Sourced from spring-boot-starter-web's releases.

v2.2.5.RELEASE

⭐ New Features

• Perform URI sanitisation for properties named address, addresses, and uris #19999

🪲 Bug Fixes

• Binding to collection fails with unbound elements error if collection overridden in another property source with smaller number of elements #20306
• Metrics are not recorded for nested requests made with RestTemplate #20231
• DataSource url property is ignored when there is no connection pool #20217
• BuildInfo task not run in Gradle project when project's version number changes #20183
• Caching of ProducesRequestCondition in EndpointHandlerMapping may break custom HandlerMapping or ContentTypeResolver arrangements #20150
• No error message when server.ssl.keyAlias doesn't match an entry #20132
• JSON keys containing a dot from CF environment are not handled as a single path segment #20129
• Spring Webflux ignores message of custom exception when annotated with @ResponseStatus #20028
• Unlike all other Maven properties, spring-boot.run.arguments on the command line takes precedence over the pom #20024
• Requests are auto-timed when autotime.enabled is set to false #19981
• Health group with composite contributor results in 404 #19974
• Jetty logs a custom context path incorrectly when compression is enabled #19970
• Conditions evaluation report mistakenly prints '@ConditionalOnBean' for negative matches #19948
• TomcatMetrics does not clean up properly when the application context is closed #19903
• Auto-configured JMS ConnectionFactory should be named jmsConnectionFactory for compatibility with Spring Integration #19565

📔 Documentation

• Fix typos in how to section of reference documentation #20313
• Document missing reference to DataSourceHealthIndicator #20216
• Document sanitized keys and uri sanitization behavior #20169
• Structure your code link in section 25.3.25 of multi-page HTML documentation is broken #20145
• Document how to register a blocking health contributor with the reactive registry #20123
• Fix link to Spring Integration Graph documentation #20023
• Polish two code samples in the reference documentation #20004
• Document spring-boot.run.arguments behaviour with multiple arguments #19998
• Fix Gradle plugin documentation links #19965
• Fix typo in configuration metadata appendix #19957
• Update documentation on excluding an auto-configuration to recommend exclude on SpringBootApplication #19872

🔨 Dependency Upgrades

• Upgrade to Neo4j Ogm 3.2.9 #20330
• Upgrade to Liquibase 3.8.7 #20328
• Upgrade to Rxjava2 2.2.18 #20327
• Upgrade to Dropwizard Metrics 4.1.3 #20326
• Upgrade to Okhttp3 3.14.7 #20325
• Upgrade to Maven Shade Plugin 3.2.2 #20288
• Upgrade to Spring Session Bom Corn-SR1 #20287
• Upgrade to Spring Security 5.2.2.RELEASE #20286
• Upgrade to Lombok 1.18.12 #20285
• Upgrade to Postgresql 42.2.10 #20284
• Upgrade to Jooq 3.12.4 #20281

... (truncated)

• 5bb8035 Release v2.2.5.RELEASE
• a7b3ed0 Merge branch '2.1.x' into 2.2.x
• 3df4462 Next development version (v2.1.14.BUILD-SNAPSHOT)
• ea8f2a7 Fix tests following changes to EndpointRequest
• cdae79d Cache management port type in EndpointRequestMatcher
• 421fe77 Upgrade to Neo4j Ogm 3.2.9
• ef67ad7 Upgrade to Liquibase 3.8.7
• fa6f8f8 Upgrade to Rxjava2 2.2.18
• a838537 Upgrade to Dropwizard Metrics 4.1.3
• 398e683 Upgrade to Okhttp3 3.14.7
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)