Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency org.springframework:spring-web to v5 #11

Open
wants to merge 1 commit into
base: vp-rem
Choose a base branch
from

Conversation

mend-local-app[bot]
Copy link

@mend-local-app mend-local-app bot commented Feb 18, 2024

This PR contains the following updates:

Package Type Update Change
org.springframework:spring-web compile major 4.2.1.RELEASE -> 5.0.0.RELEASE

By merging this PR, the issue #19 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
High High 9.8 CVE-2016-1000027
High High 8.6 CVE-2015-5211
High High 7.5 CVE-2018-15756
Medium Medium 6.5 CVE-2022-22950
Medium Medium 6.5 CVE-2023-20863
Medium Medium 5.9 CVE-2018-11039

Release Notes

spring-projects/spring-framework (org.springframework:spring-web)

v5.0.0.RELEASE: 5.0 GA Release

Compare Source

⭐ New Features

  • Support autowiring by constructor in Kotlin bean DSL [SPR-16014] #​20563
  • WebFlux support for HttpHeaders controller method return value [SPR-16006] #​20555
  • Lambda-based consumption of an ObjectProvider's object when available [SPR-16001] #​20550
  • WebFlux support for Locale, TimeZone, ZoneId controller method arguments [SPR-15998] #​20547
  • WebFlux support for UriBuilder, UriComponentsBuilder controller method arguments [SPR-15997] #​20546
  • WebFlux support for HTTP HEAD [SPR-15994] #​20543
  • Revisit how WebClient disposes connection [SPR-15993] #​20542
  • WebSession provide invalidate method [SPR-15960] #​20512
  • Allow Consumer-style access to FluxExchangeResult within chain of calls [SPR-15959] #​20511
  • Introduce ForwardedHeaderFilter for WebFlux [SPR-15954] #​20506
  • Provide an API for introspection of handler mappings [SPR-15934] #​20488
  • Log message for a composed router function contains no information about the mappings or their handlers [SPR-15933] #​20487
  • ReactorServerHttpRequest.getUri() does not include scheme [SPR-15931] #​20485
  • Revisit handling of missing fields (without default values) for immutable data classes [SPR-15877] #​20432
  • Get a description of all registered routes in a RouterFunction [SPR-15711] #​20268
  • Stable module names for Spring Framework jars on JDK 9 module path [SPR-13716] #​18289

🪲 Bug Fixes

  • Delegating File downloads sends incomplete chunks [SPR-15949] #​22194
  • Fix behavior of ClientResponse bodyToMono and bodyToFlux with Void.class [SPR-16018] #​20567
  • AutowiredAnnotationBeanPostProcessor picks "wrong" constructor for Kotlin class [SPR-16012] #​20561
  • Support non-standard classes in Kotlin reflection discovery methods [SPR-15999] #​20548
  • WebFlux support for HTTP OPTIONS not working [SPR-15995] #​20544
  • DispatcherHandler no longer orders HandlerMapping beans [SPR-15991] #​20541
  • PathMatchingResourcePatternResolver provides duplicate resources when using classpath* prefix combined with ant-style [SPR-15989] #​20539
  • ProtobufHttpMessageConverter: JSON not written to response [SPR-15988] #​20538
  • RestTemplate doesn't consistently tolerate unknown HTTP status codes [SPR-15978] #​20529
  • "Parameter metadata not available for the given statement" SQL Exception after upgrading to Spring 5.0 RC4 [SPR-15977] #​20528
  • ChannelRegistration.setInterceptors is misnamed [SPR-15976] #​20527
  • AbstractJackson2Decoder breaks Custom Deserializers [SPR-15975] #​20526
  • DataBuffer Should Release Manually when Exception Thrown [SPR-15966] #​20518
  • JmsMessagingTemplate is not correctly configured [SPR-15965] #​20517
  • InMemoryWebSessionStore Leaks Memory [SPR-15963] #​20515
  • TaskExecutorRegistration.getTaskExecutor() overrides executor properties of a provided ThreadPoolTaskExecutor [SPR-15962] #​20514
  • spring-jcl does not include exported packages of java commons logging [SPR-15957] #​20509
  • HttpEntityMethodProcessor discards headers [SPR-15952] #​20504
  • WebClient: DELETE request should not send transfer-encoding: chunked header [SPR-15947] #​20500
  • WebClient doesn't send error signal for error responses [SPR-15946] #​20499
  • only one MultipartFile object populated when using an java.util.Optional MutipartFile array or list @RequestParam [SPR-15919] #​20473
  • java.util.Optional MultipartFile[] @RequestParam argument is null in multipart/form-data POST [SPR-15918] #​20472
  • Request params Optional<List and List are inconsistent [SPR-15676] #​20235

📔 Documentation

  • Restructure Web Section of the documentation to include reactive support [SPR-15149] #​19715
  • Document JUnit Jupiter support in the reference manual [SPR-14524] #​19093

v4.3.30.RELEASE

Compare Source

⭐ New Features

  • ContentCachingResponseWrapper should not add “Content-Length” when “Transfer-Encoding” is present #​26194
  • Inefficient request handling inside ServletRequestDataBinder #​26007
  • Avoid creation of unused logger instance in AbstractMediaTypeExpression #​25904

🪲 Bug Fixes

  • Remove duplicate "property" in PropertyCacheKey.toString() #​26245
  • UrlPathHelper#removeJsessionid doesn't remove the jsessionid from the URL #​26086
  • jsessionid breaks request mappings when removeSemicolonContent is turned off #​25869

📔 Documentation

  • DateTimeFormat ISO.DATE_TIME javadoc contains misleading default note #​26138

v4.3.29.RELEASE

Compare Source

⭐ New Features

  • PropertiesLoaderSupport should ignore socket/connect exceptions as well #​25722
  • Refine use of substring operations #​25515

🪲 Bug Fixes

  • VerifyErrors when using SpEL compilation with Thymeleaf when invoking a default method defined in an interface #​25713
  • SQLErrorCodesFactory.getErrorCodes(DataSource) returns empty error codes if access to transactional connection fails #​25694
  • Potential integer overflow in AbstractResourceBasedMessageSource.setCacheSeconds(int) #​25644
  • Lazy dependency proxy does not populate bean dependencies #​25565
  • Synchronized blocks in MethodOverrides are hurting concurrency #​25549
  • StaticListableBeanFactory.isSingleton() returns false for singleton beans #​25525
  • MockHttpServletResponse reset() does not reset charset field #​25512

📔 Documentation

  • Prevent confusion about build(boolean) method in UriComponentsBuilder #​25703

v4.3.28.RELEASE

Compare Source

⭐ New Features

  • Defer creating logger in StandardWebSocketHandlerAdapter #​25435
  • Alignment of CORS default values with 5.x #​25414
  • Missing null checks in AbstractMessageChannel.addInterceptor/setInterceptors #​25221
  • Avoid full synchronization in AbstractRefreshableApplicationContext.getBeanFactory() since it can lead to massive thread blocking #​25219

🪲 Bug fixes

  • UriComponentsBuilder.cloneBuilder() cause sharing query parameters between builders #​25426
  • Oracle LOB segments holding TEMP space after executing SP using SimpleJdbcCall with SqlParameterSource #​25419
  • NoRollbackFor rule causes TransactionAspectSupport to log unwarranted "exception overridden" error on WebSphere #​25269
  • The AbstractTemplateViewResolver class is not abstract #​25243
  • MultiValueMapAdapter.getFirst fails with IndexOutOfBoundsException in case of empty List #​25227
  • WebSphereUowTransactionManager causes exception for PROPAGATION_SUPPORTS when timeout is specified #​25225
  • Avoid ClassCastException on IllegalArgumentException when invoking sync get cache method #​25223

📔 Documentation

  • Clarify enforceInitMethod/enforceDestroyMethod default values in AbstractBeanDefinition #​25405
  • Document exception handling limitations in TaskDecorator implementations (specifically for ThreadPoolTaskExecutor#submit) #​25235

v4.3.27.RELEASE

Compare Source

⭐ New Features

  • Backport of ContentDisposition fixes to HttpHeaders #​24580
  • Consistent ROLE_INFRASTRUCTURE declarations for internal configuration classes #​24516

🪲 Bug Fixes

  • MockHttpServletRequest should not strip brackets from IPV6 address supplied via Host header #​24919
  • Connection created by SingleConnectionDataSource with suppressClose=true always returns isClosed=false even if the target connection is closed #​24860
  • DefaultListableBeanFactory.getBean(Class) throws NoSuchBeanDefinitionException on existing bean if getBean(Class) previously tried before registration #​24857

v4.3.26.RELEASE

Compare Source

⭐ New Features

  • Avoid substring allocation in StringUtils.replace #​24026
  • Support for new MySQL 8 error code 3572 #​23975

🪲 Bug Fixes

  • Unsafe double-checked locking in SpelExpression#compileExpression #​24308
  • Allow schemaZip Gradle task to execute on MS Windows #​23989
  • AbstractRequestLoggingFilter.isIncludeHeaders() declared as protected #​23814
  • Bean definition override leads to NPE due to inconsistent equality check #​23711
  • Fix DefaultListableBeanFactory#copyConfigurationFrom #​23710

📔 Documentation

  • TypeDescriptor#getElementTypeDescriptor does not throw IllegalStateException anymore #​24001

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v4.3.25.RELEASE

Compare Source

⭐ New Features

  • Javadoc missing on some public BeanDefinitionParserDelegate methods #​23399
  • Avoid expensive assertions in web resource resolution #​22965

🪲 Bug Fixes

  • Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #​23397
  • MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #​23387
  • FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #​23246
  • Fix ScriptUtils for MS Windows line ending #​23026

📔 Documentation

  • Improve documentation for @Autowired constructors #​23308
  • Document that Ordered is not supported for @ControllerAdvice beans #​23174
  • spring-mvc.xsd stale-if-error attribute documentation incorrect #​23001
  • AbstractBeanDefinition.getBeanClass() javadoc misleads about returning null #​22967

v4.3.24.RELEASE

Compare Source

⭐ New Features

  • Avoid expensive assertions in HttpRange #​22746

🪲 Bug Fixes

  • Consistent handling of empty List entries in LinkedMultiValueMap #​22913
  • EL1072E when evaluating compiled comparison expression #​22879
  • ResourceUrlEncodingFilter throws StringIndexOutOfBoundsException when %ED%B6 is in the URL path #​22863
  • Jackson2ObjectMapperBuilder prevents the registration of multiple modules with a null typeId #​22763

v4.3.23.RELEASE

Compare Source

⭐ New Features

  • ResourceUrlEncodingFilter versioning breaks when URL contains fragment [SPR-17535] #​22552
  • Revisit XML schema handling for consistent local vs external resolution #​22530
  • JdbcTemplate.extractOutputParameters should preserve order of parameters #​22494
  • HandlerInterceptorAdapter should honor ordering #​22434
  • Avoid duplicate call to findAnnotations in DefaultListableBeanFactory.findAnnotationOnBean #​22356

🪲 Bug Fixes

  • Avoid duplicate registration of @ControllerAdvice implementing both RequestBodyAdvice and ResponseBodyAdvice #​22686
  • Jackson2ObjectMapperBuilder's modulesToInstall function does not eventually override the default configuration #​22624
  • Events extending from PayloadApplicationEvent and implementing an interface fail to match @EventListener argument #​22471
  • DefaultConversionService fails to properly convert an Object[] to a int[] #​22415
  • @Transactional beans not getting proxied when being initialized during failed circular reference attempt #​22376
  • ApplicationListenerMethodAdapter does not find @Ordered annotation for dynamic proxies #​22352
  • RestTemplate adds duplicate accept header information #​22320

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v4.3.22.RELEASE: 4.3.22 Release

Compare Source

🪲 Bug Fixes

  • 'default-lazy-init' attribute is not processed when XSD validation is disabled [SPR-8335] #​12983
  • Spring JavaMailSenderImpl does not show proper message when recipient list is empty [SPR-17540] #​22072
  • Potential resource leak in DataSourceUtils.doGetConnection [SPR-17559] #​22091
  • SpEL, error parsing big InlineMap [SPR-17605] #​22137
  • @Value Optional<...> field injection fails in case of registered ConversionService [SPR-17607] #​22139
  • Cannot convert from Collection to RegularEnumSet [SPR-17619] #​22151

📔 Documentation

  • Error in reference documentation sentence in part 1.8.1. Customizing Beans by Using a BeanPostProcessor [SPR-17556] #​22088
  • Typo in SpEL Evaluation Context Sample [SPR-17581] #​22113

v4.3.21.RELEASE: 4.3.21 Release

Compare Source

⭐ New Features

  • SpringFactoriesLoader should tolerate whitespace [SPR-17413] #​21946
  • Expose mapped handler as request attribute in spring-webmvc [SPR-17518] #​22050

🪲 Bug Fixes

  • ExceptionHandlerExceptionResolver started to log on WARN level [SPR-17383] #​21916
  • MethodValidationPostProcessor still validates FactoryBean methods on CGLIB proxies [SPR-17386] #​21919
  • Spring logs a nasty looking stack trace for unhandled classpath URL [SPR-17417] #​21950
  • ResourceUrlEncodingFilter does not work with HttpServletRequestWrapper [SPR-17421] #​21954
  • RestTemplate does not throw exception for custom error codes [SPR-17439] #​21971
  • NamedParameterJdbcTemplate batchUpdate returns an array of size 1 when the batchArgs passed is an empty array [SPR-17476] #​22008
  • FastByteArrayInputStream.read() wrong return value [SPR-17492] #​22024
  • Reserializing a lenient fallback DefaultListableBeanFactory causes an error [SPR-17508] #​22040
  • getBeanNamesForType(ResolvableType) doesn't work for raw singleton instance from @Bean method with generic return type [SPR-17524] #​22056

📔 Documentation

  • Misleading alias definition example in reference documentation, part 1.3.1 [SPR-17536] #​22068

v4.3.20.RELEASE: 4.3.20 Release

Compare Source

⭐ New Features

  • Support for removeHeader in MockHttpServletRequest [SPR-17295] #​21828
  • Sanity checks for HTTP range requests [SPR-17318] #​21851

🪲 Bug Fixes

  • HTTP 404 for static resources with last modified = 0L (breaks Docker images build with Jib) [SPR-17320] #​21853
  • MockAsyncContext not found. Did request wrapper not delegate startAsync? [SPR-17353] #​21887
  • MethodValidationPostProcessor validates FactoryBean methods for which validation is not applicable [SPR-17374] #​21907

📔 Documentation

  • Typo on ServletUriComponentsBuilder javadoc comments [SPR-17255] #​21788
  • Javadoc for BufferingClientHttpRequestFactory is missing the end of a sentence [SPR-17261] #​21794
  • Misleading description in Autowired javadoc [SPR-17299] #​21832

v4.3.19.RELEASE: 4.3.19 Release

Compare Source

⭐ New Features

  • Consistent warn logging for handled exceptions [SPR-17178] #​21714
  • Support both filters and views in AbstractJackson2HttpMessageConverter [SPR-17209] #​21742

🪲 Bug Fixes

  • AbstractJackson2HttpMessageConverter incorrectly logs at WARN level after upgrading to Jackson 2.9 [SPR-16947] #​21486
  • ConcurrentReferenceHashMap does not enforce visibility of cached EntrySet [SPR-16994] #​21532
  • Map injection fails to find bean produced with @Bean when additional method with same name exists [SPR-16999] #​21537
  • AOP and use of redirect view can lead to unbounded caching in AbstractAutoProxyCreator [SPR-17045] #​21583
  • Classification of ClassCastExceptions doesn't work in JDK 11 (OpenJDK) [SPR-17093] #​21630
  • SchedulerAccessor needs to catch primary key violation on reschedule (due to Quartz race condition) [SPR-17114] #​21651
  • CheckboxTag incorrectly processing hidden field through RequestDataValueProcessor [SPR-17147] #​21684
  • @Scheduled task runs twice on bean with target-class scoped proxy (when injected) [SPR-17166] #​21702
  • SimpleAliasRegistry.hasAlias does not properly resolve multiple chained aliases [SPR-17191] #​21726
  • Compiled elvis operator does not work correctly when default value is a complex expression [SPR-17214] #​21747
  • EL1072 when evaluating compiled expression using method SpelExpression.getValue(Object rootObject, Class expectedResultType) [SPR-17229] #​21762

📔 Documentation

  • Doc: AsyncConfigurer causes dependencies to be created early [SPR-16945] #​21484
  • Update documentation references to Number/Currency/PercentStyleFormatter [SPR-17022] #​21560
  • Incorrect Class reference in documentation [SPR-17042] #​21580
  • Revise BeanFactory vs ApplicationContext section in reference docs [SPR-17095] #​21632
  • Removed Jackson view property "renderedAttributes" still mentioned in Spring Framework docs [SPR-17182] #​21718

v4.3.18.RELEASE: 4.3.18 Release

Compare Source

⭐ New Features

  • Deprecate JSONP support and update MappingJackson2JsonView defaults [SPR-16798] #​21338
  • Restrict allowed HTTP methods in HiddenHttpMethodFilter [SPR-16836] #​21376
  • ReflectivePropertyAccessor should cache sorted methods [SPR-16882] #​21421

🪲 Bug Fixes

  • Process cannot exit when the SchedulerFactoryBean fails to initialize [SPR-16816] #​21356
  • Connection acquired while calling a stored procedure via JPA is not released [SPR-16826] #​21366
  • AbstractRequestLoggingFilter.isIncludeHeaders() is accidentally public [SPR-16881] #​21420
  • Fix faulty BeanPostProcessorChecker logs with @EnableCaching [SPR-16896] #​21435
  • AbstractMethodMessageHandler does not rethrow Errors [SPR-16912] #​21451

📔 Documentation

  • Incorrect Java Syntax in Spring Framework Documentation [SPR-16811] #​21351
  • Document JUnit Jupiter options in Spring 4.3.x [SPR-16446] #​20991

v4.3.17.RELEASE: 4.3.17 Release

Compare Source

⭐ New Features

  • Proper exception for controller method return types that do not work with MvcUriComponentsBuilder (e.g. final classes) [SPR-16710] #​21251
  • Revise cache safety check to avoid performance regression in EAR packaged applications on WildFly [SPR-16714] #​21255
  • Revise JCA MessageEndpoint exception logging and propagation [SPR-16717] #​21258
  • Flag misguided evaluation attempts in OperatorMatches [SPR-16731] #​21272
  • Expose configuration options for "selector" header [SPR-16732] #​21273
  • Validate contextPath in RedirectView [SPR-16752] #​21293

🪲 Bug Fixes

  • SpringFailOnTimeout loses original exception when triggering timeout in finally block [SPR-16716] #​21257
  • Inconsistent getTypeForFactoryMethod results for parameterized factory method [SPR-16720] #​21261
  • Generic constructor argument (e.g. ObjectProvider) fails to resolve for inner class [SPR-16734] #​21275
  • AnnotationAwareOrderComparator uses Order instead of Priority for DecoratingProxy [SPR-16739] #​21280
  • Exception swallowed in ResponseEntityExceptionHandler [SPR-16743] #​21284
  • ConfigurationClassBeanDefinitionReader registers duplicate BeanDefinition for nested scoped component [SPR-16756] #​21297
  • Misleading error message when evaluating T operator [SPR-16762] #​21303
  • NPE in SimpleClient-HttpURLConnection with errorstream-buffering [SPR-16773] #​21313
  • Singleton from a FactoryBean may be post-processed twice if the first post-processing triggers a second attempt to get the bean [SPR-16783] #​21323

v4.3.16.RELEASE: 4.3.16 Release

Compare Source

🪲 Bug Fixes

  • EL1072E when evaluating compiled null-safe expression [SPR-16489] #​21032
  • ClassCastException in TestDispatcherServlet [SPR-16695] #​21236

v4.3.15.RELEASE: 4.3.15 Release

Compare Source

⭐ New Features

  • Spring Websockets Broker relay supporting a cluster of STOMP endpoint addresses [SPR-12452] #​17057
  • Quartz Scheduler - configurable SchedulerFactory [SPR-16439] #​20985
  • Avoid String concatenation for not-null assertion in BeanProperty/DirectFieldBindingResult [SPR-16455] #​21000
  • AcceptHeaderLocaleResolver should match country locales against supported language locales [SPR-16457] #​21002
  • Support for ResolvableType.getType().getTypeName() on Java 8 [SPR-16535] #​21078
  • Consistent incrementer arrangement for PostgreSQL, DB2 and SAP HANA [SPR-16558] #​21101
  • MockMvcResultMatchers.jsonPath(String).value() should have a matching method to declare the expected type [SPR-16587] #​21129
  • Support for SimpleEvaluationContext in SpEL [SPR-16588] #​21130
  • Consistent volatile access to running flag in Lifecycle implementations [SPR-16596] #​21137
  • When @DependsOn throws a NoSuchBeanDefinitionException it should include the dependent bean for clarity [SPR-16628] #​21169
  • Generate multipart boundary using SecureRandom [SPR-16635] #​21176
  • Reduce ClassUtils.forName overhead (in particular for annotation introspection purposes) [SPR-16667] #​21208
  • Add cpp to mime.types as text/plain [SPR-16678] #​21219

🪲 Bug Fixes

  • Precondition failed for PUT methods on ResponseEntity return types [SPR-15780] #​20335
  • SubProtocolWebSocketHandler should not log ERROR on "No messages received after ..." [SPR-16409] #​20955
  • ServletServerHttpRequest.getURI() may throw a java.net.URISyntaxException [SPR-16414] #​20960
  • AbstractClientSockJsSession.close call does not propagate IOException from disconnect [SPR-16415] #​20961
  • Spurious WARNINGs when XML declared TransactionProxyFactoryBean's target bean depends on an annotation declared bean that depends on another bean [SPR-16427] #​20973
  • Lambda error detection might not work on JDK 9 [SPR-16435] #​20981
  • CachingConnectionFactory - Invalid session in session cache [SPR-16450] #​20995
  • MockMvcRequestBuilder does not decode pathInfo [SPR-16453] #​20998
  • MimeType compareTo implementation is not compatible with equals [SPR-16458] #​21003
  • GSON converter only serialises fields of controller method return type, ignoring subclass fields of response object [SPR-16461] #​21006
  • SimpleJdbcCall can't access synonyms in Oracle database [SPR-16478] #​21022
  • Set thread interrupt flag on InterruptedException [SPR-16479] #​21023
  • JsonMappingException when trying to instantiate org.springframework.messaging.Message [SPR-16486] #​21029
  • Deadlock in SubProtocolWebSocketHandler on shutdown with Undertow [SPR-16488] #​21031
  • NPE in Spring-JDBC with Oracle and SimpleJdbcInsert [SPR-16495] #​21038
  • ExceptionHandlerExceptionResolver advice applicability check may fail against interface-based controller proxy [SPR-16496] #​21039
  • FormTag renders empty
    tag [SPR-16498] #​21041
  • ForwardedHeaderFilter garbles query params during sendRedirect() [SPR-16506] #​21049
  • StringIndexOutOfBoundsException when rewriting links in CSS resources [SPR-16526] #​21069
  • Spurious ERROR-level logging when using SSEEmitter [SPR-16528] #​21071
  • GsonHttpMessageConverter cannot be used in an SseEmitter because it closes the response stream [SPR-16529] #​21072
  • testBindInstantFromJavaUtilDate fails on systems in the Pacific/Auckland time zone [SPR-16534] #​21077
  • WebApplicationContextFacesELResolver#isReadOnly always return false [SPR-16543] #​21086
  • PostgresTableMetaDataProvider.isGetGeneratedKeysSimulated() does not detect Postgres 10 [SPR-16556] #​21099
  • Missing PersistenceException cause message in refresh failure warn log [SPR-16559] #​21102
  • Reading annotations in ConfigurationClassParser does not fall back to ASM on Google App Engine [SPR-16564] #​21106
  • Inconsistent synchronization in AbstractBeanFactoryBasedTargetSource and JdbcAccessor [SPR-16570] #​21112
  • WebAsyncManager concurrentResult should be volatile [SPR-16571] #​21113
  • TransactionTemplate inherits equals()/hashCode() from DefaultTransactionDefinition [SPR-16572] #​21114
  • SimpleAliasRegistry registerAlias not atomic [SPR-16577] #​21119
  • URIEditor should not double escape classpath: URIs [SPR-16581] #​21123
  • RestTemplate with HttpComponentsClientHttpRequestFactory and no buffering with an interceptor throws UnsupportedOperationException [SPR-16582] #​21124
  • Inconsistent handling of null values through Java 8 accessors in ConcurrentReferenceHashMap [SPR-16584] #​21126
  • AcceptHeaderLocaleResolver chooses wrong Locale for language match [SPR-16599] #​21140
  • CallMetaDataContext.reconcileParameters doesn't catch output parameters with DatabaseMetaData.procedureColumnResult type (on Postgres) [SPR-16611] #​21152
  • Consistent thread-safe iteration in DefaultSingletonBeanRegistry [SPR-16620] #​21161
  • FactoryBeanRegistrySupport atomicity issues [SPR-16625] #​21166
  • Address race condition within spring that causes about-to-be-created-bean exceptions [SPR-16627] #​21168
  • An error occurs if a blank character exists before and after the delimiter of the MIME type parameter. [SPR-16630] #​21171
  • Multipart Upload with Commons Fileupload on lazy mode downloads data on cleanup [SPR-16640] #​21181
  • Concurrent result may be missed due to a race condition in MockMvc [SPR-16648] #​21189
  • ServletUriComponentsBuilder should replace context path when X-Forwarded-Prefix is present [SPR-16650] #​21191
  • Annotation lookup on parameter in inner class constructor fails when using javac from JDK versions prior to 9 [SPR-16652] #​21193
  • UriComponentsBuilder Forwarded header parsing can throw java.lang.NumberFormatException [SPR-16660] #​21201
  • NamedParameterUtils.parseSqlStatement should parse :{x} style parameter correctly [SPR-16663] #​21204
  • Unable to bind a null value for UUID column with PostgreSQL [SPR-16669] #​21210
  • SimpleMailMessage's handling of to/cc/bcc arrays is inconsistent [SPR-16671] #​21212
  • DefaultResponseErrorHandler wastes the body of a response with an unknown status [SPR-16604] #​21145
  • Race condition in ConcurrentMapCache [SPR-16533] #​21076

📔 Documentation

  • Incorrect description for class-level @Transactional with AspectJ [SPR-16552] #​21095
  • Doc: @Scope not inherited from base class [SPR-16602] #​21143

v4.3.14.RELEASE: 4.3.14 Release

Compare Source

⭐ New Features

  • Reduce access on user in SimpleBrokerMessageHandler.handleMessageInternal [SPR-16264] #​20811
  • config.enableSimpleBroker("/topic", "/queue"); Should be config.enableSimpleBroker("/topic", "queue"); [SPR-16275] #​20822
  • Allow to inject enum with package visibility [SPR-16284] #​20831
  • Improve performance of some string operations [SPR-16293] #​20840
  • ComponentScanBeanDefinitionParser::parseTypeFilters should not fail on ClassNotFoundException [SPR-16356] #​20903
  • Use ArrayList instead of LinkedList for known size [SPR-16378] #​20924

🪲 Bug Fixes

  • Error in RestTemplate when setting the same HTTP header through ClientHttpRequestInterceptor and HttpEntity [SPR-15066] #​19632
  • Combining @Retryable and @Scheduled/@JmsListener doesn't work [SPR-16196] #​20744
  • Exception when receiving Long collection in MessageMapping [SPR-16252] #​20799
  • NPE in FunctionReference due to race condition in SpelExpression.getValue() [SPR-16255] #​20802
  • spring-web CORS requires X-Forwarded-Port [SPR-16262] #​20809
  • Stomp Broker Relay may ignore configured destination prefixes [SPR-16265] #​20812
  • Embedded cglib 3.2.5 not closing input streams that read class files [SPR-16267] #​20814
  • BeanUtils.isSimpleValueType() returns false for enums overriding a method [SPR-16278] #​20825
  • Unnecessary file system access in SimpleMetadataReaderFactory.getMetadataReader [SPR-16281] #​20828
  • Ambiguous mapping error when using generic interface [SPR-16288] #​20835
  • Programmatic creation of caching proxies using CacheProxyFactoryBean does not work [SPR-16295] #​20842
  • Access-Control-Allow-Origin header returns wrong value using SockJS [SPR-16304] #​20851
  • Large transaction timeout value (Integer.MAX_VALUE for example) results in transaction expiring immediately after starting. [SPR-16316] #​20863
  • @JmsListener concurrency property is ignored if DefaultJmsListenerContainerFactory#concurrency is set [SPR-16338] #​20885
  • JMS Producers are cached even when the destination is a temporary queue causing a memory leak [SPR-16353] #​20900
  • TestExecutionListener class not found logged at INFO [SPR-16369] #​20916
  • EclipseLink does not log SQL parameters when using showSql [SPR-16383] #​20929
  • RestTemplate.ResponseEntityResponseExtractor doesn't tolerate unknown status codes [SPR-16371] #​20918
  • MockClientHttpResponse should not return null body [SPR-16367] #​20914
  • Null path after UriComponents.normalize() results in NullPointerException [SPR-16364] #​20911

📔 Documentation

  • Incorrect SpEL syntax in reference documentation [SPR-16315] #​20862

v4.3.13.RELEASE: 4.3.13 Release

Compare Source

⭐ New Features

  • Prevent WebSocket buffer overflow through application-level flow control [SPR-16089] #​20638
  • SchedulingConfigurer and JmsListenerConfigurer should respect @Order [SPR-16090] #​20639
  • Avoid temporary String creation in StringUtils.starts/endsWithIgnoreCase [SPR-16095] #​20644
  • Make JpaVendorAdapters JTA-aware (in particular for Hibernate 5.1/5.2) [SPR-16162] #​20710
  • Reduce access on headers for STOMP messaging [SPR-16165] #​20713
  • spring-jdbc : Improve memory allocations when substituting named parameters. [SPR-16170] #​20718

🪲 Bug Fixes

  • Checkbox/RadioButton incorrectly converts collections of enums with a custom converter [SPR-16082] #​20631
  • @ModelAttribute binding defined globally for particular attribute rather than per method invocation [SPR-16083] #​20632
  • WebSphereUowTransactionManager swallows original exception when commit fails for another reason [SPR-16102] #​20650
  • Incorrectly identify bridged method on interface [SPR-16103] #​20651
  • PathMatchingResourcePatternResolver returns duplicate resources when using classpath* prefix [SPR-16117] #​20665
  • SpEL method invocation with varargs on proxy [SPR-16122] #​20670
  • AbstractRequestExpectationManager fails with "Expectations already declared" when ResponseCreator.createResponse throws an exception [SPR-16132] #​20680
  • MockHttpServletRequest with Host: set builds wrong getRequestURL() [SPR-16138] #​20686
  • ClassPathResource.createRelative is using wrong ClassPathResource constructor for the returned resource [SPR-16146] #​20694
  • Early ApplicationContext close call may lead to ApplicationEventMulticaster/LifecycleProcessor access exception [SPR-16149] #​20697
  • When using NamedParameterJdbcTemplate, NVARCHAR or NCLOB(4000 characters or less) columns are not properly populated since StatementCreatorUtils does setString for these types instead of setNString. [SPR-16154] #​20702
  • MockHttpServletResponse.getDateHeader fails with NPE for non-existing header [SPR-16160] #​20708
  • NumberFormatException caused by property paths from JSR-303 based validation with no index into a collection [SPR-16177] #​20725
  • Wrong byte code for compiled SpEL when JDK proxy method invocation is used [SPR-16191] #​20739
  • DefaultResponseErrorHandler.hasError doesn't tolerate unknown status codes [SPR-16108] #​20656
  • setArguments(null) on MethodInvoker no longer coerces null to Object[0] [SPR-16075] [#​20624](https://togithub.com/spring-projects/spring-framework/issu

@mend-local-app mend-local-app bot added the security fix Security fix generated by Mend label Feb 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by Mend
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants