To help with upgrading, a migration guide is available.

Spring Boot now uses Jackson 3 as its preferred JSON library. Jackson 3 uses new group IDs and package names with com.fasterxml.jackson becoming tools.jackson. An exception to this is the jackson-annotations module which continues to use the com.fasterxml.jackson.core group ID and com.fasterxml.jackson.annotation package. To learn more about the changes in Jackson 3, refer to the Jackson wiki.

For libraries that require Jackson 2, dependency management for Jackson 2 remains and a manually configured Jackson 2 ObjectMapper can be used alongside Boot’s auto-configuration for Jackson 3 if needed.

A number of classes have been renamed for consistency with Jackson 3:

• JsonObjectSerializer to ObjectValueSerializer.

• JsonValueDeserializer to ObjectValueDeserializer.

• Jackson2ObjectMapperBuilderCustomizer to JsonMapperBuilderCustomizer.

To clarify the scope of spring-boot-starter-aop, it has been renamed to spring-boot-starter-aspectj. If you have added the starter explicitly in your application, please review if you actually need it before using the replacement.

If your application does not use AspectJ, typically an annotation in the org.aspectj.lang.annotation package, you probably do not need the starter at all.

Spring Data MongoDB no longer provide defaults for UUID and BigInteger/BigDecimal representations. This aligns with the driver recommendation to not favor a particular representation for UUID or BigInteger/BigDecimal to avoid representation changes caused by upgrades to a newer Spring Data version.

An explicit configuration is expected and the representations can be set using the spring.mongodb.representation.uuid and spring.data.mongodb.representation.big-decimal properties, respectively.

With the portfolio moving from Spring Retry to new core features of Spring Framework, dependency management for Spring Retry has been removed.

If your application still relies on Spring Retry, an explicit version is now required. Please consider moving your use of Spring Retry to Spring Framework.

Spring Kafka has moved its retry capabilities from Spring Retry to Spring Framework.

As a result, spring.kafka.retry.topic.backoff.random has been removed in favor of spring.kafka.retry.topic.backoff.jitter. The latter provides more flexibility over the former. See the documentation for more details.

Spring AMQP has moved its retry capabilities from Spring Retry to Spring Framework.

Spring Boot offers a customization hook-point for retry features used by the RetryTemplate and message listeners. To make it more explicit, two dedicated customizers have been introduced: RabbitTemplateRetrySettingsCustomizer, and RabbitListenerRetrySettingsCustomizer.

If you were using RabbitRetryTemplateCustomizer to customize the retry settings according to a target, you will need to migrate to either of those interfaces.

The PropertyMapper class no longer calls adapter or predicate methods by default when the source value is null. This has removed the need for the alwaysApplyingNotNull() method which has been removed.

If you need to perform a mapping even for null values you can use the new always() method.

For example,

Will not call destination.method(…​) if source.method() returns null.

Where as:

Will call destination.method(null) if source.method() returns null.

If you use the PropertyMapper, you might want to review commit 239f384ac0 which shows how Spring Boot itself adapted to the new API.

Optional actuator endpoint parameters must now be annotated with JSpecify’s @Nullable. The previously introduced @OptionalParameter has been removed in this milestone. If you were using it, please use org.jspecify.annotations.Nullable instead.

Spring Authorization Server is now part of Spring Security. Explicit dependency management has been removed in favor of what’s already provided by Spring Security.

As a result, you can no longer override the version of Spring Authorization Server using the spring-authorization-server.version property. If you need to do this going forward, use spring-security.version.

The liveness and readiness probes are now enabled by default. This means the health endpoint now exposes the liveness and readiness groups by default.

If you do not need those probes, you can disable them by using the management.endpoint.health.probes.enabled property.

A new spring-boot-persistence module has been created to house general persistence-related code and properties. Users of @EntityScan should adapt their imports to org.springframework.boot.persistence.autoconfigure.EntityScan.

The spring.dao.exceptiontranslation.enabled property is no longer supported. Please use spring.persistence.exceptiontranslation.enabled instead.

The BootstrapRegistry and related classes have moved form org.springframework.boot to org.springframework.boot.bootstrap. The EnvironmentPostProcessor interface has also moved from org.springframework.boot.env to org.springframework.boot.

If you have deep integrations with Spring Boot you may need to update both your code and your spring.factories files.

None.

spring.jackson.datetime.<feature-name> properties can be used to enable and disable DataTimeFeature settings on the auto-configured JsonMapper.

Spring Boot now ships a new "spring-boot-kotlin-serialization" module and corresponding "spring-boot-kotlin-serialization-starter" for Kotlin Serialization support. This will contribute a Json bean and configure it with the available spring.kotlin.serialization.* properties. Note that a HttpMessageConverter will be also contributed to the application and will be set ahead of other JSON converters (acting as fallbacks).

Spring Boot 4.0.0-M3 moves to new versions of several Spring projects:

• Micrometer 1.16.0-M3

• Micrometer Tracing 1.6.0-M3

• Reactor Bom 2025.0.0-M7

• Spring Batch 6.0.0-M3

• Spring Data Bom 2025.1.0-M6

• Spring Framework 7.0.0-M9

• Spring GraphQL 2.0.0-M3

• Spring Integration 7.0.0-M3

• Spring LDAP 4.0.0-M3

• Spring HATEOAS 3.0.0-M5

• Spring LDAP 4.0.0-M3

• Spring Pulsar 2.0.0-M3

• Spring RESTDocs 4.0.0-M3

• Spring Security 7.0.0-M3

Numerous third-party dependencies have also been updated, some of the more noteworthy of which are the following:

• Ehcache3 3.11.1

• Flyway 11.13.0

• Gson 2.13.2

• HtmlUnit 4.16.0

• Jedis 6.2.0

• Kafka 4.1.0

• Kotlin 2.2.20

• Lettuce 6.8.1.RELEASE

• MongoDB 5.6.0

• OpenTelemetry 1.54.0

• Pulsar 4.1.0

• SnakeYAML 2.5

Apart from the changes listed above, there have also been lots of minor tweaks and improvements including:

• Log4j Core configuration file detection for Log4j 3 has been improved

• Resource lookup in DevTools restart has been optimized

• ScheduledTasksObservabilityAutoConfiguration has been renamed to ScheduledTasksObservationAutoConfiguration for consistency

• Authenticating with Elasticsearch using an API key is now supported using the new spring.elasticsearch.api-key property.

• ConditionalOnEnabledTracing has been renamed to ConditionalOnEnabledTracingExport

• The property management.tracing.enabled has been renamed to management.tracing.export.enabled

• SanitizableData.getKey() and SanitizableData.getLowerCaseKey() never return null. Passing a null value as a key in the SanitizableData will now throw an exception.

• Specialized interfaces have been introduced in PropertiesConfigAdapter for better nullability handling.

• The property spring.dao.exceptiontranslation.enabled has been renamed to spring.persistence.exceptiontranslation.enabled.

• The max size of Tomcat’s static cache can now be configured using the server.tomcat.resource.cache-max-size property.

• The JSpecify nullability annotations have been refined further.