Skip to content

4.0.0

Choose a tag to compare

@devondragon devondragon released this 14 Dec 21:23

Spring Boot 4.0 Upgrade

This major release upgrades the Spring User Framework to Spring Boot 4.0, bringing Spring Security 7, Java 21 support, and modernized infrastructure.

Breaking Changes

Java 21 Required

Spring Boot 4.0 requires Java 21 or higher. Update your JDK and build configuration before upgrading.

Spring Security 7

  • All URL patterns must start with / - Update your unprotectedURIs and protectedURIs configuration
  • Deprecated APIs removed: authorizeRequests() → authorizeHttpRequests(), antMatchers() → requestMatchers()

Test Infrastructure

Test annotations have moved to new packages:

Annotation New Package
@AutoConfigureMockMvc org.springframework.boot.webmvc.test.autoconfigure
@WebMvcTest org.springframework.boot.webmvc.test.autoconfigure
@DataJpaTest org.springframework.boot.data.jpa.test.autoconfigure

New test dependencies required:
testImplementation 'org.springframework.boot:spring-boot-data-jpa-test'
testImplementation 'org.springframework.boot:spring-boot-webmvc-test'

API Changes

  • Profile Update Endpoint: /user/updateUser now accepts UserProfileUpdateDto (firstName, lastName only) instead of UserDto. This improves security by not requiring password fields for profile updates.

New Features

  • UserProfileUpdateDto - New DTO for profile updates with validation constraints
  • Comprehensive Migration Guide - See MIGRATION.md for detailed upgrade instructions

Dependencies

Dependency Version
Spring Boot 4.0.0
Spring Security 7.x
Java 21+
Thymeleaf Extras Spring Security 3.1.3.RELEASE (compatible with Spring Security 7)

Documentation

  • Added MIGRATION.md with step-by-step upgrade instructions
  • Updated README with Spring Boot 4.0 installation instructions
  • Added version compatibility table

Migration

See the MIGRATION.md for detailed instructions on upgrading from 3.x.

Quick checklist:

  1. Update to Java 21+
  2. Update framework dependency to 4.0.0
  3. Ensure all URL patterns in security config start with /
  4. Update test annotation imports to new packages
  5. Update any code calling /user/updateUser to use new DTO format

Full Changelog: 3.5.1...4.0.0