Update dependency org.springframework.boot:spring-boot-starter-web to v3

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
org.springframework.boot:spring-boot-starter-web (source)	compile	major	1.4.0.RELEASE -> 3.2.11

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
Critical	10.0	CVE-2018-14721	#40
Critical	9.8	CVE-2016-1000027	#78
Critical	9.8	CVE-2017-15095	#31
Critical	9.8	CVE-2017-17485	#32
Critical	9.8	CVE-2017-5651	#22
Critical	9.8	CVE-2017-5929	#90
Critical	9.8	CVE-2017-5929	#90
Critical	9.8	CVE-2017-7525	#33
Critical	9.8	CVE-2018-11307	#34
Critical	9.8	CVE-2018-14718	#37
Critical	9.8	CVE-2018-14719	#38
Critical	9.8	CVE-2018-14720	#39
Critical	9.8	CVE-2018-19360	#41
Critical	9.8	CVE-2018-19361	#42
Critical	9.8	CVE-2018-19362	#43
Critical	9.8	CVE-2018-7489	#45
Critical	9.8	CVE-2018-8014	#26
Critical	9.8	CVE-2019-10202	#46
Critical	9.8	CVE-2019-14379	#50
Critical	9.8	CVE-2019-14540	#52
Critical	9.8	CVE-2019-14892	#53
Critical	9.8	CVE-2019-14893	#54
Critical	9.8	CVE-2019-16335	#55
Critical	9.8	CVE-2019-16942	#56
Critical	9.8	CVE-2019-16943	#57
Critical	9.8	CVE-2019-17267	#58
Critical	9.8	CVE-2019-20330	#60
Critical	9.8	CVE-2020-8840	#74
Critical	9.8	CVE-2020-9546	#75
Critical	9.8	CVE-2020-9547	#76
Critical	9.8	CVE-2020-9548	#77
Critical	9.8	CVE-2022-22965	#146
Critical	9.1	CVE-2017-5648	#20
High	8.8	CVE-2020-10672	#61
High	8.8	CVE-2020-10673	#62
High	8.8	CVE-2020-10968	#63
High	8.8	CVE-2020-10969	#64
High	8.8	CVE-2020-11111	#65
High	8.8	CVE-2020-11112	#66
High	8.8	CVE-2020-11113	#67
High	8.3	CVE-2022-1471	#163
High	8.1	CVE-2016-5388	#12
High	8.1	CVE-2017-12617	#18
High	8.1	CVE-2018-5968	#44
High	8.1	CVE-2019-0232	#119
High	8.1	CVE-2020-10650	#152
High	8.1	CVE-2020-11619	#68
High	8.1	CVE-2020-11620	#69
High	8.1	CVE-2020-14060	#70
High	8.1	CVE-2020-14061	#71
High	8.1	CVE-2020-14062	#72
High	8.1	CVE-2020-14195	#73
High	8.1	CVE-2020-24616	#92
High	8.1	CVE-2020-24750	#94
High	8.1	CVE-2020-36179	#106
High	8.1	CVE-2020-36180	#98
High	8.1	CVE-2020-36181	#97
High	8.1	CVE-2020-36182	#100
High	8.1	CVE-2020-36183	#99
High	8.1	CVE-2020-36184	#102
High	8.1	CVE-2020-36185	#101
High	8.1	CVE-2020-36186	#104
High	8.1	CVE-2020-36187	#103
High	8.1	CVE-2020-36188	#96
High	8.1	CVE-2020-36189	#95
High	8.1	CVE-2021-20190	#105
High	8.1	CVE-2024-22243	#190
High	8.1	CVE-2024-22259	#182
High	8.1	CVE-2024-22262	#191
High	7.5	CVE-2016-6797	#14
High	7.5	CVE-2016-6817	#16
High	7.5	CVE-2016-8745	#17
High	7.5	CVE-2016-9878	#86
High	7.5	CVE-2017-18640	#89
High	7.5	CVE-2017-5647	#19
High	7.5	CVE-2017-5650	#21
High	7.5	CVE-2017-5664	#23
High	7.5	CVE-2017-7675	#25
High	7.5	CVE-2018-11040	#80
High	7.5	CVE-2018-11040	#80
High	7.5	CVE-2018-12022	#35
High	7.5	CVE-2018-12023	#36
High	7.5	CVE-2018-1272	#30
High	7.5	CVE-2018-15756	#81
High	7.5	CVE-2018-8034	#88
High	7.5	CVE-2019-0199	#27
High	7.5	CVE-2019-10072	#28
High	7.5	CVE-2019-12086	#47
High	7.5	CVE-2019-14439	#51
High	7.5	CVE-2019-17563	#117
High	7.5	CVE-2020-13934	#93
High	7.5	CVE-2020-13935	#115
High	7.5	CVE-2020-17527	#172
High	7.5	CVE-2020-36518	#142
High	7.5	CVE-2021-25122	#114
High	7.5	CVE-2021-41079	#126
High	7.5	CVE-2022-25857	#153
High	7.5	CVE-2022-42003	#160
High	7.5	CVE-2022-42004	#159
High	7.5	CVE-2023-24998	#168
High	7.5	CVE-2023-46589	#185
High	7.5	CVE-2024-24549	#189
High	7.5	CVE-2024-38816	#-1
High	7.5	CVE-2024-38819	#-1
High	7.1	CVE-2016-6816	#15
High	7.1	CVE-2023-6378	#183
High	7.0	CVE-2017-7536	#9
High	7.0	CVE-2020-9484	#29
High	7.0	CVE-2021-25329	#111
Medium	6.6	CVE-2021-42550	#137
Medium	6.6	CVE-2021-42550	#137
Medium	6.5	CVE-2020-5421	#107
Medium	6.5	CVE-2021-30640	#171
Medium	6.5	CVE-2022-22950	#143
Medium	6.5	CVE-2022-38749	#157
Medium	6.5	CVE-2022-38750	#156
Medium	6.5	CVE-2022-38751	#155
Medium	6.5	CVE-2022-38752	#154
Medium	6.5	CVE-2023-20861	#174
Medium	6.5	CVE-2023-20863	#176
Medium	6.3	CVE-2024-23672	#187
Medium	6.1	CVE-2019-0221	#118
Medium	6.1	CVE-2023-1932	#180
Medium	6.1	CVE-2023-41080	#177
Medium	5.9	CVE-2016-0762	#11
Medium	5.9	CVE-2018-11039	#79
Medium	5.9	CVE-2018-1271	#87
Medium	5.9	CVE-2019-12384	#48
Medium	5.9	CVE-2019-12814	#49
Medium	5.9	CVE-2021-24122	#113
Medium	5.8	CVE-2022-41854	#161
Medium	5.3	CVE-2016-6794	#13
Medium	5.3	CVE-2018-1199	#122
Medium	5.3	CVE-2020-10693	#10
Medium	5.3	CVE-2021-33037	#127
Medium	5.3	CVE-2022-22970	#151
Medium	5.3	CVE-2022-22970	#151
Medium	5.3	CVE-2023-42795	#184
Medium	5.3	CVE-2023-45648	#186
Medium	5.3	CVE-2024-38809	#-1
Medium	5.3	WS-2018-0124	#82
Medium	4.8	CVE-2020-1935	#112
Medium	4.3	CVE-2017-7674	#24
Medium	4.3	CVE-2020-13943	#116
Medium	4.3	CVE-2021-22060	#169
Medium	4.3	CVE-2021-22096	#132
Medium	4.3	CVE-2021-22096	#132
Medium	4.3	CVE-2021-22096	#132
Medium	4.3	CVE-2023-28708	#170
Medium	4.3	CVE-2024-38808	#-1

---

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-web)

v3.2.11

Compare Source

🐞 Bug Fixes

• Case-insensitive comparisons may be adversely affected by the user's locale #​42719
• DataSourceProperties#driverClassIsLoadable should not print a stacktrace to the error stream when it fails #​42681
• Auto-configuration for Rabbit Streams doesn't consider RabbitConnectionDetails #​42489
• ActiveMQ Artemis Connection Factory creation fails in native image #​42414
• Duplicate meter binding when context contains multiple registries, none are primary, and one or more is a composite #​42396
• Report produced by ConditionReportApplicationContextFailureProcessor is always empty in a failed test #​42185

📔 Documentation

• Fix systemd example configuration #​42795
• Polish javadoc for Binder#bindOrCreate(String, Class) #​42777
• Remove stale link to jar-to-war getting started guide #​42691
• Fix Regex javadoc links #​42645
• Clarify why @Primary is recommended when defining your own ObjectMapper that replaces JacksonAutoConfiguration's #​42598
• Remove links to Spring Data GemFire #​42575
• Improve the javadoc describing when @ConditionalOn(Missing)Bean will infer the type to match #​42504
• Polish documentation #​42445
• Document how to handle MANIFEST.MF in native image with Maven #​42412
• Document support for Java 23 #​42374
• Remove note about graceful shutdown with Tomcat requiring 9.0.33 or later as we now require 10.1.x #​42373
• Improve classpath index documentation for reproducible builds #​41265
• Document how Map properties are bound from environment variables #​40936
• Document that the exact behavior of the maximum HTTP request header size property is server-specific #​40798

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 5.18.6 #​42612
• Upgrade to Dropwizard Metrics 4.2.28 #​42613
• Upgrade to Infinispan 14.0.32.Final #​42614
• Upgrade to Jaybird 5.0.6.java11 #​42747
• Upgrade to Jersey 3.1.9 #​42615
• Upgrade to Jetty 12.0.14 #​42617
• Upgrade to Jetty Reactive HTTPClient 4.0.8 #​42616
• Upgrade to jOOQ 3.18.21 #​42816
• Upgrade to JUnit Jupiter 5.10.5 #​42619
• Upgrade to Micrometer 1.12.11 #​42531
• Upgrade to Micrometer Tracing 1.2.11 #​42532
• Upgrade to Neo4j Java Driver 5.25.0 #​42626
• Upgrade to Netty 4.1.114.Final #​42620
• Upgrade to Pooled JMS 3.1.7 #​42621
• Upgrade to Pulsar Reactive 0.5.8 #​42817
• Upgrade to R2DBC Pool 1.0.2.RELEASE #​42748
• Upgrade to R2DBC Postgresql 1.0.7.RELEASE #​42749
• Upgrade to Reactor Bom 2023.0.11 #​42533
• Upgrade to Spring Authorization Server 1.2.7 #​42534
• Upgrade to Spring Framework 6.1.14 #​42536
• Upgrade to Spring GraphQL 1.2.9 #​42740
• Upgrade to Spring Integration 6.2.10 #​42537
• Upgrade to Spring LDAP 3.2.7 #​42538
• Upgrade to Spring Pulsar 1.0.11 #​42539
• Upgrade to Spring RESTDocs 3.0.2 #​42741
• Upgrade to Spring Retry 2.0.10 #​42540
• Upgrade to Spring Security 6.2.7 #​42541
• Upgrade to Spring Session 3.2.6 #​42542
• Upgrade to Tomcat 10.1.31 #​42623

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​IMWoo94, @​arefbehboudi, @​jeonghyeon00, @​ngocnhan-tran1996, @​nosan, and @​quaff

v3.2.10

Compare Source

🐞 Bug Fixes

• management.health.db.ignore-routing-datasources=true has no effect when an AbstractRoutingDataSource has been wrapped #​42313
• Missing details in OAuth2ClientProperties validation error message #​42278
• FileNotFoundException from unused mis-configured SSL bundles #​42119
• PropertiesMigrationListener wrongly reports property as deprecated when has group #​42068
• Using an empty string MongoDB 'replica-set-name' property will result in ClusterType=REPLICA_SET #​42055
• JarLauncher fails to load large jar files #​42012
• @RestartScope can cause 'Recursive update' exceptions when used with container beans #​41571

📔 Documentation

• Document that spring.jmx.enabled is not intended for third-party libraries #​42272
• Update link to Log4j2 system properties #​42262
• Links to GraphQL in the reference guide redirect to the root instead of specific sections #​42207
• Fix links to Spring Data's reference documentation #​42203
• Update documentation to reflect new no handler found exception behavior #​42164
• Polish configuration property reference #​42162
• Remove link to “Converting a Spring Boot JAR Application to a WAR” as the guide is no longer available #​42110
• Improve documentation in "Command-line Completion" #​42091
• Deprecation reason for the autotime enabled, percentiles, and percentiles-historgram properties is confusing #​41745
• Document that configuration property binding to a Kotlin value class with a default is not supported #​41693
• Replace RFC 7807 by RFC 9457 in property documentation #​41260
• Explain difference between OTel agent and Micrometer instrumentations #​41227

🔨 Dependency Upgrades

• Upgrade to Groovy 4.0.23 #​42291
• Upgrade to Infinispan 14.0.31.Final #​42245
• Upgrade to Jakarta Servlet JSP JSTL 3.0.2 #​42246
• Upgrade to Jetty 12.0.13 #​42248
• Upgrade to Jetty Reactive HTTPClient 4.0.7 #​42247
• Upgrade to Micrometer 1.12.10 #​42121
• Upgrade to Micrometer Tracing 1.2.10 #​42122
• Upgrade to MongoDB 4.11.4 #​42249
• Upgrade to Netty 4.1.113.Final #​42250
• Upgrade to Reactor Bom 2023.0.10 #​42123
• Upgrade to Spring Data Bom 2023.1.10 #​42124
• Upgrade to Spring Framework 6.1.13 #​42125
• Upgrade to Spring HATEOAS 2.2.5 #​42281
• Upgrade to Spring Integration 6.2.9 #​42126
• Upgrade to Spring Kafka 3.1.9 #​42127
• Upgrade to Spring Pulsar 1.0.10 #​42128
• Upgrade to Spring Retry 2.0.9 #​42325
• Upgrade to Tomcat 10.1.30 #​42344
• Upgrade to Undertow 2.3.17.Final #​42302

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Alchemik, @​arefbehboudi, @​izeye, @​mushroom528, @​nosan, and @​quaff

v3.2.9

Compare Source

⭐ New Features

• Add TWENTY_THREE to JavaVersion enum #​41710

🐞 Bug Fixes

• When using WebFlux, server.error.include-binding-errors=ALWAYS no longer has an effect when the BindingResult exception is the cause of a ResponseStatusException #​41984
• spring-boot-testcontainers causes unwanted container initialization during AOT processing #​41838
• Extending DefaultErrorAttributes and overriding getErrorAttributes() gets called twice #​41732
• PropertiesLauncher does not respect classpath.idx when adding jars in BOOT-INF/lib to the classpath #​41719
• ReactiveElasticsearchRepositoriesAutoConfiguration should back off when Reactor is not on the classpath #​41672
• Launcher's ClassLoader is no longer parallel capable #​41665
• Using Gradle's new file permission API is impleme