Previously, the security risks and our recommendations on how to
mitigate them were not documented as clearly as they could have been.
This commit makes some changes to try to address this:
1. The security risk is now noted at the beginning of the section
2. The recommendation to use SSL is now documented more prominently
and an alternative recommendation to only use remote support on
a trusted network has been added.
3. The example secret has been removed to prevent copy and paste
4. A recommendation to use a secret that is unique and strong has been
added
Closes gh-18825
In 2.2.0, @ConfigurationPropertiesScan was enabled by default.
Unfortunately, this had the unexpected side-effect of breaking
conditional enablement of a @ConfigurationProperties class via
@EnableConfigurationProperties if the @ConfigurationProperties class
was in a package covered by scanning.
This commit remove @ConfigurationPropertiesScan from
@SpringBootApplication so that it is no longer enabled by default.
2.1.x users who rely upon such conditional enablement of
@ConfigurationProperties classes can now upgrade to 2.2.x without
having to make any changes. Users who do not have such a need and are
in a position to use configuration properties scanning can now opt-in
by adding @ConfigurationPropertiesScan to their main application class
alongside @SpringBootApplication.
Closes gh-18674
This commit adds an index page for the multi-file HTML version, and
fixed a couple of casing issues (significant words starting with lower
case in headings).
While researching how to get the content from index-docinfo.xml into
the output, I came across the notion of a colophon, which is a good name
for the information in that file. I have consequently changed "Legal"
(which I never liked but couldn't think of a better term for at the
time) to "Colophon".
See gh-12611
Reinstate `web` logging when devtools is in use, making use of the new
logging groups support. Devtools now also logs an `INFO` message
informing that properties defaults are offers an easy way to disable
them.
Closes gh-14450
Madhura Bhave
Andy Wilkinson
Stephane Nicoll
Phillip Webb
Sergei Petunin
Phillip Verheyden
Stefan Dellmuth
Tetsuya Hasegawa
Kaze
Johnny Lim
Jay Bryant