Liquibase 3.4.0 contains a bug that causes the initialization of its
ServiceLocator to pollute its map of loggers with a DefaultLogger for
the logger named "liquibase". Liquibase 3.4.1 contains a change that
improves the situation, but does not address is completely. Creating a
CustomResolverServiceLocator, as we do, still causes the map of
loggers to be polluted due to logging that's performed in
ClassLoaderResourceAccessor.getResourcesAsStream.
The commit address the problem by upgrading to Liquibase 3.4.1 and
adding the package containing our custom logger to the default service
locator before we register our custom service locator. This ensures
that the logging that's performed during the creation of our custom
service locator will still use our custom logger.
Closes gh-3470
Closes gh-3616
Typically, a Spring Boot maintenance release would not move to a new
minor version of a dependency. However there is a security
vulnerability in Groovy [1] and 2.4.4 is the only release which
contains a fix for it.
The commit upgrades to 2.4.4, thereby ensuring that users of Groovy
are not vulnerable by default. Users of Groovy whose applications are
not affected by the vulnerability may choose to downgrade back to
2.3.11 by overriding Spring Boot's dependency management.
Closes gh-3540
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253
Embedded MongoDB is now auto-configured when it is on the classpath.
The Mongo instance will listen on the port specified by the
spring.data.mongodb.port property. If this property has a value of
zero and randomly allocated port will be used. In such an event, the
MongoClient created by MongoAutoConfiguration will be automatically
configured to use the port that was allocated.
By default, MongoDB 2.6.10 will be used. This can be configured using
the spring.embedded-mongodb.version property. Mongo's sync delay
feature is enabled by default. This can be configured using the
spring.embedded-mongobd.features property.
Closes gh-2002
Add a new `spring-boot-configuration-metadata` module that provides an
API to manipulate Spring Boot configuration meta-data. Can read meta-data
from arbitrary locations, though the standard
`META-INF/spring-configuration-metadata.json` location must be preferred.
Closes gh-1970
Hazelcast introduced a regression in their dependency management as of
3.5 which brings freemarker. This has unfortunate side effect in a Spring
Boot application since the freemarker auto-configuration kicks in for no
apparent reason when hazelcast is used.
An exclusion has been applied until the issue is fixed in hazelcast.
Closes gh-3418
If spring-hateoas is on the classpath and an MvcEndpoint returns a
@ResponseBody it will be extended and wrapped into a Resource with links.
All the existing endpoints that return sensible JSON data can be extended
this way (i.e. not /logfile). The HAL browser will also be added as an
endpoint if available on the classpath. Finally, asciidocs for the
Actuator endpoints are available as a separate jar file, which if
included in an app will also generate a new (HTTP) endpoint.
Fixes gh-1390
Andy Wilkinson
Stephane Nicoll
Roy Clarkson
Henryk Konsek
Phillip Webb
Roy Clarkson
Dave Syer
Spring Buildmaster