Spring Boot 2.6 Release Notes · spring-projects/spring-boot Wiki
Classes, methods and properties that were deprecated in Spring Boot 2.4 have been removed in this release. Please ensure that you aren’t calling deprecated methods before upgrading.
생성자 주입을 통한 순환 사이클은 기본적으로 에러가 발생되지만
application 설정으로 허용 가능하도록 변경됨
spring.main.allow-circular-references=true
pathPattern에서 같은 값을 연속해서 설정했을 경우 이전 버전까지는 마지막 값으로 처리가 되었으나 2.6부터는 에러가 발생되며 워닝으로 표시된다.
만약 이전 버전의 설정을 유지하고 싶다면 아래 셋팅을 application 설정에 추가하면 된다.
spring.mvc.pathmatch.matching-strategy=ant_path_matcher
Actuator Env info 정보를 application 설정에 추가하더라도 기본적으로 노출되지 않도록 변경 되었으며 원할 경우 application 설정 값으로 변경 가능하도록 변경됨
management.info.env.enabled=true
The spring.boot.application.running
startup step logged to ApplicationStartup
has been renamed to spring.boot.application.ready
. If you are processing files generated from FlightRecorderApplicationStartup
or BufferingApplicationStartup
you will need to use the new name.
→ ApplicationStartup과 관련된 property 이름이 running에서 ready로 변경됨
Injecting Resources
directly no longer works as this configuration has been harmonized in WebProperties
. If you need to access this information, you need to inject WebProperties
instead.
→ 2.5까지는 record를 사용할 경우 setter가 존재하지 않아 @ConstructorBinding Annotation을 통해 주입시켜주었으나 2.6 부터는 사용하지 않아도 처리됨
@ConfigurationProperties("blogger.author")
// @ConstructorBinding
public record AuthorProperties(String firstName, String lastName, String email) {
}
You can now configure SameSite
attributes on session cookies for servlet applications using the server.servlet.session.cookie.same-site
property. This works with auto-configured Tomcat, Jetty and Undertow servers.
In addition, the CookieSameSiteSupplier
interface can be used if you want to apply a SameSite
attribute to other cookies. See the updated documentation for more details and some example code.
→ SameSite 속성을 CookieSameSiteSupplier
를 @Bean으로 선언하여 쿠키별로 속성 컨트롤 가능하다.
A cookie with "SameSite=Strict" will only be sent with a same-site request.
A cookie with "SameSite=Lax" will be sent with a same-site request, or a cross-site top-level navigation with a "safe" HTTP method.
A cookie with "SameSite=None" will be sent with both same-site and cross-site requests.
작년에 SameSite에 대해 처음 알았을땐 사실 도메인에 대한 기준에 별 관심이 없어서 그냥 지나쳤었는데, 최근에 이와 관련해서 테스트해보고 여러 의견을 나눠본 결과.. 매우 중요했단 사실을 알게 됬습니다.
요점은 www.google.com
과 aaa.google.com
, 즉 서브 도메인만 다른 경우 SameSite인가? 이고 결론은 SameSite 입니다. 다만 하나 알고가야할건 Public suffix에 명시된 최상위 도메인을 기준으로 SameSite를 식별한다는 점 입니다. 그래서, 1.google.com
과 2.google.com
은 SameSite이지만, 1.github.io
와 2.github.io
는 Cross-site 입니다.
server.servlet.session.cookie.same-site=lax
@Bean
public CookieSameSiteSupplier cookieSameSiteSupplier() {
return CookieSameSiteSupplier.ofStrict().whenHasName("mycookie");
}
Spring Boot sanitizes sensitive values present in the /env
and /configprops
endpoints. While it was possible to configure which properties get sanitized via configuration properties, users might want to apply sanitization rules based on which PropertySource
the property originated from. For example, Spring Cloud Vault uses vault to store encrypted values and load them into the Spring environment. Since all values are encrypted, it would make sense to blank the values of every key in an entire property source. Such sanitization customizations can be configured by adding a @Bean
of type SanitizingFunction
.
→ actuator에 노출되는 program arguments 값을 SanitizingFunction Bean 설정을 통해 커스터마이징 할 수 있다.
--api.secret=password --api.version=1.0
@Bean
public SanitizingFunction sanitizingFunction() {
return data -> data.getPropertySource().getName().equals(CommandLinePropertySource.COMMAND_LINE_PROPERTY_SOURCE_NAME)
? data.withValue("this is top secret!") : data;
}
The info
endpoint can now expose Java Runtime information under the java
key, as shown in the following example:
"java": {
"vendor": "Eclipse Adoptium",
"version": "17.0.2",
"runtime": {
"name": "OpenJDK Runtime Environment",
"version": "17.0.2+8"
},
"jvm": {
"name": "OpenJDK 64-Bit Server VM",
"vendor": "Eclipse Adoptium",
"version": "17.0.2+8"
}
}
To expose this information in the info
endpoint’s response, set the management.info.java.enabled
property to true
.
→ management.info.java.enabled
속성을 추가하면 actuator/info에서 java 정보가 확인 가능하다.
It’s now possible to exclude specific properties from being added to the build-info.properties
file generated by the Spring Boot Maven or Gradle plugin.
Maven users can exclude the standard group
, artifact
, name
, version
or time
properties using the <excludeInfoProperties>
tag. For example, to exclude the version
property the following configuration can be used:
<configuration>
<excludeInfoProperties>
<excludeInfoProperty>version</excludeInfoProperty>
</excludeInfoProperties>
</configuration>
→ build-info.properties 파일을 생성시 제외할 속성을 지정할 수 있다.
The application’s MessageSource
is now used when resolving {parameters}
in constraint messages. This allows you to use your application’s messages.properties
files for Bean Validation messages. Once the parameters have been resolved, message interpolation is completed using Bean Validation’s default interpolator.
→ message 설정에 있는 속성 값을 validation annotation에 바인딩하여 사용 가능하다.
spring.web.locale=ko_KR
@NotEmpty(message = "{post.title.notEmpty}")
private String title;
Developers could use WebTestClient
to test WebFlux apps in mock environments, or any Spring web app against live servers. This change also enables WebTestClient
for Spring MVC in mock environments: classes annotated with @AutoConfigureMockMvc
can get injected a WebTestClient
. This makes our support complete, you can now use a single API to drive all your web tests!
→ Webflux 환경에서도 WebTestClient가 지원 가능해졌다.
@WebMvcTest(PostController.class)
class PostControllerTest {
@Autowired
private WebTestClient webTestClient;
@Test
void findAllPosts() {
webTestClient
.get()
.uri("/posts")
.exchange()
.expectStatus().isOk()
.expectBody().jsonPath("$.size()", Matchers.is(3));
}
https://www.youtube.com/watch?v=4L4LEnawcO8