(from Spring Boot 2.x / Spring Cloud 2021.x ➜ Spring Boot 3.x / Spring Cloud 2023.x)

Make sure all Spring Cloud starters are on the same release train:

<dependencyManagement>
  <dependencies>
    <dependency>
      <groupId>org.springframework.cloud</groupId>
      <artifactId>spring-cloud-dependencies</artifactId>
      <version>2023.0.2</version>   <!-- or whatever is current -->
      <type>pom</type>
      <scope>import</scope>
    </dependency>
  </dependencies>
</dependencyManagement>

1. Jakarta packages
   All javax.* imports became jakarta.*.
   • If you have any Servlet filters, JPA entities, bean-validation, etc. you must change the imports or upgrade libraries that still contain the old ones.

2. Spring Security defaults changed
   • In Boot 3 everything is denied by default.
   • If your clients suddenly get 401 or 403, add an explicit SecurityFilterChain:

   @Bean
   SecurityFilterChain api(HttpSecurity http) throws Exception {
       http
         .authorizeHttpRequests(a -> a
             .requestMatchers("/actuator/**").permitAll()
             .anyRequest().permitAll())   // or however you secure it
         .csrf(AbstractHttpConfigurer::disable);
       return http.build();
   }

3. Native search locations property renamed
   In recent Spring Cloud versions
   spring.cloud.config.server.native.searchLocations became
   spring.cloud.config.server.native.locations.

4. Logging messages were removed
   The banner that printed
   Will pick up property sources from : <base-dir>
   came from an internal logger that was refactored. It is simply gone; nothing is wrong with your configuration.

5. Actuator path
   Still /actuator/** but management security and CORS rules changed, see #2.

<properties>
    <java.version>17</java.version>
    <spring-boot.version>3.2.5</spring-boot.version>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-config-server</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-actuator</artifactId>
    </dependency>
</dependencies>

server:
  port: 8888

spring:
  profiles:
    active: native          # or git / vault / jdbc ...
  cloud:
    config:
      server:
        native:
          locations: file:${user.home}/config-repo    # << same as before
management:
  endpoints:
    web:
      exposure:
        include: health,configprops,info

1. Call the endpoint manually

   curl -v http://localhost:8888/my-app/default

   • 200 → payload problem
   • 401 / 403 → security (see section 2)
   • 404 → wrong path or profile

2. Enable DEBUG logging

   logging:
     level:
       org.springframework.cloud.config: DEBUG
       org.springframework.web: DEBUG

   You will now see lines such as
   Located environment my-app/default in 12 ms, version ...

3. Health endpoint

   curl http://localhost:8888/actuator/health

   Status DOWN and a component named configServer will show WHY (cannot read directory, cannot clone git, etc.).

4. File permissions / working directory
   • Container image may use a different user after switching to JDK 17 images.
   • Verify the directory exists inside the container and is readable:
   docker exec -it <id> ls -l /home/app/config-repo

5. Client-side logs
   A client that fails to fetch its configuration will log something like
   Could not locate PropertySource. If you see a 401/403 in that log, go back to security config.

• Spring Boot 2.7 ➜ 3.x
https://docs.spring.io/spring-boot/docs/3.2.5/reference/htmlsingle/#migration

• Spring Cloud 2021.x ➜ 2023.x
https://docs.spring.io/spring-cloud/docs/2023.0.2/reference/html/#appendix-migrating

Spend ten minutes with those lists—most upgrade pain points are documented there.

Nothing “mystical” happened to the base directory; the INFO log line was simply removed during the refactor. When a Config Server upgraded to Boot 3 fails to serve configs, 90 % of the time it is:

1. Security filter chain now locks everything down.
2. Property key renamed (searchLocations ➜ locations).
3. Java 17 image lacks permissions to read the repo.

Work through the debugging checklist above and you should find the missing piece quickly.