How to Upgrade Mall‑Tiny to SpringBoot 2.7.0: Complete Tech Stack Migration Guide

Technology Stack Upgrade

The Mall project uses mainstream backend technologies, all of which have been upgraded to their latest stable versions:

SpringBoot: 2.3.0 → 2.7.0 (container + MVC framework)

SpringSecurity: 5.1.4 → 5.7.1 (authentication and authorization)

MyBatis: 3.4.6 → 3.5.9 (ORM framework)

MyBatisGenerator: 1.3.3 → 1.4.1 (data‑layer code generation)

RabbitMQ: 3.7.14 → 3.10.5 (message queue)

Redis: 5.0 → 7.0 (distributed cache)

MongoDB: 4.2.5 → 5.0 (NoSQL database)

Elasticsearch: 7.6.2 → 7.17.3 (search engine)

LogStash: 7.6.2 → 7.17.3 (log collector)

Kibana: 7.6.2 → 7.17.3 (log visualization)

Nginx: 1.10 → 1.22 (static resource server)

Druid: 1.1.10 → 1.2.9 (database connection pool)

MinIO: 7.1.0 → 8.4.1 (object storage)

Hutool: 5.4.0 → 5.8.0 (Java utility library)

PageHelper: 5.2.0 → 5.3.0 (MyBatis pagination plugin)

Swagger‑UI: 2.9.2 → 3.0.0 (API documentation tool)

logstash‑logback‑encoder: 5.3 → 7.2 (Logstash log collector plugin)

docker‑maven‑plugin: spotify → fabric8 (Docker image packaging)

Upgrade Process

Support SpringBoot 2.7.0

SpringBoot 2.3.0 reached end‑of‑support, so moving to 2.7.0 is necessary. Starting with SpringBoot 2.6.x, circular dependencies are disabled by default; they can be re‑enabled with the following configuration:

spring:
  main:
    allow-circular-references: true

For a more elegant solution, refer to the "mall‑tiny upgrade" article that explains how to resolve circular dependencies at the source.

Swagger switched to Starter

Previously the project used the plain Swagger dependency. It has been replaced with the Springfox starter:

<!--Swagger‑UI API documentation tool-->
<dependency>
    <groupId>io.springfox</groupId>
    <artifactId>springfox-boot-starter</artifactId>
    <version>3.0.0</version>
</dependency>

When upgrading from SpringBoot 2.6.x, a BeanPostProcessor bean is required to avoid compatibility issues (see the linked article for details).

SpringSecurity usage upgrade

In SpringBoot 2.7.0 the class WebSecurityConfigurerAdapter is deprecated. The new approach defines a SecurityFilterChain bean directly:

/** SpringSecurity 5.4+ new configuration */
@Configuration
public class SecurityConfig {
    @Bean
    SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        // configure HttpSecurity here
        return httpSecurity.build();
    }
}

Refer to the "Spring Security latest usage" article for full details.

MyBatis and MySQL driver upgrade

The MySQL driver was upgraded from 8.0.16 to 8.0.29. On Linux the default SSL connection caused connection failures; adding useSSL=false resolves the issue:

spring:
  datasource:
    url: jdbc:mysql://db:3306/mall?useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai&useSSL=false
    username: reader
    password: 123456

ELK logging system upgrade

Because SpringBoot 2.7.0 uses a Java SDK that is compatible with Elasticsearch 7.17.3, the entire ELK stack (Elasticsearch, LogStash, Kibana) was upgraded to that version.

MongoDB upgrade

MongoDB was upgraded to 5.0, but the Docker image required a CPU that only the 4.x series supports, so the version was rolled back to 4.x for container deployments.

Docker Maven plugin switched to fabric8

The previously used spotify docker‑maven‑plugin is no longer maintained; it has been replaced with the fabric8 version, which offers more features and active updates. The usage remains the same—run the Maven package goal to build and push the Docker image.

Deployment Documentation Updated

The deployment guides have been refreshed for Windows, Docker, and Docker‑Compose environments. See the links below for the full instructions.

Conclusion

Upgrading the Mall project to SpringBoot 2.7.0 required only minimal code changes; most components work out‑of‑the‑box. SpringBoot 2.7 may become a long‑term version before the move to SpringBoot 3.0, which mandates Java 17.

Project Source Code

GitHub repository: https://github.com/macrozheng/mall