Migration guide - Atoti Hub

This page explains the changes required to migrate from Atoti CVA Risk Capital 5.1.3 to 6.0.0. For new features and fixes included in this release, see the Atoti CVA Risk Capital 6.0.0 release notes. For Atoti Server changes, see the Atoti Server release notes.

Migrate to 6.0.0

This is a major version that upgrades the underlying stack from Atoti Server 6.0.9 on Java 17 to Atoti Server 6.1.19 on Java 21. The scope of work depends on how much the default source tree has been modified.

Choose your migration path

Path	Who it is for
Path A — No customization	Source was cloned and built as-is, with no edits to the Java or configuration files.
Path B — Light customization	A single isolated `@Configuration` class is wired in via one `@Import` line on `ApplicationConfig`. Everything else is stock.
Path C — Heavy customization	Multiple Java files across two or more modules have been modified in place.

When in doubt, start by producing a patch against a pristine 5.1.3 checkout (Step 0 of Path C). If the patch touches only one file, follow Path B. If the patch is empty, follow Path A.

Headline changes

Every migration path accepts these changes. Paths B and C require additional handling.

Java 21: Java 17 is no longer supported. The Maven build enforces requireJavaVersion 21.
Atoti Server 6.1.19: Upgraded from ActivePivot 6.0.9. All com.qfs.* and com.quartetfs.* package roots move to com.activeviam.{activepivot,tech,database,web}.*.
Spring Boot 3 / Jakarta EE 10: javax.* replaced by jakarta.* across the board.
Spring Security 6: WebSecurityConfigurerAdapter removed; replaced by SecurityFilterChain beans.
OpenTelemetry 1.43.0: Spring Cloud Sleuth and Zipkin Brave removed.
Module restructuring: 5 modules become 8. cvarc-application is the new executable; cvarc-starter becomes an auto-config library. See Module rename.
What-If 2.1.6-AS6.0 → 5.0.0-AS6.1: Hibernate-based persistence, JWT authentication, new file-upload distributed mode. See What-If 2.1.6-AS6.0 → 5.0.0-AS6.1.
Atoti Server 6.1.19: New Spring Boot starters replace hand-wired configuration. See Atoti Server 6.1.19 starters.
Atoti Limits 4.2.1: GroupId and artifact ID changed; disabled by default. See Atoti Limits 4.2.1.
Common Accelerator Library 2.1.15-AS6.1.

Smaller breaking changes apply to specific audiences: DispatcherServlet configuration removal (only if a fork overrode the bean), JGroups protocol files (AtotiAuthToken → SharedSecretAuthToken), Hibernate group ID (org.hibernate → org.hibernate.orm, only relevant for module POMs that pull Hibernate directly), and CVARCEnvConstants constant suffix renames (_SYSPROP/_SYNSPROP/_PROP → _PROPERTY).

Path A — no customization

This path is for users who cloned the source, built it, and run the resulting jar or Docker image without any local edits. The total work is installing a new JDK, swapping the source tree, rebuilding, and updating the launch command.

Step 1: install JDK 21

5.1.3 enforced JDK 17. 6.0.0 enforces JDK 21 via requireJavaVersion in the root POM. The Maven build fails immediately on the wrong JDK.

# verify before building
java -version          # must report 21.x
mvn -version           # "Java version" must be 21.x
export JAVA_HOME=/path/to/jdk-21

No Java 21 language features are required by the upgrade itself. This is a toolchain bump driven by the Atoti Server 6.1.19 stack.

Step 2: replace the source tree

Swap the 5.1.3 working copy for the 6.0.0 source. The module list changes as follows:

5.1.3 module	6.0.0 replacement
`cvarc-common`	`cvarc-common-lib` + `cvarc-common-config`
`cvarc-ba-activepivot`	`cvarc-ba-config`
`cvarc-sa-activepivot`	`cvarc-sa-config`
`cvarc-starter` (executable)	`cvarc-starter` (auto-config library) + `cvarc-application` (new executable) + `cvarc-application-tests`
`cvarc-isda-tests`	`cvarc-isda-tests` (unchanged)

With git, this is a single checkout of the 6.0.0 tree over the 5.1.3 tree. There are no merge decisions for an as-is user — every file at the same logical path moves together. See Complete change inventory for the full scope of what this swap brings in.

Step 3: rebuild

Run from the project root:

mvn clean install

The new executable jar is:

cvarc-application/target/cvarc-application-6.0.0-SNAPSHOT-exec.jar

5.1.3 produced cvarc-starter/target/cvarc-starter-5.1.3-exec.jar. The 5.1.3 cvarc-starter module remains in 6.0.0 but no longer produces an exec jar — its POM has no spring-boot-maven-plugin repackage execution.

Step 4a: update your launch command — direct jar

Old (5.1.3):

java \
  -Dactiveviam.chunkAllocatorClass=com.qfs.chunk.direct.allocator.impl.MmapDirectChunkAllocator \
  --add-opens java.base/java.util.concurrent=ALL-UNNAMED \
  -jar cvarc-starter/target/cvarc-starter-5.1.3-exec.jar \
  --content-service.db.url='jdbc:h2:file:./content_service;DB_CLOSE_DELAY=-1' \
  --contentServer.factory-reset=folder \
  --contentServer.factory-reset.folder-name=file:./bookmarks

New (6.0.0):

java \
  -Xms1024m -Xmx2048m -Xss5m \
  -Dactiveviam.chunkAllocatorKey=mmap \
  --add-opens=java.base/java.util.concurrent=ALL-UNNAMED \
  --add-opens=java.base/java.util=ALL-UNNAMED \
  -jar cvarc-application/target/cvarc-application-6.0.0-SNAPSHOT-exec.jar \
  --contentServer.factory-reset=folder \
  --contentServer.factory-reset.folder-name=file:./bookmarks \
  --csv.topic.path=./data-samples/data

Key differences:

Jar path and name change to cvarc-application/target/cvarc-application-6.0.0-SNAPSHOT-exec.jar.
chunkAllocatorClass=…MmapDirectChunkAllocator → chunkAllocatorKey=mmap.
--add-opens=java.base/java.util=ALL-UNNAMED is a new required flag.
--content-service.db.url=… is no longer needed — now configured in application.yml.
--csv.topic.path is new, pointing the Data Load Controller at the CSV samples directory.
Spring Boot context path moves from /cvarc-starter to /cvarc-application. Update any client or proxy pointing at the old path.

Step 4b: update your launch command — Docker

The Dockerfile has moved from cvarc-starter/Dockerfile to cvarc-application/Dockerfile. The new Dockerfile already has the updated chunk-allocator flag, so no launch-command changes are needed beyond using the new image. Before building, pre-copy the files the Dockerfile expects:

# pre-copy the data the Dockerfile expects
cp -r cvarc-application-tests/src/test/resources/data-samples cvarc-application/src/test/resources/
cp -r bookmarks cvarc-application/src/main/resources/

# build and run
docker build -t cvarc:6.0.0 cvarc-application/
docker run --rm -p 9090:9090 cvarc:6.0.0

A direct docker build cvarc-application/ without the pre-copy step will fail. The same pre-copy pattern existed for 5.1.3, but the source paths are different.

Step 5: update external file references

The repo-root bookmarks/ directory contents have not changed between 5.1.3 and 6.0.0. data-samples/ moves from cvarc-starter/data-samples/ to cvarc-application/data-samples/, with unchanged contents. If --contentServer.factory-reset.folder-name, --csv.topic.path, or any CI/Docker mount points at one of these directories, update the path or symlink. See Path C step 6 for the full list of fixture relocations, including the removed cvarc-isda-tests/content_service.mv.db and the property-files move.

Path B — light customization (single @Configuration)

This path is for users who maintain one isolated @Configuration class wired into the application via a single @Import(MyCustomConfig.class) line on ApplicationConfig. Everything else is stock. Follow this path only if all of these are true:

The custom file is a single @Configuration class with @Bean methods, wired by exactly one @Import(...) line on 5.1.3’s ApplicationConfig.
It does not extend, subclass, or override any of the configs deleted from cvarc-common or cvarc-starter — including all *Tracing* (BraveTracingConfig, TracingConfig, TracingRestServiceConfig), *Monitoring* and ActiveMonitor* (JmxMonitoringConfig, MonitoringRestServicesConfig, ApplicationMonitoringConfig, ActiveMonitorSupportConfig), *CsvSourceConfig, DataLoadControllerConfig, DatastoreConfig, LimitsIntegration, JwtAuthenticationConfigurer, CorsConfig, WhatIfConfig (cvarc-common), WhatIfRestServices, CVARCWhatIfSecurityManager, DoctorPivotConfig, CVAI18nConfig, and I18nConfig. See Step 5 for the full list with replacement guidance.
It does not customize util.ReferenceLevelUtils (deleted with no upstream replacement). Other ReferenceLevel* types moved upstream to com.activeviam.accelerator.common.{context,postprocessor}.* — Path A still applies if you’re comfortable doing the import rename.
JDK 21 runtime is acceptable.

If any of those conditions does not hold, follow Path C instead.

Step 1: check out the 6.0.0 tree — do not forward-port

Check out 6.0.0 cleanly. Do not forward-port the 5.1.3 working copy. Starting from the clean 6.0.0 tree is cheaper because:

The parent POM jumps from common-parent-pom 1.2.0 to 2.5.0, which retunes the entire dependency graph (Tomcat 9 → 11, slf4j 1.7 → 2.0, logback 1.2 → 1.5, Jakarta servlet API).
The module list reshapes: cvarc-common splits into cvarc-common-lib + cvarc-common-config; cvarc-ba-activepivot → cvarc-ba-config; cvarc-sa-activepivot → cvarc-sa-config; cvarc-starter is demoted from executable to auto-config library; the new cvarc-application module owns the executable plus the main ApplicationConfig. Replaying these renames over a 5.1.3 checkout is more work than dropping one file into the new tree.
The @Import graph is now centered on cvarc-application/.../cfg/ApplicationConfig.java with about 25 entries (down from ~50 in 5.1.3), because the deleted configs are now provided transitively by the Atoti Spring Boot starters. The entry point moved from CVAWebApplication (@Configuration @EnableAutoConfiguration @EnableWebMvc, hand-rolling several DispatcherServlet/Filter/ServletContextInitializer beans) to CVARCApplication (@SpringBootApplication @EnableWebMvc; those beans are gone).

Step 2: move the custom file

From (5.1.3)	To (6.0.0)
`cvarc-starter/src/main/java/<your-package>/MyCustomConfig.java`	`cvarc-application/src/main/java/<your-package>/MyCustomConfig.java`

The new ApplicationConfig lives at cvarc-application/src/main/java/com/activeviam/cvarc/application/cfg/ApplicationConfig.java. Placing the custom file in the same module avoids cross-module dependency edits. Keep the original Java package — Spring @Import is package-agnostic.

Step 3: re-wire the import

Open cvarc-application/src/main/java/com/activeviam/cvarc/application/cfg/ApplicationConfig.java and add the class to the existing @Import list:

@Import(value = {
        ParameterRetrieverConfig.class,
        DatastoreCustomisationsConfig.class,
        SecurityConfig.class,
        // …
        ActivePivotWithDatastoreConfig.class,

        MyCustomConfig.class,        // <-- add this line
})

Add the corresponding import <your-package>.MyCustomConfig; at the top of the file. Do not add it to CVARCApplication — CVARCApplication only @Imports ApplicationConfig, exactly as 5.1.3’s CVAWebApplication only imported ApplicationConfig.

Step 4: fix package and API changes

Run mvn -pl cvarc-application compile. The compiler errors identify exactly which symbols to rename. Drive edits from those errors — do not pre-emptively rewrite anything that still resolves. The renames most likely to appear, based on the imports of the new ApplicationConfig:

Old symbol (5.1.3)	New symbol (6.0.0)
`com.qfs.server.cfg.IActivePivotConfig`	`com.activeviam.activepivot.server.spring.api.config.IActivePivotConfig`
`com.qfs.server.cfg.IDatastoreConfig` (interface returning `IDatastore`)	inject `com.activeviam.database.datastore.api.IDatastore` directly
`com.qfs.server.cfg.impl.ActivePivotWithDatastoreConfig`	`com.activeviam.cvarc.common.ref.cfg.impl.ActivePivotWithDatastoreConfig` (in `cvarc-common-config`)
`com.qfs.server.cfg.impl.DatabaseRestServicesConfig`	`com.activeviam.activepivot.server.spring.private_.config.impl.DatabaseRestServicesConfig`
`com.quartetfs.fwk.Registry`	`com.activeviam.tech.core.api.registry.Registry`
`Registry.setContributionProvider(new ClasspathContributionProvider(...))`	`Registry.initialize(Registry.RegistryContributions.builder().build())`
`com.qfs.agg.impl.SumFunction`	`com.activeviam.tech.aggregation.internal.impl.SumFunction`
`com.quartetfs.fwk.monitoring.jmx.impl.JMXEnabler`	`com.activeviam.web.spring.internal.JMXEnabler`
`com.activeviam.cvarc.common.context.impl.ReferenceLevelTranslator`	`com.activeviam.accelerator.common.context.impl.ReferenceLevelTranslator` (moved upstream)
`ReferenceLevelTranslator.KEY`	`ReferenceLevelTranslator.TRANSLATOR_KEY`
`javax.servlet.*`	`jakarta.servlet.*`
`import brave.Tracing;`	gone — use `io.opentelemetry.api.GlobalOpenTelemetry.getTracer(...)` if a tracer is actually needed
`org.springframework.boot.autoconfigure.EnableAutoConfiguration`	not needed at customization sites; `@SpringBootApplication` on `CVARCApplication` covers it

For any com.qfs.* or com.quartetfs.* types not listed above, search them in the 6.0.0 tree (grep -r 'class TypeName' .) before guessing. The Atoti Server 6.1.19 reorganization moved most types from com.qfs/com.quartetfs to com.activeviam.{tech,activepivot,database,web}.*.

Step 5: remove or replace references to deleted configs

Remove any references to the following, if they appear in the custom file. For replacement details (where the behavior now lives, what to redesign against), see Path C bucket D.

Tracing — BraveTracingConfig, TracingConfig, TracingRestServiceConfig, brave.Tracing.
JMX / monitoring — JmxMonitoringConfig, MonitoringRestServicesConfig, ApplicationMonitoringConfig.
ActiveMonitor — ActiveMonitorSupportConfig, the ActiveMonitor stack (activemonitor-activepivot-impl, repository-activepivot, apm), and activemonitor-support.properties.
CSV sources — Ba{Aws,Azure,Google,}CsvSourceConfig, Sa{Aws,Azure,Google,}CsvSourceConfig, Shared{Aws,Azure,Google,}CsvSourceConfig, Crif{,Azure}CsvSourceConfig, CommonCloudSourceConfig, and the ACsvSourceConfig family.
Data load — DataLoadControllerConfig, InitialDataLoadConfig (the first is gone; the second is reshaped under cvarc-starter/.../cfg/impl/dlc/).
Security — JwtAuthenticationConfigurer and CorsConfig are deleted outright; CORS is now config-driven. All other security classes have relocated from cvarc-starter/.../security/ to cvarc-application/.../security/ with the same class names.
What-If — WhatIfConfig (cvarc-common copy), WhatIfRestServices. Controllers (StressedSensitivityWhatIfRestController, ParameterSetRestServiceController, TradeRescaleRestServiceController) relocated to cvarc-application/.../whatif/ with the same names.
Limits — LimitsIntegration. The new limits-auto-config-61 starter is auto-wired but disabled by default; set limits.autoconfiguration.enabled=true if the customization relied on it.
DoctorPivot — DoctorPivotConfig, doctorpivot-api, doctorpivot-web-app.
i18n — CVAI18nConfig, I18nConfig, CVARCWhatIfSecurityManager.
ReferenceLevel context-value chain — IReferenceLevelContextVal, ReferenceLevelContextVal, ReferenceLevelVisualTotalsModeContextVal, ReferenceLevelVisualTotalsModeTranslator, postprocessor.ReferenceLevelLocationShift. Moved upstream to com.activeviam.accelerator.common.{context,postprocessor}.* — see Bucket C for the import rename. util.ReferenceLevelUtils was deleted with no replacement; see Bucket D.

Step 6: update the POM (only if the custom file lives in a sibling module)

If the custom file was moved into cvarc-application in step 2, the POM does not need to change. Skip this section. If the customization instead lives in a sibling module:

Inherit from <artifactId>cvarc</artifactId> <version>6.0.0-SNAPSHOT</version> parent (no version on dependencies; let the parent BOM manage them).
Add cvarc-common-lib, cvarc-common-config, and cvarc-starter as compile dependencies if the customization needs constants or configs from them.
Remove these old artifacts if the module POM declares them: com.activeviam.io:data-connectors-{csv,jdbc,aws,azure,gcp}, com.activeviam.activemonitor:*, com.activeviam.apm:apm, com.activeviam.apps:whatif, com.activeviam.apps:cvarc-{ba,sa}-core, org.springframework.cloud:spring-cloud-{starter-sleuth,sleuth-zipkin}, io.zipkin.brave:brave-instrumentation-spring-webmvc, com.activeviam.apps:doctorpivot-{api,web-app}, org.junit:junit-bom, com.activeviam.activepivot:activepivot-test.
Switch any javax.servlet:javax.servlet-api to jakarta.servlet:jakarta.servlet-api (scope provided).

Step 7: update the Dockerfile (only if a custom Dockerfile is maintained)

The shipped Dockerfile moves from cvarc-starter/Dockerfile to cvarc-application/Dockerfile. For a forked Dockerfile, apply the JVM flag changes from Java 21 upgrade and the full Dockerfile diff from Docker configuration. Update any reverse proxy or client referencing the old /cvarc-starter context path; it is now /cvarc-application.

Step 8: build and smoke-test

mvn -DskipTests clean install
java -jar cvarc-application/target/cvarc-application-6.0.0-SNAPSHOT-exec.jar

Common startup failures and which step resolves each:

Startup symptom	Root cause and step
`requireJavaVersion ... required is 21`	Install JDK 21 (step 1)
`cannot find symbol class IActivePivotConfig` / `class Registry` / `class SumFunction`	Step 4 rename not applied
`BeanDefinitionStoreException: Failed to import class ... XxxConfig` for any name in the step 5 list	Step 5 cleanup not done
`NoClassDefFoundError: javax/servlet/...`	`jakarta.servlet` swap missed (step 4 or step 6)
`IllegalStateException: cannot find ApplicationConfig in @Import`	Import was added to `CVARCApplication` instead of `ApplicationConfig` (step 3)
`HTTP 404 at /cvarc-starter/...`	Context path is `/cvarc-application` now (step 7)

Path C — heavy customization (multi-module edits)

This path is for users who have spent significant time editing 5.1.3 source files in place — multiple modified @Configuration classes across cvarc-common, cvarc-starter, cvarc-sa-activepivot, cvarc-ba-activepivot, possibly inline tweaks to listeners, publishers, post-processors, and security wiring. The critical risk for heavy customizers is misreading the removed-class list. About half of the classes that appear “deleted” were relocated to upstream binary dependencies and still appear in 6.0.0’s @Import block. Treating them as deletions and redesigning wastes weeks. Treating them as overrideable bean seams using @ConditionalOnMissingBean takes hours. The first job is to bucket every customized file before touching code. Assume JDK 21, Jakarta servlet, parent-POM bumps, Brave → OpenTelemetry, and the cvarc-starter → cvarc-application split as known background from Paths A and B.

Step 0: capture customizations as a patch set

Before opening 6.0.0, run this against a pristine 5.1.3 checkout:

git -C 5.1.3-clean checkout v5.1.3
diff -ruN 5.1.3-clean/ your-5.1.3-checkout/ > customizations.patch

Then split customizations.patch per file — one hunk per modified Java class. This is the input to the bucket triage in step 2. Without it, hunks will be misclassified and the same file merged twice.

Step 1: start from a clean 6.0.0 checkout

Do not rebase 5.1.3 onto 6.0.0. Module renames, the com.qfs.*/com.quartetfs.* → com.activeviam.* mass rename, and the parent-POM 1.2.0 → 2.5.0 jump make a backward merge strictly more expensive than a clean-tree replay.

git checkout v6.0.0
mvn -version   # must report Java 21

Step 2: bucket every customized file

For each entry in the patch set, classify into one of four buckets:

Bucket	Definition	Action
A	The class still exists in 6.0.0 source at the same Java package (module may differ).	3-way merge: base = 5.1.3 file, mine = 5.1.3 + patch, theirs = 6.0.0 file.
B	Class exists in 6.0.0 source but at a different package or module, or has been split.	Find its 6.0.0 home in the tables below; port the hunk by hand.
C	Class is no longer in 6.0.0 source but is referenced from 6.0.0 `@Import` blocks — it now lives in an upstream binary dependency.	Keep the customization as an overlay: subclass and override beans, or use `@ConditionalOnMissingBean` to replace the upstream bean. Never re-vendor.
D	Class is gone and not referenced anywhere in 6.0.0 — its subsystem was rewritten.	Redesign against the new API.

The volume distribution from this codebase is roughly A > B > C > D, but D is the bucket that absorbs the most calendar time per file.

Bucket A — same package path, possibly new module

Apply hunks unchanged (package declarations are identical). Module homes:

Old module	New module	Representative files
`cvarc-common`	`cvarc-common-lib`	`common.constants.` (6 files), `common.measures.IncrementalMeasureDTO`, `common.parameter.impl.CVARCParameter` (3 files), `common.postprocessor.impl.{AggregateCapitalCharge, DifferentialPostProcessor, SumNetty}`, `common.ref.cfg.impl.{ATuplePublisher, CalculationUtils, CrifFileConstants, CrifTuplePublisher, FxRatesTuplePublisher, MeasureDescription, TuplePublisherException}`, `common.source.CrifAsofDateColumnCalculator`, `common.util.*`
`cvarc-sa-activepivot`	`cvarc-sa-config`	`sa.ref.cfg.impl.{CombinedCubeMeasureBuilder, DatabaseServiceConfig, DatastoreRestStoresSecurityConfig, DistributionConfig, SACubeDimensionsConfig, SADatastoreModelConfig, SAMeasureBuilder}`, `sa.ref.source.`, `sa.ref.utils.`
`cvarc-ba-activepivot`	`cvarc-ba-config`	`ba.ref.cfg.impl.{BACubeDimensionConfig, BADatastoreModelConfig, BAMeasureBuilder}`, `ba.ref.source.*`, `ba.ref.utils.NettingSetUtils`
`cvarc-starter`	`cvarc-starter`	`starter.cfg.impl.{ApplicationMonitoringConfig, BACubeConfig, BASchema, CVARCCatalog, CVARCCubeConfig, CVARCDataLoadRestController, DatastoreCustomisationsConfig, FxRatesServiceConfig, InterpolatorConfig, MessengerDefinitionConfig, MonitorConfig, OlapModelConfig, SACubeConfig, SASchema}`

Bucket B — same code, new home

Old (5.1.3)	New (6.0.0)
`cvarc-common/.../ref/cfg/impl/{CookieUtil, LocalContentServiceConfig, RemoteContentServiceConfig}`	`cvarc-common-config/.../ref/cfg/impl/...` (same Java package)
`cvarc-common/.../ref/whatif/cfg/StressedSensitivityWhatIfServiceConfig`	`cvarc-common-config/.../ref/whatif/cfg/...`
`cvarc-common/.../ref/whatif/service/stressedSensitivities/StressedSensitivityWhatIfService`	`cvarc-common-config/.../ref/whatif/service/stressedSensitivities/...`
`cvarc-common/.../ref/whatif/service/ParameterSetRestServiceController`	`cvarc-application/.../whatif/ParameterSetRestServiceController`
`cvarc-common/.../ref/whatif/service/stressedSensitivities/StressedSensitivityWhatIfRestController`	`cvarc-application/.../whatif/StressedSensitivityWhatIfRestController`
`cvarc-starter/.../whatif/TradeRescaleRestServiceController`, `WhatIfRestServices`	`cvarc-application/.../whatif/TradeRescaleRestServiceController` (`WhatIfRestServices` absorbed by `atoti-what-if-spring-boot-starter`)
`cvarc-common/.../ref/whatif/simulations/{TradeDuplicateSimulationDefinition, TradeScalingSimulationDefinition}`	`cvarc-common-config/.../ref/whatif/rest/...`
`cvarc-common/.../ref/whatif/simulations/TradeRescaleDTO`	`cvarc-common-lib/.../ref/whatif/rest/TradeRescaleDTO`
`cvarc-common/.../ref/whatif/submitter/ParameterSetSimulationDefinition`	`cvarc-common-config/.../ref/whatif/submitter/ParameterSetSimulationDefinition`
`cvarc-starter/.../starter/CVAWebApplication`	`cvarc-application/.../application/CVARCApplication` (renamed; switched from `@Configuration @EnableAutoConfiguration` to `@SpringBootApplication`; hand-rolled `DispatcherServletRegistrationBean` / `FilterRegistrationBean<ContextValueFilter>` / `ServletContextInitializer` beans deleted)
`cvarc-starter/.../starter/cfg/impl/ApplicationConfig`	`cvarc-application/.../application/cfg/ApplicationConfig`
`cvarc-starter/.../starter/cfg/impl/{EnvJsResourceResolver, StaticResourcesHandler}`	`cvarc-application/.../application/cfg/...`
`cvarc-starter/.../starter/cfg/impl/security/*` (all classes)	`cvarc-application/.../application/security/*` (`JwtAuthenticationConfigurer` and `CorsConfig` deleted outright)
`cvarc-starter/.../starter/cfg/impl/AggregateProviderConfig`	`cvarc-starter/.../starter/cfg/impl/AggregateProviderConfiguration` (renamed)
`cvarc-starter/.../starter/cfg/impl/InitialDataLoadConfig`, `DataLoadControllerConfig`	`cvarc-starter/.../starter/cfg/impl/dlc/InitialDataLoadConfig` (reshaped — DLC orchestration absorbs the controller config)

Bucket C — gone from source; override the upstream bean

These classes are referenced by 6.0.0’s ApplicationConfig @Import list but have no source file in the tree. They live in upstream artifacts. Do not vendor them back.

Class	Upstream package	Override mechanism
`DatabaseRestServicesConfig`	`com.activeviam.activepivot.server.spring.private_.config.impl`	`@Bean` of the same type with `@ConditionalOnMissingBean`
`JwtRestServiceConfig`	`com.activeviam.web.spring.internal.config`	Same
`VersionServicesConfig`	`com.activeviam.web.spring.internal.config`	Same
`JMXEnabler`	`com.activeviam.web.spring.internal` (was `com.quartetfs.fwk.monitoring.jmx.impl`)	Construct and expose as `@Bean`
`MaturityConverterConfig`, `IMaturityConverter`	`com.activeviam.accelerator.common.cfg.dates`	Provide own `IMaturityConverter` `@Bean`; `ApplicationConfig.startManager` takes it via parameter injection
`IInterpolator`	`com.activeviam.cvarc.sa.core.interpolation` (now upstream as `cvarc-sa-lib`)	`@Bean IInterpolator` overrides what `InterpolatorConfig` provides
`CreditQualityMapper`, `ICreditQualityMapper`	`com.activeviam.cvarc.sa.core.utils` (upstream)	`@Bean ICreditQualityMapper`
`ReferenceLevelTranslator`	`com.activeviam.accelerator.common.context.impl`	Plugin lookup key changed: `ReferenceLevelTranslator.KEY` → `ReferenceLevelTranslator.TRANSLATOR_KEY`. The autowire pattern via `Registry.getPlugin(IContextValueTranslator.class)` is preserved in the new `ApplicationConfig`.
`IReferenceLevelContextVal`, `ReferenceLevelContextVal`, `IReferenceLevelVisualTotalsModeContextVal`, `ReferenceLevelVisualTotalsModeContextVal`, `ReferenceLevelVisualTotalsModeTranslator`	`com.activeviam.accelerator.common.context{,.impl}`	Update imports — API preserved.
`ReferenceLevelLocationShift`	`com.activeviam.accelerator.common.postprocessor.impl`	Update import — API preserved. (`ReferenceLevelLocationShiftLight` is a new sibling variant in the same package.)
`IActivePivotConfig`, `IActivePivotContentServiceConfig`	`com.activeviam.activepivot.server.spring.api.config`	Inject the new types
`DynamicActivePivotManagerMBean`	`com.activeviam.activepivot.server.impl.private_.observability`	New package
`DynamicActivePivotContentServiceMBean`	`com.activeviam.activepivot.server.spring.private_.pivot.content.impl`	New package
`Registry`, `SumFunction`, `IPostProcessor`, `IContextValueTranslator`, `IMultiVersionDataActivePivot`, `IDistributedMessenger`, `IDistributedSecurityManager`	`com.activeviam.{tech,activepivot}.*`	Mass rename — see step 3

The new ApplicationConfig.startManager carries @ConditionalOnMissingBean(name = "startManager") and InitialDataLoadConfig carries the same annotation. The framework explicitly invites bean replacement via this mechanism.

Bucket D — redesign against the new API

These are the same subsystems flagged as a removal checklist in Path B step 5; the table below adds the redesign target for each.

Old subsystem	What to redesign against
`util.ReferenceLevelUtils`	Deleted with no upstream counterpart. Inline the helper at call sites, or redesign on the upstream `IContextValueTranslator` SPI.
`BraveTracingConfig`, `TracingConfig`, `TracingRestServiceConfig`, `brave.Tracing` autowire	Replace with `OpenTelemetryTracingConfig` (`cvarc-common-config`) + `io.opentelemetry.api.GlobalOpenTelemetry.getTracer(...).spanBuilder(...).startSpan()`. The `@DependsOn(TracingConfig.TRACING_BEAN)` pattern from 5.1.3’s `ApplicationConfig` is gone in 6.0.0.
`JmxMonitoringConfig`, `MonitoringRestServicesConfig`, `ApplicationMonitoringConfig`	Spring Boot Actuator (`management.endpoints.web.exposure.include: "*"` is preset in `application.yml`). Custom MBeans must be re-registered via `@Bean JMXEnabler`.
`ActiveMonitorSupportConfig`, `apm`, `activemonitor-activepivot-impl`, `repository-activepivot`, `activemonitor-support.properties`	No in-tree replacement. Drop entirely.
`Sa/Ba/Shared/Crif{,Aws,Azure,Google}CsvSourceConfig`, `ABaCsvSourceConfig`, `ASaCsvSourceConfig`, `ASharedCsvSourceConfig`, `ACrifCsvSourceConfig`, `ACsvSourceConfig`, `CommonCloudSourceConfig`	Data Load Controller. New seams: `cvarc-starter/.../cfg/impl/dlc/{BASourceDescription, SASourceDescription, SharedSourceDescription, CvaDlcConfig, AliasesDescriptionConfig, CsvSourceDatasetConfigurationProperties, DlcConstants, SourceTopicAliasesConfig, TargetDescriptionsConfig}` plus profile YAMLs `application-dlc-{local,azure}-csv.yaml`. Custom column transforms move from per-class Java to `CsvSourceDatasetConfigurationProperties`.
`WhatIfConfig` (cvarc-common — distinct from the new `cvarc-application/whatif/WhatIfConfig`)	`atoti-what-if-spring-boot-starter` plus `cvarc-application/whatif/{WhatIfConfig, WhatIfHibernateProperties, WhatIfFileUploadProperties, BranchNameValidator}` and the new `whatif/distributed/*` package. Custom simulations should subclass `FileUploadSimulationDefinition` / `ParameterSetSimulationDefinition` rather than fork the old `StressedSensitivityWhatIfSubmitter` (deleted).
`LimitsIntegration`, `limits-auto-config-ap60` (`com.activeviam.limits`)	`limits-auto-config-61:4.2.1` (`com.activeviam.solutions.limits`), disabled by default. Re-enable with `limits.autoconfiguration.enabled=true`. Custom limit rules need to be re-expressed against the 4.x API.
`DoctorPivotConfig`, `doctorpivot-{api,web-app}`	Deleted, no replacement.
`CVAI18nConfig`, `I18nConfig`	Auto-config. Drop.

Step 3: run the global find-and-replace for cross-cutting renames

Run these after moving files and before attempting to compile. The Atoti Server 6.1.19 reorganization flips practically every framework import.

Find (regex-friendly)	Replace
`com\.qfs\.server\.cfg\.IActivePivotConfig`	`com.activeviam.activepivot.server.spring.api.config.IActivePivotConfig`
`com\.qfs\.server\.cfg\.content\.IActivePivotContentServiceConfig`	`com.activeviam.activepivot.server.spring.api.config.IActivePivotContentServiceConfig`
`com\.qfs\.server\.cfg\.impl\.DatabaseRestServicesConfig`	`com.activeviam.activepivot.server.spring.private_.config.impl.DatabaseRestServicesConfig`
`com\.qfs\.server\.cfg\.impl\.ActivePivotWithDatastoreConfig`	`com.activeviam.cvarc.common.ref.cfg.impl.ActivePivotWithDatastoreConfig`
`com\.qfs\.server\.cfg\.IDatastoreConfig`	drop interface; inject `com.activeviam.database.datastore.api.IDatastore` directly
`com\.qfs\.pivot\.content\.impl\.DynamicActivePivotContentServiceMBean`	`com.activeviam.activepivot.server.spring.private_.pivot.content.impl.DynamicActivePivotContentServiceMBean`
`com\.qfs\.pivot\.impl\.MultiVersionDataActivePivot`	`com.activeviam.activepivot.dist.impl.api.cube.IMultiVersionDataActivePivot`
`com\.qfs\.agg\.impl\.SumFunction`	`com.activeviam.tech.aggregation.internal.impl.SumFunction`
`com\.quartetfs\.biz\.pivot\.IActivePivotManager`	`com.activeviam.activepivot.server.spring.api.config.IActivePivotConfig#activePivotManager()`
`com\.quartetfs\.biz\.pivot\.context\.IContextValueTranslator`	`com.activeviam.activepivot.core.intf.api.contextvalues.IContextValueTranslator`
`com\.quartetfs\.biz\.pivot\.monitoring\.impl\.DynamicActivePivotManagerMBean`	`com.activeviam.activepivot.server.impl.private_.observability.DynamicActivePivotManagerMBean`
`com\.quartetfs\.biz\.pivot\.postprocessing\.IPostProcessor`	`com.activeviam.activepivot.core.intf.api.postprocessing.IPostProcessor`
`com\.quartetfs\.fwk\.Registry`	`com.activeviam.tech.core.api.registry.Registry`
`Registry\.setContributionProvider\(new ClasspathContributionProvider\([^)]*\)\)`	`Registry.initialize(Registry.RegistryContributions.builder().build())`
`com\.quartetfs\.fwk\.monitoring\.jmx\.impl\.JMXEnabler`	`com.activeviam.web.spring.internal.JMXEnabler`
`com\.quartetfs\.fwk\.contributions\.impl\.ClasspathContributionProvider`	delete (unused with the new `Registry.initialize` form)
`com\.activeviam\.cvarc\.common\.context\.impl\.ReferenceLevelTranslator`	`com.activeviam.accelerator.common.context.impl.ReferenceLevelTranslator`
`ReferenceLevelTranslator\.KEY\b`	`ReferenceLevelTranslator.TRANSLATOR_KEY`
`com\.qfs\.pivot\.tracing\.TracingConfig`	delete (`OpenTelemetryTracingConfig` handles this)
`import brave\.Tracing;`	delete; replace usages with `io.opentelemetry.api.GlobalOpenTelemetry.getTracer(...)`
`javax\.servlet\.`	`jakarta.servlet.` (also swap `javax.servlet:javax.servlet-api` → `jakarta.servlet:jakarta.servlet-api` in POMs)
`com\.activeviam\.io:data-connectors-(csv\|aws\|azure\|gcp\|jdbc)` (POM)	`com.activeviam.source:{csv-source,cloud-source-aws,cloud-source-azure,cloud-source-google}`; for jdbc, drop
`com\.activeviam\.apps:whatif` (POM)	`com.activeviam.apps:atoti-what-if-{lib,spring-boot-starter}`
`com\.activeviam\.apps:cvarc-(ba\|sa)-core` (POM)	`cvarc-{ba,sa}-lib`
`com\.activeviam\.limits` (groupId, POM)	`com.activeviam.solutions.limits`; artifact `limits-auto-config-ap60` → `limits-auto-config-61`

Once done, run:

mvn -DskipTests -pl cvarc-common-lib,cvarc-common-config,cvarc-ba-config,cvarc-sa-config,cvarc-starter,cvarc-application compile

Let the compiler drive the long tail of remaining renames.

Step 4: re-wire `@Import` and the bootstrap class

The new cvarc-application/.../application/cfg/ApplicationConfig.java carries 25 imports versus 5.1.3’s ~50. The deletions are replaced by starter auto-config. Add custom @Configuration classes to that block — do not add them to CVARCApplication, which only @Imports ApplicationConfig. The new CVARCApplication is @SpringBootApplication @EnableWebMvc @Import({ApplicationConfig.class}). The 5.1.3 CVAWebApplication carried hand-rolled DispatcherServletRegistrationBean, FilterRegistrationBean<ContextValueFilter>, and ServletContextInitializer beans — all deleted. Spring Boot’s auto-wiring covers the equivalent. Port the intent to a Spring Boot property or starter customizer; do not reintroduce the beans. The

static { Registry.setContributionProvider(new ClasspathContributionProvider("com.activeviam.apm","com.activeviam","com.quartetfs","com.qfs")); }

block in 5.1.3’s ApplicationConfig is replaced by static { Registry.initialize(Registry.RegistryContributions.builder().build()); } — the explicit package list is gone. If the customization added contribution packages, wire them through the new RegistryContributions.builder() API.

Step 5: POM, Dockerfile, and runtime flags

Pin nothing. The 6.0.0 parent POM (common-parent-pom:2.5.0) plus common-dependencies-bom:2.5.0 manage versions. Explicit versions in customized POMs cause divergence with the Atoti BOM. If a 5.1.3 customization pinned dataconnectors.version, solutions-tools-bom.version, regression-testing.version, or junit-bom, delete the pin.
The new cvarc-starter/pom.xml has no spring-boot-maven-plugin repackage execution. The repackage moved to cvarc-application/pom.xml. Customizations that ran the build via cvarc-starter/target/*-exec.jar must repoint at cvarc-application/target/cvarc-application-6.0.0-SNAPSHOT-exec.jar.
Apply the Hibernate group-ID change (org.hibernate → org.hibernate.orm) in any module POM that pulls Hibernate directly.
Replace AtotiAuthToken with SharedSecretAuthToken in any custom JGroups protocol XML — see JGroups protocol files.
Apply the JVM flag changes from Java 21 upgrade and the full Dockerfile diff from Docker configuration. Servlet context-path moves from /cvarc-starter to /cvarc-application.

Step 6: data samples and external fixtures

bookmarks/ (repo root) contents are unchanged between releases. data-samples/ moves from cvarc-starter/data-samples/ to cvarc-application/data-samples/, with unchanged contents. The committed H2 file cvarc-isda-tests/content_service.mv.db is removed in 6.0.0; if the test rig depended on it, regenerate at test setup. Property files relocate from cvarc-starter/src/main/resources/properties/ to cvarc-application/src/main/resources/properties/; activemonitor-support.properties is dropped.

Step 7: build, validate, and debug

mvn -DskipTests clean install
java -jar cvarc-application/target/cvarc-application-6.0.0-SNAPSHOT-exec.jar

Startup symptom	Bucket the customization likely failed in
`cannot find symbol class IActivePivotConfig` / `Registry` / `SumFunction` / `JMXEnabler`	Step 3 cross-cutting rename incomplete
`package com.qfs.* does not exist`	Step 3 cross-cutting rename incomplete
`package javax.servlet does not exist`	Step 3 Jakarta swap missed
`BeanDefinitionStoreException: Failed to import class XxxCsvSourceConfig` / `BraveTracingConfig` / `JmxMonitoringConfig` / `LimitsIntegration`	Bucket D — subsystem rewrite; drop the `@Import` and redesign
`NoSuchMethodError: ReferenceLevelTranslator.KEY`	Bucket C — step 3 missed `KEY` → `TRANSLATOR_KEY`
Two beans of type `IMaturityConverter` / `IInterpolator` / `IActivePivotConfig`	Bucket C override conflict — add `@ConditionalOnMissingBean` on your bean, or remove the duplicate `@Import`
`BeanCurrentlyInCreationException: startManager`	Bucket C — `@Bean startManager` lacks `@ConditionalOnMissingBean(name = "startManager")`
`404 at /cvarc-starter/...`	Step 5 — context path is `/cvarc-application`
`IllegalArgumentException: chunkAllocatorClass` at startup	Step 5 — flag rename to `chunkAllocatorKey=mmap`
Pivot manager never finishes initial load	Bucket B (What-If/DLC port incomplete) or Bucket D (CSV source descriptions missing)

Effort budget — Bucket A: minutes per file (3-way merge). Bucket B: 15–60 min per file (port hunk to new module/path). Bucket C: 30 min–2 h per file (write override, verify upstream API). Bucket D: 1–5 days per subsystem (genuine redesign). Tracing, ActiveMonitor, CSV → DLC, and What-If together account for almost all Bucket D calendar time. Posture shift — stop editing upstream classes in place. The 6.0.0 stack is built around starter auto-config plus @ConditionalOnMissingBean seams (visible on startManager and InitialDataLoadConfig). Keep customizations as a thin overlay of @Bean overrides, property files, and subclasses of BASourceDescription/SASourceDescription/FileUploadSimulationDefinition. The next upgrade will be much cheaper than this one.

Reference: breaking changes by topic

The following sections provide deeper context for each breaking change area. Migration path steps link here when a specific topic needs investigation.

Complete change inventory

Every change pulled in by replacing the 5.1.3 source tree with 6.0.0, in one place. Path A applies all of these by default; Path B and Path C inherit them and add their own per-customization handling.

Area	5.1.3	6.0.0	Impact
Module layout	5 modules; `cvarc-starter` is the exec	8 modules; `cvarc-application` is the exec, `cvarc-starter` is an auto-config library	Build artifact path/name changes; nothing else
Project version	`5.1.3` (release)	`6.0.0-SNAPSHOT`	None
Parent POM	`common-parent-pom:1.2.0`	`common-parent-pom:2.5.0`	Pulled transitively
Language/runtime	Java 17 (enforced)	Java 21 (enforced)	Must install/select JDK 21
Core framework	ActivePivot 6.0.9	Atoti Server 6.1.19	None — wired transitively
Embedded servlet	Tomcat 9.0.74	Tomcat 11.0.6	None
Servlet API	`javax.servlet:javax.servlet-api`	`jakarta.servlet:jakarta.servlet-api`	None
Hibernate	`org.hibernate:hibernate-c3p0`	`org.hibernate.orm:hibernate-c3p0`	None
Logging	SLF4J 1.7.30, Logback 1.2.13	SLF4J 2.0.17, Logback 1.5.18	None
Chunk allocator flag	`-Dactiveviam.chunkAllocatorClass=…MmapDirectChunkAllocator`	`-Dactiveviam.chunkAllocatorKey=mmap`	Must change for direct-jar launch
add-opens	`--add-opens java.base/java.util.concurrent=ALL-UNNAMED`	Plus `--add-opens=java.base/java.util=ALL-UNNAMED`	New flag required for direct-jar launch
H2 URL flag	`--content-service.db.url=jdbc:h2:file:./content_service;DB_CLOSE_DELAY=-1`	Configured in `application.yml`	Drop the flag
Context path	`/cvarc-starter`	`/cvarc-application`	Update clients/proxies pointing at the old path
Data sources	`com.activeviam.io:data-connectors-{csv,jdbc,aws,azure,gcp}`	`com.activeviam.source:{csv-source,cloud-source-*}` + `data-load-controller`	None — local CSV is the default profile
Per-cloud CSV configs	Hand-written `Ba/Sa/Shared/Crif*CsvSourceConfig` classes (~15 files)	DLC config package `cvarc-starter/cfg/impl/dlc/` driven by Spring profiles	Preserved by `local` profile / default `csv-source.type: local`; new `--csv.topic.path` flag
Tracing	spring-cloud-sleuth 3.1.3 + zipkin-brave 5.13.9	OpenTelemetry 1.43.0 + Spring Boot starter	None — toggled via `tracing.enabled: true` in `application.yml`
Spring Boot starters	None — manual wiring	`atoti-server-starter`, `atoti-ui-starter`, `atoti-admin-ui-starter`, `atoti-what-if-spring-boot-starter`, `bookmark-tool`	Replaces deleted hand-written configs
Swagger UI	Disabled (`springdoc.swagger-ui.enabled: false`)	Enabled	Swagger UI is now reachable; disable in your own override if needed
What-If	`whatif:2.1.6-AS6.0`	`atoti-what-if-lib:5.0.0-AS6.1` + spring-boot-starter	None — same default endpoints work
Limits	`limits-auto-config-ap60:3.0.0` (enabled by default)	`limits-auto-config-61:4.2.1` (disabled by default, `limits.autoconfiguration.enabled: false`)	If you relied on Limits, set `limits.autoconfiguration.enabled=true` in your override
Common Accelerator Library	1.15.0-AS6.0	2.1.15-AS6.1	None
Application bootstrap	`com.activeviam.cvarc.starter.CVAWebApplication`	`com.activeviam.cvarc.application.CVARCApplication`	Main-class name moves with the artifact
Removed configs	`ApplicationConfig`, `BraveTracingConfig`, `DataLoadControllerConfig`, `DatastoreConfig`, `LimitsIntegration`, `JwtAuthenticationConfigurer`, `CorsConfig`, `WhatIfConfig` (cvarc-common), all `Ba/Sa/Shared/Crif*CsvSourceConfig`	Gone	None — replaced by Atoti Spring Boot starters and DLC
Removed monitoring stack	ActiveMonitor, APM, DoctorPivot	Not present	None — health endpoints now via Spring Boot Actuator
Properties/YAML location	`cvarc-starter/src/main/resources/`	`cvarc-application/src/main/resources/`	None
Data samples	`cvarc-starter/data-samples/{stage,whatif}`	`cvarc-application/data-samples/{stage,whatif}`	Byte-identical, only the parent module changes
Dockerfile	`cvarc-starter/Dockerfile`, `FROM eclipse-temurin:17`, old chunk-allocator flag	`cvarc-application/Dockerfile`, `FROM eclipse-temurin:21`, `chunkAllocatorKey=mmap`	Build context moves to `cvarc-application/`; H2 URL flag dropped

Net effect: 6.0.0 moves from a hand-wired ActivePivot 6.0 / Sleuth+Brave / Java 17 / Tomcat 9 stack to an Atoti 6.1 / Spring Boot starter / OpenTelemetry / Java 21 / Tomcat 11 stack. The deleted @Configuration classes are not a regression: their behavior is replicated by the new starters and the DLC local profile, all activated by the default application.yml shipped under cvarc-application/src/main/resources/.

Module rename

The Maven module structure has been reorganized. If a fork or downstream project depends on Atoti CVA Risk Capital modules, update pom.xml dependencies as follows:

Old artifact ID	New artifact ID
`cvarc-common`	`cvarc-common-lib`
(no equivalent)	`cvarc-common-config`
`cvarc-ba-core`	`cvarc-ba-lib`
`cvarc-ba-activepivot`	`cvarc-ba-config`
`cvarc-sa-core`	`cvarc-sa-lib`
`cvarc-sa-activepivot`	`cvarc-sa-config`
`cvarc-activemonitor`	(removed — no replacement)
`cvarc-starter` (old executable)	`cvarc-application`
(no equivalent)	`cvarc-starter` (new auto-config library)
(no equivalent)	`cvarc-application-tests`

Spring-context integration tests previously in cvarc-starter are now in the dedicated cvarc-application-tests module. Update CI/CD configuration if test classes are referenced by module.

Main class rename

The main Spring Boot application class has been renamed:

// Before (5.1.x)
com.activeviam.cvarc.starter.CVAWebApplication

// After (6.0.x)
com.activeviam.cvarc.application.CVARCApplication

Update references in IDE run configurations, Docker images, and deployment scripts.

Java 21 upgrade

Java 21 is now required. The POM enforces requireJavaVersion 21 and the Maven build fails immediately on the wrong JDK. Two --add-opens flags are now required at launch:

--add-opens=java.base/java.util.concurrent=ALL-UNNAMED
--add-opens=java.base/java.util=ALL-UNNAMED

The second flag (java.base/java.util) is new in 6.0.0. Both must be present for the direct-jar launch. The shipped Dockerfile already includes both.

Jakarta EE migration (javax → jakarta)

All javax.* imports have been migrated to jakarta.* as part of the Spring Boot 3 upgrade:

javax.servlet.* → jakarta.servlet.*
javax.persistence.* → jakarta.persistence.*
javax.validation.* → jakarta.validation.*

Update all affected imports in custom code. In POMs, replace javax.servlet:javax.servlet-api with jakarta.servlet:jakarta.servlet-api (scope provided).

// Before (5.1.x)
import javax.servlet.http.HttpServletRequest;
import javax.servlet.ServletContext;

// After (6.0.x)
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.ServletContext;

Spring security 6 migration

Spring Security 6.x is included as part of the Spring Boot 3 migration. The deprecated WebSecurityConfigurerAdapter has been replaced with SecurityFilterChain beans:

// Before (5.1.x)
public abstract class AJwtSecurityConfigurer extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .antMatcher(JwtRestServiceConfig.REST_API_URL_PREFIX + "/**")
            .csrf().disable()
            .cors().and()
            .authorizeRequests()
            .antMatchers("/**").hasAnyAuthority(APP_ROLE__USER)
            .and()
            .httpBasic().authenticationEntryPoint(authenticationEntryPoint);
    }
}

// After (6.0.x)
@Bean
@Order(3)
protected SecurityFilterChain jwtSecurityFilterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
    return http
        .csrf(AbstractHttpConfigurer::disable)
        .cors(Customizer.withDefaults())
        .securityMatcher(mvc.pattern(url(JwtRestServiceConfig.REST_API_URL_PREFIX + "/**")))
        .authorizeHttpRequests(auth -> auth
            .requestMatchers(mvc.pattern(HttpMethod.OPTIONS, "**")).permitAll()
            .anyRequest().hasAnyAuthority(APP_ROLE__USER))
        .httpBasic(basic -> basic.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)))
        .build();
}

A new MvcRequestMatcher.Builder bean is required:

@Bean
@Scope("prototype")
MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
    return new MvcRequestMatcher.Builder(introspector);
}

JwtAuthenticationConfigurer and CorsConfig are deleted outright in 6.0.0. CORS is now managed via configuration properties.

OpenTelemetry replaces Spring Sleuth

Spring Cloud Sleuth and Zipkin Brave have been replaced by OpenTelemetry 1.43.0. The following dependencies are added:

opentelemetry-spring-boot-starter
opentelemetry-sdk-extension-autoconfigure
opentelemetry-logback-mdc-1.0

TracingConfig (cvarc-common) and BraveTracingConfig (cvarc-starter) are replaced by OpenTelemetryTracingConfig in cvarc-common-config, already imported by the new ApplicationConfig. New configuration in application.yml:

otel:
  instrumentation:
    annotations:
      enabled: false

tracing:
  enabled: true

For span creation in custom code, replace:

// Before (5.1.x)
@Autowired
brave.Tracing tracing;
// ...
brave.Span span = tracing.tracer().nextSpan();

With:

// After (6.0.x)
var tracer = io.opentelemetry.api.GlobalOpenTelemetry.getTracer("my-instrumentation");
var span = tracer.spanBuilder("my-span").startSpan();

The @DependsOn(TracingConfig.TRACING_BEAN) pattern from 5.1.3’s ApplicationConfig is removed in 6.0.0.

DispatcherServlet configuration removal

The dispatcherServletRegistration bean has been removed from CVARCApplication. This bean registered a DispatcherServletRegistrationBean as a workaround for Spring Boot incompatibilities in previous versions of Atoti Server. This workaround is no longer needed. If a custom application class overrides or references this bean, remove the override.

Atoti Server 6.1.19 starters

The project now uses Atoti Server starters for simplified dependency management. These replace the hand-written configuration classes that were deleted in this release:

<dependency>
    <groupId>com.activeviam.springboot</groupId>
    <artifactId>atoti-server-starter</artifactId>
</dependency>
<dependency>
    <groupId>com.activeviam.springboot</groupId>
    <artifactId>atoti-ui-starter</artifactId>
</dependency>
<dependency>
    <groupId>com.activeviam.springboot</groupId>
    <artifactId>atoti-admin-ui-starter</artifactId>
</dependency>

Version management is handled by the parent BOM. Do not pin atoti-server.version explicitly in module POMs. Swagger UI is now enabled by default (springdoc.swagger-ui.enabled: true in the new application.yml). Disable it via a property override if needed.

Data load controller changes

The data loading framework has been replaced:

5.1.3	6.0.0
`data-connectors-csv`	`csv-source` + `data-load-controller`
`data-connectors-jdbc`	dropped
`data-connectors-aws`	`cloud-source-aws`
`data-connectors-azure`	`cloud-source-azure`
`data-connectors-gcp`	`cloud-source-google`

Per-cloud CSV source classes (Ba/Sa/Shared/Crif{Aws,Azure,Google,}CsvSourceConfig) are replaced by the DLC configuration package in cvarc-starter/.../cfg/impl/dlc/ and the new Spring profile YAMLs (application-dlc-local-csv.yaml, application-dlc-azure-csv.yaml). The default csv-source.type: local in application.yml preserves the 5.1.3 local-CSV behavior. Conditional deployment toggling (dist-data-node / dist-query-node Spring profiles) is replaced by @ConditionalOnDataNode / @ConditionalOnQueryNode. The SP_PROFILE__DATA_NODE and SP_PROFILE__QUERY_NODE constants are removed from CVARCEnvConstants, and the spring.profiles.active property is removed from cvarc.properties.

What-If 2.1.6-AS6.0 → 5.0.0-AS6.1

What-If has been upgraded from whatif:2.1.6-AS6.0 to atoti-what-if-lib:5.0.0-AS6.1 plus atoti-what-if-spring-boot-starter. This introduces breaking API changes that affect custom implementations extending WhatIfConfig. Maven artifact rename: replace com.activeviam.apps:whatif with com.activeviam.apps:atoti-what-if-lib and add com.activeviam.apps:atoti-what-if-spring-boot-starter. Simulation persistence: Hibernate replaces DataStore The persistence layer has changed from a DataStore-based manager to a Hibernate/JPA manager. Before (2.1.6-AS6.0):

@Bean
public ISimulationPersistenceManager persistenceManager(IDatabaseService databaseService) {
    DatabaseSimulationPersistenceManager persistenceManager = new DatabaseSimulationPersistenceManager();
    persistenceManager.setDatabaseService(databaseService);
    return persistenceManager;
}

After (5.0.0):

@Bean
public ISimulationPersistenceManager persistenceManager(WhatIfHibernateProperties whatIfHibernateProperties) {
    var configuration = new org.hibernate.cfg.Configuration();
    var properties = new Properties();
    properties.putAll(whatIfHibernateProperties.getPersistence());
    configuration.addProperties(properties);
    configuration.addAnnotatedClass(DatabaseSimulationJPA.class);
    var sessionFactory = configuration.buildSessionFactory();

    HibernateSimulationPersistenceManager<DatabaseSimulationJPA> persistenceManager =
            HibernateSimulationPersistenceManager.of(DatabaseSimulationJPA.class);
    persistenceManager.setSessionFactory(sessionFactory);
    return persistenceManager;
}

Add @EnableConfigurationProperties({ WhatIfHibernateProperties.class }) to the WhatIfConfig subclass to enable property binding. Default properties use an in-memory H2 database. Security manager: constructor arguments added SpringDatabaseSimulationsSecurityManager now requires ISimulationPersistenceManager and IBranchPermissionsManager to be injected:

// Before (2.1.6-AS6.0)
@Bean
public IDatabaseSimulationsSecurityManager securityManager() {
    return new SpringDatabaseSimulationsSecurityManager();
}

// After (5.0.0)
@Bean
public IDatabaseSimulationsSecurityManager securityManager(
        ISimulationPersistenceManager persistenceManager,
        IBranchPermissionsManager branchPermissionsManager) {
    return new SpringDatabaseSimulationsSecurityManager(persistenceManager, branchPermissionsManager);
}

Distributed REST service: JWT replaces username/password The RestDistributedDatabaseService bean now takes AddressSupplier and AuthenticatorSupplier instead of inline lambdas. Authentication switched from UserAuthenticator (username/password) to JwtAuthenticator (JWT tokens):

// After (5.0.0)
@Bean
@Profile("WhatIf")
@ConditionalOnMissingBean
public AddressSupplier addressSupplier() {
    return () -> mvPivot.getClusterMembersRestAddresses().values().stream()
            .map(addr -> addr.regionMatches(true, 0, "http", 0, 4) ? addr : ("http://" + addr))
            .collect(Collectors.toSet());
}

@Bean
@Profile("WhatIf")
@ConditionalOnMissingBean
public AuthenticatorSupplier authenticatorSupplier(IJwtService jwtService) {
    return () -> new JwtAuthenticator(jwtService);
}

@Bean
@Primary
@Profile("WhatIf")
public IDatabaseService restRemoteService(AddressSupplier addressSupplier, AuthenticatorSupplier authenticatorSupplier) {
    return new RestDistributedDatabaseService(addressSupplier, authenticatorSupplier);
}

In 5.0.0-AS6.1, AddressSupplier and AuthenticatorSupplier have been removed. Distributed What-If communication for file uploads is now handled by Spring 6 HTTP Service Proxies (RestClientConfig), with JWT tokens propagated automatically.

REST API path change

Endpoint	Old path (2.1.6-AS6.0)	New path (5.0.0-AS6.1)
Base URL	`/services/rest/what-if/`	`/activeviam/what-if/rest/v3`

Update any client code or configuration that calls the What-If REST endpoints directly. Store coverage expanded Trade duplication now covers 7 stores (previously Delta only): BaBase, TradeDescription, CapitalTreatment, BAHedgeRisk, SaBase, Delta, Vega. Trade scaling now covers 3 stores:

Store	Fields scaled
BAHedgeRisk	Notional
Delta	Sensitivities, DeltaSensitivitiesInterpolated
Vega	Sensitivities

Error handling change All What-If controllers now throw CVAServiceException with HTTP status codes instead of returning DatabaseSimulationStatus in the response body. REST clients receive 401 Unauthorized or 500 Internal Server Error on failure instead of 200 OK with a FAILED or UNAUTHORISED status body. Update any client code that checks the response body for failure status values. What-If feature flags Each What-If operation can be disabled via properties:

Property	Default	Description
`cvarc.whatif.trade-scaling.disable`	`false`	Disables the trade scaling REST endpoint
`cvarc.whatif.parameter-set.disable`	`false`	Disables the parameter set REST endpoint
`cvarc.whatif.file-upload.data.disable`	`false`	Disables the file upload REST endpoint

Removed What-If classes

CVARCWhatIfSecurityManager: superseded by SpringDatabaseSimulationsSecurityManager.
TradeScaleDTO: superseded by TradeRescaleDTO.
TradeDuplicateAndRescaleSimulationDefinition: replaced by TradeDuplicateSimulationDefinition and TradeScalingSimulationDefinition.
WhatIfConfig (from cvarc-common) and WhatIfRestServices: replaced by WhatIfConfig in cvarc-application.
StressedSensitivitySimulationDefinition, StressedSensitivityWhatIfException, StressedSensitivityWhatIfSubmitter: replaced by FileUploadSimulationDefinition and FileUploadWhatIfSubmitter.
AddressSupplier, AuthenticatorSupplier: superseded by Spring 6 HTTP Service Proxy configuration in RestClientConfig.

Other API changes affecting custom What-If code

Exception package: What-If REST exceptions (including CVAServiceException) are now under com.activeviam.tools.whatif.rest. Update any exception imports in custom code.
IDistributedQueryResultsMerger: the interface no longer exposes branch-deletion or fast-forward methods. Remove any custom overrides of those methods; they are handled internally by the new distributed What-If pipeline.
Lombok annotation processor: several base classes in atoti-what-if-lib now use Lombok. Custom code extending them must declare org.projectlombok:lombok on the annotation processor classpath, otherwise compilation fails on missing constructors and accessors.

Distributed file upload File-upload What-If now supports distributed deployments. Data nodes run StressedSensitivityWhatIfRestController (activated by @ConditionalOnInMemoryDatabase). Query nodes run StressedSensitivityQueryNodeRestController (activated by @ConditionalOnQueryNode), which orchestrates the upload across all data nodes in parallel. A new POST /upload-nosim/{branch} endpoint is available on both data and query nodes. It creates a branch and loads data without running a What-If simulation. No additional configuration is needed. The correct controller is activated automatically based on deployment topology.

Atoti Limits 4.2.1

The Limits add-on has changed GroupId, artifact ID, and version:

	5.1.3	6.0.0
GroupId	`com.activeviam.limits`	`com.activeviam.solutions.limits`
Artifact	`limits-auto-config-ap60`	`limits-auto-config-61`
Version	3.0.0	4.2.1
Default state	Enabled	Disabled (`limits.autoconfiguration.enabled: false`)

The useLimitsModule property is removed. To re-enable Limits, set limits.autoconfiguration.enabled=true in application.yml or your property override. Custom limit rules need to be re-expressed against the 4.x API.

Hibernate upgrade

The Hibernate dependency group ID has changed:

<!-- Before (5.1.x) -->
<dependency>
    <groupId>org.hibernate</groupId>
    <artifactId>hibernate-c3p0</artifactId>
</dependency>

<!-- After (6.0.x) -->
<dependency>
    <groupId>org.hibernate.orm</groupId>
    <artifactId>hibernate-c3p0</artifactId>
</dependency>

Version management is handled by the parent BOM.

JGroups protocol files

The AtotiAuthToken class has been replaced with SharedSecretAuthToken. Update all JGroups protocol XML files:

<!-- Before (5.1.x) -->
<AUTH auth_class="com.activeviam.activepivot.dist.impl.internal.distribution.security.impl.AtotiAuthToken"
      auth_token.auth_value="distribution_password"
      auth_token.token_hash="SHA"/>

<!-- After (6.0.x) -->
<AUTH auth_class="com.activeviam.common.distribution.security.SharedSecretAuthToken"
      auth_token.auth_value="distribution_password"
      auth_token.token_hash="SHA"/>

Configuration files (cvarc.properties, application.yml)

cvarc.properties moves from cvarc-starter/src/main/resources/properties/cvarc.properties to cvarc-application/src/main/resources/properties/cvarc.properties. Removed properties (5.1.3 → 6.0.0):

Property	Replacement
`aws.bucket`, `aws.region`, `aws.root_directory`	`csv-source.*`
`azure.connection.endpoint`, `azure.connection.string`	`csv-source.*`
`cloud.fetch.thread`	`csv-source.*`
`csvSource.polling.delay`	`csv-source.*`
`csvSource.subdirectory.dataset`	`csv-source.*`
`google.container`, `google.root_directory`	`csv-source.*`
`input.data.root.dir.path`	`csv-source.*`
`server.servlet.context-path`	removed (Spring Boot 3 default)
`spring.profiles.active`	`@ConditionalOn*` (CVARC-823)
`useLimitsModule`	`limits.autoconfiguration.enabled` (defaults to `false`)
`activeviam.apm.zipkin.span.level`, `spring.sleuth.traceId12`	OpenTelemetry config
`enable.all.datastore.statistics`, `datastore.jung.schema.draw`	removed
`INPUT_FILE_PATH_MATCHER_*`	handled internally by DLC

Added properties (6.0.0):

Property prefix	Configuration class	Description
`csv-source.*`	`CsvSourceDatasetConfigurationProperties`	CSV data source configuration, replacing legacy `csvSource.*`
`cvarc.whatif.file-upload.data.*`	`WhatIfFileUploadProperties`	What-If file upload configuration
`contentServer.remote`	—	Toggle for remote vs local content server
`initial-load.configuration`	—	Initial-load configuration

New application.yml sections:

Property	Value	Purpose
`otel.instrumentation.annotations.enabled`	`false`	Disables OpenTelemetry annotation instrumentation
`tracing.enabled`	`true`	Enables OpenTelemetry distributed tracing
`limits.autoconfiguration.enabled`	`false`	Limits disabled by default
`csv-source.type`	`local`	Activates local-CSV DLC profile
`springdoc.swagger-ui.enabled`	`true`	Swagger UI now enabled by default

CVARCEnvConstants constant renames Many _SYSPROP / _SYNSPROP / _PROP suffixes were standardized to _PROPERTY:

5.1.3	6.0.0
`APP_ACCELERATOR_PROPS_FILE_PATH_SYNSPROP`	`APP_ACCELERATOR_PROPS_FILE_PATH_PROPERTY`
`APP_ENV_PROPS_FILE_PATH_SYSPROP`	`APP_ENV_PROPS_FILE_PATH_PROPERTY`
`CONTENT_SERVER_BOOKMARKS_DEFAULT_OWNERS_PROP`	`CONTENT_SERVER_BOOKMARKS_DEFAULT_OWNERS_PROPERTY`
`CONTENT_SERVER_BOOKMARKS_DEFAULT_READERS_PROP`	`CONTENT_SERVER_BOOKMARKS_DEFAULT_READERS_PROPERTY`
`DATA_LOAD_ENV_PROPS_FILE_PATH_SYSPROP`	`DATA_LOAD_ENV_PROPS_FILE_PATH_PROPERTY`
`DEFAULT_DATA_LOAD_ENV_PROPS_FILE_PATH`	`DEFAULT_DATA_LOAD_ENV_PROPS_FILE_PATH_PROPERTY`
`DEFAULT_HIBERNATE_ENV_PROPS_FILE_PATH`	`DEFAULT_HIBERNATE_ENV_PROPS_FILE_PATH_PROPERTY`
`EXPORT_BOOKMARKS_TO_FILE`	`EXPORT_BOOKMARKS_TO_FILE_PROPERTY`
`EXPORT_BOOKMARKS_TO_FOLDER`	`EXPORT_BOOKMARKS_TO_FOLDER_PROPERTY`
`HIBERNATE_ENV_PROPS_FILE_PATH_SYSPROP`	`HIBERNATE_ENV_PROPS_FILE_PATH_PROPERTY`
`TEST_PROPERTIES_FILE`	`TEST_PROPERTIES_FILE_PROPERTY`

SAMeasureBuilder constant renames (typo fix SENSITITIVIES → SENSITIVITIES):

5.1.3	6.0.0
`M__DELTA_NET_WEIGHTED_SENSITITIVIES_SQUARED_SUM`	`M__DELTA_NET_WEIGHTED_SENSITIVITIES_SQUARED_SUM`
`M__DELTA_WEIGHTED_SENSITITIVIES_PRODUCT`	`M__DELTA_WEIGHTED_SENSITIVITIES_PRODUCT`
`M__DELTA_WEIGHTED_SENSITITIVIES_SQUARED_SUM_HDG`	`M__DELTA_WEIGHTED_SENSITIVITIES_SQUARED_SUM_HDG`
`M__VEGA_NET_WEIGHTED_SENSITITIVIES_SQUARED_SUM`	`M__VEGA_NET_WEIGHTED_SENSITIVITIES_SQUARED_SUM`
`M__VEGA_WEIGHTED_SENSITITIVIES_PRODUCT`	`M__VEGA_WEIGHTED_SENSITIVITIES_PRODUCT`
`M__VEGA_WEIGHTED_SENSITITIVIES_SQUARED_SUM_HDG`	`M__VEGA_WEIGHTED_SENSITIVITIES_SQUARED_SUM_HDG`

M__VEGA_UNFILTERED is removed. Eight formerly public constants are now private. getDatastore() and setDatastore() are removed from SAMeasureBuilder.

Docker configuration

The Dockerfile moves from cvarc-starter/Dockerfile to cvarc-application/Dockerfile. A docker build cvarc-application/ without pre-copy steps will fail; CI must copy data-samples and bookmarks first (see Path A step 4b). Full diff of Dockerfile changes:

	5.1.3	6.0.0
Base image	`eclipse-temurin:17`	`eclipse-temurin:21`
Jar artifact	`cvarc-starter-*-exec.jar`	`cvarc-application-*-exec.jar`
Chunk allocator	`-Dactiveviam.chunkAllocatorClass=…MmapDirectChunkAllocator`	`-Dactiveviam.chunkAllocatorKey=mmap`
H2 URL flag	`--content-service.db.url=jdbc:h2:file:…`	removed (in `application.yml`)
Extra add-opens	—	`--add-opens=java.base/java.util=ALL-UNNAMED`
JVM heap/stack	—	`-Xms1024m -Xmx2048m -Xss5m`
CSV path	—	`--csv.topic.path` via `ENV CSV_TOPIC_PATH`
ENTRYPOINT	`["sh","-c"]`	removed (CMD uses exec form)
COPY permissions	`RUN chmod -R 777`	`COPY --chmod=777` / `COPY --chmod=666`

Migration checklist

Use this checklist to verify a complete migration regardless of path. Build environment

Install JDK 21 and confirm java -version reports 21.x.
Confirm JAVA_HOME points at the JDK 21 installation.

Source tree and modules

Replace the 5.1.3 source tree with the 6.0.0 tree (clean checkout — do not forward-merge).
Update Maven <artifactId> references using the module rename table.
Replace CVAWebApplication with CVARCApplication in IDE run configurations, Docker images, and deployment scripts.
If Spring-context tests are in a fork, move them to cvarc-application-tests.

Imports and symbol renames

Replace all javax.* imports with jakarta.* (servlet, persistence, validation).
Apply the full find-and-replace regex table from Path C step 3.
Rename CVARCEnvConstants constants from _SYSPROP/_SYNSPROP/_PROP to _PROPERTY.
Rename the six SAMeasureBuilder SENSITITIVIES constants to SENSITIVITIES.
Rename ReferenceLevelTranslator.KEY to ReferenceLevelTranslator.TRANSLATOR_KEY.

Deleted and relocated configs

Remove references to BraveTracingConfig, TracingConfig, TracingRestServiceConfig, and brave.Tracing.
Remove references to JmxMonitoringConfig, MonitoringRestServicesConfig, ApplicationMonitoringConfig.
Remove references to ActiveMonitorSupportConfig, the ActiveMonitor stack, and activemonitor-support.properties.
Remove references to all Ba/Sa/Shared/Crif*CsvSourceConfig classes and CommonCloudSourceConfig.
Remove references to LimitsIntegration; if Limits was active, set limits.autoconfiguration.enabled=true.
Remove references to DoctorPivotConfig, doctorpivot-{api,web-app}.
Remove JwtAuthenticationConfigurer and CorsConfig; CORS is now config-driven.
Remove dispatcherServletRegistration bean overrides — see DispatcherServlet configuration removal.

Spring Security 6

Migrate from WebSecurityConfigurerAdapter to SecurityFilterChain beans.
Add the MvcRequestMatcher.Builder bean.
Configure AuthenticationManager as a bean.

What-If

Replace com.activeviam.apps:whatif with atoti-what-if-lib and add atoti-what-if-spring-boot-starter.
Migrate persistenceManager bean to HibernateSimulationPersistenceManager.
Update securityManager bean to inject ISimulationPersistenceManager and IBranchPermissionsManager.
Update any RestDistributedDatabaseService wiring from UserAuthenticator to JwtAuthenticator.
Update REST clients calling /services/rest/what-if/ to /activeviam/what-if/rest/v3.
Update exception imports to com.activeviam.tools.whatif.rest.
Remove overrides of deleted IDistributedQueryResultsMerger branch-deletion and fast-forward methods.
Update imports for TradeRescaleRestServiceController (moved to cvarc-application).
Remove references to CVARCWhatIfSecurityManager, TradeScaleDTO, and TradeDuplicateAndRescaleSimulationDefinition.
Update REST clients that check the response body for failure status to handle HTTP error codes instead.
Ensure Lombok is on the annotation processor classpath if custom code extends affected What-If classes.

Properties

Remove deprecated cvarc.properties entries listed in the configuration files section.
Review logback.xml for compatibility with Logback 1.5.x.

JGroups

Replace AtotiAuthToken with SharedSecretAuthToken in all JGroups protocol XML files.

Launch command and Docker

Update the jar path from cvarc-starter/target/… to cvarc-application/target/cvarc-application-6.0.0-SNAPSHOT-exec.jar.
Replace -Dactiveviam.chunkAllocatorClass=…MmapDirectChunkAllocator with -Dactiveviam.chunkAllocatorKey=mmap.
Add --add-opens=java.base/java.util=ALL-UNNAMED to JVM flags.
Drop --content-service.db.url=… from the launch line.
Add --csv.topic.path=./data-samples/data if using the bundled CSV samples.
Update any reverse proxy or client that references the old /cvarc-starter context path.
Update Docker base image to eclipse-temurin:21.
Move the Docker build context from cvarc-starter/ to cvarc-application/; pre-copy data-samples and bookmarks before building.

Validation

Run mvn -DskipTests clean install from the project root.
Start the application and verify it reaches the ready state.
Verify all security filter chains and What-If simulation flows work correctly.

Documentation Index

​Migrate to 6.0.0

​Choose your migration path

​Headline changes

​Path A — no customization

​Step 1: install JDK 21

​Step 2: replace the source tree

​Step 3: rebuild

​Step 4a: update your launch command — direct jar

​Step 4b: update your launch command — Docker

​Step 5: update external file references

​Path B — light customization (single @Configuration)

​Step 1: check out the 6.0.0 tree — do not forward-port

​Step 2: move the custom file

​Step 3: re-wire the import

​Step 4: fix package and API changes

​Step 5: remove or replace references to deleted configs

​Step 6: update the POM (only if the custom file lives in a sibling module)

​Step 7: update the Dockerfile (only if a custom Dockerfile is maintained)

​Step 8: build and smoke-test

​Path C — heavy customization (multi-module edits)

​Step 0: capture customizations as a patch set

​Step 1: start from a clean 6.0.0 checkout

​Step 2: bucket every customized file

Bucket A — same package path, possibly new module

Bucket B — same code, new home

Bucket C — gone from source; override the upstream bean

Bucket D — redesign against the new API

​Step 3: run the global find-and-replace for cross-cutting renames

​Step 4: re-wire @Import and the bootstrap class

​Step 5: POM, Dockerfile, and runtime flags

​Step 6: data samples and external fixtures

​Step 7: build, validate, and debug

​Reference: breaking changes by topic

​Complete change inventory

​Module rename

​Main class rename

​Java 21 upgrade

​Jakarta EE migration (javax → jakarta)

​Spring security 6 migration

​OpenTelemetry replaces Spring Sleuth

​DispatcherServlet configuration removal

​Atoti Server 6.1.19 starters

​Data load controller changes

​What-If 2.1.6-AS6.0 → 5.0.0-AS6.1

​Atoti Limits 4.2.1

​Hibernate upgrade

​JGroups protocol files

​Configuration files (cvarc.properties, application.yml)

​Docker configuration

​Migration checklist

Migrate to 6.0.0

Choose your migration path

Headline changes

Path A — no customization

Step 1: install JDK 21

Step 2: replace the source tree

Step 3: rebuild

Step 4a: update your launch command — direct jar

Step 4b: update your launch command — Docker

Step 5: update external file references

Path B — light customization (single @Configuration)

Step 1: check out the 6.0.0 tree — do not forward-port

Step 2: move the custom file

Step 3: re-wire the import

Step 4: fix package and API changes

Step 5: remove or replace references to deleted configs

Step 6: update the POM (only if the custom file lives in a sibling module)

Step 7: update the Dockerfile (only if a custom Dockerfile is maintained)

Step 8: build and smoke-test

Path C — heavy customization (multi-module edits)

Step 0: capture customizations as a patch set

Step 1: start from a clean 6.0.0 checkout

Step 2: bucket every customized file

Step 3: run the global find-and-replace for cross-cutting renames

Step 4: re-wire `@Import` and the bootstrap class

Step 5: POM, Dockerfile, and runtime flags

Step 6: data samples and external fixtures

Step 7: build, validate, and debug

Reference: breaking changes by topic

Complete change inventory

Module rename

Main class rename

Java 21 upgrade

Jakarta EE migration (javax → jakarta)

Spring security 6 migration

OpenTelemetry replaces Spring Sleuth

DispatcherServlet configuration removal

Atoti Server 6.1.19 starters

Data load controller changes

What-If 2.1.6-AS6.0 → 5.0.0-AS6.1

Atoti Limits 4.2.1

Hibernate upgrade

JGroups protocol files

Configuration files (cvarc.properties, application.yml)

Docker configuration

Migration checklist