Spring Boot 2.6.0 RC1 Release Notes

Upgrading from Spring Boot 2.5

Deprecations from Spring Boot 2.4

Classes, methods and properties that were deprecated in Spring Boot 2.4 have been removed in this release. Please ensure that you aren’t calling deprecated methods before upgrading.

Minimum Requirements Changes

None.

Deferred OpenID Connect Discovery

For a resource server application using spring-security-oauth2-resource-server which is configured with an OpenID connect issuer-uri, Spring Boot now auto-configures a SupplierJwtDecoder instead of a NimbusJwtDecoder. This enables Spring Security’s lazy OIDC discovery support which improves startup time. Similarly, for reactive applications, a ReactiveSupplierJwtDecoder is auto-configured.

@Persistent no longer considered with Spring Data Couchbase

To align the default behavior with Spring Data Couchbase, @Persistent-annotated types are no longer considered. If you are relying on that annotation, @Document can be used instead.

Env InfoContributor Disabled by Default

The env info contributor is now disabled by default. To enable it, set management.info.env.enabled to true.

WebFlux Session Properties

The spring.webflux.session property group has been deprecated and relocated to server.reactive.session. The old properties will continue to work, but you should migrate to the new ones if possible.

New and Noteworthy

Tip	Check the configuration changelog for a complete overview of the changes in configuration.

Java Runtime Information

The info endpoint can now expose Java Runtime information under the java key, as shown in the following example:

{
  "java": {
    "vendor": "BellSoft",
    "version": "17",
    "runtime": {
      "name": "OpenJDK Runtime Environment",
      "version": "17+35-LTS"
    },
    "jvm": {
      "name": "OpenJDK 64-Bit Server VM",
      "vendor": "BellSoft",
      "version": "17+35-LTS"
    }
  }
}

To expose this information in the info endpoint’s response, set the management.info.java.enabled property to true.

Support for Log4j2’s Composite Configuration

Log4j2’s composite configuration is now supported. To use it, configure the logging.log4j2.config.override property with a comma-separated list of secondary configuration files that will override the main configuration. The main configuration is sourced from Spring Boot’s defaults, a well-known standard location such as log4j2.xml, or the location specified by the logging.config property as before.

Docker Image Building Support

Additional Image Tags

The Maven and Gradle plugins now support applying additional tags to a generated image after it is built using a tags configuration parameter.

See the updated Gradle and Maven reference documentation for more details.

Cache Configuration

The Maven and Gradle plugins now support customizing the names of the volumes used to cache layers contributed to a built image by buildpacks using buildCache and launchCache configuration parameters.

See the updated Gradle and Maven reference documentation for more details.

Build Info Property Exclusions

It’s now possible to exclude specific properties from being added to the build-info.properties file generated by the Spring Boot Maven or Gradle plugin.

Maven users can exclude the standard group, artifact, name, version or time properties using the <excludeInfoProperties> tag. For example, to exclude the version property the following configuration can be used:

<configuration>
	<excludeInfoProperties>
		<excludeInfoProperty>version</excludeInfoProperty>
	</excludeInfoProperties>
</configuration>

Gradle users can use null values with the properties block of the DSL:

task buildInfo(type: org.springframework.boot.gradle.tasks.buildinfo.BuildInfo) {
	destinationDir project.buildDir
	properties {
		version = null
	}
}

Support for PEM format in Kafka SSL Properties

Previously, Kafka only supported file-based key and trust stores for SSL. With KIP-651, it is now possible to use the PEM format. Spring Boot has added the following properties that allow configuring SSL certificates and private keys using the PEM format:

spring.kafka.ssl.key-store-key
spring.kafka.ssl.key-store-certificate-chain
spring.kafka.ssl.trust-store-certificates

Reactive Server Session Properties

The session properties supported for reactive servers (previously under spring.webflux.session) have been expanded with this release. The new properties are available under server.reactive.session and now offer parity with the servlet versions.

You can now configure SameSite attributes on session cookies for servlet applications using the server.session.cookie.same-site property. This works with auto-configured Tomcat, Jetty and Undertow servers.

In addition, the CookieSameSiteSupplier interface can be used if you want to apply a SameSite attribute to other cookies. See the updated documentation for more details and some example code.

Dependency Upgrades

Spring Boot 2.6 RC1 moves to new versions of several Spring projects:

Numerous third-party dependencies have also been updated, some of the more noteworthy of which are the following:

Apache Kafka 3.0.0
Couchbase Client 3.2.2
Elasticsearch 7.15.1
Flyway 8.0.2
Hibernate 5.6.0.Final
Jackson 2.13.0
Jetty 9.4.44.v20210927
Kotlin 1.6.0-RC
Liquibase 4.5.0
Mockito 4.0.0
MongoDB 4.4.0-beta1
MySQL 8.0.27
Netty 4.1.69.Final
Postgresql 42.3.0
Tomcat 9.0.54

Miscellaneous

Apart from the changes listed above, there have also been lots of minor tweaks and improvements including:

The URLs of all available data sources is now logged when the H2 console is auto-configured.
A new configuration property, spring.integration.management.default-logging-enabled, can be used to disable Spring Integration’s default logging by setting its value to false.
Auto-configuration for UserDetailsService will now back off in the presence of an AuthenticationManagerProvider bean.