Update dependency org.springframework.boot:spring-boot-starter-web to v3.1.4

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
org.springframework.boot:spring-boot-starter-web (source)	dependencies	patch	3.1.1 -> 3.1.4

By merging this PR, the issue #159 will be automatically resolved and closed:

Severity	CVSS Score	CVE
Medium	6.1	CVE-2023-41080

---

Release Notes

spring-projects/spring-boot

v3.1.4

⭐ New Features

• Add TWENTY_ONE to JavaVersion enum #​37364

🐞 Bug Fixes

• When SLF4J and Logback are initialized on multiple threads in parallel, startup may fail due to SubstituteLoggerFactory being considered to be a competing LoggerFactory implementation #​37484
• Saml2RelyingPartyAutoConfiguration ignores sign-request when metadata-url is used #​37482
• Leaking file descriptor / socket within DomainSocket tooling #​37460
• Invalid Accept header produces HTTP 500 in WelcomePageHandlerMapping #​37457
• PrivateKeyParser doesn't support ed448, XDH and RSA-PSS keys #​37422
• "languageVersion is final and cannot be changed" when using Gradle 8.3 and configuring the Java toolchain's language version #​37380
• AOT processing fails when a @ConfigurationProperties-annotated record has multiple constructors #​37336
• Spring Boot dependency management not working for ehcache when using Gradle and the dependency management plugin #​37270
• SslStoreBundle implementations aren't immutable #​37222
• Parsing OCI image names that are invalid due to the use of upper case letters is very slow #​37183
• Producing and consuming different tracing propagation formats doesn't work #​37178
• Using https with elliptic curves other than secp384r1 fails #​37169
• In 3.0.x and later, Spring Security cannot be used to secure a WebSocket upgrade request when using Jetty #​37158
• Local baggage is propagated when using Brave and W3C #​37156
• ServiceConnectionContextCustomizer can trigger docker usage during AOT processing #​37097
• java.lang.OutOfMemoryError: Metaspace when repeatedly deploying and undeploying a Spring Boot web application multiple times in Tomcat #​37096
• Property 'logging.threshold.console' not working #​36741

📔 Documentation

• Document that PKCS8 PEM files should be used whenever possible #​37443
• Add reference to Oracle Spring Boot Starters #​37411
• Correct the description of spring.artemis.broker-url #​37309
• Add default value metadata for management.metrics.export.signalfx.published-histogram-type #​37253
• Polish javadoc #​37143

🔨 Dependency Upgrades

• Upgrade to Byte Buddy 1.14.8 #​37419
• Upgrade to Couchbase Client 3.4.10 #​37297
• Upgrade to Groovy 4.0.15 #​37386
• Upgrade to Hibernate 6.2.9.Final #​37465
• Upgrade to Infinispan 14.0.17.Final #​37299
• Upgrade to Jakarta XML Bind 4.0.1 #​37387
• Upgrade to Jetty 11.0.16 #​37300
• Upgrade to Lombok 1.18.30 #​37488
• Upgrade to Micrometer 1.11.4 #​37261
• Upgrade to Micrometer Tracing 1.1.5 #​37262
• Upgrade to Native Build Tools Plugin 0.9.27 #​37420
• Upgrade to Neo4j Java Driver 5.12.0 #​37353
• Upgrade to Pooled JMS 3.1.3 #​37421
• Upgrade to R2DBC MySQL 1.0.3 #​37466
• Upgrade to Reactor Bom 2022.0.11 #​37263
• Upgrade to REST Assured 5.3.2 #​37303
• Upgrade to SLF4J 2.0.9 #​37304
• Upgrade to Spring AMQP 3.0.9 #​37264
• Upgrade to Spring Data Bom 2023.0.4 #​37350
• Upgrade to Spring Framework 6.0.12 #​37265
• Upgrade to Spring GraphQL 1.2.3 #​37266
• Upgrade to Spring Integration 6.1.3 #​37267
• Upgrade to Spring Kafka 3.0.11 #​37305
• Upgrade to Spring Retry 2.0.3 #​37280
• Upgrade to Spring Security 6.1.4 #​37424
• Upgrade to Spring WS 4.0.6 #​37425
• Upgrade to Tomcat 10.1.13 #​37306

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Eng-Fouad, @​dependabot[bot], @​izeye, @​markxnelson, @​mdeinum, and @​quaff

v3.1.3

🐞 Bug Fixes

• Logging config URLs with query parameters are not detected as XML #​37062
• Changed environment variable name APP_PASSWORD to APP_USER_PASSWORD i? #​37044
• BindableRuntimeHintsRegistrar does not generate hints for all nested types of a ConfigurationProperties type #​37022
• server.max-http-request-header-size doesn't affect Netty server with http2 enabled #​37015
• AbstractAotMojo should not add source or target if they are null #​36972
• Exception message in ProcessTestAotMojo has a typo #​36966
• Docker Compose start fails with "unknown flag: --no-color" #​36908
• Script-based database initialization fails with an unhelpful error message when configured with a resource that points to a directory #​36786
• Artemis ConnectionFactory is not configured when CachingConnectionFactory is missing and enabled properties are false #​36772
• DatabaseDriver swallows real exception #​36759
• Defining a custom ElasticsearchTransport causes the auto-configured JsonpMapper to back off #​36700
• Auto-configuration's session repository customization may override that of SessionRepositoryCustomizer beans #​36696
• RabbitMQ smoke test is missing a test #​36612
• Tomcat warns about a missing +/- prefix when enabling multiple protocols through server.ssl.enabled-protocols #​36584
• management.metrics.export.stackdriver properties are incomplete #​36559
• management.wavefront.metrics.export properties are incomplete #​36556
• management.metrics.export.signalfx properties are incomplete #​36553
• JobLauncherApplicationRunner returns a success exit code even when no jobs have been run #​36532
• Remove use of jakarta.annotation.PostConstruct #​36529
• management.metrics.export.atlas properties are incomplete #​36526
• Descriptions of started and ready time metrics contain time units but the unit may change when the metrics are exported #​36516
• Unlike other Spring Boot goals, process-aot and process-test-aot run on Maven reactor projects #​36494
• @ServiceConnection on a @Bean method does not work in sliced tests #​36037

📔 Documentation

• Fix broken links in the documentation #​37071
• Maven plugin docs contain invalid parameter for image building #​37051
• Align javadoc of AbstractFilterRegistrationBean#setDispatcherTypes #​36969
• Improve documentation of spring.cache.type=none #​36962
• Clarify that spring.security.filter properties only apply to servlet-based web apps #​36865
• Improve documentation to describe how @EntityScan and @Enable?Repositories can be used to tune scanning #​36862
• Describe quirks of JUL and Log4j2 in the javadoc of OutputCaptureExtension #​36859
• LogbackLoggingSystem does not report suppressed exception details #​36856
• Clarify table that shows how logging properties are transferred to system properties #​36853
• Review Google AppEngine documentation #​36850
• Rework Working with NoSQL Technologies to clarify which stores are supported by Spring Data #​36813
• Clarify how nested directories are treated for configtree with wildcards #​36810
• Clarify the effect of using @EnableWebMvc #​36797
• Document defaults for spring.mvc.format.* and spring.webflux.format.* properties #​36793
• Documentation describes how to opt in to using the path pattern parser but it's now the default #​36789
• Document that scripts for database initialization are optional by default and how they can be made mandatory #​36783
• Document @DataR2dbcTest support #​36756
• @since is missing from javadoc of values added to JavaVersion since its introduction #​36735
• Update Paketo builder references in documentation #​36690
• Document how to use Docker Compose integration when running tests #​36636
• Update RestTemplateBuilder#defaultHeader javadoc to reference correct client-side HTTP request class #​36630
• Document that server.forward-headers-strategy property defaults to native when running on Kubernetes #​36581
• Documentation of spring.data.redis.url incorrectly states that it does not override spring.data.redis.user #​36492

🔨 Dependency Upgrades

• Upgrade to AspectJ 1.9.20 #​37003
• Upgrade to Byte Buddy 1.14.6 #​36994
• Upgrade to Caffeine 3.1.8 #​36926
• Upgrade to Couchbase Client 3.4.8 #​36979
• Upgrade to Dependency Management Plugin 1.1.3 #​36927
• Upgrade to Groovy 4.0.14 #​37057
• Upgrade to Hibernate 6.2.7.Final #​36928
• Upgrade to Infinispan 14.0.14.Final #​36995
• Upgrade to Jersey 3.1.3 #​36930
• Upgrade to jOOQ 3.18.6 #​36931
• Upgrade to Lettuce 6.2.6.RELEASE #​37004
• Upgrade to Logback 1.4.11 #​36932
• Upgrade to Micrometer 1.11.3 #​36839
• Upgrade to Micrometer Tracing 1.1.4 #​36840
• Upgrade to Native Build Tools Plugin 0.9.24 #​36933
• Upgrade to Neo4j Java Driver 5.11.0 #​36980
• Upgrade to Netty 4.1.97.Final #​37088
• Upgrade to Pooled JMS 3.1.1 #​36935
• Upgrade to R2DBC Pool 1.0.1.RELEASE #​36936
• Upgrade to R2DBC Proxy 1.1.2.RELEASE #​36672
• Upgrade to Reactor Bom 2022.0.10 #​36841
• Upgrade to RxJava3 3.1.7 #​37089
• Upgrade to Spring AMQP 3.0.8 #​36842
• Upgrade to Spring Authorization Server 1.1.2 #​36843
• Upgrade to Spring Batch 5.0.3 #​36844
• Upgrade to Spring Data Bom 2023.0.3 #​36845
• Upgrade to Spring Kafka 3.0.10 #​36846
• Upgrade to Spring LDAP 3.1.1 #​36847
• Upgrade to Spring Security 6.1.3 #​36848
• Upgrade to Spring Session 3.1.2 #​36849
• Upgrade to Thymeleaf 3.1.2.RELEASE #​36937
• Upgrade to Thymeleaf Extras SpringSecurity 3.1.2.RELEASE #​36938
• Upgrade to Tomcat 10.1.12 #​36978
• Upgrade to Undertow 2.3.8.Final #​37031

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​MahatmaFatalError, @​NersesAM, @​OnSuorce, @​chicobento, @​dependabot[bot], @​dreis2211, @​eddumelendez, @​elevne, @​fzyzcjy, @​itsAkshayDubey, @​izeye, @​joesteel2010, @​jongwooo, @​ls-urs-keller, @​michael-simons, @​msobeck, @​normandra, @​omaryaya, @​quaff, @​rob-valor, @​spa-abaudat, and @​vpavic

v3.1.2

🐞 Bug Fixes

• Native reflection hints missing for nested properties declared in a superclass #​36448
• Connecting to Mongo fails with an UnknownHostException when spring.data.mongodb.additional-hosts is configured #​36441
• Auto-configured ExemplarSampler bean only backs off when a DefaultExemplarSampler is defined #​36429
• OTel Span is missing required attributes #​36423
• Auto-configured JacksonJsonpMapper is conditional on an ObjectMapper bean but does not use such a bean #​36409
• Application fails to start when @Importing a @ConfigurationProperties class that is eligible for constructor binding #​36359
• Only one health group can be exposed using management.endpoint.health.group.xxx.additional-path=server:/newpath when using Jersey #​36276
• Mongo auto-configuration fails when username or password properties contains a colon (:) or at-sign (@) #​36261
• MockitoPostProcessor doesn't check FactoryBean.OBJECT_TYPE_ATTRIBUTE correctly #​36230
• ImportsContextCustomizer does not support AliasFor #​36209
• Saml2RelyingPartyRegistrationConfiguration can choose the wrong RelyingPartyRegistration.Builder when using a metadata file with multiple providers #​36163
• ConfigurationPropertiesReportEndpoint does not display primitive wrapper types #​36160
• ConfigurationPropertyName#equals is not symmetric when element has trailing dashes #​36145
• ScheduledTasksEndpoint throws NPE if PeriodicTrigger is used with custom SchedulingConfigurer #​36129
• Java system properties can not be applied to RestTemplate HttpClient connection in some cases #​36123
• Excluding auto-configuration class that relates to a TemplateAvailabilityProvider causes property binding to fail for native images #​36121
• When using Flyway 9.20.0, auto-configuration fails with a NoSuchMethodError due to the removal of Oracle-related methods from FluentConfiguration #​36099
• Dependency management for Selenium 4.8.x is incorrect #​36077
• Slice test annotations do not include SslAutoConfiguration #​36038
• Methods in KafkaConnectionDetails are named inconsistently #​35733

📔 Documentation

• Documented Servlet container system requirements are out of date #​36355
• Update the javadoc of ClientHttpRequestFactories to describe the ClientHttpRequestFactory implementations that it supports #​36268
• Polish formatting in "Running Spring Batch Jobs on Startup" #​36233
• Improve Kubernetes liveness and readiness probes customization documentation #​36219
• Document auto-configuration of underlying HTTP client when using WebClient or RestTemplate #​36215
• Polish Kafka Properties Docs #​36142
• Fix typo in the Using R2DBC section of the reference documentation #​36139
• Document observability auto-configuration for HTTP clients #​36131
• Improve documentation for baggage propagation into MDC #​36112
• Javadoc of RestTemplateBuilder.requestFactory(Function) links to deprecated ClientHttpRequestFactorySupplier #​36097
• Javadoc of ConstructorBound and ConfigurationProperties links to deprecated ConstructorBinding annotation #​36095
• Add Javadoc since to ImageReference.inTaglessForm() #​36054
• Fix typo in docker compose service connections note #​36016

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 5.18.2 #​36332
• Upgrade to Dependency Management Plugin 1.1.2 #​36435
• Upgrade to Groovy 4.0.13 #​36333
• Upgrade to Hibernate 6.2.6.Final #​36334
• Upgrade to Hibernate Validator 8.0.1.Final #​36335
• Upgrade to Infinispan 14.0.12.Final #​36336
• Upgrade to Jakarta WebSocket 2.1.1 #​36337
• Upgrade to Janino 3.1.10 #​36338
• Upgrade to JBoss Logging 3.5.3.Final #​36339
• Upgrade to jOOQ 3.18.5 #​36340
• Upgrade to Lettuce 6.2.5.RELEASE #​36436
• Upgrade to Micrometer 1.11.2 #​36183
• Upgrade to Micrometer Tracing 1.1.3 #​36296
• Upgrade to R2DBC MSSQL 1.0.2.RELEASE #​36467
• Upgrade to R2DBC Postgresql 1.0.2.RELEASE #​36469
• Upgrade to Rabbit AMQP Client 5.17.1 #​36341
• Upgrade to Reactor Bom 2022.0.9 #​36297
• Upgrade to Spring AMQP 3.0.6 #​36403
• Upgrade to Spring Data Bom 2023.0.2 #​36184
• Upgrade to Spring Framework 6.0.11 #​36185
• Upgrade to Spring GraphQL 1.2.2 #​36186
• Upgrade to Spring HATEOAS 2.1.2 #​36454
• Upgrade to Spring Integration 6.1.2 #​36404
• Upgrade to Spring Kafka 3.0.9 #​36187
• Upgrade to Spring Security 6.1.2 #​36298
• Upgrade to Tomcat 10.1.11 #​36342

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Pengfei-Lu, @​ThomazPassarelli, @​bbulgarelli, @​bedla, @​dependabot[bot], @​dkswnkk, @​dreis2211, @​eddumelendez, @​eydunn, @​garyrussell, @​izeye, @​johnnywiller, @​jonatan-ivanov, @​jstansel, @​lasselindqvist, @​lmartelli, and @​quaff

---

• If you want to rebase/retry this PR, check this box