From 54ef8d335f58768a40abf7541a4bd1f63b538cad Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Wed, 10 Jun 2026 12:42:08 +0100 Subject: [PATCH 01/11] Upgrade to Spring Batch 5.2.6 Closes gh-50516 --- spring-boot-project/spring-boot-dependencies/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-boot-project/spring-boot-dependencies/build.gradle b/spring-boot-project/spring-boot-dependencies/build.gradle index a54408f6dc2c..1b22293c01f6 100644 --- a/spring-boot-project/spring-boot-dependencies/build.gradle +++ b/spring-boot-project/spring-boot-dependencies/build.gradle @@ -2264,7 +2264,7 @@ bom { releaseNotes("https://github.com/spring-projects/spring-authorization-server/releases/tag/{version}") } } - library("Spring Batch", "5.2.6-SNAPSHOT") { + library("Spring Batch", "5.2.6") { considerSnapshots() group("org.springframework.batch") { bom("spring-batch-bom") From b2a67be77b3393d75e9d34bae6dba95bb437e8d1 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Wed, 10 Jun 2026 12:42:12 +0100 Subject: [PATCH 02/11] Upgrade to Spring GraphQL 1.4.6 Closes gh-50739 --- spring-boot-project/spring-boot-dependencies/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-boot-project/spring-boot-dependencies/build.gradle b/spring-boot-project/spring-boot-dependencies/build.gradle index 1b22293c01f6..7caa9ee9d2ea 100644 --- a/spring-boot-project/spring-boot-dependencies/build.gradle +++ b/spring-boot-project/spring-boot-dependencies/build.gradle @@ -2317,7 +2317,7 @@ bom { releaseNotes("https://github.com/spring-projects/spring-framework/releases/tag/v{version}") } } - library("Spring GraphQL", "1.4.6-SNAPSHOT") { + library("Spring GraphQL", "1.4.6") { considerSnapshots() group("org.springframework.graphql") { modules = [ From 3da6e9a48744a277d712f39fb36e9e5d80ae4542 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Wed, 10 Jun 2026 12:44:18 +0100 Subject: [PATCH 03/11] Upgrade to Spring GraphQL 2.0.4 Closes gh-50740 --- platform/spring-boot-dependencies/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform/spring-boot-dependencies/build.gradle b/platform/spring-boot-dependencies/build.gradle index b831ed09fd23..823acba5e49f 100644 --- a/platform/spring-boot-dependencies/build.gradle +++ b/platform/spring-boot-dependencies/build.gradle @@ -2452,7 +2452,7 @@ bom { releaseNotes("https://github.com/spring-projects/spring-framework/releases/tag/v{version}") } } - library("Spring GraphQL", "2.0.4-SNAPSHOT") { + library("Spring GraphQL", "2.0.4") { considerSnapshots() group("org.springframework.graphql") { modules = [ From e1f6b96b30cfef8619209c587c0974c9194a6718 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Wed, 10 Jun 2026 12:46:22 +0100 Subject: [PATCH 04/11] Upgrade to Spring GraphQL 2.0.4 Closes gh-50741 --- platform/spring-boot-dependencies/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform/spring-boot-dependencies/build.gradle b/platform/spring-boot-dependencies/build.gradle index 4cacc16ef3b8..1a3ac4eeafd5 100644 --- a/platform/spring-boot-dependencies/build.gradle +++ b/platform/spring-boot-dependencies/build.gradle @@ -2568,7 +2568,7 @@ bom { releaseNotes("https://github.com/spring-projects/spring-framework/releases/tag/v{version}") } } - library("Spring GraphQL", "2.0.4-SNAPSHOT") { + library("Spring GraphQL", "2.0.4") { considerSnapshots() group("org.springframework.graphql") { modules = [ From 4218bd76e934e5cf9e3fd3997c67b8a6b0d0c111 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Nicoll?= Date: Tue, 28 Apr 2026 10:16:13 +0200 Subject: [PATCH 05/11] Fix predictable temp directory in Artemis embedded configuration Update ArtemisEmbeddedConfigurationFactory to use ApplicationTemp for generating the Artemis data directory. This ensures the path is securely generated rather than using a predictable, hardcoded string. Fixes gh-50743 --- .../jms/artemis/ArtemisEmbeddedConfigurationFactory.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/artemis/ArtemisEmbeddedConfigurationFactory.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/artemis/ArtemisEmbeddedConfigurationFactory.java index c815445d0abd..d32bb6aaa293 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/artemis/ArtemisEmbeddedConfigurationFactory.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jms/artemis/ArtemisEmbeddedConfigurationFactory.java @@ -16,8 +16,6 @@ package org.springframework.boot.autoconfigure.jms.artemis; -import java.io.File; - import org.apache.activemq.artemis.api.core.QueueConfiguration; import org.apache.activemq.artemis.api.core.RoutingType; import org.apache.activemq.artemis.api.core.SimpleString; @@ -31,6 +29,8 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.springframework.boot.system.ApplicationTemp; + /** * Configuration used to create the embedded Artemis server. * @@ -84,8 +84,7 @@ private String getDataDir() { if (this.properties.getDataDirectory() != null) { return this.properties.getDataDirectory(); } - String tempDirectory = System.getProperty("java.io.tmpdir"); - return new File(tempDirectory, "artemis-data").getAbsolutePath(); + return new ApplicationTemp().getDir("artemis-data").getAbsolutePath(); } } From 327bef3a71561a6844ede3039a4d4e7bf38016cf Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Tue, 5 May 2026 13:54:16 +0100 Subject: [PATCH 06/11] Enable hostname verification by default in Mail auto-config Fixes gh-50742 --- .../autoconfigure/mail/MailProperties.java | 13 +++++++++ .../MailSenderPropertiesConfiguration.java | 19 ++++++++----- .../MailSenderAutoConfigurationTests.java | 28 +++++++++++++++---- 3 files changed, 48 insertions(+), 12 deletions(-) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mail/MailProperties.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mail/MailProperties.java index c1760df7fe00..f1e6cec20c08 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mail/MailProperties.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mail/MailProperties.java @@ -153,6 +153,11 @@ public static class Ssl { */ private boolean enabled; + /** + * Whether to enable hostname verification. + */ + private boolean verifyHostname = true; + /** * SSL bundle name. If set, 'mail.(protocol).ssl.socketFactory' property is set to * an SSLSocketFactory obtained from the corresponding SSL bundle. @@ -170,6 +175,14 @@ public void setEnabled(boolean enabled) { this.enabled = enabled; } + public boolean isVerifyHostname() { + return this.verifyHostname; + } + + public void setVerifyHostname(boolean verifyHostname) { + this.verifyHostname = verifyHostname; + } + public String getBundle() { return this.bundle; } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mail/MailSenderPropertiesConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mail/MailSenderPropertiesConfiguration.java index 8b91aaeb6d08..0dcf3b2b8ca6 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mail/MailSenderPropertiesConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mail/MailSenderPropertiesConfiguration.java @@ -66,13 +66,18 @@ private void applyProperties(MailProperties properties, JavaMailSenderImpl sende String protocol = properties.getProtocol(); protocol = (!StringUtils.hasLength(protocol)) ? "smtp" : protocol; Ssl ssl = properties.getSsl(); - if (ssl.isEnabled()) { - javaMailProperties.setProperty("mail." + protocol + ".ssl.enable", "true"); - } - if (StringUtils.hasLength(ssl.getBundle())) { - SslBundle sslBundle = sslBundles.getBundle(ssl.getBundle()); - javaMailProperties.put("mail." + protocol + ".ssl.socketFactory", - sslBundle.createSslContext().getSocketFactory()); + if (ssl.isEnabled() || StringUtils.hasLength(ssl.getBundle())) { + if (ssl.isVerifyHostname()) { + javaMailProperties.setProperty("mail." + protocol + ".ssl.checkserveridentity", "true"); + } + if (ssl.isEnabled()) { + javaMailProperties.setProperty("mail." + protocol + ".ssl.enable", "true"); + } + if (StringUtils.hasLength(ssl.getBundle())) { + SslBundle sslBundle = sslBundles.getBundle(ssl.getBundle()); + javaMailProperties.put("mail." + protocol + ".ssl.socketFactory", + sslBundle.createSslContext().getSocketFactory()); + } } if (!javaMailProperties.isEmpty()) { sender.setJavaMailProperties(javaMailProperties); diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/mail/MailSenderAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/mail/MailSenderAutoConfigurationTests.java index 04975e8f230f..587ec6f4059a 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/mail/MailSenderAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/mail/MailSenderAutoConfigurationTests.java @@ -266,22 +266,38 @@ void smtpSslEnabled() { .run((context) -> { assertThat(context).hasSingleBean(JavaMailSenderImpl.class); JavaMailSenderImpl mailSender = context.getBean(JavaMailSenderImpl.class); - assertThat(mailSender.getJavaMailProperties()).containsEntry("mail.smtp.ssl.enable", "true"); + assertThat(mailSender.getJavaMailProperties()).containsEntry("mail.smtp.ssl.enable", "true") + .containsEntry("mail.smtp.ssl.checkserveridentity", "true"); + }); + } + + @Test + void smtpSslEnabledWithHostnameVerificationDisabled() { + this.contextRunner + .withPropertyValues("spring.mail.host:localhost", "spring.mail.ssl.enabled:true", + "spring.mail.ssl.verify-hostname:false") + .run((context) -> { + assertThat(context).hasSingleBean(JavaMailSenderImpl.class); + JavaMailSenderImpl mailSender = context.getBean(JavaMailSenderImpl.class); + assertThat(mailSender.getJavaMailProperties()).containsEntry("mail.smtp.ssl.enable", "true") + .doesNotContainKey("mail.smtp.ssl.checkserveridentity"); }); } @Test @WithPackageResources("test.jks") - void smtpSslBundle() { + void smtpSslBundleWithHostnameVerificationDisabled() { this.contextRunner .withPropertyValues("spring.mail.host:localhost", "spring.mail.ssl.bundle:test-bundle", + "spring.mail.ssl.verify-hostname:false", "spring.ssl.bundle.jks.test-bundle.keystore.location:classpath:test.jks", "spring.ssl.bundle.jks.test-bundle.keystore.password:secret", "spring.ssl.bundle.jks.test-bundle.key.password:password") .run((context) -> { assertThat(context).hasSingleBean(JavaMailSenderImpl.class); JavaMailSenderImpl mailSender = context.getBean(JavaMailSenderImpl.class); - assertThat(mailSender.getJavaMailProperties()).doesNotContainKey("mail.smtp.ssl.enable"); + assertThat(mailSender.getJavaMailProperties()).doesNotContainKey("mail.smtp.ssl.enable") + .doesNotContainKey("mail.smtp.ssl.checkserveridentity"); Object property = mailSender.getJavaMailProperties().get("mail.smtp.ssl.socketFactory"); assertThat(property).isInstanceOf(SSLSocketFactory.class); }); @@ -295,7 +311,8 @@ void smtpsSslEnabled() { .run((context) -> { assertThat(context).hasSingleBean(JavaMailSenderImpl.class); JavaMailSenderImpl mailSender = context.getBean(JavaMailSenderImpl.class); - assertThat(mailSender.getJavaMailProperties()).containsEntry("mail.smtps.ssl.enable", "true"); + assertThat(mailSender.getJavaMailProperties()).containsEntry("mail.smtps.ssl.enable", "true") + .containsEntry("mail.smtps.ssl.checkserveridentity", "true"); }); } @@ -311,7 +328,8 @@ void smtpsSslBundle() { .run((context) -> { assertThat(context).hasSingleBean(JavaMailSenderImpl.class); JavaMailSenderImpl mailSender = context.getBean(JavaMailSenderImpl.class); - assertThat(mailSender.getJavaMailProperties()).doesNotContainKey("mail.smtps.ssl.enable"); + assertThat(mailSender.getJavaMailProperties()).doesNotContainKey("mail.smtps.ssl.enable") + .containsEntry("mail.smtps.ssl.checkserveridentity", "true"); Object property = mailSender.getJavaMailProperties().get("mail.smtps.ssl.socketFactory"); assertThat(property).isInstanceOf(SSLSocketFactory.class); }); From b0686478a71cceb977dc1ff5b4e69ef5eb052fcf Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Wed, 10 Jun 2026 15:54:41 +0100 Subject: [PATCH 07/11] Upgrade to Spring Integration 6.5.9 Closes gh-50520 --- spring-boot-project/spring-boot-dependencies/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-boot-project/spring-boot-dependencies/build.gradle b/spring-boot-project/spring-boot-dependencies/build.gradle index 7caa9ee9d2ea..9c4a5dc837a8 100644 --- a/spring-boot-project/spring-boot-dependencies/build.gradle +++ b/spring-boot-project/spring-boot-dependencies/build.gradle @@ -2356,7 +2356,7 @@ bom { releaseNotes("https://github.com/spring-projects/spring-hateoas/releases/tag/{version}") } } - library("Spring Integration", "6.5.9-SNAPSHOT") { + library("Spring Integration", "6.5.9") { considerSnapshots() group("org.springframework.integration") { bom("spring-integration-bom") From d549d077c03add0421464fcd0248bd8b76b41973 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Wed, 10 Jun 2026 15:56:16 +0100 Subject: [PATCH 08/11] Upgrade to Spring Integration 7.0.5 Closes gh-50543 --- platform/spring-boot-dependencies/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform/spring-boot-dependencies/build.gradle b/platform/spring-boot-dependencies/build.gradle index 823acba5e49f..87b4f0673939 100644 --- a/platform/spring-boot-dependencies/build.gradle +++ b/platform/spring-boot-dependencies/build.gradle @@ -2487,7 +2487,7 @@ bom { releaseNotes("https://github.com/spring-projects/spring-hateoas/releases/tag/{version}") } } - library("Spring Integration", "7.0.5-SNAPSHOT") { + library("Spring Integration", "7.0.5") { considerSnapshots() group("org.springframework.integration") { bom("spring-integration-bom") From 6a6dedc4354cbafadaf8aab2803fc3acd7e6b8de Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Wed, 10 Jun 2026 15:57:08 +0100 Subject: [PATCH 09/11] Upgrade to Spring Integration 7.1.0 Closes gh-50568 --- platform/spring-boot-dependencies/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform/spring-boot-dependencies/build.gradle b/platform/spring-boot-dependencies/build.gradle index 1a3ac4eeafd5..85f8543b5e6f 100644 --- a/platform/spring-boot-dependencies/build.gradle +++ b/platform/spring-boot-dependencies/build.gradle @@ -2620,7 +2620,7 @@ bom { releaseNotes("https://github.com/spring-projects/spring-hateoas/releases/tag/{version}") } } - library("Spring Integration", "7.1.0-SNAPSHOT") { + library("Spring Integration", "7.1.0") { considerSnapshots() group("org.springframework.integration") { bom("spring-integration-bom") From 9755ff29e7ce3a8ac4574e5b452bdfe1053718b1 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Wed, 10 Jun 2026 16:20:29 +0100 Subject: [PATCH 10/11] Upgrade to Spring Batch 6.0.4 Closes gh-50539 --- platform/spring-boot-dependencies/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform/spring-boot-dependencies/build.gradle b/platform/spring-boot-dependencies/build.gradle index 87b4f0673939..efdeb4e3e58d 100644 --- a/platform/spring-boot-dependencies/build.gradle +++ b/platform/spring-boot-dependencies/build.gradle @@ -2407,7 +2407,7 @@ bom { releaseNotes("https://github.com/spring-projects/spring-amqp/releases/tag/v{version}") } } - library("Spring Batch", "6.0.4-SNAPSHOT") { + library("Spring Batch", "6.0.4") { considerSnapshots() group("org.springframework.batch") { bom("spring-batch-bom") From 1a5815cf3183a0c9493cece8ba550a6e8b125d67 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Wed, 10 Jun 2026 16:21:24 +0100 Subject: [PATCH 11/11] Upgrade to Spring Batch 6.0.4 Closes gh-50563 --- platform/spring-boot-dependencies/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform/spring-boot-dependencies/build.gradle b/platform/spring-boot-dependencies/build.gradle index 85f8543b5e6f..4dffef741575 100644 --- a/platform/spring-boot-dependencies/build.gradle +++ b/platform/spring-boot-dependencies/build.gradle @@ -2523,7 +2523,7 @@ bom { releaseNotes("https://github.com/spring-projects/spring-amqp/releases/tag/v{version}") } } - library("Spring Batch", "6.0.4-SNAPSHOT") { + library("Spring Batch", "6.0.4") { considerSnapshots() group("org.springframework.batch") { bom("spring-batch-bom")