Release Notes / Third-Party Update: Spring Boot and Related Dependencies

Spring Boot and Spring Security as well as several other dependencies have been updated.

For details on the changes in Spring Boot 3.5 release, see https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.5.0-Release-Notes. For other updated dependencies, view the release notes of “Updated Maven Dependencies and Plugins”.

Upgrade Information

With Spring Boot 3.5 rules for profile names have been tightened. Profiles can now only contain - (dash), _ (underscore), letters and digits. For this, the commerce blueprint wcs-8.0, wcs-9.0, wcs-9.1 as well as wcs-9.1-solr profiles had to be renamed. Now, they are named wcs-8_0, wcs-9_0, wcs-9_1 and wcs-9_1-solr respectively. Blueprint docker compose deployment files have been adapted. In case you are using these profiles, adjust their names accordingly.
With Spring Security 6.5 the org.springframework.security.web.util.matcher.AntPathRequestMatcher has been deprecated. Instead, the org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher should be used. The deprecated usages have been replaced in blueprint code. In contrast to org.springframework.util.AntPathMatcher, which was used with the deprecated AntPathRequestMatcher, the now active org.springframework.web.util.pattern.PathPattern only supports * at the end of a pattern. For example, /pages/{} is valid but /pages/{*}/details is not.
- This directly affects the property cae.csrf.ignore-paths, which now needs to be a path pattern opposed to Ant path before. The paths must be specified relative to any servlet path prefix (meaning you should exclude the context path and any servlet path prefix in stating your pattern).
There might be more changes that affect your application. Refer to the official release notes mentioned above if you encounter any issues.

(CMS-27313)

Search Results