Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency org.springframework.amqp:spring-rabbit to v3 #1

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency org.springframework.amqp:spring-rabbit to v3 #1

wants to merge 1 commit into from

Conversation

mend-for-jackfan.us.kg[bot]
Copy link

This PR contains the following updates:

Package Type Update Change
org.springframework.amqp:spring-rabbit compile major 1.7.1.RELEASE -> 3.1.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE Reachability
Critical Critical 9.8 CVE-2016-1000027
Critical Critical 9.8 CVE-2017-8045
Critical Critical 9.8 CVE-2018-1270
Critical Critical 9.8 CVE-2018-1275
Critical Critical 9.8 CVE-2022-22965
High High 8.1 CVE-2020-14060
High High 8.1 CVE-2020-14061
High High 8.1 CVE-2020-14062
High High 8.1 CVE-2020-14195
High High 8.1 CVE-2020-24616
High High 8.1 CVE-2020-24750
High High 8.1 CVE-2020-35490
High High 8.1 CVE-2020-35491
High High 8.1 CVE-2020-35728
High High 8.1 CVE-2020-36179
High High 8.1 CVE-2020-36180
High High 8.1 CVE-2020-36181
High High 8.1 CVE-2020-36182
High High 8.1 CVE-2020-36183
High High 8.1 CVE-2020-36184
High High 8.1 CVE-2020-36185
High High 8.1 CVE-2020-36186
High High 8.1 CVE-2020-36187
High High 8.1 CVE-2020-36188
High High 8.1 CVE-2020-36189
High High 8.1 CVE-2021-20190
High High 8.1 CVE-2024-22243
High High 8.1 CVE-2024-22259
High High 8.1 CVE-2024-22262
High High 7.5 CVE-2018-11040
High High 7.5 CVE-2018-1272
High High 7.5 CVE-2018-15756
High High 7.5 CVE-2020-25649
High High 7.5 CVE-2020-36518
High High 7.5 CVE-2022-42003
High High 7.5 CVE-2022-42004
High High 7.5 WS-2022-0468
Medium Medium 6.5 CVE-2018-1257
Medium Medium 6.5 CVE-2020-5421
Medium Medium 6.5 CVE-2022-22950
Medium Medium 6.5 CVE-2022-22971
Medium Medium 6.5 CVE-2023-20861
Medium Medium 6.5 CVE-2023-20863
Medium Medium 6.5 WS-2019-0379
Medium Medium 5.9 CVE-2018-11039
Medium Medium 5.9 CVE-2018-11087
Medium Medium 5.9 CVE-2018-11087
Medium Medium 5.9 CVE-2018-11087
Medium Medium 5.3 CVE-2018-1199
Medium Medium 5.3 CVE-2020-13956
Medium Medium 5.3 CVE-2022-22968
Medium Medium 5.3 CVE-2022-22970
Medium Medium 5.3 CVE-2022-22970
Medium Medium 5.3 CVE-2024-38809
Medium Medium 5.3 WS-2017-3734
Medium Medium 5.0 CVE-2023-34050
Medium Medium 4.9 CVE-2023-46120
Medium Medium 4.3 CVE-2021-22060
Medium Medium 4.3 CVE-2021-22096
Medium Medium 4.3 CVE-2021-22096
Medium Medium 4.3 CVE-2024-38808
Low Low 3.1 CVE-2024-38820

Release Notes

spring-projects/spring-amqp (org.springframework.amqp:spring-rabbit)

v3.1.0

Compare Source

🐞 Bug Fixes

  • Stream/Queue size in bytes (x-max-length-bytes) #​2552
  • Fix Super Stream Example in Docs #​2546

🔨 Dependency Upgrades

🔨 Tasks

  • Unable to connect to RabbitMQ Stream #​2522

External Links

v3.0.14

Compare Source

🐞 Bug Fixes

  • Mitigate channel leak in the CachingConnectionFactory when connection is closed from the borker #​2716

🔨 Dependency Upgrades

  • Bump com.gradle.develocity from 3.17.3 to 3.17.4 #​2707
  • Bump org.springframework.retry:spring-retry from 2.0.5 to 2.0.6 #​2706
  • Bump io.projectreactor:reactor-bom from 2022.0.18 to 2022.0.19 #​2705
  • Bump com.gradle.develocity from 3.17.2 to 3.17.3 #​2703
  • Bump org.testcontainers:testcontainers-bom from 1.19.7 to 1.19.8 #​2702
  • Bump com.github.luben:zstd-jni from 1.5.6-2 to 1.5.6-3 #​2691

v3.0.13

Compare Source

🐞 Bug Fixes

  • Memory leak with AsyncRabbitTemplate #​2678
  • DefaultMessagePropertiesConverter#toMessageProperties should handle x-delay in Short #​2668

🔨 Dependency Upgrades

  • Bump io.projectreactor:reactor-bom from 2022.0.17 to 2022.0.18 #​2686
  • Bump com.github.luben:zstd-jni from 1.5.6-1 to 1.5.6-2 #​2674

v3.0.12

Compare Source

🐞 Bug Fixes

  • Channel cache leak when no answers from broker for pending confirms #​2641
  • Kotlin suspend functions return type is incorrect #​2639

🔨 Dependency Upgrades

  • Bump io.projectreactor:reactor-bom from 2022.0.16 to 2022.0.17 #​2664
  • Bump org.testcontainers:testcontainers-bom from 1.19.6 to 1.19.7 #​2650
  • Bump org.testcontainers:testcontainers-bom from 1.19.5 to 1.19.6 #​2636

v3.0.11

Compare Source

🐞 Bug Fixes

  • Wrong ClassLoader is used for message deserialization when devtools are active #​2610
  • The SimpleMessageListenerContainer does not shutdown properly #​2594
  • CachingConnectionFactory leaks channels during connection resets when used in a SimpleMessageContainer #​2569
  • Fix Super Stream Example in Docs #​2548

🔨 Dependency Upgrades

  • Bump org.springframework.data:spring-data-bom from 2022.0.11 to 2022.0.12 #​2634
  • Bump kotlinVersion from 1.7.21 to 1.7.22 #​2633
  • Bump io.micrometer:micrometer-bom from 1.10.12 to 1.10.13 #​2632
  • Bump org.springframework.retry:spring-retry from 2.0.4 to 2.0.5 #​2631
  • Bump io.micrometer:micrometer-tracing-bom from 1.0.11 to 1.0.12 #​2630
  • Bump ch.qos.logback:logback-classic from 1.4.4 to 1.4.14 #​2629
  • Bump io.projectreactor:reactor-bom from 2022.0.12 to 2022.0.16 #​2628
  • Bump org.testcontainers:testcontainers-bom from 1.19.2 to 1.19.5 #​2627
  • Bump org.junit:junit-bom from 5.9.2 to 5.9.3 #​2626

v3.0.10

Compare Source

🐞 Bug Fixes

  • Ignore Kotlin Continuation Parameter While Inferring Conversion Type #​2533

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Data, Retry, Reactor, Micrometer Versions #​2544

External Links

v3.0.9

Compare Source

🔨 Dependency Upgrades

  • Upgrade Spring, Data, Retry, Reactor, Micrometer, Jackson Versions #​2525

🔨 Tasks

  • Output of asciidoctorPdf can be pulled from cache when run on machines with different checkout directories #​2520

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​erichaagdev

External Links

v3.0.8

Compare Source

⭐ New Features

  • Clear Deferred Channel Close Executor #​2508
  • Add maxInboundMessageSize to RabbitConnectionFactoryBean #​2497
  • Add forceStop to Container Factories #​2492

🐞 Bug Fixes

  • Regression: ApplicationContext.stop() Hangs for 30s When Inactive Container(s) Present #​2513
  • Redeclaration of manually declared objects fail if objects with different types have the same name #​2501

🔨 Dependency Upgrades

  • Upgrade Reactor Version to 2020.0.35 #​2514

External Links

v3.0.7

Compare Source

⭐ New Features

  • Add forceStop to Container Factories #​2490

🐞 Bug Fixes

  • Spring AMQP artifacts have not published associated .module files needed by Gradle. #​2493

External Links

v3.0.6

Compare Source

🐞 Bug Fixes

  • Ensure Strict Ordering with Single Active and Exclusive Consumers #​2482

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Data, Micrometer, Reactor Versions #​2489
  • Upgrade amqp-client Version #​2485

External Links

v3.0.5

Compare Source

⭐ New Features

  • Add Observation to Stream Components #​2467
  • Invoke RabbitListenerErrorHandler with Async Return Types #​2461
  • Add Kotlin Coroutine support #​1210

🐞 Bug Fixes

  • AmqpException when testing @RabbitListener with @RabbitHandler #​2456
  • setRedeclareManualDeclarations not honoured if no queue beans declared #​2452
  • If there is no regular AMQP activity in the application, the RabbitAdmin does not declare Rabbit entities #​2451

📔 Documentation

  • Improve Docs for Choosing a Connection Factory #​2473
  • Adding SSL configuration through RabbitConnectionFactoryBean approach into the documentation #​2472
  • Fix typo in stream.adoc #​2466
  • Aligned client connection order reference. #​2459

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Data, Retry, Micrometer, Reactor Versions #​2477

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dlehammer and @​making

External Links

v3.0.4

Compare Source

⭐ New Features

🐞 Bug Fixes

  • Spring amqp doesnt support more than 1 server-named/anonymous queues #​2439
  • Missing @RabbitHandler method triggers an infinite retry loop #​2437
  • AMLC.redeclareElementsIfNecessary does not take into account Declarables #​2432

📔 Documentation

  • Document CorrelationData.getReturned() #​2447
  • Consider to add Rabbit Stream auto-creation hook #​2445
  • Document "send and receive" methods return value after a timeout #​1410

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Data, Micrometer, Reactor, JUnit Versions #​2450

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​EldarErel

External Links

v3.0.3

Compare Source

🐞 Bug Fixes

  • NPE in AbstractConnectionFactory that causes connection listeners to be skipped #​2425

🔨 Dependency Upgrades

  • Upgrade Micrometer, Reactor, Spring Versions #​2433

External Links

v3.0.2

Compare Source

🐞 Bug Fixes

  • Run callback for shutdown also when container is already shut down #​1562

📔 Documentation

🔨 Dependency Upgrades

  • Upgrade Jackson, Micrometer, Reactor, Spring Data, Spring Framework Versions #​2422

🔨 Tasks

  • Irrelevant values in CachingConnectionFactory#toString #​1560

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GonMMarques and @​timbq

External Links

v3.0.1

Compare Source

🐞 Bug Fixes

📔 Documentation

  • Fix typo in amqp.adoc #​1547
  • Fix Documentation For Containers with Zero Queues #​1541
  • Missing Javadocs for MessageProperties.expiration #​1539

🔨 Dependency Upgrades

  • Upgrade Spring, Micrometer, Reactor Versions #​1556

🔨 Tasks

  • Fix Testcontainer Tests With No Docker Running #​1552
  • AMQP-52:Remove Obsolete MessageProperties Comments #​1546

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GonMMarques

External Links

v3.0.0

Compare Source

⭐ New Features

  • Add ability to set consumer priority with AmqpTemplate #​1533
  • Fix type pollution RabbitListenerAnnotationBeanPostProcessor #​1528
  • add support for the configuration of multiple ContainerCustomizer at a time #​1517
  • Flooding of 'Failed to check/redeclare auto-delete queue(s)' error messages #​1477
  • Set replyPostProcessor default value from the message container factory #​1425
  • Improve Extensibility of RepublishMessageRecoverer #​1382

🐞 Bug Fixes

  • Transactional channel is always closed after commit when using ThreadChannelConnectionFactory as publisher #​1524

📔 Documentation

🔨 Dependency Upgrades

  • Spring Data 2022.0.0, Framework 6.0.0, Retry 2.0.0 #​1538
  • Hibernate Validation 8.0.0-final, Micrometer 1.10.1, Mockito 4.8.1, Reactor 2022.0.0, TestContainers 1.17.6 #​1537

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GonMMarques

v2.4.17

Compare Source

⭐ New Features

🐞 Bug Fixes

  • Ignore Kotlin Continuation Parameter While Inferring Conversion Type #​2534

🔨 Dependency Upgrades

External Links

v2.4.16

Compare Source

⭐ New Features

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Reactor Versions #​2524

External Links

v2.4.15

Compare Source

⭐ New Features

  • Clear Deferred Channel Close Executor #​2508
  • Add maxInboundMessageSize to RabbitConnectionFactoryBean #​2497
  • Add forceStop to Container Factories #​2492

🐞 Bug Fixes

  • Regression: ApplicationContext.stop() Hangs for 30s When Inactive Container(s) Present #​2513
  • Redeclaration of manually declared objects fail if objects with different types have the same name #​2501

🔨 Dependency Upgrades

  • Upgrade Reactor Version to 2020.0.35 #​2514

External Links

v2.4.14

Compare Source

🐞 Bug Fixes

  • Ensure Strict Ordering with Single Active and Exclusive Consumers #​2484

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Reactor Versions #​2488
  • Upgrade amqp-client Version #​2486

External Links

v2.4.13

Compare Source

🐞 Bug Fixes

  • If there is no regular AMQP activity in the application, the RabbitAdmin does not declare Rabbit entities #​2464
  • AmqpException when testing @RabbitListener with @RabbitHandler #​2458
  • setRedeclareManualDeclarations not honoured if no queue beans declared #​2454

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Reactor Versions #​2476

External Links

v2.4.12

Compare Source

⭐ New Features

🐞 Bug Fixes

  • Missing @RabbitHandler method triggers an infinite retry loop #​2444
  • Spring amqp doesnt support more than 1 server-named/anonymous queues #​2442
  • AMLC.redeclareElementsIfNecessary does not take into account Declarables #​2435

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Reactor, CommonsHttp #​2449

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​EldarErel

External Links

v2.4.11

Compare Source

🐞 Bug Fixes

  • NPE in AbstractConnectionFactory that causes connection listeners to be skipped #​2427

🔨 Dependency Upgrades

  • Upgrade Spring Framework to 5.3.26 #​2431

External Links

v2.4.10

Compare Source

🐞 Bug Fixes

  • GH-1561: SimpleMessageListenerContainer: Delayed shutdown because callback is not run #​1563

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​timbq

External Links

v2.4.9

Compare Source

🐞 Bug Fixes

📔 Documentation

  • Fix Documentation For Containers with Zero Queues #​1542
  • Missing Javadocs for MessageProperties.expiration #​1540

🔨 Dependency Upgrades

  • Upgrade Spring, Micrometer, Reactor Versions #​1555

External Links

v2.4.8

Compare Source

Change log:

34d9da7 Upgrade Versions; Prepare for Release
11d4282 GH-1533: Template Receive with Consumer Args
0ff3eb9 Fix typo in amqp.adoc
64e9f13 GH-1382: Sonar Issues
ddc32a3 GH-1382: Republish Recoverer Improvements
06ba396 GH-1528: Fix Possible Type Pollution
8dea23b GH-1524: Fix ThreadChannelCF with Transactional
9242967 GH-1477: Reduce Log Noise While Broker Down
399eff9 GH-1517: Fix Javadoc, CheckStyle
76a4b87 GH-1517: Add Since Tag
b63cd5b GH-1517: Docs and Polishing for Composite Cust.
b3bab6b GH-1517: Add CompositeContainerCustomizer
3c957f9 Sonar Fix
93ad8dd GH-1419: Increase New Code Test Coverage
fc984e0 GH-1419: Fix Local Node Name in Tests
c2c534d GH-1419: Sonar Fixes
1713452 GH-1419: Fix Early Exit in NodeLocator
6e3e246 GH-1419: Remove RabbitMQ http-client Usage

v2.4.7

Compare Source

Change log:

5017e03 Upgrade Versions; Prepare for Release
2746ebe GH-1473: Revert CompletableFuture Changes
e8f12b2 GH-1449: Fix Auto Recovery Docs
08b7171 GH-1494: Fix Test Harness with @​Repeatable
a8470fd Improve Stream Template Test Coverage
88734c3 GH-1491: Fix Fallback When Parameter is Optional
caa5052 GH-1491: Fix Possible NPE
38e0803 GH-1487: Countdown not active AsyncMProcConsumer
3d3dfa5 GH-1491: Support Optional/null Payloads
67bfec9 GH-1480: Switch to CompletableFuture in s-r-stream
9e04fb1 Fix Javadoc in the AsyncRabbitTemplate2
038f8f6 GH-1473: Move RabbitFutures to Top Level Classes
819630c Fix Sonar Issue
fac71c4 GH-1473: Fix Unused Import
439ccd1 GH-1473: Switch to CompletableFuture
37109ad Fix Copyright in the BatchingRabbitTemplateTests
10274fe GH-1474: Fix MessageProperties.lastInBatch
765e011 GH-1474: Fix BatchingStrategy Propagation

v2.4.6

Compare Source

Change log:

709e03c Upgrade Versions; Prepare for Release
2086621 Fix Previous Commit
e16eef6 Fix Sonar Issues
3b93ef8 GH-1338: Fix Javadoc
f367bae GH-1338: Polishing
b5f85b0 GH-1338: Add MessageAckListener
5944301 GH-1463: RabbitTemplate.logReceived() Protected
7090132 GH-1459: Remove Unused Method
5bf6bc3 GH-1459: Fix Javadocs
10f39fb GH-1459: Improve MeterRegistry Discovery

v2.4.5

Compare Source

Change log:

d31a631 Upgrade Versions; Prepare for Release
662fb74 GH-1455: AdviceChain on Stream Listener Container
e498671 GH-1452: Close Connection in checkMissingQueues

v2.4.4

Compare Source

Change log:
fb38998 Upgrade versions; prepare for release
f87483a Issue 1450: avoid NullPointerException which occurs during shutdown o… (#​1451)
57bc30f More formatting typos
8bce39d Fix typo in amqp.adoc
55d1289 GH-1436: Async Stop Containers
d660edb Upgrade Jackson Version
7421de4 GH-1434: Mixed CFs With/Without Confirms/Returns
447fa92 GH-1443: Pull CCF.resetConnection() to CF
8843b1a GH-1441: Fix Payload Detection with MessageHeaders
519face GH-1439: Fix Memory Leak with Misconfiguration

v2.4.3

Compare Source

Change log:

a773a78 Upgrade versions; prepare for release
6df5edd GH-1433: Fix DMLC Monitor Thread Name
b7f698a Add checkConf&Returns into RoutingCF.addTargetCF
8eeb931 Fix eviction logic in the PooledChannelCF
0331f5c Fix PooledChannelConnectionFactory
b4e64d9 GH-1251: Jackson2JsonMessageConverter Improvements
5621a6b GH-1422: @​RabbitListener: Fix Broker-Named Queues
279ca13 fix multi-rabbit example
fbd444e Remove declareCollections from Doc
d47badd [artifactory-release] Next development version
998cf69 [artifactory-release] Release version 2.4.2
c5cbbd5 Upgrade Versions; Prepare for Release
b6466e2 Upgrade Gradle Kotlin Plugin
ce7d4b1 Upgrade Log4j to 2.17.1
3fed444 GH-1415: Fix Use of Routing Connection Factory
cf96793 GH-1412: Fix Messaging Template
d3b93e9 Fix Sonar Issue
525172b Fix Sonar Issue

v2.4.2

Compare Source

Change log:

c5cbbd5 Upgrade Versions; Prepare for Release
b6466e2

@mend-for-jackfan.us.kg mend-for-jackfan.us.kg bot added the security fix Security fix generated by Mend label Feb 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants