What’s New in Spring Boot 3.5.3? Key Fixes, Features, and Upgrade Guide

Important reminder: Spring Boot 3.5.1 contains a major exception issue that has been fixed in version 3.5.3 . It is recommended to use v3.5.3!

<parent>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-parent</artifactId>
  <version>3.5.3</version>
  <relativePath/>
</parent>

Release Overview

This release contains 73 improvements and is the first patch of the Spring Boot 3.5 series; upgrading is strongly recommended.

⚠️ Important Changes

Tomcat upgrade limitations

Upgrading to Tomcat 10.1.42 introduces the following multipart/form-data request limits:

Part count limit : configurable via server.tomcat.max-part-count Header size limit : configurable via

server.tomcat.max-part-header-size

⭐ New Features

ConfigData options support

Allow specifying ConfigData.Options on ConfigDataEnvironmentContributors #42932

🐞 Major Bug Fixes

Performance

Fix performance issue when executable JAR class references host in classpath URL #46028

Fix possible ClassNotFoundException when spring.factories loading fails after TCCL change #46019

Configuration Fixes

Fix invalid spring.couchbase.authentication.jks.private-key-password #46006

Fix NPE in DataSourceBuilder when driver is null #45992

Fix ignored MANAGEMENT_SERVER_PORT when reading with SpringApplication.setEnvironmentPrefix #45857

Actuator Fixes

Fix Actuator heapdump endpoint failure on modern OpenJ9 JVM #46005

Fix Cloud Foundry actuator write/delete failure caused by Spring Security CSRF protection #45848

Binding and Validation

Fix UnboundConfigurationPropertiesException no longer thrown from IndexedElementsBinder #45994

Fix binding failure for non‑uppercase system environment properties #45741

Fix inability to deselect profile validation or use profile names containing '.' #45947

Other Fixes

Fix JSON writer incorrectly escaping forward slash that could affect structured logging #45980

Fix performance regression in ManagementContextAutoConfiguration due to added property source #45968

Fix java.net.http.HttpClient unavailable causing ClientHttpConnectorAutoConfiguration failure #45955

📔 Documentation Improvements

Security and Configuration Docs

Fix Docker security options link #46021

Improve documentation for Spring Security and '/error' configuration #46009

Add SSL response structure to actuator info endpoint docs #45921

Test Docs

Update Javadoc for test slice annotations to recommend MockitoBean over MockBean #45915

Update docs to reflect changed default redirect behavior of TestRestTemplate #45842

Other Docs

Fix mismatched timestamp and text in audit event retrieval example #45997

Fix spelling error in deprecated replacement of spring.codec. property #45743

Update outdated Gradle Shadow Plugin link in reference guide #45740

🔨 Dependency Upgrades

Core Framework Upgrades

Spring Framework 6.2.8

Spring Data Bom 2025.0.1

Spring Security 6.5.1

Spring Authorization Server 1.5.1

Database Driver Upgrades

MongoDB 5.5.1

PostgreSQL 42.7.7

DB2 JDBC 12.1.2.0

Jaybird 6.0.2

Server and Network Upgrades

Tomcat 10.1.42

Jetty 12.0.22

Netty 4.1.122.Final

HttpClient5 5.5

Monitoring and Tracing Upgrades

Micrometer 1.15.1

Micrometer Tracing 1.5.1

Prometheus Client 1.3.8

Other Important Upgrades

Jackson Bom 2.19.1

Hibernate 6.6.18.Final

Reactor Bom 2024.0.7

Testcontainers 1.21.2

Caffeine 3.2.1

Byte Buddy 1.17.6

Note: Because 3.5.1 has regressions, it is strongly recommended to use Spring Boot 3.5.3 directly.