Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency org.springframework:spring-web to v4.3.26.RELEASE - autoclosed #45

Conversation

mend-local-app[bot]
Copy link

@mend-local-app mend-local-app bot commented Jun 3, 2023

This PR contains the following updates:

Package Type Update Change
org.springframework:spring-web compile minor 4.2.1.RELEASE -> 4.3.26.RELEASE

By merging this PR, the issue #25 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
High High 9.8 CVE-2016-1000027
High High 8.6 CVE-2015-5211
High High 7.5 CVE-2018-15756
Medium Medium 5.9 CVE-2018-11039

Release Notes

spring-projects/spring-framework (org.springframework:spring-web)

v4.3.26.RELEASE

Compare Source

⭐ New Features

  • Avoid substring allocation in StringUtils.replace #​24026
  • Support for new MySQL 8 error code 3572 #​23975

🪲 Bug Fixes

  • Unsafe double-checked locking in SpelExpression#compileExpression #​24308
  • Allow schemaZip Gradle task to execute on MS Windows #​23989
  • AbstractRequestLoggingFilter.isIncludeHeaders() declared as protected #​23814
  • Bean definition override leads to NPE due to inconsistent equality check #​23711
  • Fix DefaultListableBeanFactory#copyConfigurationFrom #​23710

📔 Documentation

  • TypeDescriptor#getElementTypeDescriptor does not throw IllegalStateException anymore #​24001

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v4.3.25.RELEASE

Compare Source

⭐ New Features

  • Javadoc missing on some public BeanDefinitionParserDelegate methods #​23399
  • Avoid expensive assertions in web resource resolution #​22965

🪲 Bug Fixes

  • Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #​23397
  • MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #​23387
  • FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #​23246
  • Fix ScriptUtils for MS Windows line ending #​23026

📔 Documentation

  • Improve documentation for @Autowired constructors #​23308
  • Document that Ordered is not supported for @ControllerAdvice beans #​23174
  • spring-mvc.xsd stale-if-error attribute documentation incorrect #​23001
  • AbstractBeanDefinition.getBeanClass() javadoc misleads about returning null #​22967

v4.3.24.RELEASE

Compare Source

⭐ New Features

  • Avoid expensive assertions in HttpRange #​22746

🪲 Bug Fixes

  • Consistent handling of empty List entries in LinkedMultiValueMap #​22913
  • EL1072E when evaluating compiled comparison expression #​22879
  • ResourceUrlEncodingFilter throws StringIndexOutOfBoundsException when %ED%B6 is in the URL path #​22863
  • Jackson2ObjectMapperBuilder prevents the registration of multiple modules with a null typeId #​22763

v4.3.23.RELEASE

Compare Source

⭐ New Features

  • ResourceUrlEncodingFilter versioning breaks when URL contains fragment [SPR-17535] #​22552
  • Revisit XML schema handling for consistent local vs external resolution #​22530
  • JdbcTemplate.extractOutputParameters should preserve order of parameters #​22494
  • HandlerInterceptorAdapter should honor ordering #​22434
  • Avoid duplicate call to findAnnotations in DefaultListableBeanFactory.findAnnotationOnBean #​22356

🪲 Bug Fixes

  • Avoid duplicate registration of @ControllerAdvice implementing both RequestBodyAdvice and ResponseBodyAdvice #​22686
  • Jackson2ObjectMapperBuilder's modulesToInstall function does not eventually override the default configuration #​22624
  • Events extending from PayloadApplicationEvent and implementing an interface fail to match @EventListener argument #​22471
  • DefaultConversionService fails to properly convert an Object[] to a int[] #​22415
  • @Transactional beans not getting proxied when being initialized during failed circular reference attempt #​22376
  • ApplicationListenerMethodAdapter does not find @Ordered annotation for dynamic proxies #​22352
  • RestTemplate adds duplicate accept header information #​22320

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v4.3.22.RELEASE: 4.3.22 Release

Compare Source

🪲 Bug Fixes

  • 'default-lazy-init' attribute is not processed when XSD validation is disabled [SPR-8335] #​12983
  • Spring JavaMailSenderImpl does not show proper message when recipient list is empty [SPR-17540] #​22072
  • Potential resource leak in DataSourceUtils.doGetConnection [SPR-17559] #​22091
  • SpEL, error parsing big InlineMap [SPR-17605] #​22137
  • @Value Optional<...> field injection fails in case of registered ConversionService [SPR-17607] #​22139
  • Cannot convert from Collection to RegularEnumSet [SPR-17619] #​22151

📔 Documentation

  • Error in reference documentation sentence in part 1.8.1. Customizing Beans by Using a BeanPostProcessor [SPR-17556] #​22088
  • Typo in SpEL Evaluation Context Sample [SPR-17581] #​22113

v4.3.21.RELEASE: 4.3.21 Release

Compare Source

⭐ New Features

  • SpringFactoriesLoader should tolerate whitespace [SPR-17413] #​21946
  • Expose mapped handler as request attribute in spring-webmvc [SPR-17518] #​22050

🪲 Bug Fixes

  • ExceptionHandlerExceptionResolver started to log on WARN level [SPR-17383] #​21916
  • MethodValidationPostProcessor still validates FactoryBean methods on CGLIB proxies [SPR-17386] #​21919
  • Spring logs a nasty looking stack trace for unhandled classpath URL [SPR-17417] #​21950
  • ResourceUrlEncodingFilter does not work with HttpServletRequestWrapper [SPR-17421] #​21954
  • RestTemplate does not throw exception for custom error codes [SPR-17439] #​21971
  • NamedParameterJdbcTemplate batchUpdate returns an array of size 1 when the batchArgs passed is an empty array [SPR-17476] #​22008
  • FastByteArrayInputStream.read() wrong return value [SPR-17492] #​22024
  • Reserializing a lenient fallback DefaultListableBeanFactory causes an error [SPR-17508] #​22040
  • getBeanNamesForType(ResolvableType) doesn't work for raw singleton instance from @Bean method with generic return type [SPR-17524] #​22056

📔 Documentation

  • Misleading alias definition example in reference documentation, part 1.3.1 [SPR-17536] #​22068

v4.3.20.RELEASE: 4.3.20 Release

Compare Source

⭐ New Features

  • Support for removeHeader in MockHttpServletRequest [SPR-17295] #​21828
  • Sanity checks for HTTP range requests [SPR-17318] #​21851

🪲 Bug Fixes

  • HTTP 404 for static resources with last modified = 0L (breaks Docker images build with Jib) [SPR-17320] #​21853
  • MockAsyncContext not found. Did request wrapper not delegate startAsync? [SPR-17353] #​21887
  • MethodValidationPostProcessor validates FactoryBean methods for which validation is not applicable [SPR-17374] #​21907

📔 Documentation

  • Typo on ServletUriComponentsBuilder javadoc comments [SPR-17255] #​21788
  • Javadoc for BufferingClientHttpRequestFactory is missing the end of a sentence [SPR-17261] #​21794
  • Misleading description in Autowired javadoc [SPR-17299] #​21832

v4.3.19.RELEASE: 4.3.19 Release

Compare Source

⭐ New Features

  • Consistent warn logging for handled exceptions [SPR-17178] #​21714
  • Support both filters and views in AbstractJackson2HttpMessageConverter [SPR-17209] #​21742

🪲 Bug Fixes

  • AbstractJackson2HttpMessageConverter incorrectly logs at WARN level after upgrading to Jackson 2.9 [SPR-16947] #​21486
  • ConcurrentReferenceHashMap does not enforce visibility of cached EntrySet [SPR-16994] #​21532
  • Map injection fails to find bean produced with @Bean when additional method with same name exists [SPR-16999] #​21537
  • AOP and use of redirect view can lead to unbounded caching in AbstractAutoProxyCreator [SPR-17045] #​21583
  • Classification of ClassCastExceptions doesn't work in JDK 11 (OpenJDK) [SPR-17093] #​21630
  • SchedulerAccessor needs to catch primary key violation on reschedule (due to Quartz race condition) [SPR-17114] #​21651
  • CheckboxTag incorrectly processing hidden field through RequestDataValueProcessor [SPR-17147] #​21684
  • @Scheduled task runs twice on bean with target-class scoped proxy (when injected) [SPR-17166] #​21702
  • SimpleAliasRegistry.hasAlias does not properly resolve multiple chained aliases [SPR-17191] #​21726
  • Compiled elvis operator does not work correctly when default value is a complex expression [SPR-17214] #​21747
  • EL1072 when evaluating compiled expression using method SpelExpression.getValue(Object rootObject, Class expectedResultType) [SPR-17229] #​21762

📔 Documentation

  • Doc: AsyncConfigurer causes dependencies to be created early [SPR-16945] #​21484
  • Update documentation references to Number/Currency/PercentStyleFormatter [SPR-17022] #​21560
  • Incorrect Class reference in documentation [SPR-17042] #​21580
  • Revise BeanFactory vs ApplicationContext section in reference docs [SPR-17095] #​21632
  • Removed Jackson view property "renderedAttributes" still mentioned in Spring Framework docs [SPR-17182] #​21718

v4.3.18.RELEASE: 4.3.18 Release

Compare Source

⭐ New Features

  • Deprecate JSONP support and update MappingJackson2JsonView defaults [SPR-16798] #​21338
  • Restrict allowed HTTP methods in HiddenHttpMethodFilter [SPR-16836] #​21376
  • ReflectivePropertyAccessor should cache sorted methods [SPR-16882] #​21421

🪲 Bug Fixes

  • Process cannot exit when the SchedulerFactoryBean fails to initialize [SPR-16816] #​21356
  • Connection acquired while calling a stored procedure via JPA is not released [SPR-16826] #​21366
  • AbstractRequestLoggingFilter.isIncludeHeaders() is accidentally public [SPR-16881] #​21420
  • Fix faulty BeanPostProcessorChecker logs with @EnableCaching [SPR-16896] #​21435
  • AbstractMethodMessageHandler does not rethrow Errors [SPR-16912] #​21451

📔 Documentation

  • Incorrect Java Syntax in Spring Framework Documentation [SPR-16811] #​21351
  • Document JUnit Jupiter options in Spring 4.3.x [SPR-16446] #​20991

v4.3.17.RELEASE: 4.3.17 Release

Compare Source

⭐ New Features

  • Proper exception for controller method return types that do not work with MvcUriComponentsBuilder (e.g. final classes) [SPR-16710] #​21251
  • Revise cache safety check to avoid performance regression in EAR packaged applications on WildFly [SPR-16714] #​21255
  • Revise JCA MessageEndpoint exception logging and propagation [SPR-16717] #​21258
  • Flag misguided evaluation attempts in OperatorMatches [SPR-16731] #​21272
  • Expose configuration options for "selector" header [SPR-16732] #​21273
  • Validate contextPath in RedirectView [SPR-16752] #​21293

🪲 Bug Fixes

  • SpringFailOnTimeout loses original exception when triggering timeout in finally block [SPR-16716] #​21257
  • Inconsistent getTypeForFactoryMethod results for parameterized factory method [SPR-16720] #​21261
  • Generic constructor argument (e.g. ObjectProvider) fails to resolve for inner class [SPR-16734] #​21275
  • AnnotationAwareOrderComparator uses Order instead of Priority for DecoratingProxy [SPR-16739] #​21280
  • Exception swallowed in ResponseEntityExceptionHandler [SPR-16743] #​21284
  • ConfigurationClassBeanDefinitionReader registers duplicate BeanDefinition for nested scoped component [SPR-16756] #​21297
  • Misleading error message when evaluating T operator [SPR-16762] #​21303
  • NPE in SimpleClient-HttpURLConnection with errorstream-buffering [SPR-16773] #​21313
  • Singleton from a FactoryBean may be post-processed twice if the first post-processing triggers a second attempt to get the bean [SPR-16783] #​21323

v4.3.16.RELEASE: 4.3.16 Release

Compare Source

🪲 Bug Fixes

  • EL1072E when evaluating compiled null-safe expression [SPR-16489] #​21032
  • ClassCastException in TestDispatcherServlet [SPR-16695] #​21236

v4.3.15.RELEASE: 4.3.15 Release

Compare Source

⭐ New Features

  • Spring Websockets Broker relay supporting a cluster of STOMP endpoint addresses [SPR-12452] #​17057
  • Quartz Scheduler - configurable SchedulerFactory [SPR-16439] #​20985
  • Avoid String concatenation for not-null assertion in BeanProperty/DirectFieldBindingResult [SPR-16455] #​21000
  • AcceptHeaderLocaleResolver should match country locales against supported language locales [SPR-16457] #​21002
  • Support for ResolvableType.getType().getTypeName() on Java 8 [SPR-16535] #​21078
  • Consistent incrementer arrangement for PostgreSQL, DB2 and SAP HANA [SPR-16558] #​21101
  • MockMvcResultMatchers.jsonPath(String).value() should have a matching method to declare the expected type [SPR-16587] #​21129
  • Support for SimpleEvaluationContext in SpEL [SPR-16588] #​21130
  • Consistent volatile access to running flag in Lifecycle implementations [SPR-16596] #​21137
  • When @DependsOn throws a NoSuchBeanDefinitionException it should include the dependent bean for clarity [SPR-16628] #​21169
  • Generate multipart boundary using SecureRandom [SPR-16635] #​21176
  • Reduce ClassUtils.forName overhead (in particular for annotation introspection purposes) [SPR-16667] #​21208
  • Add cpp to mime.types as text/plain [SPR-16678] #​21219

🪲 Bug Fixes

  • Precondition failed for PUT methods on ResponseEntity return types [SPR-15780] #​20335
  • SubProtocolWebSocketHandler should not log ERROR on "No messages received after ..." [SPR-16409] #​20955
  • ServletServerHttpRequest.getURI() may throw a java.net.URISyntaxException [SPR-16414] #​20960
  • AbstractClientSockJsSession.close call does not propagate IOException from disconnect [SPR-16415] #​20961
  • Spurious WARNINGs when XML declared TransactionProxyFactoryBean's target bean depends on an annotation declared bean that depends on another bean [SPR-16427] #​20973
  • Lambda error detection might not work on JDK 9 [SPR-16435] #​20981
  • CachingConnectionFactory - Invalid session in session cache [SPR-16450] #​20995
  • MockMvcRequestBuilder does not decode pathInfo [SPR-16453] #​20998
  • MimeType compareTo implementation is not compatible with equals [SPR-16458] #​21003
  • GSON converter only serialises fields of controller method return type, ignoring subclass fields of response object [SPR-16461] #​21006
  • SimpleJdbcCall can't access synonyms in Oracle database [SPR-16478] #​21022
  • Set thread interrupt flag on InterruptedException [SPR-16479] #​21023
  • JsonMappingException when trying to instantiate org.springframework.messaging.Message [SPR-16486] #​21029
  • Deadlock in SubProtocolWebSocketHandler on shutdown with Undertow [SPR-16488] #​21031
  • NPE in Spring-JDBC with Oracle and SimpleJdbcInsert [SPR-16495] #​21038
  • ExceptionHandlerExceptionResolver advice applicability check may fail against interface-based controller proxy [SPR-16496] #​21039
  • FormTag renders empty
    tag [SPR-16498] #​21041
  • ForwardedHeaderFilter garbles query params during sendRedirect() [SPR-16506] #​21049
  • StringIndexOutOfBoundsException when rewriting links in CSS resources [SPR-16526] #​21069
  • Spurious ERROR-level logging when using SSEEmitter [SPR-16528] #​21071
  • GsonHttpMessageConverter cannot be used in an SseEmitter because it closes the response stream [SPR-16529] #​21072
  • testBindInstantFromJavaUtilDate fails on systems in the Pacific/Auckland time zone [SPR-16534] #​21077
  • WebApplicationContextFacesELResolver#isReadOnly always return false [SPR-16543] #​21086
  • PostgresTableMetaDataProvider.isGetGeneratedKeysSimulated() does not detect Postgres 10 [SPR-16556] #​21099
  • Missing PersistenceException cause message in refresh failure warn log [SPR-16559] #​21102
  • Reading annotations in ConfigurationClassParser does not fall back to ASM on Google App Engine [SPR-16564] #​21106
  • Inconsistent synchronization in AbstractBeanFactoryBasedTargetSource and JdbcAccessor [SPR-16570] #​21112
  • WebAsyncManager concurrentResult should be volatile [SPR-16571] #​21113
  • TransactionTemplate inherits equals()/hashCode() from DefaultTransactionDefinition [SPR-16572] #​21114
  • SimpleAliasRegistry registerAlias not atomic [SPR-16577] #​21119
  • URIEditor should not double escape classpath: URIs [SPR-16581] #​21123
  • RestTemplate with HttpComponentsClientHttpRequestFactory and no buffering with an interceptor throws UnsupportedOperationException [SPR-16582] #​21124
  • Inconsistent handling of null values through Java 8 accessors in ConcurrentReferenceHashMap [SPR-16584] #​21126
  • AcceptHeaderLocaleResolver chooses wrong Locale for language match [SPR-16599] #​21140
  • CallMetaDataContext.reconcileParameters doesn't catch output parameters with DatabaseMetaData.procedureColumnResult type (on Postgres) [SPR-16611] #​21152
  • Consistent thread-safe iteration in DefaultSingletonBeanRegistry [SPR-16620] #​21161
  • FactoryBeanRegistrySupport atomicity issues [SPR-16625] #​21166
  • Address race condition within spring that causes about-to-be-created-bean exceptions [SPR-16627] #​21168
  • An error occurs if a blank character exists before and after the delimiter of the MIME type parameter. [SPR-16630] #​21171
  • Multipart Upload with Commons Fileupload on lazy mode downloads data on cleanup [SPR-16640] #​21181
  • Concurrent result may be missed due to a race condition in MockMvc [SPR-16648] #​21189
  • ServletUriComponentsBuilder should replace context path when X-Forwarded-Prefix is present [SPR-16650] #​21191
  • Annotation lookup on parameter in inner class constructor fails when using javac from JDK versions prior to 9 [SPR-16652] #​21193
  • UriComponentsBuilder Forwarded header parsing can throw java.lang.NumberFormatException [SPR-16660] #​21201
  • NamedParameterUtils.parseSqlStatement should parse :{x} style parameter correctly [SPR-16663] #​21204
  • Unable to bind a null value for UUID column with PostgreSQL [SPR-16669] #​21210
  • SimpleMailMessage's handling of to/cc/bcc arrays is inconsistent [SPR-16671] #​21212
  • DefaultResponseErrorHandler wastes the body of a response with an unknown status [SPR-16604] #​21145
  • Race condition in ConcurrentMapCache [SPR-16533] #​21076

📔 Documentation

  • Incorrect description for class-level @Transactional with AspectJ [SPR-16552] #​21095
  • Doc: @Scope not inherited from base class [SPR-16602] #​21143

v4.3.14.RELEASE: 4.3.14 Release

Compare Source

⭐ New Features

  • Reduce access on user in SimpleBrokerMessageHandler.handleMessageInternal [SPR-16264] #​20811
  • config.enableSimpleBroker("/topic", "/queue"); Should be config.enableSimpleBroker("/topic", "queue"); [SPR-16275] #​20822
  • Allow to inject enum with package visibility [SPR-16284] #​20831
  • Improve performance of some string operations [SPR-16293] #​20840
  • ComponentScanBeanDefinitionParser::parseTypeFilters should not fail on ClassNotFoundException [SPR-16356] #​20903
  • Use ArrayList instead of LinkedList for known size [SPR-16378] #​20924

🪲 Bug Fixes

  • Error in RestTemplate when setting the same HTTP header through ClientHttpRequestInterceptor and HttpEntity [SPR-15066] #​19632
  • Combining @Retryable and @Scheduled/@JmsListener doesn't work [SPR-16196] #​20744
  • Exception when receiving Long collection in MessageMapping [SPR-16252] #​20799
  • NPE in FunctionReference due to race condition in SpelExpression.getValue() [SPR-16255] #​20802
  • spring-web CORS requires X-Forwarded-Port [SPR-16262] #​20809
  • Stomp Broker Relay may ignore configured destination prefixes [SPR-16265] #​20812
  • Embedded cglib 3.2.5 not closing input streams that read class files [SPR-16267] #​20814
  • BeanUtils.isSimpleValueType() returns false for enums overriding a method [SPR-16278] #​20825
  • Unnecessary file system access in SimpleMetadataReaderFactory.getMetadataReader [SPR-16281] #​20828
  • Ambiguous mapping error when using generic interface [SPR-16288] #​20835
  • Programmatic creation of caching proxies using CacheProxyFactoryBean does not work [SPR-16295] #​20842
  • Access-Control-Allow-Origin header returns wrong value using SockJS [SPR-16304] #​20851
  • Large transaction timeout value (Integer.MAX_VALUE for example) results in transaction expiring immediately after starting. [SPR-16316] #​20863
  • @JmsListener concurrency property is ignored if DefaultJmsListenerContainerFactory#concurrency is set [SPR-16338] #​20885
  • JMS Producers are cached even when the destination is a temporary queue causing a memory leak [SPR-16353] #​20900
  • TestExecutionListener class not found logged at INFO [SPR-16369] #​20916
  • EclipseLink does not log SQL parameters when using showSql [SPR-16383] #​20929
  • RestTemplate.ResponseEntityResponseExtractor doesn't tolerate unknown status codes [SPR-16371] #​20918
  • MockClientHttpResponse should not return null body [SPR-16367] #​20914
  • Null path after UriComponents.normalize() results in NullPointerException [SPR-16364] #​20911

📔 Documentation

  • Incorrect SpEL syntax in reference documentation [SPR-16315] #​20862

v4.3.13.RELEASE: 4.3.13 Release

Compare Source

⭐ New Features

  • Prevent WebSocket buffer overflow through application-level flow control [SPR-16089] #​20638
  • SchedulingConfigurer and JmsListenerConfigurer should respect @Order [SPR-16090] #​20639
  • Avoid temporary String creation in StringUtils.starts/endsWithIgnoreCase [SPR-16095] #​20644
  • Make JpaVendorAdapters JTA-aware (in particular for Hibernate 5.1/5.2) [SPR-16162] #​20710
  • Reduce access on headers for STOMP messaging [SPR-16165] #​20713
  • spring-jdbc : Improve memory allocations when substituting named parameters. [SPR-16170] #​20718

🪲 Bug Fixes

  • Checkbox/RadioButton incorrectly converts collections of enums with a custom converter [SPR-16082] #​20631
  • @ModelAttribute binding defined globally for particular attribute rather than per method invocation [SPR-16083] #​20632
  • WebSphereUowTransactionManager swallows original exception when commit fails for another reason [SPR-16102] #​20650
  • Incorrectly identify bridged method on interface [SPR-16103] #​20651
  • PathMatchingResourcePatternResolver returns duplicate resources when using classpath* prefix [SPR-16117] #​20665
  • SpEL method invocation with varargs on proxy [SPR-16122] #​20670
  • AbstractRequestExpectationManager fails with "Expectations already declared" when ResponseCreator.createResponse throws an exception [SPR-16132] #​20680
  • MockHttpServletRequest with Host: set builds wrong getRequestURL() [SPR-16138] #​20686
  • ClassPathResource.createRelative is using wrong ClassPathResource constructor for the returned resource [SPR-16146] #​20694
  • Early ApplicationContext close call may lead to ApplicationEventMulticaster/LifecycleProcessor access exception [SPR-16149] #​20697
  • When using NamedParameterJdbcTemplate, NVARCHAR or NCLOB(4000 characters or less) columns are not properly populated since StatementCreatorUtils does setString for these types instead of setNString. [SPR-16154] #​20702
  • MockHttpServletResponse.getDateHeader fails with NPE for non-existing header [SPR-16160] #​20708
  • NumberFormatException caused by property paths from JSR-303 based validation with no index into a collection [SPR-16177] #​20725
  • Wrong byte code for compiled SpEL when JDK proxy method invocation is used [SPR-16191] #​20739
  • DefaultResponseErrorHandler.hasError doesn't tolerate unknown status codes [SPR-16108] #​20656
  • setArguments(null) on MethodInvoker no longer coerces null to Object[0] [SPR-16075] #​20624
  • RequestMapping method returning Future with null result causes NullPointerException [SPR-16072] #​20621
  • WebAsyncManager concurrency issue with SseEmitter when client disconnect [SPR-16058] #​20607

📔 Documentation

  • Improve documentation of lite configuration mode [SPR-16076] #​20625
  • Clarify Bean destroyMethod documentation [SPR-16078] #​20627
  • Incorrect SpEL example in reference documentation [SPR-16111] #​20659
  • End of first-class JDK 6 support [SPR-16185] #​20733

v4.3.12.RELEASE: 4.3.12 Release

Compare Source

⭐ New Features

  • Add convenient method to construct ParameterizedTypeReference from Type [SPR-16054] #​20603
  • Backport s/s/m/j/o/s/m/w/MockPart.java from 5.x to 4.3.x [SPR-15854] #​20409

🪲 Bug Fixes

  • Request params Optional<List and List are inconsistent [SPR-15676] #​20235
  • java.util.Optional MultipartFile[] @RequestParam argument is null in multipart/form-data POST [SPR-15918] #​20472
  • only one MultipartFile object populated when using an java.util.Optional MutipartFile array or list @RequestParam [SPR-15919] #​20473
  • HttpEntityMethodProcessor discards headers [SPR-15952] #​20504
  • TaskExecutorRegistration.getTaskExecutor() overrides executor properties of a provided ThreadPoolTaskExecutor [SPR-15962] #​20514
  • JmsMessagingTemplate is not correctly configured [SPR-15965] #​20517
  • ChannelRegistration.setInterceptors is misnamed [SPR-15976] #​20527
  • RestTemplate doesn't consistently tolerate unknown HTTP status codes [SPR-15978] #​20529
  • PathMatchingResourcePatternResolver provides duplicate resources when using classpath* prefix combined with ant-style [SPR-15989] #​20539
  • Spring EL does not allow '\0' characters [SPR-16032] #​20581
  • sort BeanDefinitionRegistryPostProcessors added by other BeanDefinitionRegistryPostProcessors [SPR-16043] #​20592
  • SpelExpression throws NullPointerException instead of EvaluationException for primitives [SPR-16123] #​20671

v4.3.11.RELEASE: 4.3.11 Release

Compare Source

⭐ New Features

  • @Lazy collection of optional elements should not crash when no candidates are found [SPR-15858] #​20413
  • WebAsyncManager should cancel task thread on timeout [SPR-15852] #​20407
  • Consistent logging in Environment and PropertySource implementations [SPR-15825] #​20380

🪲 Bug Fixes

  • StompDecoder Logs Null Session IDs for Heartbeats [SPR-15937] #​20491
  • Error on type argument constraint validation failure [SPR-15916] #​20470
  • StringIndexOutOfBoundsException from RestTemplate.doExecute IOException handler when query string is empty [SPR-15900] #​20454
  • SimpleAsyncTaskExecutor not respect ConcurrencyThrottleSupport.NO_CONCURRENCY limit [SPR-15895] #​20449
  • Should call getNativeResponse() instead of getNativeRequest() in FrameworkServlet [SPR-15867] #​20422
  • Unable to use Hibernate Validator 4.3.2 if Bean Validation API 1.1 is on the classpath [SPR-15856] #​20411
  • SimpleApplicationEventMulticaster does not deal with lambda-defined listeners when ErrorHandler is set [SPR-15838] #​20393
  • spring-aspects should remain on AspectJ 1.8.9 by default (since aspectjrt 1.8.10 requires Java 7+) [SPR-15836] #​20391
  • Parameter values are null when making a PUT request [SPR-15828] #​20383
  • Follow-up: AbstractMethodError when calling validated method of MethodValidationPostProcessor is using a @Lazy validator [SPR-15807] #​20362
  • Logs fill with broken pipe when using SockJS [SPR-15802] #​20357
  • Invalid WARN when returning a BeanDefinitionRegistryPostProcessor from within a @Configuration class [SPR-14603] #​19172

v4.3.10.RELEASE: 4.3.10 Release

Compare Source

⭐ New Features

  • Ignore (Auto)Closeable for interface-based proxy decision [SPR-15779] #​20334
  • Bean factory method collision with configuration class name gives unclear error message [SPR-15775] #​20330
  • CustomizableTraceInterceptor should allow INVOCATION_TIME placeholder in setExceptionMessage and make stack trace logging configurable [SPR-15763] #​20318
  • LinkedCaseInsensitiveMap cannot access locale from subclass [SPR-15752] #​20307
  • ForwardedHeaderFilter should expose option for not converting relative redirects to absolute ones [SPR-15717] #​20273
  • AbstractValueAdaptingCache does not allow for flexible null value serialization [SPR-15693] #​20252
  • Fine-tune HTTP/RMI Invoker exception handling [SPR-15684] #​20243
  • Support CachingHttpAsyncClient from httpasyncclient-cache in HttpComponentsAsyncClientHttpRequestFactory [SPR-15664] #​20223
  • Cron expression validation method in CronSequenceGenerator improved [SPR-15604] #​20163
  • Upgrade to Objenesis 2.6 for Google App Engine Standard on Java 8 and for better JDK 9 support [SPR-15600] #​20159

🪲 Bug Fixes

  • UriUtils.extractFileExtension() does not properly handle all fragments [SPR-15786] #​20341
  • PropertyOrFieldReference invalidly reuses cached PropertyAccessor [SPR-15769] #​20324
  • ClassCastException during deserialization of ScopedObject [SPR-15766] #​20321
  • AbstractJackson2HttpMessageConverter throws exception if log level is ERROR [SPR-15760] #​20315
  • ReflectionTestUtils accidentally requires spring-aop on the classpath [SPR-15757] #​20312
  • MockMvc duplicates PUT Parameter value [SPR-15753] #​20308
  • JSP tags doesn't pick up JSTL-defined time zone at page level [SPR-15746] #​20302
  • JMS Integration with Tibco causes deadlock while using DefaultMessageListenerContainer [SPR-15738] #​20294
  • Memory Leak due to not pruning factoryBeanObjectCache when closing the ApplicationContext [SPR-15722] #​20278
  • WebAsyncManager is not compatible with the crosscontext mode [SPR-15709] #​20266
  • Netty4ClientHttpRequest does not include port along with host [SPR-15706] #​20263
  • @EventListener's 'condition' doesn't work as expected with proxied beans [SPR-15678] #​20237
  • SimpleRequestExpectationManager fails with sequential calls with different count [SPR-15672] #​20231

v4.3.9.RELEASE: 4.3.9 Release

Compare Source

⭐ New Features

  • ForwardedHeaderFilter should provide option to "remove" forwarded headers without using them [SPR-15610] #​20169
  • Optimize DefaultUserDestinationResolver.resolveDestination() [SPR-15602] #​20161
  • Inefficient use of keySet operators in messaging classes [SPR-15553] #​20112
  • Increase log level in ExceptionWebSocketHandlerDecorator [SPR-15537] #​20096
  • UriComponentsBuilder's fromHttpRequest uses server port as host port when handling the Forwarded header [SPR-15504] #​20063
  • Also clear SerializableTypeWrapper when ResolvableType cache is cleared [SPR-15503] #​20062
  • Defer StringHttpMessageConverter Charset.availableCharsets() call [SPR-15502] #​20061
  • Allow for HttpOnly cookie result matcher [SPR-15488] #​20048
  • Add getTargetCache to TransactionAwareCacheDecorator [SPR-15479] #​20039
  • Optimize AntPathMatcher when checking for potential matches [SPR-15477] #​20037
  • Lazily initialize Environment in GenericFilterBean (aligned with HttpServletBean) [SPR-15469] #​20029
  • Honor @Autowired(required=false) at parameter level, as an alternative to java.util.Optional [SPR-15268] #​19833

🪲 Bug Fixes

  • AbstractMethodError when calling validated method of MethodValidationPostProcessor is using a @Lazy validator [SPR-15629] #​20188
  • Poor diagnostics when Jackson cannot deserialise an application/json payload due to a missing deserialiser [SPR-15582] #​20141
  • Consistently accept "taskExecutor" bean of type Executor (as stated in @EnableAsync's javadoc) [SPR-15566] #​20125
  • LocalValidatorFactoryBean does not support unwrap for native ValidatorFactory [SPR-15561] #​20120
  • Multipart range requests leave file handles open [SPR-15559] #​20118
  • o/s/mail/javamail mime.types has duplicate image/jpeg entries [SPR-15557] #​20116
  • ResourceUtils.extractArchiveURL fails to work under Tomcat 8.0.41 with unpackWARs=false [SPR-15556] #​20115
  • o/s/mail/javamail mime.types PNG mapped to image/x-png [SPR-15546] #​20105
  • DefaultSubscriptionRegistry should prevent duplicate subscr

@mend-local-app mend-local-app bot added the security fix Security fix generated by Mend label Jun 3, 2023
@mend-local-app mend-local-app bot force-pushed the whitesource-remediate/org.springframework-spring-web-4.x branch from f991903 to 4ba8a06 Compare August 15, 2023 06:15
@mend-local-app mend-local-app bot changed the title Update dependency org.springframework:spring-web to v4.3.20.RELEASE Update dependency org.springframework:spring-web to v4.3.26.RELEASE Aug 15, 2023
@mend-local-app mend-local-app bot changed the title Update dependency org.springframework:spring-web to v4.3.26.RELEASE Update dependency org.springframework:spring-web to v4.3.26.RELEASE - autoclosed Feb 14, 2024
@mend-local-app mend-local-app bot closed this Feb 14, 2024
@mend-local-app mend-local-app bot deleted the whitesource-remediate/org.springframework-spring-web-4.x branch February 14, 2024 13:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by Mend
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants