What’s New in Spring Boot 2.5.8 & 2.6.2? Full Bug Fixes and Dependency Upgrades

On December 22, the Spring team released Spring Boot 2.5.8 and 2.6.2, both maintenance releases that fix numerous bugs, improve documentation, and upgrade many dependencies, including the long‑awaited Log4j2 upgrade.

2.6.2 Release Details

Bug Fixes

Getter or setter overridden in a subclass causes different property‑binding behavior during configuration #29143

DatabaseInitializationDependencyConfigurer triggers eager initialization of factory beans #29103

Quartz MySQL/MariaDB tables are not created in Spring Boot 2.6.0 #29095

Initialization for Quartz, Session, Integration and Batch platforms cannot complete configuration #29002

Application fails to start when thymeleaf-extras-springsecurity5 is present but Spring Security is missing on the classpath #28979

ResponseStatusException from Spring Security no longer returns a response body in 2.6.1 #28953

DataSourceScriptDatabaseInitializer may still try to access the database even when its initialization mode is set to never #28931

Hibernate validation messages are broken when setUseCodeAsDefaultMessage=true in 2.6.1 #28930

Image build packages without a Tag no longer default to the latest version #28922

Maven‑built WAR classpath index manifest attribute is ineffective #28904

AbstractMethodError in

org.springframework.boot.web.servlet.filter.ErrorPageSecurityFilter

is triggered when deployed to a Servlet 3.1‑compatible container #28902

Time‑to‑live cache setting for the health endpoint has no effect #28882 server.servlet.session.cookie.same-site is not applied to Spring Session’s SESSION cookie #28784

Dependency Upgrades

Logback 1.2.9

AppEngine SDK 1.9.93

Caffeine 2.9.3

Couchbase Client 3.2.4

DB2 JDBC 11.5.7.0

Dropwizard Metrics 4.2.7

Ehcache3 3.9.9

Flyway 8.0.5

Hazelcast 4.2.4

Hibernate 5.6.3.Final

HttpAsyncClient 4.1.5

HttpCore 4.4.15

Infinispan 12.1.10.Final

Jackson Bom 2.13.1

JDOM2 2.0.6.1

Jedis 3.7.1

JUnit Jupiter 5.8.2

Kotlin 1.6.10

Log4j2 2.17.0

Micrometer 1.8.1

MSSQL JDBC 9.4.1.jre8

Netty 4.1.72.Final

Reactor 2020.0.14

Spring AMQP 2.4.1

Spring Framework 5.3.14

Spring Integration 5.5.7

Spring Kafka 2.8.1

Spring LDAP 2.3.5

Spring Security 5.6.1

Spring Session 2021.1.1

Spring WS 3.1.2

Thymeleaf 3.0.14.RELEASE

Tomcat 9.0.56

Undertow 2.2.14.Final

XmlUnit2 2.8.4

Official announcement: https://spring.io/blog/2021/12/21/spring-boot-2-6-2-available-now

2.5.8 Release Details

Developers can obtain the 2.5.8 artifacts via the Maven coordinates provided in the official documentation.

Bug Fixes

DatabaseInitializationDependencyConfigurer triggers eager initialization of factory beans #28977

Application fails to start when thymeleaf-extras-springsecurity5 is present but Spring Security is missing on the classpath #28967

Initialization for Quartz, Session, Integration and Batch platforms cannot complete configuration #28932

Image build packages without a Tag no longer default to the latest version #28921

Getter or setter overridden in a subclass causes different property‑binding behavior #28917

Maven‑built WAR classpath index manifest attribute is ineffective #28895 PatternParseException message‑matching strategy property name is incorrect in failure analysis #28809

Dependency org.elasticsearch.distribution.integ-test-zip:elasticsearch should be declared with type zip #28725

Dependency Upgrades

AppEngine SDK 1.9.93

Caffeine 2.9.3

DB2 JDBC 11.5.7.0

Dropwizard Metrics 4.1.29

Ehcache3 3.9.9

Hazelcast 4.1.8

Hibernate 5.4.33

HttpAsyncClient 4.1.5

HttpCore 4.4.15

Infinispan 12.1.10.Final

Jackson Bom 2.12.6

JDOM2 2.0.6.1

Kotlin 1.5.32

Log4j2 2.17.0

Logback 1.2.9

Micrometer 1.7.7

Netty 4.1.72.Final

Reactor 2020.0.14

Spring AMQP 2.3.13

Spring Framework 5.3.14

Spring Integration 5.5.7

Spring LDAP 2.3.5

Spring Security 5.5.4

Spring Session 2021.0.4

Spring WS 3.1.2

Thymeleaf 3.0.14.RELEASE

Tomcat 9.0.56

Undertow 2.2.14.Final

XmlUnit2 2.8.4

Official announcement: https://spring.io/blog/2021/12/21/spring-boot-2-5-8-available-now