Bump the all group across 2 directories with 24 updates

[dependabot]

Bumps the all group with 17 updates in the / directory:

Package	From	To
com.google.errorprone:error_prone_annotations	2.44.0	2.49.0
com.google.guava:guava	33.5.0-jre	33.6.0-jre
joda-time:joda-time	2.14.0	2.14.2
org.yaml:snakeyaml	2.5	2.6
org.jetbrains.kotlin:kotlin-bom	2.2.21	2.3.21
com.fasterxml.jackson:jackson-bom	2.20.1	2.21.3
org.apache.logging.log4j:log4j-bom	0.0.0-SNAPSHOT	2.25.4
org.apache.logging.log4j:log4j-core	2.25.2	2.25.4
org.springframework.boot:spring-boot-dependencies	3.5.7	4.0.6
org.springframework.boot:spring-boot-maven-plugin	3.5.7	4.0.6
org.springframework.cloud:spring-cloud-dependencies	2025.0.0	2025.1.1
org.aspectj:aspectjweaver	1.9.25	1.9.25.1
org.aspectj:aspectjrt	1.9.25	1.9.25.1
org.aspectj:aspectjtools	1.9.25	1.9.25.1
org.codehaus.mojo:aspectj-maven-plugin	1.15.0	1.16.0
org.apache.maven.plugins:maven-jlink-plugin	3.2.0	3.3.0
io.fabric8:kubernetes-client-bom	7.4.0	7.6.1

Bumps the all group with 8 updates in the /log4j-samples-graalvm directory:

Package	From	To
org.apache.logging.log4j:log4j-bom	2.25.2	2.25.4
org.codehaus.mojo:exec-maven-plugin	3.6.2	3.6.3
org.assertj:assertj-bom	3.27.6	3.27.7
org.junit:junit-bom	6.0.1	6.0.3
ch.qos.logback:logback-classic	1.5.20	1.5.32
org.json:json	20250517	20251224
net.javacrumbs.json-unit:json-unit-assertj	5.0.0	5.1.1
org.graalvm.buildtools:native-maven-plugin	0.11.2	1.1.0

Updates com.google.errorprone:error_prone_annotations from 2.44.0 to 2.49.0

Release notes

Sourced from com.google.errorprone:error_prone_annotations's releases.

Error Prone 2.49.0

This release includes several changes to Matcher APIs, and removed some deprecated or problematic APIs:

• Remove deprecated MethodMatchers.withSignature API, which relies on fragile toString behaviour. Alternatives for matching on method signatures with varargs and type parameters were added in google/error-prone@a98a1c5.
• Removed variableType(Matcher) API. Matchers.variableType(Matcher) uses VariableTree#getType to match variable types, which own't work for lambda parameters with inferred types after JDK-8268850. The recommended replacement is variableType(TypePredicate).
• Make enclosingPackage return an optional. Module elements are not enclosed by a package, checks using enclosingPackage shouldn't assume an enclosing package exists when processing arbitrary elements.
• New FieldMatchers API, similar to MethodMatchers (google/error-prone@1dd9c3a).

New checks:

• AssertThrowsBlockToExpression: Discourage unnecessary block lambdas in assertThrows.
• AssertThrowsMinimizer: Suggest minimizing the amount of logic in assertThrows.
• MemorySegmentReferenceEquality: Discourage using reference equality for MemorySegments.
• PreferThrowsTag: Recommends using @throws instead of the legacy @exception javadoc tag.
• RecordAccessorInCompactConstructor: detect record accessors inside the compact canonical ctors, which read uninitialized fields.

Closed issues: #2283, #3503, #5210, #5289, #5548, #5548, #5554, #5609, #5614, #5656

Full changelog: google/error-prone@v2.48.0...v2.49.0

Error Prone 2.48.0

Changes:

• Added support for passing flags with command-line argument files (@-files) (google/error-prone@8e84edf)

New checks:

• AvoidValueSetter
• UnnecessarySemicolon

Closed issues: #5529, #5537, #5522, #5521

Full changelog: google/error-prone@v2.47.0...v2.48.0

Error Prone 2.47.0

New checks:

• InterruptedInCatchBlock: Detect accidental calls to Thread.interrupted() inside of catch(InterruptedException e) blocks.
• RefactorSwitch: Refactorings to simplify arrow switches
• UnnamedVariable: Rename unused variables to _

Closed issues: #1811, #4168, #5459, #5460

Full changelog: google/error-prone@v2.46.0...v2.47.0

Error Prone 2.46.0

Changes:

• The javac flag -XDaddTypeAnnotationsToSymbol=true is now required for Error Prone invocations on JDK 21, to enable the javac fix for JDK-8225377: type annotations are not visible to javac plugins across compilation boundaries. See google/error-prone#5426 for details.
• Remove deprecated value attribute from @IncompatibleModifiers and @RequiredModifiers (google/error-prone#2122)

... (truncated)

Commits

• 89d75c1 Release Error Prone 2.49.0
• 0b7b03b Fix up some javadoc on `ModifySourceCollectionInStream.isStreamApiInvocationO...
• fe5a7b1 Remove old FieldMatchers API
• d54a1d1 Fix up some Finally javadocs.
• d93b319 [RefactorSwitch] bugfix comment handling
• ff59782 [IfChainToSwitch] cleanup redundant conditions in ternary. No functional cha...
• 43b6df6 Generalise DuplicateAssertion to handle check* methods.
• 2c4346f Fix a bug in BooleanLiteral: it currently suggests replacing `Boolean.FALSE...
• 559039b [IfChainToSwitch] doc-only change. fix typo in code comments.
• 393c61c [IfChainToSwitch] enhance code generation to emit unnamed variables, when sup...
• Additional commits viewable in compare view

Updates com.google.guava:guava from 33.5.0-jre to 33.6.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.6.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.6.0-jre</version>
  <!-- or, for Android: -->
  <version>33.6.0-android</version>
</dependency>

Jar files

• 33.6.0-jre.jar
• 33.6.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.6.0-jre
• 33.6.0-android

JDiff

• 33.6.0-jre vs. 33.5.0-jre
• 33.6.0-android vs. 33.5.0-android
• 33.6.0-android vs. 33.6.0-jre

Changelog

• Migrated some classes from finalize() to PhantomReference in preparation for the removal of finalization. (786b619dd6, 7c6b17c, aeef90988d)
• cache: Deprecated CacheBuilder APIs that use TimeUnit in favor of those that use Duration. (73f8b0bb84)
• collect: Added toImmutableSortedMap collectors that use the natural comparator. (64d70b9f94)
• collect: Changed ConcurrentHashMultiset, ImmutableMap and TreeMultiset deserialization to avoid mutating final fields. In extremely unlikely scenarios in which an instance of that type contains an object that refers back to that instance, this could lead to a broken instance that throws NullPointerException when used. (8240c7e596, 046468055f)
• graph: Removed @Beta from all APIs in the package. (dae9566b73)
• graph: Added support to Graphs.transitiveClosure() for different strategies for adding self-loops. (2e13df25b2)
• graph: Added an asNetwork() view to Graph and ValueGraph. (909c593c61)
• hash: Added BloomFilter.serializedSize(). (df9bcc251a)
• net: Added HttpHeaders.CDN_CACHE_CONTROL. (75331b5030)

Commits

• See full diff in compare view

Updates joda-time:joda-time from 2.14.0 to 2.14.2

Release notes

Sourced from joda-time:joda-time's releases.

Release v2.14.2

See the change notes for more information.

What's Changed

• Update time zone data to 2026bgtz by @​jodastephen in JodaOrg/joda-time#831

Full Changelog: JodaOrg/joda-time@v2.14.1...v2.14.2

Release v2.14.1

See the change notes for more information.

What's Changed

• Fix build by @​jodastephen in JodaOrg/joda-time#811
• fix: correct typo in README (appropriate) by @​nabilshafi in JodaOrg/joda-time#818
• Auto-merge tzdb updates by @​jodastephen in JodaOrg/joda-time#819
• Update deployment from OSSRH by @​jodastephen in JodaOrg/joda-time#820
• Update time zone data to 2025cgtz by @​jodastephen in JodaOrg/joda-time#826
• Fix time zone name key by @​jodastephen in JodaOrg/joda-time#827
• Update time zone data to 2026agtz by @​jodastephen in JodaOrg/joda-time#829

New Contributors

• @​nabilshafi made their first contribution in JodaOrg/joda-time#818

Full Changelog: JodaOrg/joda-time@v2.14.0...v2.14.1

Commits

• d6ba4f0 Release v2.14.2
• 43ea40b Update time zone data to 2026bgtz (#831)
• c377753 Release v2.14.1
• 3fd08d4 Update time zone data to 2026agtz (#829)
• c4bf877 Fix name key (#827)
• 8b11cfa Update time zone data to 2025cgtz (#826)
• 7088d77 Update deployment from OSSRH (#820)
• 3418119 Auto-merge tzdb updates (#819)
• 6c95155 Fix website commit message
• c1d7f97 Fix typo in README (#818)
• Additional commits viewable in compare view

Updates org.yaml:snakeyaml from 2.5 to 2.6

Commits

• cc19a61 [maven-release-plugin] prepare for next development iteration
• bc4a8f4 Minor fixes in Javadoc
• f18203a Add a test for Y79Y-003
• ad1fceb Less output in tests
• 1db66b7 Add (failing) build with JDK 25
• 88ebaa8 build: fix JKD 25 tests compilation
• 6af8790 Update Javadoc
• a006b7a Update Javadoc
• c143db2 Update changes
• d78d11f Update changes
• Additional commits viewable in compare view

Updates org.jetbrains.kotlin:kotlin-bom from 2.2.21 to 2.3.21

Release notes

Sourced from org.jetbrains.kotlin:kotlin-bom's releases.

Kotlin 2.3.21

Changelog

Backend. Wasm

• KT-84610 [Wasm] Failed to compile klibs in IC mode

Compiler

• KT-84566 Prevent launching Default dispatcher threads from IJ SDK in kotlin compiler
• KT-85358 Native: roll back the workaround for KT-84678 once MapLibre has been properly fixed
• KT-85626 @JvmRecord in commonMain breaks compileCommonMainKotlinMetadata with "Cannot access 'java.lang.Record'"
• KT-85405 Postpone/Revert DontIgnoreUpperBoundViolatedOnImplicitArguments
• KT-84678 K/N: Undefined symbol from SPM-added ObjC frameworks when linking iOS target
• KT-85021 False positive SUBCLASS_CANT_CALL_COMPANION_PROTECTED_NON_STATIC error in multi-module project

JavaScript

• KT-82395 Support top-level declarations from compiler plugins in JS incremental compilation
• KT-84475 K/JS: false-positive exportability warnings in multi-module project
• KT-84633 Kotlin/JS: "Serializer for class not found" error when IR output granularity is whole-program
• KT-85047 Kotlin/JS: @JsStatic on suspend fun of class companion generates incorrect d.ts
• KT-84517 K/JS: bad mappings data in outputted Kotlin stdlib source map

Libraries

• KT-71848 Kotlinx.metadata: Add CompilerPluginData into Km API

Native. C and ObjC Import

• KT-85399 Kotlin/Native: TypeCastException when casting ObjC Protocol MetaClass with genericSafeCasts enabled
• KT-85508 K/N: TypeCastException when using nw_parameters_create_secure_tcp block parameter on 2.3.20

Tools. Gradle

• KT-84729 Update Gradle plugin-publish version to enable configuration cache badge on Gradle plugins portal

Tools. Gradle. Compiler plugins

• KT-85257 AGP/Compose: MergeMappingFileTask clears R8 artifacts due to @OutputDirectory annotation on AGP 9.1+

Tools. Scripts

• KT-85105 Scripts: JVM backend internal error (IR lowering) when scratch file contains anonymous object
• KT-85103 Exception while generating code when explain destructuring decls
• KT-84842 scriptCompilationClasspathFromContext behavior changed from 2.3.10 to 2.3.20
• KT-85029 Kotlin Scripting: ScriptDiagnostic reports "at null" instead of error location

Tools. Statistics (FUS)

... (truncated)

Changelog

Sourced from org.jetbrains.kotlin:kotlin-bom's changelog.

2.3.21

Backend. Wasm

• KT-84610 [Wasm] Failed to compile klibs in IC mode

Compiler

• KT-84566 Prevent launching Default dispatcher threads from IJ SDK in kotlin compiler
• KT-85358 Native: roll back the workaround for KT-84678 once MapLibre has been properly fixed
• KT-85626 @JvmRecord in commonMain breaks compileCommonMainKotlinMetadata with "Cannot access 'java.lang.Record'"
• KT-85405 Postpone/Revert DontIgnoreUpperBoundViolatedOnImplicitArguments
• KT-84678 K/N: Undefined symbol from SPM-added ObjC frameworks when linking iOS target
• KT-85021 False positive SUBCLASS_CANT_CALL_COMPANION_PROTECTED_NON_STATIC error in multi-module project

JavaScript

• KT-82395 Support top-level declarations from compiler plugins in JS incremental compilation
• KT-84475 K/JS: false-positive exportability warnings in multi-module project
• KT-84633 Kotlin/JS: "Serializer for class not found" error when IR output granularity is whole-program
• KT-85047 Kotlin/JS: @JsStatic on suspend fun of class companion generates incorrect d.ts
• KT-84517 K/JS: bad mappings data in outputted Kotlin stdlib source map

Libraries

• KT-71848 Kotlinx.metadata: Add CompilerPluginData into Km API

Native. C and ObjC Import

• KT-85399 Kotlin/Native: TypeCastException when casting ObjC Protocol MetaClass with genericSafeCasts enabled
• KT-85508 K/N: TypeCastException when using nw_parameters_create_secure_tcp block parameter on 2.3.20

Tools. Gradle

• KT-84729 Update Gradle plugin-publish version to enable configuration cache badge on Gradle plugins portal

Tools. Gradle. Compiler plugins

• KT-85257 AGP/Compose: MergeMappingFileTask clears R8 artifacts due to @OutputDirectory annotation on AGP 9.1+

Tools. Scripts

• KT-85105 Scripts: JVM backend internal error (IR lowering) when scratch file contains anonymous object
• KT-85103 Exception while generating code when explain destructuring decls
• KT-84842 scriptCompilationClasspathFromContext behavior changed from 2.3.10 to 2.3.20
• KT-85029 Kotlin Scripting: ScriptDiagnostic reports "at null" instead of error location

Tools. Statistics (FUS)

• KT-85628 KGP: composite build FUS metrics fail on access of 'configurationTimeMetrics'

... (truncated)

Commits

• fea1ad8 Add ChangeLog for 2.3.21-RC2
• 09c341e disable swift export execution tests in order to update macos
• 67a0868 Avoid accessing KotlinNativeLink taskProvider when task was not executed
• f89e5db [K/N] Disable TSAN in runtime tests
• 45d6c85 [K/N] Don't generate generic safe casts for Objective-C types
• 9261a6f [K/N][tests] Add a reproducer for KT-85508
• c9ab9db [K/N][tests] Add a reproducer for KT-85399
• 502e844 Explain: fix for destructuring declarations
• 0c26485 Explain: fix for object literals
• 68a9e3f [minor] fix testdata name in explain test
• Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.21.3

Commits

• 374fbd0 [maven-release-plugin] prepare release jackson-bom-2.21.3
• 7059df7 Prep for 2.21.3 release
• 2fd60bd Merge branch '2.20' into 2.21
• b82a364 Merge branch '2.19' into 2.20
• ef4e013 Merge branch '2.18' into 2.19
• 536ae51 Post-release dep version bump
• 536c533 [maven-release-plugin] prepare for next development iteration
• 426b778 [maven-release-plugin] prepare release jackson-bom-2.18.7
• a73cda9 Prep for 2.18.7 release
• 76b4a05 Post-release dep version bump
• Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-bom from 0.0.0-SNAPSHOT to 2.25.4

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.25.4

This patch release delivers fixes for configuration inconsistencies and formatting issues across several layouts.

• Restores alignment between documented and actual configuration attributes.
• Fixes formatting and sanitization issues in XML and RFC5424 layouts.
• Improves handling of invalid characters and non-standard values.

The authoritative list of recognized configuration attributes is available in the PluginReference.

Fixed

• Don't issue warnings if extra argument in parameterized logging is null. (#3975, #4014)
• Restore support for documented Rfc5424Layout parameter names. (#4022, #4074)
• Take Throwable#toString() into account while rendering stack traces in Pattern Layout. (#3623, #4033)
• Added debug level logs for successful resource loading in Loader class. (#4058, #4060)
• Align SslConfiguration factory method usage with Log4j 2.12+ API. The verifyHostname attribute is now correctly recognized. (#4061, #4075)
• Fix sanitization of structured data parameter names in RFC5424 layout. (#4073)
• Replace invalid characters in XmlLayout output with the Unicode replacement character (U+FFFD). (#4077)
• Replace invalid characters in Log4j1XmlLayout output with the Unicode replacement character (U+FFFD). (#4078)
• Replace invalid characters in MapMessage.asXml() output with the Unicode replacement character (U+FFFD). (#4079)
• Write non-finite floating-point numbers as strings in JsonWriter. (#4080)

2.25.3

This patch release addresses issues detailed in the changelog below. In particular, it includes an important fix for the host name verification in SSL/TLS configuration. This is used by Socket Appender.

Changed

• Optimize DefaultThreadContextMap.getCopy() performance by avoiding megamorphic calls in HashMap constructor (#3935, #3939)

Fixed

• Fix GraalVM metadata for nested classes to use binary names instead of canonical names (#3871, #3996)
• Fix failures caused by null SslConfiguration (#3947, #3953)
• Fix incorrect handling of the host name verification in SSL/TLS configuration, which is used by Socket Appender when SSL/TLS is enabled (#4002)

Removed

• Remove the com.github.spotbugs:spotbugs-annotations dependency (#3984, #3985)

2.25.2

This patch release addresses certain minor issues detailed in the changelog.

Fixed

• Fix potential memory leak involving LogBuilder in Log4j API to Logback bridge (#3819, #3824)
• Prevent unnecessary warnings in AbstractDriverManagerConnectionSource (#3828, #3831)
• Fix missing newlines in default logging configuration for log4j-core (#3835, #3851)
• Fix missing default Target value in Console Appender (#3852)
• Discard the sub-second part while obtaining the initial time (i.e., creation time) of a file in RollingFileManager (#3068, #3872)
• Fix Pattern Layout exception stack trace converters to no longer prepend newlines based on context (#3873, #3919)

... (truncated)

Commits

• See full diff in compare view

Updates org.apache.logging.log4j:log4j-core from 2.25.2 to 2.25.4

Updates org.springframework.boot:spring-boot-dependencies from 3.5.7 to 4.0.6

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v4.0.6

🐞 Bug Fixes

• Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
• Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
• ApplicationPidFileWriter does not handle symlinks correctly #50185
• RandomValuePropertySource is not suitable for secrets #50183
• Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
• ApplicationTemp does not handle symlinks correctly #50178
• Remote DevTools performs comparison incorrectly #50176
• spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
• Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
• Classic starters are missing several modules #50071
• Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
• Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
• EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
• WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
• Imports on a containing test class are ignored when a nested class has imports #50012
• With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
• 500 response from env endpoint when supplied pattern is invalid #49946
• Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
• HTTP method is lost when configuring excludes in EndpointRequest #49943
• Honor HttpMethod for reactive additional endpoint paths #49880
• Docker Compose support doesn't work with apache/artemis image #49869
• Docker Compose support doesn't work with apache/activemq image #49866
• Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
• API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

• Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
• HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
• Link to the observability section of the Lettuce documentation is broken #50097
• Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
• MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
• Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
• Link to the Kubernetes documentation when discussing startup probes #50015
• Typo in JdbcSessionAutoConfiguration Javadoc #49873
• Clarify that configuration property default values are not available through the Environment #49851
• Document the need for Liquibase and Flyway starters #49839
• Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

• Upgrade to Elasticsearch Client 9.2.8 #50027
• Upgrade to Groovy 5.0.5 #49911
• Upgrade to Hibernate 7.2.12.Final #50134
• Upgrade to Jackson Bom 3.1.2 #50051
• Upgrade to Jaxen 2.0.1 #50104
• Upgrade to Jaybird 6.0.5 #49914

... (truncated)

Commits

• 8821ad2 Release v4.0.6
• 9e4048a Merge branch '3.5.x' into 4.0.x
• 20bb11c Next development version (v3.5.15-SNAPSHOT)
• 98daa8e Merge branch '3.5.x' into 4.0.x
• 9dc5aa2 Polish
• 874f629 Fix default security with actuator but without health
• e41b3bf Enable hostname verification for SSL connections to Elasticsearch
• ef8527b Merge branch '3.5.x' into 4.0.x
• f533a45 Do not follow symlinks when writing PID file
• 4a7bd33 Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-maven-plugin from 3.5.7 to 4.0.6

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v4.0.6

🐞 Bug Fixes

• Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
• Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
• ApplicationPidFileWriter does not handle symlinks correctly #50185
• RandomValuePropertySource is not suitable for secrets #50183
• Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
• ApplicationTemp does not handle symlinks correctly #50178
• Remote DevTools performs comparison incorrectly #50176
• spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
• Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
• Classic starters are missing several modules #50071
• Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
• Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
• EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
• WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
• Imports on a containing test class are ignored when a nested class has imports #50012
• With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
• 500 response from env endpoint when supplied pattern is invalid #49946
• Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
• HTTP method is lost when configuring excludes in EndpointRequest #49943
• Honor HttpMethod for reactive additional endpoint paths #49880
• Docker Compose support doesn't work with apache/artemis image #49869
• Docker Compose support doesn't work with apache/activemq image #49866
• Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
• API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

• Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
• HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
• Link to the observability section of the Lettuce documentation is broken #50097
• Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
• MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
• Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
• Link to the Kubernetes documentation when discussing startup probes #50015
• Typo in JdbcSessionAutoConfiguration Javadoc #49873
• Clarify that configuration property default values are not available through the Environment #49851
• Document the need for Liquibase and Flyway starters #49839
• Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

• Upgrade to Elasticsearch Client 9.2.8 #50027
• Upgrade to Groovy 5.0.5 #49911
• Upgrade to Hibernate 7.2.12.Final #50134
• Upgrade to Jackson Bom 3.1.2 #50051
• Upgrade to Jaxen 2.0.1 #50104
• Upgrade to Jaybird 6.0.5 #49914

... (truncated)

Commits

• 8821ad2 Release v4.0.6
• 9e4048a Merge branch '3.5.x' into 4.0.x
• 20bb11c Next development version (v3.5.15-SNAPSHOT)
• 98daa8e Merge branch '3.5.x' into 4.0.x
• 9dc5aa2 Polish
• 874f629 Fix default security with actuator but without health
• e41b3bf Enable hostname verification for SSL connections to Elasticsearch
• ef8527b Merge branch '3.5.x' into 4.0.x
• f533a45 Do not follow symlinks when writing PID file
• 4a7bd33 Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

Updates org.springframework.cloud:spring-cloud-dependencies from 2025.0.0 to 2025.1.1

Release notes

Sourced from org.springframework.cloud:spring-cloud-dependencies's releases.

v2025.1.1

What's Changed

• Bump antora from 3.2.0-alpha.10 to 3.2.0-alpha.11 in /docs by @​dependabot[bot] in spring-cloud/spring-cloud-release#447
• Bump org.springframework.cloud:spring-cloud-contract-dependencies from 5.0.1-SNAPSHOT to 5.0.2-SNAPSHOT by @​dependabot[bot] in spring-cloud/spring-cloud-release#454
• Bump org.springframework.cloud:spring-cloud-contract-dependencies from 5.0.1-SNAPSHOT to 5.0.2-SNAPSHOT by @​dependabot[bot] in spring-cloud/spring-cloud-release#453
• Bump actions/cache from 4 to 5 by @​dependabot[bot] in spring-cloud/spring-cloud-release#456
• Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12 by @​dependabot[bot] in spring-cloud/spring-cloud-release#461
• Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12 by @​dependabot[bot] in spring-cloud/spring-cloud-release#460

Full Changelog: spring-cloud/spring-cloud-release@v2025.1.0...v2025.1.1

Commits

• dbb12bf Update SNAPSHOT to 2025.1.1
• edc8bcb Bumping versions
• a9f4183 Use Spring Boot 4.0.2-SNAPSHOT
• da7ad03 Merge pull request #460 from spring-cloud/dependabot/maven/org.apache.maven-m...
• 49b10e6 Merge pull request #461 from spring-cloud/dependabot/maven/main/org.apache.ma...
• 59782be Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12
• 89c8dd1 Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12
• 96a5fb0 Merge pull request #456 from spring-cloud/dependabot/github_actions/main/acti...