Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency org.springframework:spring-webmvc to v4.3.15.RELEASE - autoclosed #46

Conversation

mend-local-app[bot]
Copy link

@mend-local-app mend-local-app bot commented Jun 3, 2023

This PR contains the following updates:

Package Type Update Change
org.springframework:spring-webmvc compile minor 4.2.1.RELEASE -> 4.3.15.RELEASE

By merging this PR, the issue #32 will be automatically resolved and closed:

Severity CVSS Score CVE
High High 8.6 CVE-2015-5211
High High 7.5 CVE-2016-5007
High High 7.5 CVE-2016-9878
Medium Medium 5.9 CVE-2018-1271

Release Notes

spring-projects/spring-framework

v4.3.15.RELEASE: 4.3.15 Release

Compare Source

⭐ New Features

  • Spring Websockets Broker relay supporting a cluster of STOMP endpoint addresses [SPR-12452] #​17057
  • Quartz Scheduler - configurable SchedulerFactory [SPR-16439] #​20985
  • Avoid String concatenation for not-null assertion in BeanProperty/DirectFieldBindingResult [SPR-16455] #​21000
  • AcceptHeaderLocaleResolver should match country locales against supported language locales [SPR-16457] #​21002
  • Support for ResolvableType.getType().getTypeName() on Java 8 [SPR-16535] #​21078
  • Consistent incrementer arrangement for PostgreSQL, DB2 and SAP HANA [SPR-16558] #​21101
  • MockMvcResultMatchers.jsonPath(String).value() should have a matching method to declare the expected type [SPR-16587] #​21129
  • Support for SimpleEvaluationContext in SpEL [SPR-16588] #​21130
  • Consistent volatile access to running flag in Lifecycle implementations [SPR-16596] #​21137
  • When @DependsOn throws a NoSuchBeanDefinitionException it should include the dependent bean for clarity [SPR-16628] #​21169
  • Generate multipart boundary using SecureRandom [SPR-16635] #​21176
  • Reduce ClassUtils.forName overhead (in particular for annotation introspection purposes) [SPR-16667] #​21208
  • Add cpp to mime.types as text/plain [SPR-16678] #​21219

🪲 Bug Fixes

  • Precondition failed for PUT methods on ResponseEntity return types [SPR-15780] #​20335
  • SubProtocolWebSocketHandler should not log ERROR on "No messages received after ..." [SPR-16409] #​20955
  • ServletServerHttpRequest.getURI() may throw a java.net.URISyntaxException [SPR-16414] #​20960
  • AbstractClientSockJsSession.close call does not propagate IOException from disconnect [SPR-16415] #​20961
  • Spurious WARNINGs when XML declared TransactionProxyFactoryBean's target bean depends on an annotation declared bean that depends on another bean [SPR-16427] #​20973
  • Lambda error detection might not work on JDK 9 [SPR-16435] #​20981
  • CachingConnectionFactory - Invalid session in session cache [SPR-16450] #​20995
  • MockMvcRequestBuilder does not decode pathInfo [SPR-16453] #​20998
  • MimeType compareTo implementation is not compatible with equals [SPR-16458] #​21003
  • GSON converter only serialises fields of controller method return type, ignoring subclass fields of response object [SPR-16461] #​21006
  • SimpleJdbcCall can't access synonyms in Oracle database [SPR-16478] #​21022
  • Set thread interrupt flag on InterruptedException [SPR-16479] #​21023
  • JsonMappingException when trying to instantiate org.springframework.messaging.Message [SPR-16486] #​21029
  • Deadlock in SubProtocolWebSocketHandler on shutdown with Undertow [SPR-16488] #​21031
  • NPE in Spring-JDBC with Oracle and SimpleJdbcInsert [SPR-16495] #​21038
  • ExceptionHandlerExceptionResolver advice applicability check may fail against interface-based controller proxy [SPR-16496] #​21039
  • FormTag renders empty
    tag [SPR-16498] #​21041
  • ForwardedHeaderFilter garbles query params during sendRedirect() [SPR-16506] #​21049
  • StringIndexOutOfBoundsException when rewriting links in CSS resources [SPR-16526] #​21069
  • Spurious ERROR-level logging when using SSEEmitter [SPR-16528] #​21071
  • GsonHttpMessageConverter cannot be used in an SseEmitter because it closes the response stream [SPR-16529] #​21072
  • testBindInstantFromJavaUtilDate fails on systems in the Pacific/Auckland time zone [SPR-16534] #​21077
  • WebApplicationContextFacesELResolver#isReadOnly always return false [SPR-16543] #​21086
  • PostgresTableMetaDataProvider.isGetGeneratedKeysSimulated() does not detect Postgres 10 [SPR-16556] #​21099
  • Missing PersistenceException cause message in refresh failure warn log [SPR-16559] #​21102
  • Reading annotations in ConfigurationClassParser does not fall back to ASM on Google App Engine [SPR-16564] #​21106
  • Inconsistent synchronization in AbstractBeanFactoryBasedTargetSource and JdbcAccessor [SPR-16570] #​21112
  • WebAsyncManager concurrentResult should be volatile [SPR-16571] #​21113
  • TransactionTemplate inherits equals()/hashCode() from DefaultTransactionDefinition [SPR-16572] #​21114
  • SimpleAliasRegistry registerAlias not atomic [SPR-16577] #​21119
  • URIEditor should not double escape classpath: URIs [SPR-16581] #​21123
  • RestTemplate with HttpComponentsClientHttpRequestFactory and no buffering with an interceptor throws UnsupportedOperationException [SPR-16582] #​21124
  • Inconsistent handling of null values through Java 8 accessors in ConcurrentReferenceHashMap [SPR-16584] #​21126
  • AcceptHeaderLocaleResolver chooses wrong Locale for language match [SPR-16599] #​21140
  • CallMetaDataContext.reconcileParameters doesn't catch output parameters with DatabaseMetaData.procedureColumnResult type (on Postgres) [SPR-16611] #​21152
  • Consistent thread-safe iteration in DefaultSingletonBeanRegistry [SPR-16620] #​21161
  • FactoryBeanRegistrySupport atomicity issues [SPR-16625] #​21166
  • Address race condition within spring that causes about-to-be-created-bean exceptions [SPR-16627] #​21168
  • An error occurs if a blank character exists before and after the delimiter of the MIME type parameter. [SPR-16630] #​21171
  • Multipart Upload with Commons Fileupload on lazy mode downloads data on cleanup [SPR-16640] #​21181
  • Concurrent result may be missed due to a race condition in MockMvc [SPR-16648] #​21189
  • ServletUriComponentsBuilder should replace context path when X-Forwarded-Prefix is present [SPR-16650] #​21191
  • Annotation lookup on parameter in inner class constructor fails when using javac from JDK versions prior to 9 [SPR-16652] #​21193
  • UriComponentsBuilder Forwarded header parsing can throw java.lang.NumberFormatException [SPR-16660] #​21201
  • NamedParameterUtils.parseSqlStatement should parse :{x} style parameter correctly [SPR-16663] #​21204
  • Unable to bind a null value for UUID column with PostgreSQL [SPR-16669] #​21210
  • SimpleMailMessage's handling of to/cc/bcc arrays is inconsistent [SPR-16671] #​21212
  • DefaultResponseErrorHandler wastes the body of a response with an unknown status [SPR-16604] #​21145
  • Race condition in ConcurrentMapCache [SPR-16533] #​21076

📔 Documentation

  • Incorrect description for class-level @Transactional with AspectJ [SPR-16552] #​21095
  • Doc: @Scope not inherited from base class [SPR-16602] #​21143

v4.3.14.RELEASE: 4.3.14 Release

Compare Source

⭐ New Features

  • Reduce access on user in SimpleBrokerMessageHandler.handleMessageInternal [SPR-16264] #​20811
  • config.enableSimpleBroker("/topic", "/queue"); Should be config.enableSimpleBroker("/topic", "queue"); [SPR-16275] #​20822
  • Allow to inject enum with package visibility [SPR-16284] #​20831
  • Improve performance of some string operations [SPR-16293] #​20840
  • ComponentScanBeanDefinitionParser::parseTypeFilters should not fail on ClassNotFoundException [SPR-16356] #​20903
  • Use ArrayList instead of LinkedList for known size [SPR-16378] #​20924

🪲 Bug Fixes

  • Error in RestTemplate when setting the same HTTP header through ClientHttpRequestInterceptor and HttpEntity [SPR-15066] #​19632
  • Combining @Retryable and @Scheduled/@JmsListener doesn't work [SPR-16196] #​20744
  • Exception when receiving Long collection in MessageMapping [SPR-16252] #​20799
  • NPE in FunctionReference due to race condition in SpelExpression.getValue() [SPR-16255] #​20802
  • spring-web CORS requires X-Forwarded-Port [SPR-16262] #​20809
  • Stomp Broker Relay may ignore configured destination prefixes [SPR-16265] #​20812
  • Embedded cglib 3.2.5 not closing input streams that read class files [SPR-16267] #​20814
  • BeanUtils.isSimpleValueType() returns false for enums overriding a method [SPR-16278] #​20825
  • Unnecessary file system access in SimpleMetadataReaderFactory.getMetadataReader [SPR-16281] #​20828
  • Ambiguous mapping error when using generic interface [SPR-16288] #​20835
  • Programmatic creation of caching proxies using CacheProxyFactoryBean does not work [SPR-16295] #​20842
  • Access-Control-Allow-Origin header returns wrong value using SockJS [SPR-16304] #​20851
  • Large transaction timeout value (Integer.MAX_VALUE for example) results in transaction expiring immediately after starting. [SPR-16316] #​20863
  • @JmsListener concurrency property is ignored if DefaultJmsListenerContainerFactory#concurrency is set [SPR-16338] #​20885
  • JMS Producers are cached even when the destination is a temporary queue causing a memory leak [SPR-16353] #​20900
  • TestExecutionListener class not found logged at INFO [SPR-16369] #​20916
  • EclipseLink does not log SQL parameters when using showSql [SPR-16383] #​20929
  • RestTemplate.ResponseEntityResponseExtractor doesn't tolerate unknown status codes [SPR-16371] #​20918
  • MockClientHttpResponse should not return null body [SPR-16367] #​20914
  • Null path after UriComponents.normalize() results in NullPointerException [SPR-16364] #​20911

📔 Documentation

  • Incorrect SpEL syntax in reference documentation [SPR-16315] #​20862

v4.3.13.RELEASE: 4.3.13 Release

Compare Source

⭐ New Features

  • Prevent WebSocket buffer overflow through application-level flow control [SPR-16089] #​20638
  • SchedulingConfigurer and JmsListenerConfigurer should respect @Order [SPR-16090] #​20639
  • Avoid temporary String creation in StringUtils.starts/endsWithIgnoreCase [SPR-16095] #​20644
  • Make JpaVendorAdapters JTA-aware (in particular for Hibernate 5.1/5.2) [SPR-16162] #​20710
  • Reduce access on headers for STOMP messaging [SPR-16165] #​20713
  • spring-jdbc : Improve memory allocations when substituting named parameters. [SPR-16170] #​20718

🪲 Bug Fixes

  • Checkbox/RadioButton incorrectly converts collections of enums with a custom converter [SPR-16082] #​20631
  • @ModelAttribute binding defined globally for particular attribute rather than per method invocation [SPR-16083] #​20632
  • WebSphereUowTransactionManager swallows original exception when commit fails for another reason [SPR-16102] #​20650
  • Incorrectly identify bridged method on interface [SPR-16103] #​20651
  • PathMatchingResourcePatternResolver returns duplicate resources when using classpath* prefix [SPR-16117] #​20665
  • SpEL method invocation with varargs on proxy [SPR-16122] #​20670
  • AbstractRequestExpectationManager fails with "Expectations already declared" when ResponseCreator.createResponse throws an exception [SPR-16132] #​20680
  • MockHttpServletRequest with Host: set builds wrong getRequestURL() [SPR-16138] #​20686
  • ClassPathResource.createRelative is using wrong ClassPathResource constructor for the returned resource [SPR-16146] #​20694
  • Early ApplicationContext close call may lead to ApplicationEventMulticaster/LifecycleProcessor access exception [SPR-16149] #​20697
  • When using NamedParameterJdbcTemplate, NVARCHAR or NCLOB(4000 characters or less) columns are not properly populated since StatementCreatorUtils does setString for these types instead of setNString. [SPR-16154] #​20702
  • MockHttpServletResponse.getDateHeader fails with NPE for non-existing header [SPR-16160] #​20708
  • NumberFormatException caused by property paths from JSR-303 based validation with no index into a collection [SPR-16177] #​20725
  • Wrong byte code for compiled SpEL when JDK proxy method invocation is used [SPR-16191] #​20739
  • DefaultResponseErrorHandler.hasError doesn't tolerate unknown status codes [SPR-16108] #​20656
  • setArguments(null) on MethodInvoker no longer coerces null to Object[0] [SPR-16075] #​20624
  • RequestMapping method returning Future with null result causes NullPointerException [SPR-16072] #​20621
  • WebAsyncManager concurrency issue with SseEmitter when client disconnect [SPR-16058] #​20607

📔 Documentation

  • Improve documentation of lite configuration mode [SPR-16076] #​20625
  • Clarify Bean destroyMethod documentation [SPR-16078] #​20627
  • Incorrect SpEL example in reference documentation [SPR-16111] #​20659
  • End of first-class JDK 6 support [SPR-16185] #​20733

v4.3.12.RELEASE: 4.3.12 Release

Compare Source

⭐ New Features

  • Add convenient method to construct ParameterizedTypeReference from Type [SPR-16054] #​20603
  • Backport s/s/m/j/o/s/m/w/MockPart.java from 5.x to 4.3.x [SPR-15854] #​20409

🪲 Bug Fixes

  • Request params Optional<List and List are inconsistent [SPR-15676] #​20235
  • java.util.Optional MultipartFile[] @RequestParam argument is null in multipart/form-data POST [SPR-15918] #​20472
  • only one MultipartFile object populated when using an java.util.Optional MutipartFile array or list @RequestParam [SPR-15919] #​20473
  • HttpEntityMethodProcessor discards headers [SPR-15952] #​20504
  • TaskExecutorRegistration.getTaskExecutor() overrides executor properties of a provided ThreadPoolTaskExecutor [SPR-15962] #​20514
  • JmsMessagingTemplate is not correctly configured [SPR-15965] #​20517
  • ChannelRegistration.setInterceptors is misnamed [SPR-15976] #​20527
  • RestTemplate doesn't consistently tolerate unknown HTTP status codes [SPR-15978] #​20529
  • PathMatchingResourcePatternResolver provides duplicate resources when using classpath* prefix combined with ant-style [SPR-15989] #​20539
  • Spring EL does not allow '\0' characters [SPR-16032] #​20581
  • sort BeanDefinitionRegistryPostProcessors added by other BeanDefinitionRegistryPostProcessors [SPR-16043] #​20592
  • SpelExpression throws NullPointerException instead of EvaluationException for primitives [SPR-16123] #​20671

v4.3.11.RELEASE: 4.3.11 Release

Compare Source

⭐ New Features

  • @Lazy collection of optional elements should not crash when no candidates are found [SPR-15858] #​20413
  • WebAsyncManager should cancel task thread on timeout [SPR-15852] #​20407
  • Consistent logging in Environment and PropertySource implementations [SPR-15825] #​20380

🪲 Bug Fixes

  • StompDecoder Logs Null Session IDs for Heartbeats [SPR-15937] #​20491
  • Error on type argument constraint validation failure [SPR-15916] #​20470
  • StringIndexOutOfBoundsException from RestTemplate.doExecute IOException handler when query string is empty [SPR-15900] #​20454
  • SimpleAsyncTaskExecutor not respect ConcurrencyThrottleSupport.NO_CONCURRENCY limit [SPR-15895] #​20449
  • Should call getNativeResponse() instead of getNativeRequest() in FrameworkServlet [SPR-15867] #​20422
  • Unable to use Hibernate Validator 4.3.2 if Bean Validation API 1.1 is on the classpath [SPR-15856] #​20411
  • SimpleApplicationEventMulticaster does not deal with lambda-defined listeners when ErrorHandler is set [SPR-15838] #​20393
  • spring-aspects should remain on AspectJ 1.8.9 by default (since aspectjrt 1.8.10 requires Java 7+) [SPR-15836] #​20391
  • Parameter values are null when making a PUT request [SPR-15828] #​20383
  • Follow-up: AbstractMethodError when calling validated method of MethodValidationPostProcessor is using a @Lazy validator [SPR-15807] #​20362
  • Logs fill with broken pipe when using SockJS [SPR-15802] #​20357
  • Invalid WARN when returning a BeanDefinitionRegistryPostProcessor from within a @Configuration class [SPR-14603] #​19172

v4.3.10.RELEASE: 4.3.10 Release

Compare Source

⭐ New Features

  • Ignore (Auto)Closeable for interface-based proxy decision [SPR-15779] #​20334
  • Bean factory method collision with configuration class name gives unclear error message [SPR-15775] #​20330
  • CustomizableTraceInterceptor should allow INVOCATION_TIME placeholder in setExceptionMessage and make stack trace logging configurable [SPR-15763] #​20318
  • LinkedCaseInsensitiveMap cannot access locale from subclass [SPR-15752] #​20307
  • ForwardedHeaderFilter should expose option for not converting relative redirects to absolute ones [SPR-15717] #​20273
  • AbstractValueAdaptingCache does not allow for flexible null value serialization [SPR-15693] #​20252
  • Fine-tune HTTP/RMI Invoker exception handling [SPR-15684] #​20243
  • Support CachingHttpAsyncClient from httpasyncclient-cache in HttpComponentsAsyncClientHttpRequestFactory [SPR-15664] #​20223
  • Cron expression validation method in CronSequenceGenerator improved [SPR-15604] #​20163
  • Upgrade to Objenesis 2.6 for Google App Engine Standard on Java 8 and for better JDK 9 support [SPR-15600] #​20159

🪲 Bug Fixes

  • UriUtils.extractFileExtension() does not properly handle all fragments [SPR-15786] #​20341
  • PropertyOrFieldReference invalidly reuses cached PropertyAccessor [SPR-15769] #​20324
  • ClassCastException during deserialization of ScopedObject [SPR-15766] #​20321
  • AbstractJackson2HttpMessageConverter throws exception if log level is ERROR [SPR-15760] #​20315
  • ReflectionTestUtils accidentally requires spring-aop on the classpath [SPR-15757] #​20312
  • MockMvc duplicates PUT Parameter value [SPR-15753] #​20308
  • JSP tags doesn't pick up JSTL-defined time zone at page level [SPR-15746] #​20302
  • JMS Integration with Tibco causes deadlock while using DefaultMessageListenerContainer [SPR-15738] #​20294
  • Memory Leak due to not pruning factoryBeanObjectCache when closing the ApplicationContext [SPR-15722] #​20278
  • WebAsyncManager is not compatible with the crosscontext mode [SPR-15709] #​20266
  • Netty4ClientHttpRequest does not include port along with host [SPR-15706] #​20263
  • @EventListener's 'condition' doesn't work as expected with proxied beans [SPR-15678] #​20237
  • SimpleRequestExpectationManager fails with sequential calls with different count [SPR-15672] #​20231

v4.3.9.RELEASE: 4.3.9 Release

Compare Source

⭐ New Features

  • ForwardedHeaderFilter should provide option to "remove" forwarded headers without using them [SPR-15610] #​20169
  • Optimize DefaultUserDestinationResolver.resolveDestination() [SPR-15602] #​20161
  • Inefficient use of keySet operators in messaging classes [SPR-15553] #​20112
  • Increase log level in ExceptionWebSocketHandlerDecorator [SPR-15537] #​20096
  • UriComponentsBuilder's fromHttpRequest uses server port as host port when handling the Forwarded header [SPR-15504] #​20063
  • Also clear SerializableTypeWrapper when ResolvableType cache is cleared [SPR-15503] #​20062
  • Defer StringHttpMessageConverter Charset.availableCharsets() call [SPR-15502] #​20061
  • Allow for HttpOnly cookie result matcher [SPR-15488] #​20048
  • Add getTargetCache to TransactionAwareCacheDecorator [SPR-15479] #​20039
  • Optimize AntPathMatcher when checking for potential matches [SPR-15477] #​20037
  • Lazily initialize Environment in GenericFilterBean (aligned with HttpServletBean) [SPR-15469] #​20029
  • Honor @Autowired(required=false) at parameter level, as an alternative to java.util.Optional [SPR-15268] #​19833

🪲 Bug Fixes

  • AbstractMethodError when calling validated method of MethodValidationPostProcessor is using a @Lazy validator [SPR-15629] #​20188
  • Poor diagnostics when Jackson cannot deserialise an application/json payload due to a missing deserialiser [SPR-15582] #​20141
  • Consistently accept "taskExecutor" bean of type Executor (as stated in @EnableAsync's javadoc) [SPR-15566] #​20125
  • LocalValidatorFactoryBean does not support unwrap for native ValidatorFactory [SPR-15561] #​20120
  • Multipart range requests leave file handles open [SPR-15559] #​20118
  • o/s/mail/javamail mime.types has duplicate image/jpeg entries [SPR-15557] #​20116
  • ResourceUtils.extractArchiveURL fails to work under Tomcat 8.0.41 with unpackWARs=false [SPR-15556] #​20115
  • o/s/mail/javamail mime.types PNG mapped to image/x-png [SPR-15546] #​20105
  • DefaultSubscriptionRegistry should prevent duplicate subscription id in accessCache [SPR-15543] #​20102
  • WebJarsResourceResolver: multiple matches in case of multiple files with the same name in the same webjar [SPR-15526] #​20085
  • HandlerExecutionChain toString() may miss interceptors [SPR-15525] #​20084
  • "Not a setter" exception cannot be be thrown in Property.java [SPR-15507] #​20066
  • AbstractFlashMapManager.isFlashMapForRequest does not inspect forwarded request coherently [SPR-15505] #​20064
  • Deceptive error message in Spring Test ModelResultMatchers [SPR-15487] #​20047
  • Last modified check of Resource created from Tomcat war:file: URL fails with FileNotFoundException [SPR-15485] #​20045
  • AnnotationUtils.getValue() may hide relevant errors [SPR-15481] #​20041

📔 Documentation

  • Improve docs around the use of "Forwarded" and "X-Forwarded-*" headers [SPR-15612] #​20171
  • What's new section in 4.3.x reference should have introductory paragraphs [SPR-15585] #​20144
  • Doc: Typo in ResponseBodyAdvice class description [SPR-15466] #​20026

v4.3.8.RELEASE: 4.3.8 Release

Compare Source

⭐ New Features

  • Make SessionLocaleResolver's attribute name configurable [SPR-15450] #​20011
  • Add constructor to ShadowingClassLoader to create an instance without default excludes [SPR-15439] #​20000
  • Improve performance of StringUtils.replace() if pattern is not found [SPR-15430] #​19991
  • Revise AcceptHeaderLocaleResolver default locale handling [SPR-15426] #​19987
  • Minimize reflective interaction with annotation instances during retrieval [SPR-15387] #​19950
  • Spring JDBC not correctly processing Postgresql ?| and ?& operator [SPR-15382] #​19945
  • Make it easier to see the HTTP headers when debugging MockMvc-based tests [SPR-15375] #​19939
  • GenericCallMetaDataProvider should not treat 'NULLABLE' column as boolean (for compatibility with latest Postgres driver) [SPR-15333] #​19896
  • DefaultResponseErrorHandler should have its methods protected [SPR-15329] #​19892
  • JRubyScriptFactory compatibility with JRuby 9.1.7+ [SPR-15322] #​19885
  • Support for HtmlUnit 2.25+ [SPR-15319] #​19882
  • Support for @Lookup methods within @Configuration classes [SPR-15316] #​19879
  • sockjs heartbeat failure logged at ERROR level [SPR-15307] #​19871
  • Session-scoped bean should have its state propagated to the HttpSession at the end of its initial request (even without further access) [SPR-15300] #​19865
  • StandardMultipartFile.transferTo should fall back to manual copy if Part.write doesn't support absolute locations (e.g. on Jetty) [SPR-15257] #​19822
  • Avoid re-retrieval of @ResponseStatus annotation for each request [SPR-15227] #​19792

🪲 Bug Fixes

  • ApplicationListener potentially invoked twice in circular reference with proxy [SPR-15452] #​20013
  • When setting spring.freemarker.template-loader-path to an s3 bucket, the SpringTemplateLoader is not selected [SPR-15445] #​20006
  • AbstractRecursiveAnnotationVisitor can't access a package protected enum value [SPR-15442] #​20003
  • UnknownHostException not accepted as "resource not found" anymore [SPR-15433] #​19994
  • ForwardedHeaderFilter.ForwardedHeaderRequestWrapper does not preserve ; [SPR-15428] #​19989
  • ForwardedHeaderRequestWrapper should return a new StringBuffer instance on each invocation of the getRequestURL method [SPR-15423] #​19984
  • ForwardedHeaderFilter.ForwardedHeaderRequestWrapper does not preserve encoding of requestURI [SPR-15422] #​19983
  • UrlResource getFilename should not contain query parameters [SPR-15411] #​19974
  • SettableListenableFuture setException is inconsistent with callbacks under race [SPR-15409] #​19972
  • NullPointerException can happen in HttpRequestMethodNotSupportedException.getSupportedHttpMethods() [SPR-15377] #​19941
  • VersionResourceResolver does not delegate path resolution to the chain [SPR-15372] #​19936
  • PathMatchingResourcePatternResolver fails to work under Tomcat 8.0.41 with unpackWARs=false [SPR-15332] #​19895

📔 Documentation

  • Cache Abstraction: Improve unless condition with optional [SPR-15449] #​20010
  • SpEL examples in chapter "Cache Abstraction" [SPR-15448] #​20009
  • [doc] Update @ControllerAdvice Javadoc to discuss ordering [SPR-15432] #​19993

v4.3.7.RELEASE: 4.3.7 Release

Compare Source

⭐ New Features

  • Skip transaction/caching metadata retrieval for java.lang.Object methods [SPR-15296] #​19861
  • MessageHeaderAccessor's MutableMessageHeaders should be serializable [SPR-15262] #​19827
  • Consistently support CompletionStage next to CompletableFuture [SPR-15258] #​19823
  • Database.SQL_SERVER should set more recent Hibernate dialect with Spring 4.3.x [SPR-15255] #​19820
  • Allow configuring the ContentNegotiationManager in MockMVC standalone controller setup [SPR-15248] #​19813
  • DefaultSubscriptionRegistry should prevent duplicate Subscriptions per subscription id [SPR-15229] #​19794
  • Log failures to load PropertySources when ignoreResourceNotFound = true [SPR-15218] #​19783
  • Support for read-only transactions with Oracle 12c JDBC driver [SPR-15210] #​19774
  • TransactionSynchronizationManager - throw an Exception or log a warning if a Synchronization wants to add a Synchronization and afterCompletion is already called [SPR-11590] #​16214

🪲 Bug Fixes

  • @Configuration processing fails to handle AbstractFactoryBean.getObject() calls [SPR-15275] #​19840
  • HEAD response has "Content-Length: 0" for @RestController @GetMapping methods [SPR-15261] #​19826
  • RestTemplate with MockMvcClientHttpRequestFactory double encodes URIs [SPR-15254] #​19819
  • RestTemplate with Netty produces two Content-Length headers [SPR-15241] #​19806
  • MockHttpServletRequest.protocol default should be "HTTP/1.1", not "http" [SPR-15232] #​19797
  • DispatcherServlet's multipart request parsing fails during Jetty error dispatch [SPR-15231] #​19796
  • SettableListenableFuture may be successfully set with failureCallback executed and success callback ignored [SPR-15216] #​19781
  • MockHttpServletRequest.getReader() returns null in case of no content [SPR-15215] #​19780
  • Principal check in ServletRequestMethodArgumentResolver can result in type mismatches [SPR-15214] #​19779
  • HTTP Response should not contain both Transfer-Encoding and Content-Length headers [SPR-15212] #​19776
  • SettableListenableFuture may be both set and canceled successfully [SPR-15202] #​19766
  • Spring does not clean up db connection registered in afterCompletion callback [SPR-15194] #​19759
  • SpelCompiler VerifyError - Incompatible argument to function [SPR-15192] #​19758
  • If backing Cache is down @CacheResult does not seamlessly call method (in contrast to @Cacheable) [SPR-15188] #​19754
  • InterceptingClientHttpRequest replaces headers set in request factory instead of merging them [SPR-15166] #​19732

📔 Documentation

  • CronSequenceGenerator examples in documentation are incorrect [SPR-15240] #​19805

v4.3.6.RELEASE: 4.3.6 Release

Compare Source

⭐ New Features

  • CookieLocaleResolver may disturb error rendering when locale cookie has a malformed value [SPR-15182] #​19748
  • Tolerate null return from getNegotiatedExtensions (for Jetty 9.4.1 compatibility) [SPR-15180] #​19746
  • DispatcherServet.checkMultipart() does not consider javax.servlet.error.exception that has a MultipartException cause [SPR-15178] #​19744
  • Scheduled/JmsListenerAnnotationBeanPostProcessor free heap space [SPR-15175] #​19741
  • MockRestServiceServer should allow for an expectation to never occur. [SPR-15168] #​19734
  • MockSessionCookieConfig#maxAge defaults to 0 instead of -1 [SPR-15142] #​19708
  • org.springframework.messaging.handler.invocation.InvocableHandlerMethod should not mention "controller" [SPR-15139] #​19705
  • MockHttpServletRequestBuilder should support multiple locales [SPR-15116] #​19683
  • Add MimeType and MediaType constants for RSS [SPR-15109] #​19676
  • Update MySQLMaxValueIncrementer to not rely on MYISAM [SPR-15107] #​19674
  • Netty4ClientHttpRequestFactory should use SNI for TLS connections [SPR-15101] #​19668
  • Unable to specify factory bean in BeanDefinitionBuilder [SPR-15098] #​19665
  • Clarify WebContentInterceptor path mappings and efficiently match them [SPR-15096] #​19663
  • Improve performance of StringUtils.capitalize() [SPR-15094] #​19661
  • Implement MessagingException.toString() [SPR-15091] #​19657
  • GenericTableMetaDataProvider could use non standard named TableMeta-Schema if only one found [SPR-15090] #​19656
  • Remove String#toCharArray from ScriptUtils [SPR-15075] #​19641
  • Track bean dependencies for calls between @Bean methods within @Configuration classes [SPR-15069] #​19635
  • xml websockets configuration does not mirror annotation configuration [SPR-15068] #​19634
  • SchedulingConfigurer's ScheduledTaskRegistrar should reliably shut down before TaskScheduler [SPR-15067] #​19633
  • Backport streamlined ClassPathBeanDefinitionScanner setup [SPR-15061] #​19627
  • Remove unused Log object from MessageHeaderAccessor [SPR-15045] #​19611
  • Backward compatibility: initDefaultStrategies() is no longer invoked on subclasses of "MessageListenerAdapter" [SPR-15043] #​19609
  • @Aspect pointcut declarations do not support dynamically loaded classes [SPR-15040] #​19606
  • Reactor2StompTcpClient should use a shared EventLoopGroup [SPR-15035] #​19601
  • Consistent autowiring behavior for specifically typed injection points against loosely typed @Bean methods [SPR-14960] #​19527
  • ContentCachingRequestWrapper can have maxContentLength to limit caching [SPR-14829] #​19395
  • ScheduledAnnotationBeanPostProcessor should reliably apply after AnnotationAwareAspectJAutoProxyCreator [SPR-14692] #​19256
  • Classes with abstract @Lookup methods not registered in case of classpath scanning [SPR-14550] #​19118
  • Deterministic and JVM-independent @Bean registration order within Class-reflected configuration classes [SPR-14505] #​19074
  • Allow configuring the message converter in HttpPutFormContentFilter [SPR-14503] #​19072
  • getBeanNamesForType(ResolvableType) does not reliably work for beans with AOP proxies [SPR-14097] #​18669

🪲 Bug Fixes

  • InvocableHandlerMethod should call GenericTypeResolver with getBeanType() and only once [SPR-15186] #​19752
  • HiddenHttpMethodFilter may disturb error rendering when handling malformed multipart request [SPR-15179] #​19745
  • Collection autowiring does not resolve field-level type variable against containing class [SPR-15160] #​19726
  • HeaderMethodArgumentResolver doesn't resolve Optional.empty() for non-existing header [SPR-15151] #​19717
  • SimpleApplicationEventMulticaster should not rely on ClassCastException having a message [SPR-15145] #​19711
  • Modification in AbstractAutowireCapableBeanFactory to prevent stackoverflow errors causes context not to load. [SPR-15125] #​19692
  • Incorrect resolution of ResolvableAttributes when MessageSourceSupport#alwaysUseMessageFormat is true [SPR-15123] #​19690
  • Can't autowire BiMap: container resolves non-matching Map of value beans [SPR-15117] #​19684
  • DefaultRedirectStrategy.sendRedirect with relative URL and ForwardedHeaderFilter add contextpath to URL twice [SPR-15088] #​19654
  • Spring validation crashes with Hibernate Validation 5 style list constraint violations [SPR-15082] #​19648
  • Annotated method argument matching performance issue [SPR-15060] #​19626
  • AutoProxyRegistrar throws NullPointer on @kotlin.Metadata Annotation [SPR-15055] #​19621
  • Regression with poolTargetSource and scoped proxy [SPR-15042] #​19608
  • Constant error 416 for a byte-range request with content type application/octet-stream [SPR-15041] #​19607
  • ConcurrentModificationException in AbstractRequestExpectationManager [SPR-15029] #​19596
  • LinkedCaseInsensitiveMap does not properly support Java 8's merge() and compute() methods [SPR-15026] #​19593
  • Injecting bean in configurable class using load-time weaving broken when referenced on scoped-proxy class [SPR-14892] #​19458

📔 Documentation

  • Improve the logging documentation [SPR-15170] #​19736
  • CookieLocaleResolver maxAge documentation wrong [SPR-15155] #​19721

[v4.3.5.RELEASE](https://togithub.com/spring-projects/spring-fra

@mend-local-app mend-local-app bot added the security fix Security fix generated by Mend label Jun 3, 2023
@mend-local-app mend-local-app bot force-pushed the whitesource-remediate/org.springframework-spring-webmvc-4.x branch from 7f4748b to e99568c Compare June 23, 2023 01:20
@mend-local-app mend-local-app bot changed the title Update dependency org.springframework:spring-webmvc to v4.3.15.RELEASE Update dependency org.springframework:spring-webmvc to v4.3.15.RELEASE - autoclosed Jul 27, 2023
@mend-local-app mend-local-app bot closed this Jul 27, 2023
@mend-local-app mend-local-app bot deleted the whitesource-remediate/org.springframework-spring-webmvc-4.x branch July 27, 2023 09:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by Mend
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants