The class CompositeHealth has a method getDetails() which currently has default (package-private) access. This causes a problem when used in conjunction with the Jackson setting MapperFeature.CAN_OVERRIDE_ACCESS_MODIFIERS. Setting this Jackson MapperFeature to false ensures only public access is used during serialization. Since this field on CompositeHealth is package private, serialization fails with this configuration.
Since CompositeHealth is used as a value object, and the getDetails() method is intended to be accessed during serialization of the response, it seems that the getDetails() method should be changed to public access.