) - Upgrade to Postgresql 42.3.6 [#​31435](https://togithub.com/spring-projects/spring-boot/issues/31435) - Upgrade to Reactive Streams 1.0.4 [#​31436](https://togithub.com/spring-projects/spring-boot/issues/31436) - Upgrade to Reactor 2020.0.20 [#​31371](https://togithub.com/spring-projects/spring-boot/issues/31371) - Upgrade to Solr 8.11.2 [#​31491](https://togithub.com/spring-projects/spring-boot/issues/31491) - Upgrade to Spring AMQP 2.4.6 [#​31376](https://togithub.com/spring-projects/spring-boot/issues/31376) - Upgrade to Spring Data 2021.2.1 [#​31374](https://togithub.com/spring-projects/spring-boot/issues/31374) - Upgrade to Spring Framework 5.3.21 [#​31319](https://togithub.com/spring-projects/spring-boot/issues/31319) - Upgrade to Spring HATEOAS 1.5.1 [#​31465](https://togithub.com/spring-projects/spring-boot/issues/31465) - Upgrade to Spring Integration 5.5.13 [#​31483](https://togithub.com/spring-projects/spring-boot/issues/31483) - Upgrade to Spring Kafka 2.8.7 [#​31377](https://togithub.com/spring-projects/spring-boot/issues/31377) - Upgrade to Spring LDAP 2.4.1 [#​31373](https://togithub.com/spring-projects/spring-boot/issues/31373) - Upgrade to Spring Security 5.7.2 [#​31375](https://togithub.com/spring-projects/spring-boot/issues/31375) - Upgrade to Tomcat 9.0.64 [#​31437](https://togithub.com/spring-projects/spring-boot/issues/31437) - Upgrade to Undertow 2.2.18.Final [#​31438](https://togithub.com/spring-projects/spring-boot/issues/31438) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@​sdeleuze](https://togithub.com/sdeleuze) - [@​1993heqiang](https://togithub.com/1993heqiang) - [@​hpoettker](https://togithub.com/hpoettker) - [@​naveensrinivasan](https://togithub.com/naveensrinivasan) - [@​vpavic](https://togithub.com/vpavic) - [@​izeye](https://togithub.com/izeye) - [@​ningenMe](https://togithub.com/ningenMe) - [@​larsgrefer](https://togithub.com/larsgrefer) - [@​anthonyvdotbe](https://togithub.com/anthonyvdotbe) - [@​pirgeo](https://togithub.com/pirgeo) - [@​jprinet](https://togithub.com/jprinet) - [@​dalbani](https://togithub.com/dalbani) - [@​ittays](https://togithub.com/ittays) - [@​eddumelendez](https://togithub.com/eddumelendez) - [@​youribonnaffe](https://togithub.com/youribonnaffe) - [@​matei-cernaianu](https://togithub.com/matei-cernaianu) - [@​tudormarc](https://togithub.com/tudormarc) - [@​abel533](https://togithub.com/abel533) - [@​terminux](https://togithub.com/terminux) ### [`v2.7.0`](https://togithub.com/spring-projects/spring-boot/releases/tag/v2.7.0) [Compare Source](https://togithub.com/spring-projects/spring-boot/compare/v2.6.14...v2.7.0) See the [Release notes for 2.7](https://togithub.com/spring-projects/spring-boot/wiki/Spring-Boot-2.7-Release-Notes) for upgrade instructions and details of new features. #### :star: New Features - Revert to using "application/json" as default MIME type for GraphQL while remaining compatible with "application/graphql+json" [#​30860](https://togithub.com/spring-projects/spring-boot/issues/30860) - Allow customization of single logout in auto-configured SAML relying party registration [#​30128](https://togithub.com/spring-projects/spring-boot/issues/30128) #### :lady_beetle: Bug Fixes - Default properties configured on SpringApplication have higher precedence than properties configured with `@PropertySource` [#​31093](https://togithub.com/spring-projects/spring-boot/issues/31093) - A failure when an instrumented WebClient records metrics causes the request to fail [#​31089](https://togithub.com/spring-projects/spring-boot/issues/31089) - Dependency management for Artemis is incomplete [#​31079](https://togithub.com/spring-projects/spring-boot/issues/31079) - Configuration properties for Statsd's buffered and step properties are missing [#​31059](https://togithub.com/spring-projects/spring-boot/issues/31059) - Debug logging for requests to WebFlux-based Actuator endpoints does not identify the endpoint [#​30887](https://togithub.com/spring-projects/spring-boot/issues/30887) - `@ConditionalOnProperty` meta annotation with `@AliasFor` does not work [#​30874](https://togithub.com/spring-projects/spring-boot/issues/30874) - Event handling in JobExecutionExitCodeGenerator is not thread-safe [#​30846](https://togithub.com/spring-projects/spring-boot/issues/30846) - Hibernate service loading logs HHH000505 warnings for ServiceConfigurationError with Gradle-built jars since 2.5.10 when using Java 11 or later [#​30791](https://togithub.com/spring-projects/spring-boot/issues/30791) - Cryptic startup failure with bare LOGGING_LEVEL environment variable [#​30789](https://togithub.com/spring-projects/spring-boot/issues/30789) - SearchStrategy argument of MethodValidationExcludeFilter byAnnotation(Class, SearchStrategy) is not used [#​30787](https://togithub.com/spring-projects/spring-boot/issues/30787) - spring.security.saml2.relyingparty.registration.*.asserting-party.* properties contain unwanted hyphen in asserting-party [#​30785](https://togithub.com/spring-projects/spring-boot/issues/30785) - DevTools sets deprecated spring.mustache.cache property [#​30774](https://togithub.com/spring-projects/spring-boot/pull/30774) #### :notebook_with_decorative_cover: Documentation - Extend documentation on Datadog metrics [#​30997](https://togithub.com/spring-projects/spring-boot/issues/30997) - Fix link to Upgrading From 1.x in multi-page documentation [#​30995](https://togithub.com/spring-projects/spring-boot/issues/30995) - Document support for Java 18 [#​30782](https://togithub.com/spring-projects/spring-boot/issues/30782) #### :hammer: Dependency Upgrades - Upgrade to ActiveMQ 5.16.5 [#​30927](https://togithub.com/spring-projects/spring-boot/issues/30927) - Upgrade to Byte Buddy 1.12.10 [#​30928](https://togithub.com/spring-projects/spring-boot/issues/30928) - Upgrade to Cassandra Driver 4.14.1 [#​30929](https://togithub.com/spring-projects/spring-boot/issues/30929) - Upgrade to Couchbase Client 3.2.7 [#​30930](https://togithub.com/spring-projects/spring-boot/issues/30930) - Upgrade to Couchbase Client 3.3.0 [#​31031](https://togithub.com/spring-projects/spring-boot/issues/31031) - Upgrade to Elasticsearch 7.17.3 [#​30931](https://togithub.com/spring-projects/spring-boot/issues/30931) - Upgrade to Flyway 8.5.11 [#​31080](https://togithub.com/spring-projects/spring-boot/issues/31080) - Upgrade to GraphQL Java 18.1 [#​30859](https://togithub.com/spring-projects/spring-boot/issues/30859) - Upgrade to Hibernate 5.6.9.Final [#​31081](https://togithub.com/spring-projects/spring-boot/issues/31081) - Upgrade to Infinispan 13.0.10.Final [#​30933](https://togithub.com/spring-projects/spring-boot/issues/30933) - Upgrade to Jackson Bom 2.13.3 [#​31046](https://togithub.com/spring-projects/spring-boot/issues/31046) - Upgrade to Jaybird 4.0.6.java8 [#​30934](https://togithub.com/spring-projects/spring-boot/issues/30934) - Upgrade to Johnzon 1.2.18 [#​30935](https://togithub.com/spring-projects/spring-boot/issues/30935) - Upgrade to Kafka 3.1.1 [#​31047](https://togithub.com/spring-projects/spring-boot/issues/31047) - Upgrade to Micrometer 1.9.0 [#​31013](https://togithub.com/spring-projects/spring-boot/issues/31013) - Upgrade to Mockito 4.5.1 [#​30936](https://togithub.com/spring-projects/spring-boot/issues/30936) - Upgrade to MSSQL JDBC 10.2.1.jre8 [#​31048](https://togithub.com/spring-projects/spring-boot/issues/31048) - Upgrade to MySQL 8.0.29 [#​30937](https://togithub.com/spring-projects/spring-boot/issues/30937) - Upgrade to Netty 4.1.77.Final [#​30938](https://togithub.com/spring-projects/spring-boot/issues/30938) - Upgrade to Postgresql 42.3.5 [#​30939](https://togithub.com/spring-projects/spring-boot/issues/30939) - Upgrade to Reactor Bom 2020.0.19 [#​30940](https://togithub.com/spring-projects/spring-boot/issues/30940) - Upgrade to Selenium 4.1.4 [#​30941](https://togithub.com/spring-projects/spring-boot/issues/30941) - Upgrade to Selenium HtmlUnit 3.61.0 [#​30855](https://togithub.com/spring-projects/spring-boot/issues/30855) - Upgrade to SendGrid 4.9.2 [#​31116](https://togithub.com/spring-projects/spring-boot/issues/31116) - Upgrade to Spring AMQP 2.4.5 [#​31022](https://togithub.com/spring-projects/spring-boot/issues/31022) - Upgrade to Spring Batch 4.3.6 [#​31020](https://togithub.com/spring-projects/spring-boot/issues/31020) - Upgrade to Spring Data 2021.2.0 [#​31015](https://togithub.com/spring-projects/spring-boot/issues/31015) - Upgrade to Spring for GraphQL 1.0.0 [#​30858](https://togithub.com/spring-projects/spring-boot/issues/30858) - Upgrade to Spring Framework 5.3.20 [#​31014](https://togithub.com/spring-projects/spring-boot/issues/31014) - Upgrade to Spring HATEOAS 1.5.0 [#​31016](https://togithub.com/spring-projects/spring-boot/issues/31016) - Upgrade to Spring Integration 5.5.12 [#​31062](https://togithub.com/spring-projects/spring-boot/issues/31062) - Upgrade to Spring Kafka 2.8.6 [#​31018](https://togithub.com/spring-projects/spring-boot/issues/31018) - Upgrade to Spring LDAP 2.4.0 [#​31017](https://togithub.com/spring-projects/spring-boot/issues/31017) - Upgrade to Spring Security 5.7.1 [#​31100](https://togithub.com/spring-projects/spring-boot/issues/31100) - Upgrade to Spring Session Bom 2021.2.0 [#​31021](https://togithub.com/spring-projects/spring-boot/issues/31021) - Upgrade to Tomcat 9.0.63 [#​31082](https://togithub.com/spring-projects/spring-boot/issues/31082) - Upgrade to UnboundID LDAPSDK 6.0.5 [#​30942](https://togithub.com/spring-projects/spring-boot/issues/30942) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@​izeye](https://togithub.com/izeye) - [@​luojianet](https://togithub.com/luojianet) - [@​marcwrobel](https://togithub.com/marcwrobel) - [@​eddumelendez](https://togithub.com/eddumelendez) - [@​mmoayyed](https://togithub.com/mmoayyed) - [@​ssobue](https://togithub.com/ssobue) - [@​christophejan](https://togithub.com/christophejan) - [@​dugenkui03](https://togithub.com/dugenkui03) - [@​denisw](https://togithub.com/denisw) - [@​terminux](https://togithub.com/terminux)