search

alexstanovsky-mend / struts

Mirror of Apache Struts
Apache License 2.0
0 stars 0 forks source link

Update dependency org.springframework:spring-web to v6 - autoclosed #4

Closed mend-for-github-com[bot] closed 11 months ago

mend-for-github-com[bot] commented 11 months ago

This PR contains the following updates:

Package Type Update Change
org.springframework:spring-web compile major 5.3.27 -> 6.0.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
Critical Critical 9.8 CVE-2016-1000027

Release Notes

spring-projects/spring-framework ### [`v6.0.0`](https://togithub.com/spring-projects/spring-framework/releases/tag/v6.0.0) [Compare Source](https://togithub.com/spring-projects/spring-framework/compare/v5.3.31...v6.0.0) See [What's New in Spring Framework 6.x](https://togithub.com/spring-projects/spring-framework/wiki/What%27s-New-in-Spring-Framework-6.x) and [Upgrading to Spring Framework 6.x](https://togithub.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x) for upgrade instructions and details of new features. #### :star: New Features - Avoid direct URL construction and URL equality checks [#​29486](https://togithub.com/spring-projects/spring-framework/issues/29486) - Simplify creating RFC 7807 responses from functional endpoints [#​29462](https://togithub.com/spring-projects/spring-framework/issues/29462) - Allow test classes to provide runtime hints via declarative mechanisms [#​29455](https://togithub.com/spring-projects/spring-framework/issues/29455) #### :notebook_with_decorative_cover: Documentation - Align javadoc of DefaultParameterNameDiscoverer with its behavior [#​29494](https://togithub.com/spring-projects/spring-framework/pull/29494) - Document AOT support in the TestContext framework [#​29482](https://togithub.com/spring-projects/spring-framework/issues/29482) - Document Ahead of Time processing in the reference guide [#​29350](https://togithub.com/spring-projects/spring-framework/issues/29350) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2022.0.0 [#​29465](https://togithub.com/spring-projects/spring-framework/issues/29465) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@​ophiuhus](https://togithub.com/ophiuhus) and [@​wilkinsona](https://togithub.com/wilkinsona) ### [`v5.3.31`](https://togithub.com/spring-projects/spring-framework/releases/tag/v5.3.31) [Compare Source](https://togithub.com/spring-projects/spring-framework/compare/v5.3.30...v5.3.31) #### :star: New Features - `Log4jLog` needs to re-resolve `ExtendedLogger` on deserialization (for compatibility with Log4J 2.21) [#​31583](https://togithub.com/spring-projects/spring-framework/issues/31583) #### :lady_beetle: Bug Fixes - MessageBuilder#createMessage should not define the payload as `@Nullable` [#​31611](https://togithub.com/spring-projects/spring-framework/issues/31611) - Avoid duplicate JAR resources in `PathMatchingResourcePatternResolver` on MS Windows [#​31603](https://togithub.com/spring-projects/spring-framework/issues/31603) - Spring web integration commons fileupload receives files and other parameter uploads, with a null pointer [#​31564](https://togithub.com/spring-projects/spring-framework/issues/31564) - Function column out doesn't resolve to `SqlOutParameter` [#​31560](https://togithub.com/spring-projects/spring-framework/issues/31560) - Resolve to empty MultiValueMap when no matrix variables are provided [#​31484](https://togithub.com/spring-projects/spring-framework/issues/31484) - BeanUtils.copyProperties() consumes large amount of memory [#​31481](https://togithub.com/spring-projects/spring-framework/issues/31481) - CGLIB `BeanCopier` falls back to `ClassLoader.defineClass` for public target [#​31436](https://togithub.com/spring-projects/spring-framework/issues/31436) - R2DBC Connection is closed during transaction when using TransactionAwareConnectionFactoryProxy [#​31411](https://togithub.com/spring-projects/spring-framework/issues/31411) - `HibernateJpaDialect` and `HibernateExceptionTranslator` throw `SQLExceptionTranslator`-provided exception instead of returning it [#​31410](https://togithub.com/spring-projects/spring-framework/issues/31410) - `NamedParameterJdbcTemplate` throws unexpected exception for `null` query [#​31394](https://togithub.com/spring-projects/spring-framework/issues/31394) - `LazyResolutionMessage` does not implement proper `toString` [#​31385](https://togithub.com/spring-projects/spring-framework/issues/31385) - Illegal reflective access in `ContextOverridingClassLoader.isEligibleForOverriding` [#​31233](https://togithub.com/spring-projects/spring-framework/issues/31233) #### :notebook_with_decorative_cover: Documentation - Clarify documentation for `@Transactional` on interfaces [#​31401](https://togithub.com/spring-projects/spring-framework/issues/31401) - Default behavior of BeanPropertyRowMapper.getColumnValue(ResultSet, int, Class) inconsistent with code [#​31349](https://togithub.com/spring-projects/spring-framework/issues/31349) - Referencing a `@Bean` method in a `@Configuration` class' `@PostConstruct` method leads to circular reference [#​31339](https://togithub.com/spring-projects/spring-framework/issues/31339) - Incorrect reference information about CGLIB supported method visibility [#​31311](https://togithub.com/spring-projects/spring-framework/issues/31311) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.38 [#​31584](https://togithub.com/spring-projects/spring-framework/issues/31584) ### [`v5.3.30`](https://togithub.com/spring-projects/spring-framework/releases/tag/v5.3.30) [Compare Source](https://togithub.com/spring-projects/spring-framework/compare/v5.3.29...v5.3.30) #### :star: New Features - Optimize `ClassUtils#getMostSpecificMethod` [#​31100](https://togithub.com/spring-projects/spring-framework/issues/31100) - Optimize whitespace checks in `StringUtils` [#​31069](https://togithub.com/spring-projects/spring-framework/issues/31069) - Align validation metadata handling in `PayloadMethodArgumentResolver` [#​31056](https://togithub.com/spring-projects/spring-framework/issues/31056) - Register an override for an existing adapter in `ReactiveAdapterRegistry` [#​31048](https://togithub.com/spring-projects/spring-framework/issues/31048) - Make bean initialization deterministic for multiple `@Autowired` methods on same bean class [#​30994](https://togithub.com/spring-projects/spring-framework/issues/30994) - Performance bottlenecks while creating scoped bean instances [#​30892](https://togithub.com/spring-projects/spring-framework/issues/30892) #### :lady_beetle: Bug Fixes - Possible classloader leak through incomplete clearing of annotation caches [#​31176](https://togithub.com/spring-projects/spring-framework/issues/31176) - Spring `LogFactory` implementation deviates from original Apache `LogFactory` in terms of abstract method declarations [#​31167](https://togithub.com/spring-projects/spring-framework/issues/31167) - Bean injection fails due to `nullSafeConciseToString()` invoking `isEmpty()` on a `Map`/`Collection` proxy [#​31156](https://togithub.com/spring-projects/spring-framework/issues/31156) - SpelExpressionParser throws IllegalStateException instead of ParseException for invalid expression [#​31099](https://togithub.com/spring-projects/spring-framework/issues/31099) - `@DynamicPropertySource` in `@Nested` test class cannot override dynamic properties from enclosing class [#​31085](https://togithub.com/spring-projects/spring-framework/issues/31085) - `TransactionalApplicationListenerMethodAdapter` should find `@TransactionalEventListener` on target class method [#​31037](https://togithub.com/spring-projects/spring-framework/issues/31037) - ScheduledAnnotationBeanPostProcessor: graceful shutdown should not interrupt currently running jobs [#​31020](https://togithub.com/spring-projects/spring-framework/issues/31020) - Permgen memory leak due to `ClassInfo` caching in `java.beans.Introspector` on JDK 11/17 [#​31005](https://togithub.com/spring-projects/spring-framework/issues/31005) - `MethodIntrospector.selectMethods(?)` fails to find methods in case of special bridge method arrangement [#​30907](https://togithub.com/spring-projects/spring-framework/issues/30907) #### :notebook_with_decorative_cover: Documentation - Fix documentation: Passing in Lists of Values for IN Clause does not work with JdbcTemplate [#​31229](https://togithub.com/spring-projects/spring-framework/issues/31229) - Refine CORS documentation for wildcard processing [#​31168](https://togithub.com/spring-projects/spring-framework/issues/31168) - Propagation REQUIRES_NEW may cause connection pool deadlock [#​31040](https://togithub.com/spring-projects/spring-framework/issues/31040) - Clarify R2DBC `ConnectionAccessor` and `DatabasePopulator` exception declarations [#​30933](https://togithub.com/spring-projects/spring-framework/issues/30933) - Doc: Avoid deadlock in `@PostConstruct` through SmartInitializingSingleton or ContextRefreshedEvent [#​30889](https://togithub.com/spring-projects/spring-framework/issues/30889) ### [`v5.3.29`](https://togithub.com/spring-projects/spring-framework/releases/tag/v5.3.29) [Compare Source](https://togithub.com/spring-projects/spring-framework/compare/v5.3.28...v5.3.29) #### :star: New Features - Avoid illegal reflective access in ContextOverridingClassLoader.isEligibleForOverriding [#​30868](https://togithub.com/spring-projects/spring-framework/issues/30868) - Improve diagnostics for CGLIB ClassLoader issues with shared classes in parent ClassLoader [#​30866](https://togithub.com/spring-projects/spring-framework/issues/30866) - `JdbcTemplate` does not call `handleWarnings` in case of exception [#​30852](https://togithub.com/spring-projects/spring-framework/issues/30852) - Tolerate `AnnotationUtils.isCandidateClass` call with `null` as annotation type [#​30843](https://togithub.com/spring-projects/spring-framework/issues/30843) - Simplify `DefaultSingletonBeanRegistry.isDependent()` [#​30841](https://togithub.com/spring-projects/spring-framework/issues/30841) - Provide explicit support for collections, maps, and arrays in `ObjectUtils.nullSafeConciseToString()` [#​30811](https://togithub.com/spring-projects/spring-framework/issues/30811) - Extend list of supported types in `ObjectUtils.nullSafeConciseToString()` [#​30806](https://togithub.com/spring-projects/spring-framework/issues/30806) - Align ConcurrentMapCacheManager locking behavior with CaffeineCacheManager [#​30781](https://togithub.com/spring-projects/spring-framework/issues/30781) - `ResolvableType.hasUnresolvableGenerics()` should cache its result [#​30715](https://togithub.com/spring-projects/spring-framework/issues/30715) - Ensure Spring `LogFactory` contains all public methods from Apache `LogFactory` [#​30711](https://togithub.com/spring-projects/spring-framework/issues/30711) - Translate SQL Exception with State S0001 and Vendor Code 2628 to a Spring Exception in MSSQL 2019 [#​30682](https://togithub.com/spring-projects/spring-framework/issues/30682) #### :lady_beetle: Bug Fixes - For a prototype bean, if first-time rejected value is null, subsequent value will wrongly be null always [#​30809](https://togithub.com/spring-projects/spring-framework/issues/30809) - Revert changes to `toString()` in `FieldError` [#​30800](https://togithub.com/spring-projects/spring-framework/issues/30800) - Fix log level on error with `@TransactionalEventListener` [#​30784](https://togithub.com/spring-projects/spring-framework/issues/30784) - SerializableTypeWrapper does not consistently catch InvocationTargetException [#​30767](https://togithub.com/spring-projects/spring-framework/issues/30767) - NPE in MvcUriComponentsBuilder with no-arg target method on interface [#​30757](https://togithub.com/spring-projects/spring-framework/issues/30757) - `Jackson2ObjectMapperBuilder` breaks when `modules` customizer follows `modulesToInstall` [#​30752](https://togithub.com/spring-projects/spring-framework/issues/30752) - Spring ORM SpringBeanContainer when trying to create a bean fails with not found bean definition, and fallbacks to default hibernate bean creation [#​30685](https://togithub.com/spring-projects/spring-framework/issues/30685) #### :notebook_with_decorative_cover: Documentation - ResultSet holdability into the View layer broken by Hibernate 5 [#​30863](https://togithub.com/spring-projects/spring-framework/issues/30863) - Clarify `ReactiveTransactionManager` exception declarations [#​30819](https://togithub.com/spring-projects/spring-framework/issues/30819) - Doc: `JdbcTransactionManager` vs `DataSourceTransactionManager` [#​30814](https://togithub.com/spring-projects/spring-framework/issues/30814) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.34 [#​30873](https://togithub.com/spring-projects/spring-framework/issues/30873) ### [`v5.3.28`](https://togithub.com/spring-projects/spring-framework/releases/tag/v5.3.28) [Compare Source](https://togithub.com/spring-projects/spring-framework/compare/v5.3.27...v5.3.28) #### :star: New Features - ClassLoader can be null in DeserializingConverter and should be annotated with `@Nullable` [#​30672](https://togithub.com/spring-projects/spring-framework/issues/30672) - Performance optimization in AbstractBeanFactoryBasedTargetSource.hashCode() [#​30585](https://togithub.com/spring-projects/spring-framework/issues/30585) - Consistent support for MultiValueMap and common Map implementations in CollectionFactory [#​30441](https://togithub.com/spring-projects/spring-framework/issues/30441) - Reject null and empty SpEL expressions [#​30373](https://togithub.com/spring-projects/spring-framework/issues/30373) - Introduce `Environment.matchesProfiles()` for profile expressions [#​30226](https://togithub.com/spring-projects/spring-framework/issues/30226) #### :lady_beetle: Bug Fixes - Change of behaviour for UUID in bean validation output in v5.3.27 [#​30662](https://togithub.com/spring-projects/spring-framework/issues/30662) - Spring Framework 5.3.27 appears to cause issues in OSGi environment [#​30637](https://togithub.com/spring-projects/spring-framework/issues/30637) - Inconsistent ProxyCallbackFilter#equals/hashCode methods in CglibAopProxy [#​30616](https://togithub.com/spring-projects/spring-framework/issues/30616) - EclipseLinkJpaDialect: Unexpected default isolation levels [#​30589](https://togithub.com/spring-projects/spring-framework/issues/30589) - ThreadLocalTargetSource does not include actual target bean name in NamedThreadLocal [#​30586](https://togithub.com/spring-projects/spring-framework/issues/30586) - ApplicationListenerMethodAdapter inconsistently publishes events from CompletableFuture [#​30584](https://togithub.com/spring-projects/spring-framework/issues/30584) - For `@Bean` method that returns `null`, `@Autowired` injects `NullBean` instead of `null` for cached arguments [#​30551](https://togithub.com/spring-projects/spring-framework/issues/30551) - Make maximum SpEL expression length configurable [#​30446](https://togithub.com/spring-projects/spring-framework/issues/30446) - Respect TaskDecorator configuration on DefaultManagedTaskExecutor [#​30443](https://togithub.com/spring-projects/spring-framework/issues/30443) #### :notebook_with_decorative_cover: Documentation - Document which `@Scheduled` attributes support SpEL expressions [#​30642](https://togithub.com/spring-projects/spring-framework/issues/30642) - FileSystemUtils::deleteRecursively Javadoc refers to File instead of Path [#​30555](https://togithub.com/spring-projects/spring-framework/issues/30555) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.33 [#​30656](https://togithub.com/spring-projects/spring-framework/issues/30656)