Spring Boot 3.5 Release Notes
Spring Boot 3.5.0, released on November 20, 2024, introduces enhancements focused on observability, security, and developer productivity. This version aligns with Spring Framework 6.2 and supports Java 17 as the minimum version, with compatibility up to Java 24. It includes over 150 improvements, including better support for virtual threads, refined auto-configuration, and new starters for common integrations.
Spring Boot 3.5 emphasizes streamlined migration paths from earlier versions, with built-in tools for upgrading dependencies and configurations. It maintains compatibility with Jakarta EE 10 and reactive programming paradigms, making it suitable for cloud-native applications, microservices, and enterprise systems.
Observability Enhancements
Spring Boot 3.5 improves Micrometer integration with automatic OpenTelemetry export for traces and metrics. The Actuator endpoints now support structured logging and OpenTelemetry context propagation by default.
New observability features include auto-instrumentation for JDBC, R2DBC, and messaging systems. Developers can enable detailed tracing with minimal configuration using application properties like management.tracing.sampling.probability.
Security Improvements
Security auto-configuration now defaults to stronger password encoders and enables CSRF protection for all endpoints. Spring Security 6.3 integration adds support for OAuth 2.1 and improved JWT handling.
A new security starter for reactive applications simplifies token validation and role-based access control. Vulnerability scanning is enhanced with built-in checks during the build process via the spring-boot-maven-plugin.
Virtual Threads Support
Full support for Java virtual threads is now stable, with Tomcat, Jetty, and Undertow connectors optimized for high concurrency. Enable it with spring.threads.virtual.enabled=true.
This leads to better resource utilization in thread-per-request models, especially for I/O-bound applications. Task executors automatically detect and use virtual threads when available.
Auto-Configuration Refinements
New auto-configurations for GraphQL, gRPC, and Apache Kafka Streams reduce boilerplate. The @ConditionalOnMissingBean annotations are smarter, prioritizing user-defined beans.
Database health indicators now include query performance metrics, and caching abstractions support Caffeine as the default provider for better performance.
DevTools and Testing Updates
Spring Boot DevTools adds live reload for Thymeleaf templates and improved remote debugging. The testing slice for REST endpoints includes built-in support for WebFlux and MockMvc.
New @SpringBootTest annotations simplify integration tests with randomized ports and embedded databases like Testcontainers.
Build and Dependency Management
The Spring Boot Maven and Gradle plugins now enforce dependency management for Jakarta EE and Spring Cloud. BOM updates include Hibernate 6.5 and Spring Data 2024.1.
Layered JAR support is enhanced for Docker builds, with profiles for GraalVM native images. The plugin validates configurations during the build to catch common issues early.
Performance Optimizations
Startup time is reduced by 10-15% through lazy initialization of beans and optimized class loading. JSON processing with Jackson is faster with default streaming enabled.
Reactive streams benefit from non-blocking I/O in Netty, and caching layers use off-heap storage options for larger datasets.
Deprecations
Legacy XML configurations are deprecated in favor of YAML or properties. Old actuator endpoints like /trace are removed, replaced by /actuator/traces.
Support for Java 8 and 11 is deprecated; migration guides are available in the reference documentation.
Removals
Removed support for Spring Framework 5.x and Hibernate 5.x. The spring-boot-starter-jetty now requires explicit configuration for SSL.
Deprecated auto-configurations for XML-based web services are fully removed.
Migration and Support
Migrate from 3.4 using mvn spring-boot:run --spring-boot.upgrade or gradle bootUpgrade. The CLI tool automates dependency updates and property migrations.
Spring Boot 3.5 follows the 3-month release cadence, with full support until November 2025 and security fixes extended to 2027. Check the release notes for detailed changelogs.