Skip to content

Release/3.0.9#885

Merged
prachi-okta merged 27 commits intomasterfrom
release/3.0.9
Jan 30, 2026
Merged

Release/3.0.9#885
prachi-okta merged 27 commits intomasterfrom
release/3.0.9

Conversation

@prachi-okta
Copy link
Copy Markdown
Contributor

@prachi-okta prachi-okta commented Jan 30, 2026
edited
Loading

Okta Spring Boot 3.0.9: Spring Boot 4.x & Spring Security 7.x Support

Summary

This release brings full support for Spring Boot 4.0.1 and Spring Security 7.0.2, including critical fixes for dependency management and reactive OAuth2 configuration compatibility.

What's Changed

✅ Core Updates

  • Spring Boot: Upgraded to 4.0.1 (requires Java 17+)
  • Spring Security: Updated to 7.0.2
  • Spring Framework: 7.0.2 (managed via Spring Boot)

✅ Critical Fixes

  1. Reactive OAuth2 Configuration - Fixed NoSuchMethodError in Spring Security 7.x

    • Refactored ReactiveAuthenticationManager to use proper bean injection
    • Removed problematic lambda-based method calls

  2. Commons-Logging Dependency Management - Added explicit exclusions

    • oauth2 module: spring-security-config, spring-boot-starter-security, spring-test
    • sdk module: spring-test
    • integration-tests modules: spring-boot-starter-security, spring-test

  3. Maven Central Validation - Explicit spring-core version management

    • Added org.springframework:spring-core:7.0.2 to dependencyManagement
    • Fixes "Dependency management dependency version information is missing" errors

📝 Breaking Changes

  • Requires Java 17+ (Spring Boot 4.x minimum)
  • No changes to API or configuration

@prachi-okta
chore: Bump version to 3.0.9-SNAPSHOT for release branch
e53ebdd
@prachi-okta
fix: Move jcl-over-slf4j to compile scope for Spring Security compati…
4de9085 
…bility

Spring Security classes reference commons-logging types which are banned in
Spring Boot 4.x. The jcl-over-slf4j bridge needs to be available at compile
time, not just test time, to resolve these type references.
@prachi-okta
[maven-release-plugin] prepare release okta-spring-boot-parent-3.0.9
96d8e68
@prachi-okta
[maven-release-plugin] prepare for next development iteration
9e3e42a
@prachi-okta
chore: Revert version to 3.0.9-SNAPSHOT
f741e8e
@prachi-okta
fix: Update all child module versions to 3.0.9-SNAPSHOT
eef6a35 
All child pom.xml files were referencing parent version 3.0.10-SNAPSHOT
which doesn't exist. Updated them to reference 3.0.9-SNAPSHOT.
@prachi-okta
changes to fix tests
1222e3b
@prachi-okta
Add commons-logging exclusions to sdk and integration-test modules
c8f3ebb
@prachi-okta
Reverting change for ReactiveOktaOAuth2ServerHttpServerAutoConfig.java
d663a6e
@prachi-okta
Adding exclusions
1988100
@prachi-okta
adding test dependency
75b9f61
@prachi-okta
fix version
93c65f1
@prachi-okta
adding dependency
b956313
@prachi-okta
release profile changes
4d2a2ea
@prachi-okta
[maven-release-plugin] prepare release okta-spring-boot-parent-3.0.9
a5b7a5f
@prachi-okta
[maven-release-plugin] prepare for next development iteration
b505c20
@prachi-okta
[maven-release-plugin] rollback the release of okta-spring-boot-parent-3
e25c14b 
.0.9
@prachi-okta
[maven-release-plugin] prepare release okta-spring-boot-parent-3.0.9
b0f700b
@prachi-okta
[maven-release-plugin] prepare for next development iteration
36fee9e
@prachi-okta
Add spring-core version to dependencyManagement for Maven Central val…
0bbab31 
…idation
@prachi-okta
[maven-release-plugin] rollback the release of okta-spring-boot-parent-3
582f6de 
.0.9
@prachi-okta
[maven-release-plugin] prepare release okta-spring-boot-parent-3.0.9
60f7e0f
@prachi-okta
[maven-release-plugin] prepare for next development iteration
2ab2682
@prachi-okta
[maven-release-plugin] rollback the release of okta-spring-boot-parent-3
96bd19b 
.0.9
@prachi-okta
Update spring-core to 7.0.2 for Spring Boot 4.0.1 compatibility
ba07d5c
@prachi-okta
[maven-release-plugin] prepare release okta-spring-boot-parent-3.0.9
209d498
@prachi-okta
[maven-release-plugin] prepare for next development iteration
c03fe04
@prachi-okta prachi-okta merged commit 9af64ae into master Jan 30, 2026
3 checks passed
@gysi
Copy link
Copy Markdown

gysi commented Feb 16, 2026

How is it possible that this PR got approved and merged.
Adding a major spring boot upgrade as transitive dependency in a bugfix version.

You seriously need to check your review process.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BinoyOza-okta BinoyOza-okta BinoyOza-okta approved these changes

@aniket-okta aniket-okta Awaiting requested review from aniket-okta

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@prachi-okta @gysi @BinoyOza-okta