Skip to content

Bump org.springframework.kafka:spring-kafka from 4.0.4 to 4.0.6#126

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/org.springframework.kafka-spring-kafka-4.0.6
Open

Bump org.springframework.kafka:spring-kafka from 4.0.4 to 4.0.6#126
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/org.springframework.kafka-spring-kafka-4.0.6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 12, 2026

Copy link
Copy Markdown

Bumps org.springframework.kafka:spring-kafka from 4.0.4 to 4.0.6.

Release notes

Sourced from org.springframework.kafka:spring-kafka's releases.

v4.0.6

⭐ New Features

  • make the method setBackOffFunction work for the batch processing as well #4473

🐞 Bug Fixes

  • Require exact package match for trusted header types #4497
  • Harden retry topic headers decoding in Spring Kafka #4495
  • Fix unbounded cache in DelegatingDeserializer #4491
  • @RetryableTopic: built-in DLT logging handler fails with "No Acknowledgment available" on 4.0 (works on 3.3.x) #4474
  • Different behavior for value serializer mappings for different classloaders #4461
  • NPE when properties are not defined for StreamsBuilderFactoryBean #4454
  • DefaultAfterRollbackProcessor for batch-listeners consuming ConsumerRecords doesn't seek consumer #4452
  • Inconsistent handling of non-string values in Properties argument passed to DefaultConsumerFactory::createKafkaConsumer #4421

📔 Documentation

  • Spring Kafka documentation does not mention spring-boot-starter-kafka requirement for Spring Boot 4 #4464

🔨 Dependency Upgrades

  • Bump org.springframework.data:spring-data-bom from 2025.1.5 to 2025.1.6 #4488
  • Bump org.springframework:spring-framework-bom from 7.0.7 to 7.0.8 #4478
  • Bump io.micrometer:micrometer-tracing-bom from 1.6.5 to 1.6.6 #4477
  • Bump io.projectreactor:reactor-bom from 2025.0.5 to 2025.0.6 #4476
  • Bump io.micrometer:micrometer-bom from 1.16.5 to 1.16.6 #4475
  • Bump org.slf4j:slf4j-api from 2.0.17 to 2.0.18 #4446

v4.0.5

🐞 Bug Fixes

  • Async Processing (and out of order commits) with FilteringMessageListenerAdapter #4414
  • ShareKafkaMessageListenerContainer.doStart() does not await consumer thread startup #4400
  • Fix immutability StreamsBuilderFactory properties #4389
  • Missing JSpecify @Nullable annotation for consumer & producer factories #4368

🔨 Dependency Upgrades

  • Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #4413
  • Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #4412
  • Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #4411
  • Bump io.micrometer:micrometer-tracing-bom from 1.6.4 to 1.6.5 #4408
  • Bump io.micrometer:micrometer-bom from 1.16.4 to 1.16.5 #4406
  • Bump log4jVersion from 2.25.3 to 2.25.4 #4386
  • Bump kafkaVersion from 4.1.1 to 4.1.2 #4363
Commits
  • 3820b05 [CI/CD] Release version 4.0.6
  • f18fbe1 GH-4496: Require exact package match for trusted header types
  • 6590916 GH-4493: Harden retry topic headers decoding
  • de57592 GH-4489: Fix unbounded cache in DelegatingDeserializer
  • 58e1c2a Bump org.springframework.data:spring-data-bom from 2025.1.5 to 2025.1.6 (#4488)
  • f2622c1 Bump io.micrometer:micrometer-bom from 1.16.5 to 1.16.6 (#4475)
  • d3ce2cf Bump org.springframework:spring-framework-bom from 7.0.7 to 7.0.8 (#4478)
  • d97b899 Bump io.micrometer:micrometer-tracing-bom from 1.6.5 to 1.6.6 (#4477)
  • b9b778a Bump io.projectreactor:reactor-bom from 2025.0.5 to 2025.0.6 (#4476)
  • b4de8b6 GH-4468: Fix no-op ack detection for non-null Acknowledgment
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump org.springframework.kafka:spring-kafka from 4.0.4 to 4.0.6
d732e2c 
Bumps [org.springframework.kafka:spring-kafka](https://github.com/spring-projects/spring-kafka) from 4.0.4 to 4.0.6.
- [Release notes](https://github.com/spring-projects/spring-kafka/releases)
- [Commits](spring-projects/spring-kafka@v4.0.4...v4.0.6)

---
updated-dependencies:
- dependency-name: org.springframework.kafka:spring-kafka
  dependency-version: 4.0.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jun 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants