What’s New in Spring Boot 2.6.0? Key Features, Maven Dependencies, and Upgrade Guide

Spring Boot 2.6.0 Released

Spring Boot 2.6.0 follows the rapid release of 2.5.6 and 2.5.7, bringing a substantial set of new capabilities and updates.

Maven Dependency Coordinates

Spring Boot 2.6.0:

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-parent</artifactId>
  <version>2.6.0</version>
  <type>pom</type>
</dependency>

Spring Boot 2.5.7:

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-parent</artifactId>
  <version>2.5.7</version>
  <type>pom</type>
</dependency>

Spring Boot 2.4.13:

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-parent</artifactId>
  <version>2.4.13</version>
  <type>pom</type>
</dependency>

Note: Starting with the 2.4.x line, the version suffix .RELEASE is omitted.

Spring Boot 2.6.0 New Features

1. Default Disallowance of Circular References

Beans that reference each other (e.g., UserService ↔ LogService) now cause the application to fail at startup unless circular references are explicitly enabled.

spring:
  main:
    allow-circular-references: true

Alternatively, enable it programmatically:

public static void main(String[] args) {
    SpringApplication app = new SpringApplication(Application.class);
    app.setAllowCircularReferences(true);
    app.run(args);
}

2. Support for Cookie SameSite Attribute

The property server.session.cookie.same-site can be set to None, Lax, or Strict to control SameSite behavior for servlet session cookies (Tomcat, Jetty, Undertow).

3. Reactive Server Session Properties

Session properties previously under spring.webflux.session are now available under server.reactive.session, mirroring the servlet configuration.

4. Custom Sanitizing Rules

Sensitive values in /env and /configprops endpoints are automatically sanitized. Custom rules can be added by defining a @Bean of type SanitizingFunction.

5. Important Endpoint Changes

The /env endpoint is disabled by default; enable it with: management.info.env.enabled = true The /info endpoint now exposes Java runtime details, e.g.:

{
  "java": {
    "vendor": "BellSoft",
    "version": "17",
    "runtime": {
      "name": "OpenJDK Runtime Environment",
      "version": "17+35-LTS"
    },
    "jvm": {
      "name": "OpenJDK 64-Bit Server VM",
      "vendor": "BellSoft",
      "version": "17+35-LTS"
    }
  }
}

Enable it with:

management.info.java.enabled = true

6. Build‑Info Property Exclusions

Specific properties can be excluded from the generated build-info.properties file, e.g.:

<configuration>
  <excludeInfoProperties>
    <excludeInfoProperty>version</excludeInfoProperty>
  </excludeInfoProperties>
</configuration>

7. Redis Connection Pool

If commons-pool2 is on the classpath, Redis (Jedis and Lettuce) automatically enables a connection pool. It can be disabled with:

spring.redis.jedis.pool.enabled = false

spring.redis.lettuce.pool.enabled = false

8. WebTestClient Testing

WebTestClient can now be used to test WebFlux applications in a mock environment or any Spring Web application against a live server.

9. Log4j2 Composite Configuration

Log4j2 now supports composite configurations via the logging.log4j2.config.override property.

10. Dependency Upgrades

Key Spring projects have been upgraded (e.g., Spring Security 5.6, Spring Data 2021.1, Spring HATEOAS 1.4, Spring Kafka 2.8, Spring AMQP 2.4, Spring Session 2021.1.0) and many third‑party libraries (Apache Kafka 3.0, Cassandra Driver 4.13, Hibernate 5.6, JUnit Jupiter 5.8, etc.).

11. Deprecations and Removals

Several classes and methods have been deprecated or removed, such as AbstractDataSourceInitializer (replaced by DataSourceScriptDatabaseInitializer), SpringPhysicalNamingStrategy (replaced by Hibernate’s CamelCaseToUnderscoresNamingStrategy), and various methods in SpringApplicationRunListener that now accept a Duration argument.

Developers should review these changes to avoid compilation errors when upgrading.

Conclusion

Spring Boot 2.6.0 introduces many enhancements across Docker images, health checks, metrics, and other areas. While the update offers valuable improvements, consider the impact on production environments before upgrading.