4.1

Updated to the latest version of Spring Boot which fixes CVE-2024-38820.
Updated to the latest version of connect-sdk-java, commons-codec and gson.

Even though the targeted Spring Boot version is now 3.3.x, this starter is still compatible with Spring Boot 3.x.x.

4.0

Updated to the latest version of Spring Boot. The minimum supported Spring Boot version is now 3.0.0.
Because Spring Boot 3.x requires Java 17, the minimum supported version has changed from Java 8 to Java 17.

Updated to the latest version of connect-sdk-java. Because this included a major refactor, this starter has had some major changes as well:

• The connect.api.api-key-id and connect.api.secret-api-key properties have been renamed to connect.api.authorization-id and connect.api.authorization-secret respectively.
  The matching methods in class ConnectSdkProperties have been renamed accordingly.
• The default logger name for the auto-configured CommunicatorLogger bean has changed to com.worldline.connect.sdk.java.Communicator.
• Class ConfigurableAuthenticator has been renamed to ConfigurableV1HMACAuthenticator, and the constructor and setApiKey method no longer have a parameter of type AuthorizationType.
  The matching auto-configured bean has been renamed to connectSdkV1HMACAuthenticator.
• The auto-configured Session bean has been removed, as its type no longer exists.
• A V1Client bean will be auto-configured if a Client bean is available.
• The auto-configured MerchantClient bean now requires a V1Client bean instead of a Client bean.
  The matching auto-configured bean has been renamed to connectSdkV1MerchantClient.
• Interface MetaDataProviderBuilderCustomizer has been renamed to MetadataProviderBuilderCustomizer.
• The connectSdkApiKey endpoint no longer accepts an authorizationType property.
• The previously deprecated methods from the connectSdkConnections endpoint have been removed. Only the methods that use GET and DELETE remain.

3.8

Added support for configuration property connect.api.connection-reuse to match the SDK's connect.api.connectionReuse configuration property.

The auto-configured Authenticator is now an instance of new class ConfigurableAuthenticator. This allows replacing the API key without restarting the application. Actuator endpoint, connectSdkApiKey is provided to do this through HTTP or JMX.

If a bean of type BodyObfuscator or HeaderObfuscator is provided, that will now be used by auto-configured Connection instances.

The actuator endpoint for closing idle and expired does not work for all Spring Boot versions. The current methods have been deprecated in favour of two new methods: closeConnections and closeConnectionsForBean.

Updated to the latest version of commons-codec, connect-sdk-java, Spring Boot 2.x and SnakeYAML.

3.7.4

Updated to the latest 2.7 version of Spring Boot which fixes CVE-2023-20883.
Updated to the latest version of connect-sdk-java.

3.7.3

Updated to the latest 2.7 version of Spring Boot which fixes CVE-2023-20873 and CVE-2023-20863.
Updated to the latest version of connect-sdk-java.

3.7.2

Updated to the latest 2.7 version of Spring Boot which fixes CVE-2023-20861.
Explicitly use the latest SnakeYAML version which fixes CVE-2022-1471.
Updated to the latest versions of connect-sdk-java, Gson and HttpClient.

3.7.1

Added support for Spring Boot 3.x.

The target Spring Boot version is still 2.7.x, but this starter is tested to be compatible with Spring Boot 2.2.x and 3.x.

3.7

Updated to the latest version of Spring Boot which fixes CVE-2022-22970.
Updated to the latest version of connect-sdk-java.

Even though the targeted Spring Boot version is now 2.7.x, this starter is still compatible with Spring Boot 2.2.x.

3.6.3

Updated to the latest version of Spring Boot which fixes CVE-2022-22968.

3.6.2

Updated to the latest version of Spring Boot which fixes CVE-2022-22965 and CVE-2020-36518.
Updated to the latest versions of connect-sdk-java and Gson.