The Wire · Showcase
SPRING BOOT PLUGS FILE HANDLE LEAK IN IMAGE BUILDPACK
By RepoJournal · Filed · About Spring
Spring Boot's image buildpack was leaking file handles and orphaning temp files when resolving missing builder images, but a fix just landed to clean up both the streams and the intermediate artifacts.
The buildpack's ExportedLayers class was materializing exported layers as temp files without proper cleanup [1], leaving `create-builder-scratch-source-*` files scattered across your system temp directory and keeping InputStreams open. The patch [2] closes those streams and deletes the intermediate tar files, eliminating the resource leak entirely. Elsewhere across the projects, Spring Boot also corrected a documentation bug where the MongoDB health indicator was listed under the wrong configuration key [3][4], a fix that ships now to prevent confusion on your next integration. Spring Security picked up routine dependency bumps: Hibernate ORM to 7.4.5 [5] and JUnit to 6.1.2 [6], both maintenance releases with no breaking changes. Spring AMQP standardized its TOML naming conventions to match Spring Integration [7], improving consistency across the stack.
Action items
- → Update Spring Boot to pull the image buildpack stream cleanup fix spring-projects/spring-boot [plan]
- → Check your MongoDB health indicator config keys against the corrected documentation spring-projects/spring-boot [monitor]
- → Merge the dependency bumps in Spring Security at your next maintenance window spring-projects/spring-security [plan]
References
- [1] Resources are not cleaned up when resolving an image that is not yet present in the builder ↗ spring-projects/spring-boot
- [2] Merge pull request #50919 from SebTardif spring-projects/spring-boot
- [3] Merge pull request #50931 from ngocnhan-tran1996 spring-projects/spring-boot
- [4] Table of auto-configured HealthIndicators lists the wrong key for MongoHealthIndicator ↗ spring-projects/spring-boot
- [5] Bump org.hibernate.orm:hibernate-core from 7.4.4.Final to 7.4.5.Final ↗ spring-projects/spring-security
- [6] Bump org.junit:junit-bom from 6.1.1 to 6.1.2 ↗ spring-projects/spring-security
- [7] SA to use same toml naming as SI (#3516) spring-projects/spring-amqp