I recently deployed a spring boot 1.4.0 web application and I noticed that liquibase did not perform an update. I have no problem with my spring boot 1.3.2 web application.
Was something introduced to Spring Boot 1.4.0 that would cause liquibase to not execute?
Tracked down the issue to liquibase-core package was not included in order to the Spring Boot autoconfigurations to execute.
It's not entirely clear why the liquibase-gradle-plugin did not include the required package.
Related
i am trying to update my spring version to 2.7.3 for my existing spring microservice project but
Your project setup is incompatible with our requirements due to following reasons:
Spring Boot [2.7.3] is not compatible with this Spring Cloud release train
Action:
Consider applying the following actions:
Change Spring Boot version to one of the following versions [2.4.x, 2.5.x] .
You can find the latest Spring Boot versions here [https://spring.io/projects/spring-boot#learn].
If you want to learn more about the Spring Cloud Release train compatibility, you can visit this page [https://spring.io/projects/spring-cloud#overview] and check the [Release Trains] section.
If you want to disable this check, just set the property [spring.cloud.compatibility-verifier.enabled=false]
i updated spring cloud version to the latest one but then it throws cloud hystrix version compatibility issue can some one explain how to update spring verison for existing spring boot micro service project.
Thanks.
I have spring boot project version 2.7.0.
I use the dependency-check and it reports CVE-2022-22976.
Do you know how I can solve it?
Spring security version is 5.7.1 while spring starter security version is 2.7.0.
It's a false positive that will be automatically suppressed with the upcoming release 7.1.1: https://github.com/jeremylong/DependencyCheck/issues/4563
Currently, the Spring Boot starter for Spring Security is mistaken with Spring Security itself.
Until then you'll need to suppress it manually with something like
<suppress base="true">
<notes><![CDATA[
FP per issue #4563
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.boot/spring-boot-starter-security#.*$</packageUrl>
<cpe>cpe:/a:vmware:spring_security</cpe>
</suppress>
The spring published that:
I used spring 5.3.16, spring boot 2.2.10.RELEASE, spring cloud 2.2.10.RELEASE to use spring-cloud-netflix-zuul, so, can I just upgrade the spring version to 5.3.18, but don't upgrade other framwork?
Spring Boot 2.2.x is EOL and may contain other security fixes that affect you. Spring Boot 2.2.10.RELEASE use Spring Framework 5.2.9.RELEASE.
If you are using Spring Framework 5.3.x, this is not really a supported scenario irrespective of this CVE. You should be using Spring Framework 5.2.x. For that, we have released Spring Framework 5.2.20.
Of course, to be really safe you should upgrade to a supported version.
There is a vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-22047) discovered in spring-data-rest-webmvc which is only fixed in versions 3.4.14 and 3.5.6. Spring Boot 2.3.12 uses the version 3.3.9. Migrating to spring boot 2.4.x or above is not an option for us.
We would like to use spring-data-rest-webmvc:3.4.14, but we are not sure if it's compatible with spring boot 2.3.x.
Can we use them together?
Spring Data Rest version 3.4 and up use Spring Framework version 5.3.x.
Spring Boot 2.3 is build with Spring Framework 5.2.x.
Will it work, probably, but there are no garanties that it will keep working or work at all. Most like it will fail with some NoSuchMethodError or ClassNotFOundExceptions or other exotic expetions one gets when mixing modules/jars from different versions of a framework.
My project is built with Spring boot 1.5.10.release. We want to migrate to Apache Kafka® 2.3.0 from Apache Kafka 1.0.x.
We are currently using Spring-kafka 1.3.9.release and want to migrate to spring-kafka-2.3.0. Can we do this without changing the Spring boot version of 1.5.10.release?
I went through the Compatibility matrix but I don't see any relevant answer to my question
https://spring.io/projects/spring-kafka
No, you can't do that. Spring Kafka 2.x, as well Spring Boot 2.x, is based on Spring Framework 5.x and Java 8. You can't mix so critical versions in Spring Boot 1.5.x.
It is really better to rely on the Spring Boot dependencies management. That way you can be sure that all the artifacts brought by Spring Boot are tested together.