What’s New in Spring Native 0.11.2 and Spring Authorization Server 0.2.2?

Recently Spring released two cutting‑edge updates: Spring Native 0.11.2 and Spring Authorization Server 0.2.2. Below is a detailed look at what changed.

Spring Native 0.11.2

Spring Native is the Spring community’s framework for the cloud‑native era. Version 0.11.2 focuses on defect fixes, documentation improvements, and dependency upgrades.

New Features

Maven skips AOT test source generation when tests are skipped (#1461)

Sorting of factories in spring.factories (#1424)

Fix factories with spaces in their names in spring.factories (#1421)

Properly disable devtools in AOT mode (#1419)

More meaningful error messages when detecting logback.xml (#1415)

Provide a way to run test methods via the regular code path instead of AOT (#1356)

Compatibility

Native image example for data-jpa no longer requires @EnableJpaRepositories as a prefix (#1405)

AnnotationException now shows missing persistent id property (#1397)

Add coroutine‑reflection inference (#769)

Optimizations

Spring Security servlet hint improvements (#1392)

Bug Fixes

Add AOT jar to bootJar Gradle task classpath (#1466)

Preserve dependsOn when generating beans via AOT (#1458)

StackOverflowError when scanning ConfigurationProperties with cross‑references (#1420)

RefreshScope‑annotated beans are not created when disabled (#1413)

ConstructorArgumentValues allocated only when indexed values exist (#1403)

ResolvableType generic count mismatch IllegalArgumentException (#1401)

NullPointerException during AOT generation when @ConfigurationProperties contains common properties (#1396)

Improve filtering and error handling in TypeModelProcessor (#1376)

IDE compilation issues caused by runtime dependencies imported in ContextBootstrapInitializer (#1093)

Dependency Updates

Upgrade GRPC to 1.43.2 and protobuf to 3.19.2

Upgrade Kotlin to 1.6.10

Upgrade Spring Boot to 2.6.3

Spring Authorization Server 0.2.2

This release mainly adds optimizations, bug fixes, and a notable new feature: client authentication now supports JWT assertions.

New Features

JdbcOAuth2AuthorizationService

now supports large database columns.

Deprecate OAuth2TokenIntrospectionClaimAccessor in favor of Spring Security 5.6 implementation.

Deprecate JwtEncoder classes; use Spring Security JOSE library instead. JdbcOAuth2AuthorizationService token field now supports clob and text types.

Token revocation logic is now customizable. userinfo_endpoint added to authorization server metadata.

Issuer can be resolved from the current request token.

Client authentication now supports JWT assertions.

Bug Fixes

Missing state and consent denial in initial request cause exceptions.

PKCE invalid token requests throw invalid_grant.

Default configuration exceeds MySQL row limit. OAuth2ClientAuthenticationToken should not be stored across requests.

Dependency Upgrades

Upgrade to Jackson 2.12.6

Upgrade to Spring Boot 2.5.9

Upgrade to Reactor 2020.0.15

Upgrade to Spring Security 5.5.4

Upgrade to Spring Framework 5.3.15

Upgrade to io.spring.ge.conventions 0.0.9

Upgrade Gradle Enterprise to 3.8 to mitigate log4j CVE‑2021‑45105

Allow AOT test task without invoking Gradle (#1338)