Ataccama ONE Agentic ONE Desktop ONE DQ&C ONE MDM ONE RDM ONE Runtime Server
latest (17.1.0) 17.0.0 16.3.x 16.2.0 16.1.0 16.0.0 15.4.0 15.3.0 15.2.0 15.1.0 14.5.x 13.9.x 13.8.x 13.7.x 13.6.x 13.5.0 13.4.x 13.3.x 13.2.x
User Community Service Desk Downloads

Upgrade to Java 25 and Spring Boot 4

Version 17.1.0 upgrades the MDM Server and MDM Web Application to Java 25 and Spring Boot 4 (from Spring Boot 3.5). This introduces a new runtime requirement, renames a configuration property, and removes support for the OAuth 2.0 Resource Owner Password Credentials (ROPC) grant type.

If you override the affected property or rely on the ROPC grant flow, review and apply the following changes before upgrading.

Runtime requirements

The MDM Server and Web Application now target Java 25. Ensure that the JRE or JDK available in your deployment environment is updated to Java 25 before upgrading to 17.1.0.

Earlier Java versions are no longer supported.

Renamed configuration property

Spring Boot 4 no longer recognizes the old property name. If you override the property listed here in application.properties, application.yml, environment variables, or similar, you must update it to the new name.

A property that retains the old name after the upgrade is silently ignored, which can result in unexpected runtime behavior.
Old property New property Affected modules

management.endpoints.enabled-by-default

management.endpoints.access.default=none

MDM Server, MDM Web App

The new property takes an access level (none, read-only, or unrestricted) instead of a Boolean. Replace enabled-by-default=false with access.default=none.

Spring Security changes

The upgrade introduces Spring Security 7, which contains two changes that might affect deployments.

Path patterns in public endpoints and ACLs

The path-matching engine for public endpoint properties and access control lists has changed. Most standard patterns continue to work, but if you use non-trivial patterns (optional segments, regex-like constructs), verify they still resolve as expected after the upgrade.

ROPC grant type removal

Spring Security 7 removes support for the OAuth 2.0 Resource Owner Password Credentials (ROPC) grant type.

To preserve backward compatibility, ROPC continues to work in 17.1.0, but support will be removed in a future release. If your integration authenticates to MDM using the ROPC grant, plan to migrate to a supported OAuth 2.0 grant type (for example, authorization code with PKCE, or client credentials).

Upgrade checklist

Before upgrading MDM Server and Web Application to 17.1.0:

  • Confirm Java 25 is available in every MDM environment.

  • If you override management.endpoints.enabled-by-default, switch to management.endpoints.access.default with an access level (for example, none).

  • If you customize public endpoint properties or security ACLs, review path patterns for compatibility.

  • If you authenticate to MDM using the ROPC OAuth 2.0 grant, plan a migration to a supported grant type.

Was this page useful?