Skip to content

build(deps): bump io.sentry:sentry-logback from 8.37.1 to 8.39.1#22

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/maven/io.sentry-sentry-logback-8.39.1
Closed

build(deps): bump io.sentry:sentry-logback from 8.37.1 to 8.39.1#22
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/maven/io.sentry-sentry-logback-8.39.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 19, 2026

Bumps io.sentry:sentry-logback from 8.37.1 to 8.39.1.

Release notes

Sourced from io.sentry:sentry-logback's releases.

8.39.1

Fixes

  • Fix JsonObjectReader and MapObjectReader hanging indefinitely when deserialization errors leave the reader in an inconsistent state (#5293)
    • Failed collection values are now skipped so parsing can continue
    • Skipped collection values emit WARNING logs
    • Unknown-key failures and unrecoverable recovery failures emit ERROR logs

8.39.0

Fixes

  • Fix ANR caused by GestureDetectorCompat Handler/MessageQueue lock contention in SentryWindowCallback (#5138)

Internal

  • Bump AGP version from v8.6.0 to v8.13.1 (#5063)

Dependencies

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
    • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
  • Android: Attachments on the scope will now be synced to native (#5211)
  • Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

  • Do not retrieve ActivityManager if API < 35 on SDK init (#5275)
Changelog

Sourced from io.sentry:sentry-logback's changelog.

8.39.1

Fixes

  • Fix JsonObjectReader and MapObjectReader hanging indefinitely when deserialization errors leave the reader in an inconsistent state (#5293)
    • Failed collection values are now skipped so parsing can continue
    • Skipped collection values emit WARNING logs
    • Unknown-key failures and unrecoverable recovery failures emit ERROR logs

8.39.0

Fixes

  • Fix ANR caused by GestureDetectorCompat Handler/MessageQueue lock contention in SentryWindowCallback (#5138)

Internal

  • Bump AGP version from v8.6.0 to v8.13.1 (#5063)

Dependencies

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
    • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
  • Android: Attachments on the scope will now be synced to native (#5211)
  • Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

  • Do not retrieve ActivityManager if API < 35 on SDK init (#5275)
Commits
  • d23b4b6 release: 8.39.1
  • 7bd7bbf fix changelog for unreleased SDK hang fix (#5298)
  • bfc5ee1 fix(sentry): Recover object readers after deserialization errors (#5293)
  • 6cf6485 Merge branch 'release/8.39.0'
  • 12c8c2a release: 8.39.0
  • de6a178 fix(gestures): Replace GestureDetectorCompat with lightweight detector to fix...
  • ce4b2c1 chore(deps): update Gradle to v9.4.1 (#5063)
  • 0675272 build(deps): bump actions/github-script from 8.0.0 to 9.0.0 (#5285)
  • 3af77f4 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 (#5287)
  • 7935b26 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#5286)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump io.sentry:sentry-logback from 8.37.1 to 8.39.1
7123daa 
Bumps [io.sentry:sentry-logback](https://github.com/getsentry/sentry-java) from 8.37.1 to 8.39.1.
- [Release notes](https://github.com/getsentry/sentry-java/releases)
- [Changelog](https://github.com/getsentry/sentry-java/blob/main/CHANGELOG.md)
- [Commits](getsentry/sentry-java@8.37.1...8.39.1)

---
updated-dependencies:
- dependency-name: io.sentry:sentry-logback
  dependency-version: 8.39.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Apr 19, 2026
@dependabot dependabot Bot mentioned this pull request Apr 19, 2026
Closed
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 26, 2026

Superseded by #24.

@dependabot dependabot Bot closed this Apr 26, 2026
@dependabot dependabot Bot deleted the dependabot/maven/io.sentry-sentry-logback-8.39.1 branch April 26, 2026 11:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants