Skip to content

Bump spring-boot.version from 3.5.13 to 3.5.14#3529

Merged
andi-huber merged 1 commit intov3from
dependabot/maven/v3/spring-boot.version-3.5.14
Apr 27, 2026
Merged

Bump spring-boot.version from 3.5.13 to 3.5.14#3529
andi-huber merged 1 commit intov3from
dependabot/maven/v3/spring-boot.version-3.5.14

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026

Bumps spring-boot.version from 3.5.13 to 3.5.14.
Updates org.springframework.boot:spring-boot-starter-quartz from 3.5.13 to 3.5.14

Release notes

Sourced from org.springframework.boot:spring-boot-starter-quartz's releases.

v3.5.14

🐞 Bug Fixes

  • ApplicationPidFileWriter does not handle symlinks correctly #50173
  • RandomValuePropertySource is not suitable for secrets #50172
  • Cassandra auto-configuration misconfigures CqlSessionBuilder #50171
  • ApplicationTemp does not handle symlinks correctly #50170
  • Remote DevTools performs comparison incorrectly #50169
  • spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50168
  • EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50035
  • Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50033
  • Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50021
  • WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50008
  • 500 response from env endpoint when supplied pattern is invalid #49942
  • HTTP method is lost when configuring excludes in EndpointRequest #49885
  • Docker Compose support doesn't work with apache/artemis image #49865
  • Honor HttpMethod for reactive additional endpoint paths #49864
  • Docker Compose support doesn't work with apache/activemq image #49863
  • Imports on a containing test class are ignored when a nested class has imports #49860

📔 Documentation

  • Link to the observability section of the Lettuce documentation is broken #50092
  • Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50083
  • MySamlRelyingPartyConfiguration is missing a Kotlin sample #50023
  • Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50010
  • Link to the Kubernetes documentation when discussing startup probes #50007
  • Update docs to encourage Java fundamentals for beginners that prefer to learn that way #49895
  • Clarify that configuration property default values are not available through the Environment #49835

🔨 Dependency Upgrades

... (truncated)

Commits
  • 7d7b3ac Release v3.5.14
  • 9dc5aa2 Polish
  • f533a45 Do not follow symlinks when writing PID file
  • f3b8eb0 Use SecureRandom in RandomValuePropertySource
  • e22083a Enable hostname verification for SSL connections to Cassandra
  • 5ceb1a2 Improve ApplicationTemp's temporary directory creation
  • 4b0862c Use constant-time comparison for remote DevTools secret
  • e4febe2 Apply verify-hostname consistently
  • 2c2ffe5 Fix Windows test failure
  • 0046a44 Protect against corrupt buildpack archives
  • Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-websocket from 3.5.13 to 3.5.14

Release notes

Sourced from org.springframework.boot:spring-boot-starter-websocket's releases.

v3.5.14

🐞 Bug Fixes

  • ApplicationPidFileWriter does not handle symlinks correctly #50173
  • RandomValuePropertySource is not suitable for secrets #50172
  • Cassandra auto-configuration misconfigures CqlSessionBuilder #50171
  • ApplicationTemp does not handle symlinks correctly #50170
  • Remote DevTools performs comparison incorrectly #50169
  • spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50168
  • EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50035
  • Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50033
  • Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50021
  • WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50008
  • 500 response from env endpoint when supplied pattern is invalid #49942
  • HTTP method is lost when configuring excludes in EndpointRequest #49885
  • Docker Compose support doesn't work with apache/artemis image #49865
  • Honor HttpMethod for reactive additional endpoint paths #49864
  • Docker Compose support doesn't work with apache/activemq image #49863
  • Imports on a containing test class are ignored when a nested class has imports #49860

📔 Documentation

  • Link to the observability section of the Lettuce documentation is broken #50092
  • Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50083
  • MySamlRelyingPartyConfiguration is missing a Kotlin sample #50023
  • Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50010
  • Link to the Kubernetes documentation when discussing startup probes #50007
  • Update docs to encourage Java fundamentals for beginners that prefer to learn that way #49895
  • Clarify that configuration property default values are not available through the Environment #49835

🔨 Dependency Upgrades

... (truncated)

Commits
  • 7d7b3ac Release v3.5.14
  • 9dc5aa2 Polish
  • f533a45 Do not follow symlinks when writing PID file
  • f3b8eb0 Use SecureRandom in RandomValuePropertySource
  • e22083a Enable hostname verification for SSL connections to Cassandra
  • 5ceb1a2 Improve ApplicationTemp's temporary directory creation
  • 4b0862c Use constant-time comparison for remote DevTools secret
  • e4febe2 Apply verify-hostname consistently
  • 2c2ffe5 Fix Windows test failure
  • 0046a44 Protect against corrupt buildpack archives
  • Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-configuration-processor from 3.5.13 to 3.5.14

Release notes

Sourced from org.springframework.boot:spring-boot-configuration-processor's releases.

v3.5.14

🐞 Bug Fixes

  • ApplicationPidFileWriter does not handle symlinks correctly #50173
  • RandomValuePropertySource is not suitable for secrets #50172
  • Cassandra auto-configuration misconfigures CqlSessionBuilder #50171
  • ApplicationTemp does not handle symlinks correctly #50170
  • Remote DevTools performs comparison incorrectly #50169
  • spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50168
  • EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50035
  • Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50033
  • Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50021
  • WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50008
  • 500 response from env endpoint when supplied pattern is invalid #49942
  • HTTP method is lost when configuring excludes in EndpointRequest #49885
  • Docker Compose support doesn't work with apache/artemis image #49865
  • Honor HttpMethod for reactive additional endpoint paths #49864
  • Docker Compose support doesn't work with apache/activemq image #49863
  • Imports on a containing test class are ignored when a nested class has imports #49860

📔 Documentation

  • Link to the observability section of the Lettuce documentation is broken #50092
  • Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50083
  • MySamlRelyingPartyConfiguration is missing a Kotlin sample #50023
  • Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50010
  • Link to the Kubernetes documentation when discussing startup probes #50007
  • Update docs to encourage Java fundamentals for beginners that prefer to learn that way #49895
  • Clarify that configuration property default values are not available through the Environment #49835

🔨 Dependency Upgrades

... (truncated)

Commits
  • 7d7b3ac Release v3.5.14
  • 9dc5aa2 Polish
  • f533a45 Do not follow symlinks when writing PID file
  • f3b8eb0 Use SecureRandom in RandomValuePropertySource
  • e22083a Enable hostname verification for SSL connections to Cassandra
  • 5ceb1a2 Improve ApplicationTemp's temporary directory creation
  • 4b0862c Use constant-time comparison for remote DevTools secret
  • e4febe2 Apply verify-hostname consistently
  • 2c2ffe5 Fix Windows test failure
  • 0046a44 Protect against corrupt buildpack archives
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
org.springframework.boot:spring-boot-configuration-processor [>= 4.a0, < 5]
org.springframework.boot:spring-boot-starter-quartz [>= 4.a0, < 5]
org.springframework.boot:spring-boot-starter-websocket [>= 4.a0, < 5]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump spring-boot.version from 3.5.13 to 3.5.14
075851f 
Bumps `spring-boot.version` from 3.5.13 to 3.5.14.

Updates `org.springframework.boot:spring-boot-starter-quartz` from 3.5.13 to 3.5.14
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.13...v3.5.14)

Updates `org.springframework.boot:spring-boot-starter-websocket` from 3.5.13 to 3.5.14
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.13...v3.5.14)

Updates `org.springframework.boot:spring-boot-configuration-processor` from 3.5.13 to 3.5.14
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.13...v3.5.14)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-starter-quartz
  dependency-version: 3.5.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.springframework.boot:spring-boot-starter-websocket
  dependency-version: 3.5.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.springframework.boot:spring-boot-configuration-processor
  dependency-version: 3.5.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file Spring Boot 3.x v3 branch, using Spring Boot 3.x labels Apr 27, 2026
@andi-huber andi-huber merged commit 52e5052 into v3 Apr 27, 2026
2 checks passed
@dependabot dependabot Bot deleted the dependabot/maven/v3/spring-boot.version-3.5.14 branch April 27, 2026 06:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file Spring Boot 3.x v3 branch, using Spring Boot 3.x

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@andi-huber