本文主要参考官文文档。主要目的方便版本升级使用,对于需要升级部分进行翻译,对于新增特性等后续部分未做处理
1、Upgrading from Spring Boot 2.5
1.1 在Spring Boot 2.4弃用的代码
在Spring Boot 2.4中弃用的类、方法和属性将在这个版本中被移除。升级前请确保没有使用被弃用注解的方法。
1.2 默认禁止循环引用
缺省情况下,现在禁止bean之间的循环引用。如果您的应用程序由于' BeanCurrentlyInCreationException '而启动失败,强烈建议您更新配置以打破依赖循环。如果不能这样做,可以通过设置spring.main.allow-circular-references=true
,或者在SpringApplication
和SpringApplicationBuilder
上使用新的setter方法。这将恢复2.5的行为并自动尝试打破依赖循环。
1.3 基于PathPattern的Spring MVC路径匹配策略
根据注册的Spring MVC处理程序映射匹配请求路径的默认策略已经从 AntPathMatcher
变为 PathPatternParser
。使用PathPatternParser
时,不支持自定义调度servlet路径(spring.mvc.servlet.path
)。
如果你正在使用Spring Security,你应该检查你的mvcMatchers
的使用,以确保你的匹配器继续满足你的需求。对于AntPathMatcher
, authorizeRequests.mvcMatchers("hello").permitAll()
'将授予对' /hello '的访问权限。更精确地匹配 PathPatternParser
需要使用authorizeRequests.mvcMatchers("/hello").permitAll()
(注意前导/
)来代替。
如果你需要将默认值切换回AntPathMatcher
,你可以设置 spring.mvc.pathmatch.matching-strategy=ant-path-matcher
。
执行器端点现在也使用基于 PathPattern
的URL匹配。注意,执行器端点的路径匹配策略不能通过配置属性进行配置。如果您正在使用Actuator和Springfox,这可能会导致应用程序无法启动。请参见Springfox本期的详细信息。
1.4 Actuator Env InfoContributor默认禁用
缺省情况下,env
信息贡献者现在是禁用的。该贡献者公开了Spring Environment 中任何名称以 info
开头的属性。如果您有任何以info
开头的属性,并希望它们显示在InfoEndpoint
中,请将management.info.env.enabled=true
。
1.5 Application Startup
记录到ApplicationStartup
的 spring.boot.application.running
启动步骤已被重命名为spring.boot.application.ready
。如果你正在处理从FlightRecorderApplicationStartup
或 BufferingApplicationStartup
生成的文件,你将需要使用新的名称。
1.6 Web资源配合
直接注入Resources
不再有效,因为这个配置已经在WebProperties
中得到了协调。如果你需要访问这些信息,你需要注入WebProperties
来代替。
1.7 Dependency Management移除
JBoss Transaction SPI
Dependency management for org.jboss:jboss-transaction-spi
has been removed. If you are using org.jboss:jboss-transaction-spi
you should define your own dependency management that meets your application’s needs.
Nimbus DS
Dependency management for com.nimbusds:oauth2-oidc-sdk
and com.nimbusds:nimbus-jose-jwt
has been removed. If you are using Spring Security you should rely on the versions that it will pull in as transitive dependencies. If you are not using Spring Security you should define your own dependency management that meets your application’s needs.
HAL Browser
Dependency management for org.webjars:hal-browser
has been removed. If you are using org.webjars:hal-browser
you should define your own dependency management that meets your application’s needs.
1.8 Prometheus版本属性
控制Prometheus版本的属性已从prometheus-pushgateway.version
更改为prometheus-client.version
。这是为了反映出该属性管理Prometheus客户端中每个模块的版本,而不仅仅是pushgateway。
1.9 嵌入式Mongo
要使用嵌入式mongo,spring.mongodb.embedded.version
必须设置的属性。这有助于确保MongoDB 版本。这有助于确保嵌入式支持使用的MongoDB版本与您的应用程序将在生产中使用的MongoDB版本相匹配。
1.10 Oracle数据库驱动依赖管理
Oracle数据库驱动程序的依赖管理已经简化。如果你仍然依赖旧的 com.oracle.ojdbc
groupId,你需要升级到 com.oracle.database.jdbc
groupId,因为我们已经删除了前者的依赖管理。
1.11 Flyway Vault相关属性移除
Flyway的7.12版本将vault相关的设置移到了一个闭源扩展中。不幸的是,这妨碍了Spring Boot对它们进行配置。结果,对应的spring.flyway.vault-secrets
, spring.flyway.vault-token
, 和spring.flyway.vault-url
的属性已被删除。如果您是Flyway Teams用户,可以通过FlywayConfigurationCustomizer
bean, FluentConfigiguration.getExtensionConfiguration
和Vault ApiExtension
配置设置。
1.12 WebFlux Session 属性
spring.webflux.session
属性组已弃用,并已迁移到server.reactive.session
。旧的属性将继续工作,但如果可能,您应该迁移到新的属性。
1.13 Elasticsearch 属性整合
用于配置Elasticsearch客户端的配置属性已经得到了统一。以前,配置阻塞高级REST客户端和响应式REST客户机的许多常用属性在 spring.elasticsearch.rest
和 spring.data.elasticsearch.clients.reactive
中重复。
如果您正在使用阻塞REST客户端,下表列出了旧属性及其替换项:
Deprecated Property | Replacement |
---|---|
spring.elasticsearch.rest.uris |
spring.elasticsearch.uris |
spring.elasticsearch.rest.username |
spring.elasticsearch.username |
spring.elasticsearch.rest.password |
spring.elasticsearch.password |
spring.elasticsearch.rest.connection-timeout |
spring.elasticsearch.connection-timeout |
spring.elasticsearch.rest.read-timeout |
spring.elasticsearch.socket-timeout |
spring.elasticsearch.rest.sniffer.interval |
spring.elasticsearch.restclient.sniffer.interval |
spring.elasticsearch.rest.sniffer.delay-after-failure |
spring.elasticsearch.restclient.sniffer.delay-after-failure If you are using the reactive client, the following table lists the old properties and their replacements: |
Deprecated Property | Replacement |
---|---|
spring.data.elasticsearch.client.reactive.endpoints |
spring.elasticsearch.uris |
spring.data.elasticsearch.client.reactive.use-ssl |
https scheme when configuring spring.elasticsearch.uris
|
spring.data.elasticsearch.client.reactive.username |
spring.elasticsearch.username |
spring.data.elasticsearch.client.reactive.password |
spring.elasticsearch.password |
spring.data.elasticsearch.client.reactive.connection-timeout |
spring.elasticsearch.connection-timeout |
spring.data.elasticsearch.client.reactive.socket-timeout |
spring.elasticsearch.socket-timeout |
spring.data.elasticsearch.client.reactive.max-in-memory-size |
spring.elasticsearch.webclient.max-in-memory-size |
1.14 Spring Data Couchbase不在考虑使用注解@Persistent
为了使默认行为与Spring Data Couchbase保持一致, @Persistent
注解类型不再被考虑。如果您依赖于该注解,则可以使用@Document
代替。
1.15 Maven Build Info’s Default Time
Maven插件的构建信息支持现在使用 project.build.outputTimestamp
属性作为默认的构建时间。如果未设置该属性,则使用构建会话的开始时间。和以前一样,时间可以通过设置为off
来完全禁用。
1.16 Records and @ConfigurationProperties
如果你在一个Java 16类中使用 @ConfigurationProperties
,并且该类只有一个构造函数,那么它就不再需要用 @ConstructorBinding
注解了。如果你的类有多个构造函数, @ConstructorBinding
仍然应该用来标识用于属性绑定的构造函数。
1.17 Deferred OpenID Connect Discovery
对于使用 spring-security-oauth2-resource-server
配置了OpenID连接issuer-uri
的资源服务器应用程序,Spring Boot现在会自动配置SupplierJwtDecoder
而不是NimbusJwtDecoder
。这就启用了Spring Security的惰性OIDC发现支持,从而提高了启动时间。类似地,对于响应式应用程序,ReactiveSupplierJwtDecoder
是自动配置的。
1.18 Kafka 3.0
Spring Boot 2.6升级到Apache Kafka 3.0旨在默认启用最强的交付保证。由于一个Kafka bug,这些更改直到Kafka 3.0.1 (Spring Boot 2.6.5使用Kafka 3.0.1)才完全到位。
启用幂等会导致一些问题,例如在升级时出现 ClusterAuthorizationException
。如果你遇到问题,想要禁用幂等(Kafka 3.0.1之前的默认值),设置以下属性:
spring.kafka.producer.properties.enable.idempotence=false
1.19 最低要求的变化
无。
2、New and Noteworthy
Check the configuration changelog for a complete overview of the changes in configuration. |
SameSite Cookie Attribute Servlet Support
You can now configure SameSite
attributes on session cookies for servlet applications using the server.servlet.session.cookie.same-site
property. This works with auto-configured Tomcat, Jetty and Undertow servers.
In addition, the CookieSameSiteSupplier
interface can be used if you want to apply a SameSite
attribute to other cookies. See the updated documentation for more details and some example code.
Reactive Server Session Properties
The session properties supported for reactive servers (previously under spring.webflux.session
) have been expanded with this release. The new properties are available under server.reactive.session
and now offer parity with the servlet versions.
Pluggable Sanitization Rules
Spring Boot sanitizes sensitive values present in the /env
and /configprops
endpoints. While it was possible to configure which properties get sanitized via configuration properties, users might want to apply sanitization rules based on which PropertySource
the property originated from. For example, Spring Cloud Vault uses vault to store encrypted values and load them into the Spring environment. Since all values are encrypted, it would make sense to blank the values of every key in an entire property source. Such sanitization customizations can be configured by adding a @Bean
of type SanitizingFunction
.
Java Runtime Information
The info
endpoint can now expose Java Runtime information under the java
key, as shown in the following example:
{
"java": {
"vendor": "BellSoft",
"version": "17",
"runtime": {
"name": "OpenJDK Runtime Environment",
"version": "17+35-LTS"
},
"jvm": {
"name": "OpenJDK 64-Bit Server VM",
"vendor": "BellSoft",
"version": "17+35-LTS"
}
}
}
To expose this information in the info
endpoint’s response, set the management.info.java.enabled
property to true
.
Build Info Property Exclusions
It’s now possible to exclude specific properties from being added to the build-info.properties
file generated by the Spring Boot Maven or Gradle plugin.
Maven users can exclude the standard group
, artifact
, name
, version
or time
properties using the <excludeInfoProperties>
tag. For example, to exclude the version
property the following configuration can be used:
<configuration>
<excludeInfoProperties>
<excludeInfoProperty>version</excludeInfoProperty>
</excludeInfoProperties>
</configuration>
Gradle users can use null
values with the properties
block of the DSL:
task buildInfo(type: org.springframework.boot.gradle.tasks.buildinfo.BuildInfo) {
destinationDir project.buildDir
properties {
version = null
}
}
Health Support
Additional Path on Main or Management Port
Health groups can be made available at an additional path on either the main or management port. This is useful in cloud environments such as Kubernetes, where it is quite common to use a separate management port for the actuator endpoints for security purposes. Having a separate port could lead to unreliable health checks because the main application might not work properly even if the health check is successful. A typical configuration would have all the actuator endpoints on a separate port and health groups that are used for liveness and readiness available at an additional path on the main port.
Composite Contributor Include/Exclude Support
Health groups can be configured to include/exclude parts of a CompositeHealthContributor
. This can be done by specifying the fully qualified path to the component. For example, a component spring
which is nested inside a composite named test
, can be included using test/spring
.
Metrics Support
Application Startup
Auto-configuration exposes two metrics related to application startup:
application.started.time
: time taken to start the application.application.ready.time
: time taken for the application to be ready to service requests.
Disk Space
Micrometer’s DiskSpaceMetrics
are now auto-configured. disk.free
and disk.total
metrics are provided for the partition identified by the current working directory. To change the path that is used, define your own DiskSpaceMetrics
bean.
Task Execution and Scheduling
Micrometer’s ExecutorServiceMetrics
are now auto-configured for all ThreadPoolTaskExecutor
and ThreadPoolTaskScheduler
beans, as long as the underlying ThreadPoolExecutor
is available. Metrics are tagged with the name of the executor derived from its bean name.
Jetty Connection and SSL
Micrometer’s JettyConnectionMetrics
are now auto-configured. Additionally, when server.ssl.enabled
is set to true
, Micrometer’s JettySslHandshakeMetrics
are also auto-configured.
Exporting to the Dynatrace v2 API
Support for exporting metrics to the Dynatrace v2 API has been added. With a local OneAgent running on the host, a dependency on io.micrometer:micrometer-registry-dynatrace
is all that is required. Without a local OneAgent, the management.metrics.export.dynatrace.uri
and management.metrics.export.dynatrace.api-token
properties must be configured. Other settings that are specific to the v2 API can be configured using the management.metrics.export.dynatrace.v2
properties. Please refer to the updated reference documentation for further details.
Docker Image Building Support
Additional Image Tags
The Maven and Gradle plugins now support applying additional tags to a generated image after it is built using a tags
configuration parameter.
See the updated Gradle and Maven reference documentation for more details.
Network Configuration
A network
configuration parameter has been added to the Maven plugin spring-boot:build-image
goal and the Gradle bootBuildImage
task. This parameter can be used to configure the network driver used by the container that runs the Cloud Native Buildpacks builder process.
Cache Configuration
The Maven and Gradle plugins now support customizing the names of the volumes used to cache layers contributed to a built image by buildpacks using buildCache
and launchCache
configuration parameters.
See the updated Gradle and Maven reference documentation for more details.
Auto-configuration for Spring Data Envers
Auto-configuration for Spring Data Envers is now provided. To use it, add a dependency on org.springframework.data:spring-data-envers
and update your JPA repositories to extend from RevisionRepository
.
Redis Connection Pooling
Redis (both Jedis and Lettuce) will now automatically enable pooling when commons-pool2
is on the classpath. Set spring.redis.jedis.pool.enabled
or spring.redis.lettuce.pool.enabled
to false
to disable pooling if required.
Auto-configuration for spring-rabbit-stream
Auto-configuration for Spring AMQP’s new spring-rabbit-stream
module has been added. A StreamListenerContainer
is auto-configured when the spring.rabbitmq.listener.type
property is set to stream
. The spring.rabbitmq.stream.*
properties can be used to configure access to the broker and spring.rabbitmq.listener.stream.native-listener
can be used to enable native listener support.
Support for PEM format in Kafka SSL Properties
Previously, Kafka only supported file-based key and trust stores for SSL. With KIP-651, it is now possible to use the PEM format. Spring Boot has added the following properties that allow configuring SSL certificates and private keys using the PEM format:
spring.kafka.ssl.key-store-key
spring.kafka.ssl.key-store-certificate-chain
spring.kafka.ssl.trust-store-certificates
Improved Configuration of the Maven Plugin’s Start Goal
The Maven Plugin’s start
goal has been made more configurable from the command line. Its wait
and maxAttempts
properties can be specified using spring-boot.start.wait
and spring-boot.start.maxAttempts
respectively.
Auto-configured Spring Web Service Server Tests
A new annotation, @WebServiceServerTest
, that can be used to test Web Service @Endpoint
beans has been introduced. The annotation creates a test slice containing @Endpoint
beans and auto-configures a MockWebServiceClient
bean that can be used to test your web service endpoints.
MessageSource-based Interpolation of Bean Validation Messages
The application’s MessageSource
is now used when resolving {parameters}
in constraint messages. This allows you to use your application’s messages.properties
files for Bean Validation messages. Once the parameters have been resolved, message interpolation is completed using Bean Validation’s default interpolator.
Using WebTestClient for Testing Spring MVC
Developers could use WebTestClient
to test WebFlux apps in mock environments, or any Spring web app against live servers. This change also enables WebTestClient
for Spring MVC in mock environments: classes annotated with @AutoConfigureMockMvc
can get injected a WebTestClient
. This makes our support complete, you can now use a single API to drive all your web tests!
Spring Integration PollerMetadata Properties
Spring Integration PollerMetadata
(poll unbounded number of messages every second) can now be customized with spring.integration.poller.*
configuration properties.
Support for Log4j2’s Composite Configuration
Log4j2’s composite configuration is now supported. To use it, configure the logging.log4j2.config.override
property with a comma-separated list of secondary configuration files that will override the main configuration. The main configuration is sourced from Spring Boot’s defaults, a well-known standard location such as log4j2.xml
, or the location specified by the logging.config
property as before.
Dependency Upgrades
Spring Boot 2.6 moves to new versions of several Spring projects:
Spring Security 5.6
Spring Data 2021.1
Spring HATEOAS 1.4
Spring Kafka 2.8
Spring AMQP 2.4
Spring Session 2021.1.0
Numerous third-party dependencies have also been updated, some of the more noteworthy of which are the following:
Apache Kafka 3.0
Artemis 2.19
Cassandra Driver 4.13
Commons DBCP 2.9
Commons Pool 2.11
Couchbase Client 3.2.2
Elasticsearch 7.15
Flyway 8.0.5
Hibernate 5.6
JUnit Jupiter 5.8
Jedis 3.7
Kafka 3.0
Kotlin 1.6
Liquibase 4.5
Micrometer 1.8
Mockito 4.0
MongoDB 4.4
Postgresql 42.3
QueryDSL 5.0
SnakeYAML 1.29
Thymeleaf Layout Dialect 3.0
Miscellaneous
Apart from the changes listed above, there have also been lots of minor tweaks and improvements including:
The failure analysis for a
NoSuchMethodError
now includes information about the location from which the calling class was loaded.A
ClientResourcesBuilderCustomizer
bean can now be defined to customize Lettuce’sClientResources
will retaining the default auto-configuration.Configuration properties for Flyway’s
detectEncoding
,failOnMissingLocations
, andignoreMigrationPatterns
configuration settings have been added.A custom
ResourceLoader
to be used by the application can be provided when creating aSpringApplicationBulder
.A
WebSessionIdResolver
can now be defined to customize the resolver that will be used by the auto-configuredWebSessionManager
.Any
RSocketConnectorConfigurer
beans are now automatically applied to the auto-configuredRSocketRequester.Builder
.spring-boot-configuration-processor
can now generate metadata for classes annotated with Lombok’s@Value
.A new
server.tomcat.reject-illegal-header
configuration property can be set to true to configure Tomcat to accept illegal headers.When using Stackdriver, labels can now be configured on the monitor resource by setting
management.metrics.export.stackdriver.resource-labels.*
configuration properties.@EntityScan
now supports comma-separated values in itsbasePackages
attribute.A new configuration property,
server.netty.idle-timeout
, that can be used to control Reactor Netty’s idle timeout has been added.The location from which Devtools loads its global settings can now be configured using the
spring.devtools.home
system property or theSPRING_DEVTOOLS_HOME
environment variable.The setter methods on
RabbitTemplateConfigurer
are nowpublic
The
heapdump
endpoint is now supported on OpenJ9 where it will produce a heap dump in PHD format.New configuration properties are now supported for multipart support in WebFlux, under
spring.webflux.multipart.*
Any
ContainerCustomizer
bean is now called to configure the auto-configured Spring AMQPMessageListenerContainer
Jackson’s default leniency can be configured using the
spring.jackson.default-leniency
property.Distribution statistic’s expiry and buffer length are now configurable.
Command Latency metrics for Lettuce are now auto-configured.
Disk space metrics can be configured with one or more paths using the
management.metrics.system.diskspace.paths
property.Users can take control over the Redis auto-configuration by providing a
RedisStandaloneConfiguration
bean.The URLs of all available data sources is now logged when the H2 console is auto-configured.
A new configuration property,
spring.integration.management.default-logging-enabled
, can be used to disable Spring Integration’s default logging by setting its value tofalse
.Auto-configuration for
UserDetailsService
will now back off in the presence of anAuthenticationManagerProvider
bean.
Deprecations in Spring Boot 2.6.0
AbstractDataSourceInitializer
has been deprecated in favor ofDataSourceScriptDatabaseInitializer
. Similarly, subclasses ofAbstractDataSourceInitializer
have been deprecated in favour of newDataSourceScriptDatabaseInitializer
-based equivalents.SpringPhysicalNamingStrategy
has been deprecated in favor of Hibernate 5.5’sCamelCaseToUnderscoresNamingStrategy
Three methods on
AbstractApplicationContextRunner
have been deprecated in favor of newRunnerConfiguration
-based equivalentsThe
started
andrunning
methods inSpringApplicationRunListener
have been replaced with versions that accept aDuration
.Constructors in
ApplicationStartedEvent
andApplicationReadyEvent
have been replaced with versions that accept aDuration
.The
EnvironmentEndpoint.sanitize
has been deprecated for removal.