Spring Boot 3.5 is a stability + cloud-native focused release. It removes old deprecated APIs, tightens security defaults, improves observability, and upgrades most ecosystem dependencies.

This article summarizes what changed, what you must update, and what’s new in a practical way.

Important Upgrade & Breaking Changes

spring-boot-parent Removed

• spring-boot-parent is no longer published

• It was only meant for Spring Boot internal tests

• Action:
  If you were using it, define your own dependency management

<dependencyManagement>
 <dependencies>
   <!-- define versions explicitly -->
 </dependencies>
</dependencyManagement>
 

Actuator heapdump Endpoint Secured

• Default access is now NONE

• Prevents accidental memory dump leaks

 To enable explicitly:

management:
 endpoints:
   web:
     exposure:
       include: heapdump
 endpoint:
   heapdump:
     access: unrestricted
 

.enabled Properties Are Strict

• Only true / false are allowed

• Old behavior accepted almost anything except false

Fix configs like:

feature.enabled: true   # right
feature.enabled: yes    # wrong

 Profile Naming Validation

Allowed characters:

• Letters, digits

• - underscore _

From 3.5.1, also allowed:

• . + @

 Cannot start or end with - or _

Disable validation if needed:

spring.profiles.validate=false
 

TestRestTemplate Redirect Behavior Changed

• Now follows redirects by default

• Same behavior as RestTemplate

If tests fail:

testRestTemplate.withRedirects(...)
 

TaskExecutor Bean Name Change

Before:

• taskExecutor

• applicationTaskExecutor

Now:

• Only applicationTaskExecutor

Temporary alias workaround:

beanFactory.registerAlias("applicationTaskExecutor", "taskExecutor");
 

Observability, Logging & Tracing

Prometheus Pushgateway Changes

Dependency changed:

OLD: io.prometheus:simpleclient_pushgateway
NEW: io.prometheus:prometheus-metrics-exporter-pushgateway
 

Property rename:

management.prometheus.metrics.export.pushgateway.address=host:port
 

New options:

• scheme → https support

• token → token auth

• format → text / protobuf

ECS Structured Logging (JSON)

• JSON format is now nested

• Better compatibility with log backends (ELK, OpenSearch)

Stack Trace Customization

Control stack trace size and format:

logging.structured.json.stacktrace.*
 

OpenTelemetry Improvements

New environment support:

• OTEL_SERVICE_NAME

• OTEL_RESOURCE_ATTRIBUTES

New resource attributes:

• service.namespace ← from spring.application.group

Deprecated:

• service.group

Data, Messaging & Integration Updates

Redis

• When using spring.data.redis.url, database index comes from URL

• spring.data.redis.database is ignored in this case

New:

spring.data.redis.lettuce.read-from=replica-preferred
 

MongoDB

• New property:

spring.data.mongodb.protocol=mongodb+srv
 

Kafka

New consumer property:

spring.kafka.consumer.max-poll-interval
 

New listener retry property:

spring.kafka.listener.auth-exception-retry-interval
 

Liquibase

• Version upgraded to 4.31.0

• New properties:

spring.liquibase.analytics-enabled=false
spring.liquibase.license-key=XXXX
 

Web, REST & Client Improvements

WebClient / RestClient

• Redirects enabled by default

• Timeouts & redirects configurable via properties

• New ClientHttpConnectorBuilder for advanced config

 OAuth2 Auto-Configuration Split

More granular auto-configs:

• Servlet vs Reactive

• Client vs Resource Server

This improves startup performance and clarity.

Task Execution & Async Enhancements

Background Bean Initialization

• New auto-configured bootstrapExecutor

• Requires applicationTaskExecutor

Improves startup time.

TaskDecorator Support for Scheduled Tasks

If a TaskDecorator bean exists:

• It applies automatically to scheduled tasks

Async Executor Override Mode

Force Spring Boot to still create AsyncTaskExecutor:

spring.task.execution.mode=force
 

 Containers, Native & Cloud

 Cloud Native Buildpacks

Default builder changed:

paketobuildpacks/builder-noble-java-tiny

No shell inside container
Use this if needed:

paketobuildpacks/ubuntu-noble-run-base

SSL Support for Service Connections

Now supported for:

• Kafka

• MongoDB

• Redis

• RabbitMQ

• Cassandra

• Elasticsearch

Also supported in:

• Testcontainers

• Docker Compose

Spring Batch Improvements

• Custom JobParametersConverter now supported

• New validation property:

spring.batch.jdbc.validate-transaction-state=true
 

Dependency Upgrades (Highlights)

Removed & Deprecated APIs

Removed:

• Deprecated APIs from Spring Boot 3.3

• SignalFX support

• Zipkin URLConnectionSender

• Old Micrometer observation property

Renamed properties:

spring.mvc.converters.preferred-json-mapper
→ spring.http.converters.preferred-json-mapper
 

Final Thoughts – Should You Upgrade?

 YES, if you want:

• Better security defaults

• Cleaner async & task execution

• Improved observability

• Modern container & cloud readiness

• Updated Kafka, MongoDB, MySQL, Hibernate ecosystem

Be careful if:

• You rely on old deprecated APIs

• You use taskExecutor by name

• You depend on loose .enabled configs

Donate Us

https://razorpay.me/@niteshsynergy