Spring Boot manages the dependency to Hibernate. Currently, we are using Spring Boot 3.3.4, which is providing the dependency Hibernate 6.5.3.Final. Unfortunately, we are hit by https://hibernate.atlassian.net/browse/HHH-18439, which is only being fixed on maintained versions of Hibernate.

According to the release strategy of Hibernate, the uneven minor releases are not actively maintained, and there will be no patch for Hibernate 6.5.x: https://hibernate.org/orm/releases/.

Hibernate 6.4.x is not hit by the bug, since it was introduces in Hibernate 6.5.x. For now, we had to manually downgrade to Hibernate 6.4.x as a workaround. Since Spring Boot 3.3.x is supported until May 2025, it should also be able to provide fixes for managed dependencies and therefore use maintained versions of libraries.

Proposal: - Spring Boot should only use Hibernate versions that are maintained for the period that Spring Boot's version is maintained

Comment From: wilkinsona

Spring Boot should only use Hibernate versions that are maintained for the period that Spring Boot's version is maintained

Thanks for the suggestion. In an ideal world, this is how things would be but I don't think it's achievable as we have no control over the period for which the Hibernate team offer support for a particular minor release (and nor should we).

According to the release strategy of Hibernate, the uneven minor releases are not actively maintained, and there will be no patch for Hibernate 6.5.x: https://hibernate.org/orm/releases/.

Is this release strategy documented anywhere, or have you inferred it from how the various 6.x releases have been handled thus far? We were bitten by a similar problem in the past and we asked the Hibernate team if they had a strategy so that we could predict which releases would be actively maintained. Unfortunately, nothing was forthcoming. Furthermore, it isn't mentioned in their maintenance policy.

Given the current circumstances, I think the best that we can do is to try to keep up-to-date with the latest minor release of Hibernate each time we ship a new Spring Boot minor. We can also, on a best-effort basis, try to support those who choose to upgrade or downgrade the default version of Hibernate to meet their specific needs.

Beyond the above, I think our hands are tied here. Considering Spring Boot 3.3.x specifically, we do not want to downgrade everyone to Hibernate 6.4.x as they may be using features added in 6.5, nor do we want to upgrade everyone to Hibernate 6.6 as it comes with a lot of risk for a maintenance release as we've seen that it isn't 100% backwards-compatible with 6.5.

Comment From: bclozel

According to the release strategy of Hibernate, the uneven minor releases are not actively maintained

While it seems the case for the recent versions, I'm not sure this is an official and predictable policy, as stated by Andy above. For example: 6.2, 5.6 and 5.3 have limited support, but 6.0 and 5.4 are EOL at this point..

Comment From: philwebb

Given our limited options, I'm going to close this issue. I'm afraid we don't have any great choices and I think our current approach is probably the best we can do (all things considered).