gRPC server/client wiring, HTTP client SSRF filtering via InetAddressFilter, and lazy datasource connections eliminate boilerplate and reduce attack surface without breaking changes.
Summary
Eliminates manual gRPC setup and third-party starters; SSRF mitigation shifts left on server-side request forgery risk; lazy connections cut startup time and connection pool pressure in large deployments.
Why it matters
Eliminates manual gRPC setup and third-party starters; SSRF mitigation shifts left on server-side request forgery risk; lazy connections cut startup time and connection pool pressure in large deployments.
Implementation verdict
Drop-in replacement for custom gRPC wiring. SSRF blocking requires configuration of address ranges (whitelist/blacklist). Lazy datasource needs spring.datasource.connection-fetch=lazy flag. One feature (jOOQ 3.20) requires Java 21 upgrade; baseline stays JDK 17. Worth upgrading now for gRPC and context propagation; SSRF config requires threat modeling first.
Sources
Dev Signal
Get briefs like this in your inbox — free, 3x a week.
100+ sources compressed into one 4-minute read. Ranked, cited, implementation-ready.