Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.2

[dependabot]

Bumps org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.2.

Release notes

Sourced from org.atmosphere:atmosphere-runtime's releases.

Atmosphere 4.0.2

Full Changelog: Atmosphere/atmosphere@atmosphere-4.0.1...atmosphere-4.0.2

Atmosphere 4.0.1

Full Changelog: Atmosphere/atmosphere@atmosphere-4.0.0...atmosphere-4.0.1

Atmosphere 4.0.0

What's Changed

• Fix ConcurrentModificationException. by @​seamusmac in Atmosphere/atmosphere#2179
• Fix exception preventing proper shutdown of Atmosphere. by @​seamusmac in Atmosphere/atmosphere#2194
• Fix for issue #2224 by @​jonrimmer in Atmosphere/atmosphere#2225
• Fix issue #2227 by @​jbim in Atmosphere/atmosphere#2228
• Fixed the weird case when 'Origin' header contains 'null' string by @​reta in Atmosphere/atmosphere#2265
• Added Jetty93AsyncSupportWithWebSocket by @​shanielh in Atmosphere/atmosphere#2270
• Headers handling should not replace null with empty string by @​Starzu in Atmosphere/atmosphere#2298
• Reduced WebSocket onError log message to debug. by @​jajajaja in Atmosphere/atmosphere#2303
• Fixed a ConcurrentModificationException by @​zanzan23 in Atmosphere/atmosphere#2306
• Add Content-Type to first response (#2312 ) by @​KatriHaapalinna in Atmosphere/atmosphere#2313
• github-issue-#2322: AtmosphereResponseImpl#getHeaders should return `… by @​0x006EA1E5 in Atmosphere/atmosphere#2323
• Define requirements and capabilities for using ServiceLoader to load Injectables in OSGI environment by @​arotnov in Atmosphere/atmosphere#2330
• lookupDefaultBroadcasterType interprets AUTODETECT_BROADCASTER properly by @​larose in Atmosphere/atmosphere#2338
• Fix NPE on getCookies method by @​SuperPat45 in Atmosphere/atmosphere#2356
• Fix #2367 WebSocket protocol not supported on Payara 5 by @​blono in Atmosphere/atmosphere#2369
• Switch heartbeat logging values by @​nstanard in Atmosphere/atmosphere#2375
• Update Tomcat 7 version to 7.0.93 (runnable on Java 11) by @​azolotko in Atmosphere/atmosphere#2379
• Portable WebSocket should respect ApplicationConfig.WEBSOCKET_BUFFER_SIZE by @​azolotko in Atmosphere/atmosphere#2381
• Fixes #2383 by @​alexkau in Atmosphere/atmosphere#2384
• fix ByteBuffer and CharBuffer incompatibilities across JDKs by @​MichalChomo in Atmosphere/atmosphere#2386
• Allow WebSocket to close with code and reason by @​MichalChomo in Atmosphere/atmosphere#2388
• #2390 in DefaultBroadcaster.lookup() the synchronized(c) block should be avoided by @​ggaborg in Atmosphere/atmosphere#2391
• Handling cookies problem in Tomcat 9.0.27 by @​densp in Atmosphere/atmosphere#2395
• error log such important exception by @​fcorneli in Atmosphere/atmosphere#2411
• Support for per-message deflate Websocket extension by @​SuperPat45 in Atmosphere/atmosphere#2412
• fix dependency conflict issue by @​Bing-ok in Atmosphere/atmosphere#2416
• Fixes #2143. Handle mismatch between Atmosphere and the server by @​danielsjolin in Atmosphere/atmosphere#2420
• Patch JSR356AsyncSupport to work correctly on Quarkus. Fixes #2427 by @​mvysny in Atmosphere/atmosphere#2429
• Fix push message are not processed randomly by @​SuperPat45 in Atmosphere/atmosphere#2437
• Added none by @​castortech in Atmosphere/atmosphere#2440
• Upgrade SLF4J to latest to avoid CVE-2018-8088 by @​Artur- in Atmosphere/atmosphere#2443
• Fix a bad comparison between a String and a Class object by @​SuperPat45 in Atmosphere/atmosphere#2446
• 🐎 Avoid adding AtmosphereResource event listener unless necessary by @​slovdahl in Atmosphere/atmosphere#2449
• Update Java Doc link in README.md by @​super-nimbus in Atmosphere/atmosphere#2441
• ISSUE-2447 add stacktrace log output if atmosphere interceptor crashed with runtime exception by @​DarrMirr in Atmosphere/atmosphere#2448
• 🐛 Avoid adding length prefix for padding #2364 by @​slovdahl in Atmosphere/atmosphere#2452
• Marking quarkus as optional in the OSGI MANIFEST by @​vogella in Atmosphere/atmosphere#2454
• Make jnlp requirement optional for OSGi by @​vogella in Atmosphere/atmosphere#2458
• org.atmosphere.jersey.util should be optional in the OSGi manifest by @​vogella in Atmosphere/atmosphere#2462
• Set testng library with resolution optional in Atmosphere/atmosphere#2465
• fix version by @​Artur- in Atmosphere/atmosphere#2470
• Rename javax.servlet.ServletContainerInitializer to jakarta.servlet.ServletContainerInitializer by @​Artur- in Atmosphere/atmosphere#2471

... (truncated)

Changelog

Sourced from org.atmosphere:atmosphere-runtime's changelog.

Changelog

All notable changes to the Atmosphere Framework are documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[4.0.3] - 2026-02-22

Fixed

• Room Protocol broadcast bug. DefaultRoom.broadcast() now wraps messages in RawMessage to bypass @Message decoder mangling. Room JSON envelopes (join/leave/message events) are delivered intact to clients.
• enableHistory() NPE. UUIDBroadcasterCache is now properly configured before use, preventing NullPointerException when room history is enabled.
• Native Image build. Spring Boot samples use process-aot and exec classifier in the native profile so GraalVM can find the main class.

Added

• RawMessage API (org.atmosphere.cpr.RawMessage) — first-class public wrapper for pre-encoded messages that bypass @Message decoder/encoder pipelines. ManagedAtmosphereHandler.Managed is deprecated in favor of RawMessage.
• Playwright E2E tests for all sample applications (chat, spring-boot-chat, embedded-jetty, quarkus-chat, AI samples, durable-sessions, MCP server).

Changed

• Unified parent POM. All samples now inherit from atmosphere-project, making mvn versions:set update every module in a single command.
• Normalized artifact names. All modules use lowercase kebab-case atmosphere-* naming consistently.
• Release workflow hardened. Stale tags are cleaned before tagging, and git rebase handles diverged branches during release builds.

[4.0.0] - 2026-02-18

Atmosphere 4.0 is a rewrite of the framework for JDK 21+ and Jakarta EE 10. It keeps the annotation-driven programming model and transport abstraction from prior versions, and adds support for virtual threads, AI/LLM streaming, rooms and presence, native image compilation, and frontend framework bindings.

This release succeeds the 2.x/3.x line (last release: 3.1.0 / 2.6.5). The javax.servlet namespace, Java 8 runtime, and legacy application server integrations have been removed. Applications migrating from 2.x or 3.x should consult the Migration Guide.

Added

... (truncated)

Commits

• 246088f release: Atmosphere 4.0.2
• 2530019 fix(build): skip Central publishing for buildtools module
• 7c7e277 fix(embabel): update test to mock broadcaster.broadcast() instead of resource...
• 02f96d4 test(spring-ai,langchain4j): update tests for broadcaster-based streaming
• f8c1730 test(ai): update tests for broadcaster-based streaming
• 7d5e060 chore(samples): rebuild all frontend assets
• e802e69 fix(samples): correct trackMessageLength for each server config
• 5a84ba3 fix(samples): fix members display and add local message echo
• 5191152 fix(samples): add org.json dependency for Room protocol
• 41b0097 fix(samples): resolve duplicate React instances in all frontends
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #2910.