Spring Framework 5.0 requires JDK 8 (Java SE 8), since its entire codebase is based on Java 8 source code level and provides full compatibility with JDK 9 on the classpath as well as the module path (Jigsaw). Java SE 8 update 60 is suggested as the minimum patch release for Java 8, but it is generally recommended to use a recent patch release.
The Java EE 7 API level is required in Spring's corresponding modules now, with runtime support for the EE 8 level:
- Servlet 3.1 / 4.0
- JPA 2.1 / 2.2
- Bean Validation 1.1 / 2.0
- JMS 2.0
- JSON Binding API 1.0 (as an alternative to Jackson / Gson)
- Tomcat 8.5+
- Jetty 9.4+
- WildFly 10+
- WebSphere 9+
- with the addition of Netty 4.1 and Undertow 1.4 for Spring WebFlux
- Jackson 2.9+
- EhCache 2.10+
- Hibernate 5.0+
- OkHttp 3.0+
- XmlUnit 2.0+
- XStream 1.4.7+
- Package beans.factory.access (BeanFactoryLocator mechanism).
- Including SpringBeanAutowiringInterceptor for EJB3 which was based on such a statically shared context. Preferably integrate a Spring backend via CDI instead.
- Package jdbc.support.nativejdbc (NativeJdbcExtractor mechanism).
- Superseded by the native Connection.unwrap mechanism in JDBC 4. There is generally very little need for unwrapping these days, even against the Oracle JDBC driver.
- Package mock.staticmock removed from spring-aspects module.
- No support for AnnotationDrivenStaticEntityMockingControl anymore.
- Packages web.view.tiles2 and orm.hibernate3/hibernate4 dropped.
- Minimum requirement: Tiles 3 and Hibernate 5 now.
- Many deprecated classes and methods removed across the codebase.
- A few compromises made for commonly used methods in the ecosystem.
- Note that several deprecated methods have been removed from the JSP tag library as well.
- e.g. FormTag's "commandName" attribute, superseded by "modelAttribute" years ago.
The Spring Framework no longer supports: Portlet, Velocity, JasperReports, XMLBeans, JDO, Guava (replaced by the Caffeine support). If those are critical to your project, you should stay on Spring Framework 4.3.x (supported until 2020). Alternatively, you may create custom adapter classes in your own project (possibly derived from Spring Framework 4.x).
Commons Logging setupSpring Framework 5.0 comes with its own Commons Logging bridge in the form of the 'spring-jcl' module that 'spring-core' depends on. This replaces the former dependency on the 'commons-logging' artifact which required an exclude declaration for switching to 'jcl-over-slf4j' (SLF4J / Logback) and an extra bridge declaration for 'log4j-jcl' (Log4j 2.x).
Now, 'spring-jcl' itself is a very capable Commons Logging bridge with first-class support for Log4j 2, SLF4J and JUL (java.util.logging), working out of the box without any special excludes or bridge declarations for all three scenarios.
You may still exclude 'spring-jcl' from 'spring-core' and bring in 'jcl-over-slf4j' as your choice, in particular for upgrading an existing project. However, please note that 'spring-jcl' can easily supersede 'jcl-over-slf4j' by default for a streamlined Maven dependency setup, reacting to the plain presence of the Log4j 2.x / Logback core jars at runtime.
Please note: For a clean classpath arrangement (without several variants of Commons Logging on the classpath), you might have to declare explicit excludes for 'commons-logging' and/or 'jcl-over-slf4j' in other libraries that you're using.
CORS supportCORS support has been updated to be more secured by default and more flexible.
When upgrading, be aware that allowCredentials default value has been changed to false and now requires to be explicitly set to true if cookies or authentication are needed in CORS requests. This can be done at controller level via @CrossOrigin(allowCredentials="true") or configured globally via WebMvcConfigurer#addCorsMappings.
CORS configuration combination logic has also been slightly modified to differentiate user defined * values where additive logic should be used and default @CrossOrigin values which should be replaced by any user provided values.
升级到 5.0 版 基线更新
Spring Framework 5.0 需要 JDK 8 (Java SE 8),因为它的整个代码库基于 Java 8 源代码级别,并在类路径和模块路径 (Jigsaw) 上提供与 JDK 9 的完全兼容性。建议 Java SE 8 update 60 作为 Java 8 的最低补丁版本,但通常建议使用最近的补丁版本。
Spring 的相应模块现在需要 Java EE 7 API 级别,运行时支持 EE 8 级别:
- 小服务程序 3.1 / 4.0
- JPA 2.1 / 2.2
- Bean 验证 1.1 / 2.0
- JMS 2.0
- JSON Binding API 1.0(作为 Jackson / Gson 的替代品)
- 雄猫 8.5+
- 码头 9.4+
- 野飞 10+
- 9+
- 为 Spring WebFlux 添加了 Netty 4.1 和 Undertow 1.4
- 杰克逊 2.9+
- EhCache 2.10+
- 休眠 5.0+
- OkHttp 3.0+
- XmlUnit 2.0+
- XStream 1.4.7+
- 封装 beans.factory.access(BeanFactoryLocator 机制)。
- 包括SpringBeanAutowiringInterceptor基于这种静态共享上下文的 EJB3。最好通过 CDI 集成 Spring 后端。
- 封装 jdbc.support.nativejdbc(NativeJdbcExtractor 机制)。
- 已被 JDBC 4 中的本机机制所取代。Connection.unwrap如今,即使针对 Oracle JDBC 驱动程序,通常也很少需要解包。
- mock.staticmock从spring-aspects模块中 删除的包。
- 不再支持AnnotationDrivenStaticEntityMockingControl了。
- 包web.view.tiles2和orm.hibernate3/hibernate4丢弃。
- 最低要求:现在 Tiles 3 和 Hibernate 5。
- 在代码库中删除了许多不推荐使用的类和方法。
- 对生态系统中常用的方法进行了一些妥协。
- 请注意,几个不推荐使用的方法也已从 JSP 标记库中删除。
- 例如 FormTag 的“commandName”属性,几年前被“modelAttribute”取代。
Spring 框架不再支持:Portlet、Velocity、JasperReports、XMLBeans、JDO、Guava(由 Caffeine 支持取代)。如果这些对您的项目至关重要,您应该继续使用 Spring Framework 4.3.x(支持到 2020 年)。或者,您可以在自己的项目中创建自定义适配器类(可能从 Spring Framework 4.x 派生)。
公共日志记录设置Spring Framework 5.0 以“spring-core”所依赖的“spring-jcl”模块的形式提供了自己的 Commons Logging 桥接器。这取代了以前对“commons-logging”工件的依赖,它需要一个排除声明来切换到“jcl-over-slf4j”(SLF4J / Logback)和一个额外的“log4j-jcl”桥声明(Log4j 2.x) .
现在,'spring-jcl' 本身是一个非常强大的 Commons Logging 桥,具有对 Log4j 2、SLF4J 和 JUL (java.util.logging) 的一流支持,开箱即用,无需任何特殊的排除或桥声明所有这三个情景。
您仍然可以从“spring-core”中排除“spring-jcl”并引入“jcl-over-slf4j”作为您的选择,特别是在升级现有项目时。但是,请注意,默认情况下,'spring-jcl' 可以轻松取代 'jcl-over-slf4j',以简化 Maven 依赖项设置,对运行时 Log4j 2.x / Logback 核心 jar 的明显存在做出反应。
请注意:对于一个干净的类路径安排(在类路径上没有多个 Commons Logging 变体),您可能必须在其他库中为“commons-logging”和/或“jcl-over-slf4j”声明明确的排除项使用。
CORS 支持CORS 支持已更新,默认情况下更安全且更灵活。
升级时,请注意allowCredentials默认值已更改为falsetrue,如果 CORS 请求中需要 cookie 或身份验证,现在需要显式设置为。这可以通过在控制器级别完成@CrossOrigin(allowCredentials="true")或通过全局配置WebMvcConfigurer#addCorsMappings。
CORS 配置组合逻辑也进行了轻微修改*,以区分应使用附加逻辑的用户定义值和@CrossOrigin应由任何用户提供的值替换的默认值。
