Skip to content

chore(deps): update Java SDK to v8.49.0#5398

Merged
jamescrosswell merged 1 commit into
mainfrom
deps/scripts/update-java.ps1
Jul 17, 2026
Merged

chore(deps): update Java SDK to v8.49.0#5398
jamescrosswell merged 1 commit into
mainfrom
deps/scripts/update-java.ps1

Conversation

@github-actions

Copy link
Copy Markdown
Contributor

Bumps scripts/update-java.ps1 from 8.48.0 to 8.49.0.

Auto-generated by a dependency updater.

Changelog

8.49.0

Features

  • Session Replay: Record segment names (transaction names) (#5763)

  • Add io.sentry:sentry-opentelemetry-bom to align Sentry OpenTelemetry modules with tested OpenTelemetry dependencies (#5629)

    • Spring Boot Gradle plugin: add the Sentry BOM to dependencyManagement; explicit imports are applied after Spring Boot's implicit BOM
      dependencyManagement {
        imports {
          mavenBom("io.sentry:sentry-opentelemetry-bom:<sentry-version>")
        }
      }
    • Gradle: import it as a platform and omit versions from Sentry OpenTelemetry and OpenTelemetry dependencies
      implementation(platform("io.sentry:sentry-opentelemetry-bom:<sentry-version>"))
    • Maven: import it before Spring Boot's BOM in the same <dependencyManagement> block, or in the child POM when using spring-boot-starter-parent
      <dependency>
        <groupId>io.sentry</groupId>
        <artifactId>sentry-opentelemetry-bom</artifactId>
        <version>${sentry.version}</version>
        <type>pom</type>
        <scope>import</scope>
      </dependency>

Fixes

  • Session Replay: Fix first recording segment missing for replays in buffer mode (#5753)
  • Session Replay: Fix error-to-replay linkage in buffer mode (#5754)
  • Prevent logs and metrics from remaining queued after a flush scheduling race (#5756)
  • Fix main thread identification for tombstone (native crash) events (#5742)
  • Prevent malformed JDBC URLs, which may contain credentials, from being printed to stdout (#5656)
  • Restrict JVM-global proxy authentication credentials to challenges from the configured proxy host (#5656)
  • Sanitize Spring 7 and Spring Jakarta WebClient span descriptions to prevent embedded URL credentials from being sent to Sentry (#5656)
  • Respect tracePropagationTargets when injecting Sentry tracing headers through the OpenTelemetry OTLP propagator (#5656)

Performance

  • Schedule transaction idle/deadline timeouts on a shared, dedicated executor instead of spawning a Timer thread per transaction (#5670)

Dependencies

  • Bump OpenTelemetry to support Spring Boot 4.1 (#5573)

    • If this causes issues for you because you are also using Spring Boot Dependency Management Plugin (io.spring.dependency-management),
      which may downgrade the OpenTelemetry SDK, please have a look at the changelog entry above that explains how to use sentry-opentelemetry-bom.
    • OpenTelemetry to 1.63.0 (was 1.60.1)
    • OpenTelemetry Instrumentation to 2.29.0 (was 2.26.0)
    • OpenTelemetry Instrumentation Alpha to 2.29.0-alpha (was 2.26.0-alpha)
    • OpenTelemetry Semantic Conventions to 1.42.0 (was 1.40.0)
    • OpenTelemetry Semantic Conventions Alpha to 1.42.0-alpha (was 1.40.0-alpha)
  • Bump Native SDK from v0.15.2 to v0.15.3 (#5728)

  • Expose sentry-native's heartbeat-based app-hang detection through SentryAndroidOptions (#5623)

    • Enable via setEnableNdkAppHangTracking(true) (disabled by default) and tune the timeout with setNdkAppHangTimeoutIntervalMillis(...) (default 5000 ms), or the io.sentry.ndk.app-hang.enable / io.sentry.ndk.app-hang.timeout-interval-millis manifest entries
    • Intended for hybrid SDKs: emit the heartbeat by calling the native sentry_app_hang_heartbeat() from the thread you want monitored. Independent of the JVM-based ANR detection (setAnrEnabled)
  • Fix NoSuchMethodError from using Math.floorDiv/Math.floorMod overloads that are unavailable on Java 8 (#5743)

Dependencies

Full CHANGELOG.md diff
 -1,5 +1,64 
 # Changelog
 
+## 8.49.0
+
+### Features
+
+- Session Replay: Record segment names (transaction names) ([#5763](https://github-redirect.dependabot.com/getsentry/sentry-java/pull/5763))
+
+- Add `io.sentry:sentry-opentelemetry-bom` to align Sentry OpenTelemetry modules with tested OpenTelemetry dependencies ([#5629](https://github-redirect.dependabot.com/getsentry/sentry-java/pull/5629))
+  - Spring Boot Gradle plugin: add the Sentry BOM to `dependencyManagement`; explicit imports are applied after Spring Boot's implicit BOM
+    ```kotlin
+    dependencyManagement {
+      imports {
+        mavenBom("io.sentry:sentry-opentelemetry-bom:<sentry-version>")
+      }
+    }
+    ```
+  - Gradle: import it as a platform and omit versions from Sentry OpenTelemetry and OpenTelemetry dependencies
+    ```kotlin
+    implementation(platform("io.sentry:sentry-opentelemetry-bom:<sentry-version>"))
+    ```
+  - Maven: import it before Spring Boot's BOM in the same `<dependencyManagement>` block, or in the child POM when using `spring-boot-starter-parent`
+    ```xml
+    <dependency>
+      <groupId>io.sentry</groupId>
+      <artifactId>sentry-opentelemetry-bom</artifactId>
+      <version>${sentry.version}</version>
+      <type>pom</type>
+      <scope>import</scope>
+    </dependency>
+    ```
+
+### Fixes
+
+- Session Replay: Fix first recording segment missing for replays in `buffer` mode ([#5753](https://github-redirect.dependabot.com/getsentry/sentry-java/pull/5753))
+- Session Replay: Fix error-to-replay linkage in `buffer` mode ([#5754](https://github-redirect.dependabot.com/getsentry/sentry-java/pull/5754))
+- Prevent logs and metrics from remaining queued after a flush scheduling race ([#5756](https://github-redirect.dependabot.com/getsentry/sentry-java/pull/5756))
+- Fix main thread identification for tombstone (native crash) events ([#5742](https://github-redirect.dependabot.com/getsentry/sentry-java/pull/5742))
+- Prevent malformed JDBC URLs, which may contain credentials, from being printed to stdout ([#5656](https://github-redirect.dependabot.com/getsentry/sentry-java/pull/5656))
+- Restrict JVM-global proxy authentication credentials to challenges from the configured proxy host ([#5656](https://github-redirect.dependabot.com/getsentry/sentry-java/pull/5656))
+- Sanitize Spring 7 and Spring Jakarta WebClient span descriptions to prevent embedded URL credentials from being sent to Sentry ([#5656](https://github-redirect.dependabot.com/getsentry/sentry-java/pull/5656))
+- Respect `tracePropagationTargets` when injecting Sentry tracing headers through the OpenTelemetry OTLP propagator ([#5656](https://github-redirect.dependabot.com/getsentry/sentry-java/pull/5656))
+
+### Performance
+
+- Schedule transaction idle/deadline timeouts on a shared, dedicated executor instead of spawning a `Timer` thread per transaction ([#5670](https://github-redirect.dependabot.com/getsentry/sentry-java/pull/5670))
+
+### Dependencies
+
+- Bump OpenTelemetry to support Spring Boot 4.1 ([#5573](https://github-redirect.dependabot.com/getsentry/sentry-java/pull/5573))
+  - If this causes issues for you because you are also using Spring Boot Dependency Management Plugin (io.spring.dependency-management),
+    which may downgrade the OpenTelemetry SDK, please have a look at the changelog entry above that explains how to use `sentry-opentelemetry-bom`.
+  - OpenTelemetry to 1.63.0 (was 1.60.1)
+  - OpenTelemetry Instrumentation to 2.29.0 (was 2.26.0)
+  - OpenTelemetry Instrumentation Alpha to 2.29.0-alpha (was 2.26.0-alpha)
+  - OpenTelemetry Semantic Conventions to 1.42.0 (was 1.40.0)
+  - OpenTelemetry Semantic Conventions Alpha to 1.42.0-alpha (was 1.40.0-alpha)
+- Bump Native SDK from v0.15.2 to v0.15.3 ([#5728](https://github-redirect.dependabot.com/getsentry/sentry-java/pull/5728))
+  - [changelog](https://github-redirect.dependabot.com/getsentry/sentry-native/blob/master/CHANGELOG.md[#0153](https://github-redirect.dependabot.com/getsentry/sentry-java/issues/0153))
+  - [diff](https://github-redirect.dependabot.com/getsentry/sentry-native/compare/0.15.2...0.15.3)
+
 ## 8.48.0
 
 ### Features
 -18,11 +77,14 
   Sentry.finishExtendedAppStart()
  • Add trace_metric_byte data category and record byte-level client reports when trace metrics are discarded (#5626)
    +- Expose sentry-native's heartbeat-based app-hang detection through SentryAndroidOptions (#5623)
    • Enable via setEnableNdkAppHangTracking(true) (disabled by default) and tune the timeout with setNdkAppHangTimeoutIntervalMillis(...) (default 5000 ms), or the io.sentry.ndk.app-hang.enable / io.sentry.ndk.app-hang.timeout-interval-millis manifest entries
    • Intended for hybrid SDKs: emit the heartbeat by calling the native sentry_app_hang_heartbeat() from the thread you want monitored. Independent of the JVM-based ANR detection (setAnrEnabled)
  • Support the io.sentry.tombstone.report-historical manifest option to enable historical tombstone reporting via AndroidManifest.xml <meta-data> (#5683)

Fixes

-- Fix NoSuchMethodError when using Math.floorDiv/Math.floorMod on Android < 24 (#5743)
+- Fix NoSuchMethodError from using Math.floorDiv/Math.floorMod overloads that are unavailable on Java 8 (#5743)

  • Fix main thread identification parsing for ApplicationExitInfo ANRs (#5733)
  • Do not send threads without stacktraces for ApplicationExitInfo ANRs (#5733)
  • Record byte-level client reports when event processors discard logs or trace metrics (#5718)
    -36,6 +98,12
  • Remove executor prewarm during SDK init (#5681)
    • The single-threaded SentryExecutorService queued the prewarm work ahead of the first useful task, so it could only delay init work, never speed it up; the thread and class loading it warmed are paid identically by the first real task submitted right after.

+### Dependencies
+
+- Bump Native SDK from v0.15.2 to v0.15.3 (#5623)

8.47.0

Behavioral Changes


</details>

@github-actions
github-actions Bot requested a review from jamescrosswell as a code owner July 17, 2026 03:58
@github-actions github-actions Bot added the Dependencies Pull requests that update a dependency file label Jul 17, 2026
@bruno-garcia
bruno-garcia force-pushed the deps/scripts/update-java.ps1 branch from b6afcf1 to ec32ef7 Compare July 17, 2026 03:58
@github-actions github-actions Bot added the risk: medium PR risk score: medium label Jul 17, 2026
@codecov

codecov Bot commented Jul 17, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.54%. Comparing base (f02bc53) to head (ec32ef7).

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #5398      +/-   ##
==========================================
- Coverage   74.54%   74.54%   -0.01%     
==========================================
  Files         512      512              
  Lines       18652    18652              
  Branches     3655     3655              
==========================================
- Hits        13905    13904       -1     
- Misses       3873     3874       +1     
  Partials      874      874              

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@jamescrosswell jamescrosswell left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated approval: dependency update, CI green, no breaking changes in description.

@jamescrosswell
jamescrosswell merged commit b6315ad into main Jul 17, 2026
51 checks passed
@jamescrosswell
jamescrosswell deleted the deps/scripts/update-java.ps1 branch July 17, 2026 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Dependencies Pull requests that update a dependency file risk: medium PR risk score: medium

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants