4.0.0
Spring Boot 4.0 Upgrade
This major release upgrades the Spring User Framework to Spring Boot 4.0, bringing Spring Security 7, Java 21 support, and modernized infrastructure.
Breaking Changes
Java 21 Required
Spring Boot 4.0 requires Java 21 or higher. Update your JDK and build configuration before upgrading.
Spring Security 7
- All URL patterns must start with / - Update your unprotectedURIs and protectedURIs configuration
- Deprecated APIs removed: authorizeRequests() → authorizeHttpRequests(), antMatchers() → requestMatchers()
Test Infrastructure
Test annotations have moved to new packages:
| Annotation | New Package |
|---|---|
| @AutoConfigureMockMvc | org.springframework.boot.webmvc.test.autoconfigure |
| @WebMvcTest | org.springframework.boot.webmvc.test.autoconfigure |
| @DataJpaTest | org.springframework.boot.data.jpa.test.autoconfigure |
New test dependencies required:
testImplementation 'org.springframework.boot:spring-boot-data-jpa-test'
testImplementation 'org.springframework.boot:spring-boot-webmvc-test'
API Changes
- Profile Update Endpoint: /user/updateUser now accepts UserProfileUpdateDto (firstName, lastName only) instead of UserDto. This improves security by not requiring password fields for profile updates.
New Features
- UserProfileUpdateDto - New DTO for profile updates with validation constraints
- Comprehensive Migration Guide - See MIGRATION.md for detailed upgrade instructions
Dependencies
| Dependency | Version |
|---|---|
| Spring Boot | 4.0.0 |
| Spring Security | 7.x |
| Java | 21+ |
| Thymeleaf Extras Spring Security | 3.1.3.RELEASE (compatible with Spring Security 7) |
Documentation
- Added MIGRATION.md with step-by-step upgrade instructions
- Updated README with Spring Boot 4.0 installation instructions
- Added version compatibility table
Migration
See the MIGRATION.md for detailed instructions on upgrading from 3.x.
Quick checklist:
- Update to Java 21+
- Update framework dependency to 4.0.0
- Ensure all URL patterns in security config start with /
- Update test annotation imports to new packages
- Update any code calling /user/updateUser to use new DTO format
Full Changelog: 3.5.1...4.0.0