Merge branch '2.1.x'

Closes gh-17818

spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc

@@ -970,6 +970,12 @@ could have been `SecurityProperties`.
 * `acme.security.password`.
 * `acme.security.roles`, with a collection of `String` that defaults to `USER`.
 
+NOTE: Spring Boot auto-configuration heavily makes use of `@ConfigurationProperties` for easily
+configuring auto-configured beans. Similar to auto-configuration classes, `@ConfigurationProperties`
+classes available in Spring Boot are for internal use only. The properties that map to the class,
+which are configured via properties files, YAML files, environment variables etc., are public API but
+the content of the class itself is not meant to be used directly.
+
 [NOTE]
 ====
 Such arrangement relies on a default empty constructor and getters and setters are usually

spring-boot-project/spring-boot-docs/src/main/asciidoc/using-spring-boot.adoc

@@ -482,6 +482,11 @@ the list of auto-configuration classes to exclude by using the
 
 TIP: You can define exclusions both at the annotation level and by using the property.
 
+NOTE: Even though auto-configuration classes are `public`, the only aspect of the class
+that is considered public API is the name of the class which can be used for disabling the
+auto-configuration. The actual contents of those classes, such as nested configuration classes
+or bean methods are for internal use only and we do not recommend using those directly.
+
 [[using-boot-spring-beans-and-dependency-injection]]
 == Spring Beans and Dependency Injection
 You are free to use any of the standard Spring Framework techniques to define your beans