Update `PropertiesMigrationReporter` so that already migrated properties
are not reported. Prior to this commit, if a deprecated property was
replaced by a property that could bind with the name relaxed name it
would be reported. For example: `test.someproperty` being replaced with
`test.some-property`.
In order to check the actual underlying property name, the
`PropertySourceOrigin` class has been updated so that it is always
returned, even if another `Origin` is available.
Fixes gh-35774
Update `LocalHttpClientTransport` to support explicit `npipe://` prefix
in the host name. This is the format used in the Docker config from
v4.31.1 onward.
Fixes gh-41199
Replace `DockerImageNames` with a enum and relocate it from the
`testcontainers` to `container` package. The enum now also
becomes a common location that we can use to apply container
configuration such as timeouts.
Closes gh-41164
Co-authored-by: Phillip Webb <phil.webb@broadcom.com>
Documentation for native executables, CDS, and checkpoint/restore are
now under a common heading in the reference documentation, along with
sections on building container images. A few sections containing
prescriptive workflows have been moved from reference to how-to guides.
This consolidates and improves the consistency of recommendations on
how to package and run applications.
Closes gh-40977
The test CNB builder and buildpack used in integration tests have moved
from a projects.registry.vmware.com registry to ghcr.io/spring-io. This
commit modifies tests to use the new location.
Closes gh-40800
When the `buildWorkspace` location in the
`spring-boot:build-image` Maven goal or `bootBuildImage` Gradle
task is configured to use a local bind source, the location
is passed to the CNB lifecycle without further processing by
Spring Boot. The lifecycle is in control of creating any files
in the specified location. Spring Boot tries to remove the
directories at the specified location after an image is
successfully created, but should not fail the image build
if the lifecycle has created files or directories with
permissions that keep them from being deleted successfully.
Fixes gh-40760
Update `Path` creation for nested locations to allow both UNC and classic
file references to be used. This commit attempts to align our URL
handling with that of standard file URLs. The `NestedLocation` class
no longer attempts to remove leading all `\` characters and instead
only removes the first `\` when the second char is `:`. This duplicates
the logic found in Java's own internal `WindowsUriSupport` class which
is used when calling `Path.of(url)` with a `file:` URL.
Fixes gh-40549
In order to support Java 22, we must use spring-core 6.1.x.
spring-core 6.1.x is a multi-release jar so, in order to support Java
22, a version of Gradle that supports multi-release jars must be
used.
This commit adds a new variant to spring-boot-gradle-plugin for
modern versions of Gradle. When Gradle's plugin API version is 8.7 or
later, we use spring-core 6.1.x. spring-core 6.0.x is used at all
other times.
Closes gh-40074
Fix regression in `JarUrlConnection` where a NullPointerException could
be thrown internally causing performance issues.
When the SecurityManager is present, the following stack trace is
thrown:
java.lang.NullPointerException: Cannot invoke "java.net.URLConnection.getPermission()" because "this.jarFileConnection" is null
at org.springframework.boot.loader.net.protocol.jar.JarUrlConnection.getPermission(JarUrlConnection.java:175)
at java.base/jdk.internal.loader.URLClassPath.check(URLClassPath.java:553)
at java.base/jdk.internal.loader.URLClassPath$Loader.findResource(URLClassPath.java:612)
at java.base/jdk.internal.loader.URLClassPath.findResource(URLClassPath.java:296)
at java.base/java.net.URLClassLoader$2.run(URLClassLoader.java:629)
at java.base/java.net.URLClassLoader$2.run(URLClassLoader.java:627)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
at java.base/java.net.URLClassLoader.findResource(URLClassLoader.java:626)
at org.springframework.boot.loader.net.protocol.jar.JarUrlClassLoader.findResource(JarUrlClassLoader.java:70)
at java.base/java.lang.ClassLoader.getResource(ClassLoader.java:1403)
at java.base/java.net.URLClassLoader.getResourceAsStream(URLClassLoader.java:290)
at java.base/java.lang.Class.getResourceAsStream(Class.java:2850)
See gh-39856
Update buildpack support to allow gzip compressed image layers to be
used when returned by the Docker engine. This update is restores
buildpack support when using Docker Desktop with the "Use containerd
for pulling and storing images" option enabled.
This commit introduces a new `ExportedImageTar` class to deal with the
intricacies of determining the mimetype of a layer. The class deals with
the parsing of `index.json' and related manifest blobs in order to
obtain layer information. The legacy `manifest.json` format is also
supported should `index.json` be missing.
Tests have been added to ensure that export archives from Docker Engine,
Docker Desktop (with and without containerd), and Podman can be used.
Fixes gh-40100
Co-authored-by: Moritz Halbritter <moritz.halbritter@broadcom.com>
Co-authored-by: Scott Frederick <scott.frederick@broadcom.com>
Refine the fix for gh-38611 so that `ClosedByInterruptException` no
longer retries in a loop.
Our previous fix was flawed due to the fact that another interrupt
could occur after we clear the first and whilst we are reading data.
If this happens 10 times in a row, we raise an exception and end up
causing NoClassDefFoundError errors.
Our new approach retains the use of `FileChannel` and a direct buffer
up to the point that a `ClosedByInterruptException` is raised or the
thread is detected as interrupted. At that point, we temporarily
switch to using a `RandomAccessFile` to access the data. This will
block the thread until the data has been read.
Fixes gh-40096
Rename the internal `FileChannelDataBlock` to `FileDataBlock` since we
want to fallback to a `RandomAccessFile` when a thread is interrupted.
See gh-40096
Update `anchor-rewrite.properties` to fix a few errors and remove
elements that no longer exist. This commit also fixes a few anchors
in some `.adoc` files.
See gh-40062
ZipInputStream can't cope with some non-deflated entries, see
https://bugs.openjdk.org/browse/JDK-8143613.
JarFile works better, but it doesn't support creation time / access
time.
See gh-38276
It now extracts the contents of the JAR in a folder named after the JAR
without the extension. It now also checks if the folder is empty.
There's a new --force option to skip those checks.
The "runner.jar" is now named like the uber JAR from which the
extraction has been started.
See gh-38276
Adds a new jarmode called 'tools'. This provides two commands,
'extract' and 'list-layers'. list-layers is the same as list from
the layertools.
extract is able to extract the JAR in four different modes:
- CDS compatible extraction with libraries in a lib folder and a runner
.jar
- CDS compatible as above, but with layers
- Launcher based
- Launcher based with layers. This is essentially the same as extract
from the layertools
The commands in layertools have been deprecated in favor of the commands
in 'tools'.
This also changes the behavior of layers.enabled from the Gradle and
Maven plugin: before this commit, layers.enabled prevents the inclusion
of the layer index file as well as the layertools JAR.
After this commit, layers.enabled only prevents the inclusion of the
layer index file.
layer.includeLayerTools have been deprecated in favor of includeTools,
and the layertools JAR has been renamed to tools.
Closes gh-38276
URL can contains empty spaced encoded as %20, so it should be decoded
before passing it to NestedLocation. NestedLocation expects file system
path which should not contain URL encoded values.
See gh-39675
Update the regular expression used to parse Docker images references to
prevent catastrophic backtracking when images names are long and the
tag contains an illegal character.
See gh-39617
The logic to extract layers from a downloaded Docker image assumed that
the layer entries in the image tar archive always had the file extension
`.tar`. This was the case with Docker and other compatible daemons until
Docker 25.0. With this commit, the extension is no longer assumed, but
any entries listed in `manifest.json` will be recognized.
Fixes gh-39323
Update `NestedJarFile` so that the `getManifest()` method returns the
manifest from the parent jar file for nested jars based on directory
entries.
This restores the previous behavior supported by Spring Boot 3.1 and
allows class methods such as `getPackage().getImplementationVersion()`
to return non `null` results.
Fixes gh-38996
Update `ZipContent` so that `META-INF` entries are no longer duplicated
in nested jars created from directory entries. This aligns with the
behavior of the classic loader and prevents the same META-INF file from
being discovered twice.
Fixes gh-38862
Update `JarFileArchive` so that unpacked jars use `file:` URLs rather
than `jar:file:`. This aligns with the behavior of Spring Boot 3.1 and
allows calls to `class.getSigners()` to work again.
Fixes gh-38833
1. remove unused imports
2. remove redundant semicolon
3. remove empty class body
4. remove redundant 'constructor' keyword
5. remove redundant 'Unit' return type
6. use non-null type if possible
See gh-38708
In gh-38154, we started handling ClosedByInterruptException. The
FileChannel was repaired by recreating it and then the exception was
rethrown. This allowed other threads to use the channel that had been
read by an interrupted thread while allowing that interruption to
continue.
This approach has proven to be insufficient as there are scenarios
where the read needs to succeed on the interrupted thread. This
commit updates the handling of ClosedByInterruptException so that
this is the case. The FileChannel is recreated as before but the
thread's interrupted flag is now cleared before retrying the read.
The flag is then reinstated so that any subsequent actions that
should fail due to the interruption will do so.
We could clear and reinstate the interrupted flag before the first
read, rather than catching ClosedByInterruptException. This approach
was rejected as it will have an impact on the performance of the
happy path where the thread hasn't been interrupted.
Fixes gh-38611
Relax the constraint that a `NestedLocation` must have a nested entry
name specified so that URLs can be split and rebuilt.
Prior to this commit, given a URL of the following form:
jar:nested:/myjar.jar!/nested.jar!/my/file
It was possible to create a FileSystem from
"jar:nested:/myjar.jar!/nested.jar" and from that create a path to
"my/file".
However, it wasn't possible to create a FileSystem from
"jar:nested:/myjar.jar", then create another file system from the path
"nested.jar" and then finally create a path to "/nested.jar".
This was because `nested:/myjar.jar` was not considered a value URL
because it didn't include a nested entry name.
Projects such as `JobRunr` were relying on the ability to compose file
systems, so it makes sense to remove our somewhat artificial
restriction.
Fixes gh-38592
Update `NestedByteChannel.read` so that it loops until all
remaining data has been read into the buffer. Prior to this
commit, it was possible for to read only some bytes into the
buffer. Although it looks like this should be OK according to
the API documentation, the `ZipFileSystem` relies on all
remaining bytes being returned.
Fixes gh-38595
Update `ZipContent` so that `eocd.totalNumberOfCentralDirectoryEntries`
is converted from a short to an unsigned int to prevent a negative
number from being used.
This commit also updates the code to consistently use `X.toUnsigned...`
helper methods rather than using bitwise operators.
Fixed gh-38572
Update jar `Handler` code so that the `parseUrl` method can accept an
empty `spec`. Prior to this commit, a `classLoader.getResource("")`
call would result in a `null` result. This breaks a number of things
including `ClassPathResource` and `PathMatchingResourcePatternResolver`.
Fixes gh-38524
Update `JarUrlConnection` and `NestedUrlConnection` so that calls
to `getLastModified()` and `getHeaderFieldDate("last-modified", 0)`
always return a result.
Fixes gh-38204
When an interrupted that calls FileChannel.read, the channel is
closed and the read fails with a ClosedByInterruptException. The
closure of the channel makes it unusable by other threads. To
allow other threads to read from the data block, this commit
recreates the FileChannel when a read fails on an interrupted
thread with a ClosedByInterruptException. The exception is then
rethrown to continue the thread's interruption.
Closes gh-38154
Previously, the .class file for the renamed properties class was
on the class path of the compilation in two places:
1. The output directory of the test's previous compilation
2. The output directory of the compilation of src/test/java of
spring-boot-configuration-processor
The first of these locations is addressed by updating TestProject.
The .class file is now deleted from the project's output location
at the same time as the .java file is deleted from its source
location.
The second of these locations is addressed by configuring the class
path of the compiler to include a copy of the result of compiling
src/test/java of spring-boot-configuration-processor. From this copy
entries can then be deleted as needed without destabilizing other tests.
Closes gh-26271
Fix issues with `DataBlockInputStream` including the fact that remain
bytes were not tracked correctly. Also add some tests and fix a few
other unusual details with the implementation.
Closes gh-38066
Update JarUrlConnection so that the full raw zip data is returned from
nested jars when no entry name is specified. This update allows
Tomcat's `WarURLConnection` to work with our nested connections since
they can parse the returned raw zip data.
Fixes gh-38047
The zip specification states that when 'bit 3' of the general purpose
flags is set then a data descriptor record must be present. Prior to
this commit, our `VirtualZipDataBlock` ignored such records and would
create invalid data.
Although the generated data would work for zip parsers that read the
central directory records, it causes problems with streaming reader
implementations such as `JarInputStream`.
This commit updates the code so that it now copies the data descriptor
records. It support both blocks that have a signature and those that
don't. It also updates the generation logic to correctly deal with
any extra data bytes present after the local file header record.
Fixes gh-38063
Update `UrlJarFileFactory` so that `runtimeVersion` is used by default
instead of `baseVersion`. Prior to this commit we tried to mirror the
JDK handler on look for a `#runtime` fragment. This unfortunately
doesn't work with the URLs produced by `URLClassPath`.
This commit also fixes a bug in `NestedJarFile` where we didn't return
the correct result from `hasEntry`.
Fixes gh-38050
Add a `NestedFileSystemProvider` implementation so that the JDK's
`ZipFileSystem` can load content from nested jars and nested
directory entries.
Creating a `ZipFileSystem` may be a relatively expensive operation as
zip structures need to be parsed and in the case of directory entries
a virtual datablock nees to be generated on the fly. As such, we
install the `ZipFileSystem` as late as possible since in a typical
application it may never be needed.
This commit also tweaks Gradle and Maven plugins to ensure that the
service loader file is written to repackaged jars.
Closes gh-7161
Update Gradle and Maven plugins to write an empty `META-INF/BOOT.SF`
file whenever there is a nested signed jar.
This update allows Oracle Java 17 to correctly verify the nested JARs.
The file is required because `JarVerifier` has code roughly equivalent
to:
if (!jarManifestNameChecked && SharedSecrets
.getJavaUtilZipFileAccess().getManifestName(jf, true) == null) {
throw new JarException("The JCE Provider " + jarURL.toString() +
" is not signed.");
}
The `SharedSecrets.getJavaUtilZipFileAccess().getManifestName(jf, true)`
call ends up in `ZipFile.getManifestName(onlyIfSignatureRelatedFiles)`
which is a private method that we cannot override in our `NestedJarFile`
subclass. By writing an empty `.SF` file we ensure that the `Manifest`
is always returned because there are always "signature related files".
Fixes gh-28837
Update `DefaultCleanerTracking` and `@AssertFileChannelDataBlocksClosed`
to capture and store the source object if it is a `Cleanable` so that
it can be released later.
Although the real cleaner cannot keep a reference to `obj`, it is safe
for us to do so in tests since we are in control of the object lifecycle
and we don't need it to be garbage collected.
This commit also updates the `UrlJarFile` to call the cleaner so that
it can be tracked.
See gh-37668
Update `NestedJarFile.close()` to call `super.close()` so that the outer
jar file is closed and files can hopefully be deleted on Windows.
See gh-37668
Rewrite nested jar code to better align with the implementations
provided in Java 17. This update makes two fundamental changes to
the previous implementation:
- Resource cleanup is now handled using the `java.lang.ref.Cleaner`
- Jar URLs now use the form `jar:nested:/my.jar/!nested.jar!/entry`
Unlike the previous `jar🫙/my,jar!/nested.jar!/entry` URL format,
the new format is compatible with Java's default Jar URL handler.
Specifically, it now only uses a single `jar:` prefix and it no longer
includes multiple `!/` separators.
In addition to the changes above, many of the ancillary classes have
also been refactored and updated to create cleaner APIs.
Closes gh-37668
Create alternative launcher classes under the package
`org.springframework.boot.loader.launch` and use them in favor
of the previous location.
This update is designed to improve compatibility with future
changes in the loader.
Closes gh-37667
The default socket timeout with HttpClient 5 is not long enough
in some cases where Docker images are built that require the
GraalVM native image compiler to run in a buildpack. This commit
increases the timeout to 30 minutes.
Fixes gh-37665
Co-authored-by: Scott Frederick <sfrederick@vmware.com>"
Prior to this change, this test would create files in the project
directory. This can cause issues with Gradle caching and up-to-date
checks.
To address this, the value of the working directory is mocked to a
temporary directory like all the other tests.
See gh-37395
Andy Wilkinson
Phillip Webb
Scott Frederick
Piyal Ahmed
Ahmed Ashour
Moritz Halbritter
Yanming Zhou
coursar
yokotaso
chaewss
Hyeon Sung
Pavel Anisimov
Matti Tahvonen
Felix
Johnny Lim
Eddú Meléndez
_ext Slovak, Jiri
Jakob Wanger
Adrian Cole
Scott Frederick
Chris Bono
lukasdooo
Tobias Lippert
PhilKes
teacmity
Christoph Dreis
Phillip Webb
Moritz Halbritter
Andy Wilkinson
Ivo Smid
JinseongHwang
Eric Haag
Niels Basjes