fix(deps): update maven

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.apache.maven.plugins:maven-deploy-plugin (source)	3.1.3 → 3.1.4
org.springframework.boot:spring-boot-test (source)	4.0.3 → 4.0.6
org.springframework.boot:spring-boot-restclient (source)	4.0.3 → 4.0.6
com.fasterxml.jackson.core:jackson-databind (source)	2.20.2 → 2.21.2
org.springframework.boot:spring-boot-starter-webflux (source)	4.0.3 → 4.0.6
org.springframework.boot:spring-boot-starter-test (source)	4.0.3 → 4.0.6
org.projectlombok:lombok (source)	1.18.42 → 1.18.46
org.apache.logging.log4j:log4j-slf4j-impl (source)	2.25.3 → 2.25.4
org.springframework:spring-context	7.0.5 → 7.0.7
org.springframework:spring-webflux	7.0.5 → 7.0.7
org.springframework:spring-test	7.0.5 → 7.0.7
org.springframework:spring-web	7.0.5 → 7.0.7
org.springframework:spring-webmvc	7.0.5 → 7.0.7
org.springframework.amqp:spring-rabbit	4.0.2 → 4.0.3
org.springframework.amqp:spring-amqp	4.0.2 → 4.0.3
org.springframework.kafka:spring-kafka-test	4.0.3 → 4.0.5
org.springframework.kafka:spring-kafka	4.0.3 → 4.0.5

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Spring Framework Improper Path Limitation with Script View Templates

CVE-2026-22737 / GHSA-4773-3jfm-qmx3

More information

Details

Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

Severity

• CVSS Score: 5.9 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-22737
• https://github.com/spring-projects/spring-framework
• https://spring.io/security/cve-2026-22737

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Spring MVC and WebFlux has Server Sent Event stream corruption

CVE-2026-22735 / GHSA-6hcq-hmm3-jj3c

More information

Details

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

Severity

• CVSS Score: 2.6 / 10 (Low)
• Vector String: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-22735
• https://github.com/spring-projects/spring-framework
• https://spring.io/security/cve-2026-22735

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Spring Framework DoS with Multipart Temp Files in WebFlux

CVE-2026-22740 / GHSA-5843-p793-ghmm

More information

Details

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space.

Older, unsupported versions are also affected.

Severity

• CVSS Score: 0.0 / 10 (None)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-22740
• https://github.com/spring-projects/spring-framework
• https://spring.io/security/cve-2026-22740

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources

CVE-2026-22745 / GHSA-6p4f-wcwh-5vvm

More information

Details

Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources.

More precisely, an application can be vulnerable when all the following are true:

• the application is using Spring MVC or Spring WebFlux
• the application is serving static resources from the file system
• the application is running on a Windows platform

When all the conditions above are met, the attacker can send malicious requests that are slow to resolve and that can keep HTTP connections in use. This can cause a Denial of Service on the application.

Severity

• CVSS Score: 5.3 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-22745
• https://github.com/spring-projects/spring-framework
• https://spring.io/security/cve-2026-22745

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.

CVE-2026-22741 / GHSA-wg35-8jpf-2xv3

More information

Details

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.

More precisely, an application can be vulnerable when all the following are true:

• the application is using Spring MVC or Spring WebFlux
• the application is configuring the  resource chain support https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title  with caching enabled
• the application adds support for encoded resources resolution
• the resource cache must be empty when the attacker has access to the application

When all the conditions above are met, the attacker can send malicious requests and poison the resource cache with resources using the wrong encoding. This can cause a denial of service by breaking the front-end application for clients.

Severity

• CVSS Score: 0.0 / 10 (None)
• Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-22741
• https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title
• https://github.com/spring-projects/spring-framework
• https://spring.io/security/cve-2026-22741

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Spring MVC and WebFlux has Server Sent Event stream corruption

CVE-2026-22735 / GHSA-6hcq-hmm3-jj3c

More information

Details

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

Severity

• CVSS Score: 2.6 / 10 (Low)
• Vector String: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-22735
• https://spring.io/security/cve-2026-22735
• https://github.com/advisories/GHSA-6hcq-hmm3-jj3c

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Spring Framework Improper Path Limitation with Script View Templates

CVE-2026-22737 / GHSA-4773-3jfm-qmx3

More information

Details

Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

Severity

• CVSS Score: 5.9 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-22737
• https://spring.io/security/cve-2026-22737
• https://github.com/advisories/GHSA-4773-3jfm-qmx3

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.

CVE-2026-22741 / GHSA-wg35-8jpf-2xv3

More information

Details

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.

More precisely, an application can be vulnerable when all the following are true:

• the application is using Spring MVC or Spring WebFlux
• the application is configuring the  resource chain support https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title  with caching enabled
• the application adds support for encoded resources resolution
• the resource cache must be empty when the attacker has access to the application

When all the conditions above are met, the attacker can send malicious requests and poison the resource cache with resources using the wrong encoding. This can cause a denial of service by breaking the front-end application for clients.

Severity

• CVSS Score: 0.0 / 10 (Low)
• Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-22741
• https://spring.io/security/cve-2026-22741
• https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title
• https://github.com/advisories/GHSA-wg35-8jpf-2xv3

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources

CVE-2026-22745 / GHSA-6p4f-wcwh-5vvm

More information

Details

Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources.

More precisely, an application can be vulnerable when all the following are true:

• the application is using Spring MVC or Spring WebFlux
• the application is serving static resources from the file system
• the application is running on a Windows platform

When all the conditions above are met, the attacker can send malicious requests that are slow to resolve and that can keep HTTP connections in use. This can cause a Denial of Service on the application.

Severity

• CVSS Score: 5.3 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-22745
• https://spring.io/security/cve-2026-22745
• https://github.com/advisories/GHSA-6p4f-wcwh-5vvm

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-test)

v4.0.6

Compare Source

v4.0.5

Compare Source

🐞 Bug Fixes

• Test starter for Spring Integration does not include Spring Integration test module #​49784
• Some sliced tests that import TransactionAutoConfiguration do not import TransactionManagerCustomizationAutoConfiguration #​49782
• WebSocket messaging's task executors are only auto-configured and stompWebSocketHandlerMapping is only forced to be eager when using Jackson #​49753
• WebSocket app fails to start when Jackson is on the classpath but there's no JsonMapper bean #​49749
• Metadata annotation processor ignores method-level @NestedConfigurationProperty when using constructor binding #​49738
• Override of property in external 'application.properties' or 'application.yaml' is ignored #​49731
• NativeImageResourceProvider does not find Flyway migration scripts in subdirectories #​49706
• Add @ConditionalOnWebApplication to NettyReactiveWebServerAutoConfiguration #​49695
• @GraphQlTest does not include @ControllerAdvice #​49672

📔 Documentation

• Fix incorrect indefinite articles in Javadoc #​49727
• Add some more Kotlin examples and trivial style fixes #​49714
• Overhaul Spring Session documentation following modularization #​49704

🔨 Dependency Upgrades

• Upgrade to Brave 6.3.1 #​49763
• Upgrade to Jackson 2 Bom 2.21.2 #​49764
• Upgrade to jOOQ 3.19.31 #​49765
• Upgrade to Netty 4.2.12.Final #​49794
• Upgrade to Tomcat 11.0.20 #​49767
• Upgrade to Zipkin Reporter 3.5.3 #​49762

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, @​deejay1, @​dlwldnjs1009, @​kwondh5217, @​ljrmorgan, and @​quaff

v4.0.4

Compare Source

⚠️ Attention Required

• OpenTelemetry's ZipkinSpanExporter has been deprecated and its support will be removed in Spring Boot 4.2. #​49453
• Jackson 2 has been upgraded to 2.21.1 in response to the Jackson team ending support for Jackson 2.20.x. #​49389
• Jackson has been upgraded to 3.1.0 in response to the Jackson team ending support for Jackson 3.0.x. #​49383
• The default value for server.tomcat.max-part-count has been increased from 10 to 50. This aligns it with Tomcat's own default and the default in Spring Boot 3.x. #​49311

🐞 Bug Fixes

• EndpointRequest request matcher for health groups is too complex #​49649
• "/cloudfoundryapplication" web path is not limited to Actuator #​49646
• Fix EndpointRequest.toLinks() when base-path is '/' #​49617
• Docker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') #​49596
• RSocket exposes duplicate endpoint for websocket setups #​49593
• Failure analysis for a missing mail sender is misleading #​49582
• SpringBootContextLoader mentions class that no longer exists in message for classes or locations assertion #​49535
• Ordering of 'spring.config.import' is inconsistent when defined in environment or system properties #​49482
• "spring.main.cloud-platform=none" does not disable cloud features #​49479
• SSL support with Docker Compose does not work as documented #​49385
• Auto-configuration overrides authorization server configuration applied by Customizer beans #​49367
• Using @AutoConfigureWebTestClient prevents separate configuration of spring.test.webtestclient.timeout from taking effect #​49344
• NoSuchMethodException when forcing the use of Log4J2LoggingSystem using org.springframework.boot.logging.LoggingSystem system property #​49343
• RouterFunctions descriptions in Actuator do not support nesting #​49302
• Maven plugin does not set '-parameters' option when processing AOT code #​49295
• HTTP Service Interface Client doesn't work in a native image due to missing property binding #​49274
• ErrorPageRegistrarBeanPostProcessor is not auto-configured in war deployments and the ErrorPageCustomizer is not applied #​49176
• Missing starter for spring-boot-restdocs #​48289

📔 Documentation

• Document support for Java 26 #​49604
• List all supported colors when describing color-coded log output #​49562
• Improve EndpointRequest matcher documentation #​49520
• Clarify that running is the only supported input state when triggering a Quartz job through the Actuator endpoint #​49514
• Document security considerations for forwarded headers in cloud deployments #​49507
• Tutorial in the reference guide has outdated instructions #​49429
• Document additional repositories required for shibboleth.net #​49392
• Javadoc of JettyHttpClientBuilder refers to the wrong type #​49387
• Example spring-devtools.properties file is shown in the wrong format #​49362
• Clarify inferred relationships between OAuth 2 registrations and providers #​49327
• Mention using org.springframework.boot.aot Gradle plugin directly for AOT processing with the JVM #​49321
• Remove superfluous semi-colon from read timeout configuration example for HTTP service interface clients #​49306
• Update CLI's INSTALL.txt to reflect Groovy no longer being bundled #​49298
• JDK requirement for the CLI still refers to Java 8 #​49293
• Java and Kotlin samples of an environment post processor are inconsistent #​49287

🔨 Dependency Upgrades

• Upgrade to Commons Logging 1.3.6 #​49545
• Upgrade to DB2 JDBC 12.1.4.0 #​49546
• Upgrade to Elasticsearch Client 9.2.6 #​49421
• Upgrade to Hibernate 7.2.7.Final #​49608
• Upgrade to Jakarta XML WS 4.0.3 #​49469
• Upgrade to JBoss Logging 3.6.3.Final #​49632
• Upgrade to Jetty 12.1.7 #​49470
• Upgrade to Kafka 4.1.2 #​49627
• Upgrade to Liquibase 5.0.2 #​49471
• Upgrade to Lombok 1.18.44 #​49575
• Upgrade to Maven Failsafe Plugin 3.5.5 #​49472
• Upgrade to Maven Shade Plugin 3.6.2 #​49473
• Upgrade to Maven Surefire Plugin 3.5.5 #​49474
• Upgrade to Micrometer 1.16.4 #​49413
• Upgrade to Micrometer Tracing 1.6.4 #​49414
• Upgrade to MongoDB 5.6.4 #​49422
• Upgrade to Native Build Tools Plugin 0.11.5 #​49475
• Upgrade to Neo4j Java Driver 6.0.3 #​49431
• Upgrade to Pulsar 4.1.3 #​49476
• Upgrade to Reactor Bom 2025.0.4 #​49415
• Upgrade to Spring Batch 6.0.3 #​49416
• Upgrade to Spring Data Bom 2025.1.4 #​49417
• Upgrade to Spring Framework 7.0.6 #​49418
• Upgrade to Spring HATEOAS 3.0.3 #​49587
• Upgrade to Spring Integration 7.0.4 #​49529
• Upgrade to Spring Kafka 4.0.4 #​49419
• Upgrade to Spring Pulsar 2.0.4 #​49420
• Upgrade to Spring Security 7.0.4 #​49530
• Upgrade to Spring WS 5.0.1 #​49531
• Upgrade to Testcontainers 2.0.4 #​49655

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​FBibonne, @​answndud, @​bbbbooo, @​chandanv89, @​giyeon95, @​itsmevichu, @​jayychoi, @​l2yujw, @​ngocnhan-tran1996, @​qnnn, @​quaff, and @​sbrannen

projectlombok/lombok (org.projectlombok:lombok)

v1.18.46

Compare Source

v1.18.44

Compare Source

spring-projects/spring-framework (org.springframework:spring-context)

v7.0.7

Compare Source

⭐ New Features

• Improve SpringValidatorAdapter and MethodValidationAdapter performance #​36621
• Support JSON array decoding to Flux in KotlinSerializationJsonDecoder #​36597
• Deprecate methodIdentification() in CacheAspectSupport for removal #​36575
• Add MockRestServiceServer#createServer variant for RestClient #​36572
• Create RestClientXhrTransport variant replacing RestTemplateXhrTransport #​36566
• Improve error handling in multipart codecs #​36563
• Make ApplicationListenerMethodAdapter#getTargetMethod() public #​36558
• ApiVersionConfigurer.setSupportedVersionPredicate() returns void instead of ApiVersionConfigurer #​36551
• LazyConnectionDataSourceProxy does not work well with Hibernate's multi-tenancy by schema strategy #​36527
• Add registerManagedResource variant with bean key argument to MBeanExporter #​36520
• Handle blank Accept-Language header in AcceptHeaderLocaleResolver #​36513
• Make AbstractStreamingClientHttpRequest and AbstractBufferingClientHttpRequest public #​36501
• MySQL Error 149 (Galera/WSREP conflict) not translated to ConcurrencyFailureException in Spring JDBC/ORM #​36499
• Add PreFlightRequestFilter #​36482
• Support configuration of extension context scope for SpringExtension via Spring or JUnit properties #​36460
• Lower log level of "Cache miss for REQUEST dispatch" in HandlerMappingIntrospector #​36309

🐞 Bug Fixes

• WebDataBinder unnecessarily instantiates collections when using the "!" and "_" prefixes #​36625
• Cache pollution from high-cardinality FieldError default messages in MessageSourceSupport #​36609
• MergedAnnotation does not use ClassLoader for method or field #​36606
• @Sql fails if DataSource is wrapped in a TransactionAwareDataSourceProxy #​36611
• AnnotatedTypeMetadata no longer retains source declaration order on Java 24+ #​36598
• MergedAnnotation.asMap() fails when an attribute references a non-existent class #​36586
• FileSystemResource does not strictly follow the Resource#isReadable() contract #​36584
• Converter overrides in HttpMessageConverters only apply when defaults are registered #​36579
• Invalid method return type metadata for ClassFile variant on JDK 24+ #​36577
• Fix Writer lifecycle for AbstractJsonHttpMessageConverter.writeInternal(Object, Type, Writer) #​36565
• Flushing-related regression in SseServerResponse #​36537
• LazyConnectionDataSourceProxy does not pass on holdability to target Connection #​36528
• AnnotationBeanNameGenerator fails when an annotation references a non-existent class #​36524
• Perserve default API version in RestClientAdapter #​36514
• Inconsistent codings resolution in resource resolvers #​36507
• DefaultJmsListenerContainer may hang in an endless loop in doShutdown #​36506
• Query not hidden in DefaultClientResponse checkpoint #​36502
• RestClient closes stream for ResponseEntity responses #​36492
• IllegalStateException when using websocket handshake headers with Tomcat #​36486
• Invalid nullness information for ParameterizedTypeReference #​36477
• WebTestClient cannot assert null list elements #​36476
• Handle Kotlin nullable value class param correctly in CoroutineUtils #​36449
• Remove RFC 2047 encoding from Content-Disposition filename #​36328

📔 Documentation

• Clarify semantics of HttpMethod.valueOf() #​36652
• Document whitespace semantics in SpEL expressions #​36628
• Document that spring.profiles.active is ignored by @ActiveProfiles #​36600
• MergedAnnotation.asAnnotationAttributes() Javadoc incorrectly states that it creates an immutable map #​36567
• Fix incorrect Javadoc in HandlerMethodReturnValueHandlerComposite regarding caching #​36555
• Fix incorrect method name in TypeDescriptor.array() Javadoc #​36549
• Introduce Kotlin examples for Bean Overrides (@MockitoBean, etc.) #​36541
• Fix incorrect cross-reference links in AbstractEnvironment Javadoc #​36516
• Document RetryTemplate#invoke variants in reference manual #​36452
• Link observability section to Micrometer Observation Handler docs #​34994

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.16.5 #​36659
• Upgrade to Reactor 2025.0.5 #​36658

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Mohak-Nagaraju, @​Sineaggi, @​T45K, @​angry-2k, @​bebeis, @​cookie-meringue, @​dmitrysulman, @​elgunshukurov, @​itsmevichu, @​junhyung8795, @​msridhar, @​nameearly, @​tobifasc, and @​xxxxxxjun

v7.0.6

Compare Source

⚠️ Attention Required

• Log warning when default context configuration is ignored within test class hierarchies #​36390
• Ignore flush calls on ServletServerHttpResponse body outputstream #​36385

⭐ New Features

• Leverage ResourceHandlerUtils in ScriptTemplateView #​36458
• Restore ScriptTemplateViewTests #​36456
• Fix log message in ConfigurationClassBeanDefinitionReader #​36453
• DefaultResponseErrorHandler - setMessageConverters() not called via RestClient #​36434
• Resolve context initializers only once in AbstractTestContextBootstrapper #​36430
• Invoke resolveContextLoader() only once in AbstractTestContextBootstrapper #​36425
• Further align synthesized annotation toString() with modern JDKs #​36417
• Introduce setDefaultCharset() in AbstractResourceBasedMessageSource #​36413
• Support for JPA 4.0 flush mode "explicit" #​36401
• Support application-wide defaultHtmlEscape setting in WebFlux RequestContext #​36400
• Support Predicate<RequestPath>> in path API version resolver #​36398
• Avoid duplicate flushes in HttpMessageConverter implementations #​36383
• Add support for non-flushing OutputStream to StreamUtils #​36382
• Make it easier to get InputStream from RestClient #​36380
• RuntimeHintsWriter should comply with reachability-metadata-schema-v1.2.0.json #​36379
• Make it easier to create custom HttpExchangeAdapter #​36374
• Improve ResourceHttpMessageConverter target type support #​36368
• org.springframework.test.web.servlet.assertj.AbstractHttpServletResponseAssert#headers case sensitivity #​36349
• Allow registering serialized lambda metadata through RuntimeHints #​36339
• Refactor calculateHashCode in RequestMappingInfo #​36325

🐞 Bug Fixes

• MetadataReader misses enclosing class name for Kotlin nested classes with Java 24+ #​36451
• Guard against invalid id/event values in Server Sent Events #​36440
• Component scanning fails against non-loadable annotation type with enum array on Java 25 #​36432
• Duplicate ServletServerHttpRequest headers #​36418
• Incomplete debug message in ConfigurationClassBeanDefinitionReader #​36410
• Inconsistent ApplicationEventMulticaster state after removing ApplicationListener implemented by FactoryBean #​36404
• Propagate max frame length to WebSocket session #​36370
• Graceful shutdown of SimpleAsyncTaskExecutor #​36362
• Duplicate response headers with ResponseEntity<Mono<T>> (or Kotlin suspend function) controller method #​36357
• HttpServiceProxyFactory returns LinkedHashMap instead of target type for method with generic return type #​36326
• HttpMediaTypeException thrown when calculating compatible media types #​36300

📔 Documentation

• Document FullyQualifiedConfigurationBeanNameGenerator in Javadoc and reference docs #​36455
• Document @Fallback alongside Primary in the reference manual and @Bean Javadoc #​36439
• Fix links to UriComponentsBuilder and polish examples #​36403
• Emphasize @Configuration classes over XML and Groovy in testing chapter #​36393
• Document tips to avoid issues with ignored default context

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud