[Security] Bump version.spring_framework from 4.0.9.RELEASE to 5.1.4.RELEASE

Bumps version.spring_framework from 4.0.9.RELEASE to 5.1.4.RELEASE.

Updates spring-context from 4.0.9.RELEASE to 5.1.4.RELEASE

Release notes

*Sourced from [spring-context's releases](https://github.com/spring-projects/spring-framework/releases).* > ## 4.3.11 Release > ## :star: New Features > > - `[**Lazy**](https://github.com/Lazy)` collection of optional elements should not crash when no candidates are found [SPR-15858] [#20413](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20413) > - WebAsyncManager should cancel task thread on timeout [SPR-15852] [#20407](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20407) > - Consistent logging in Environment and PropertySource implementations [SPR-15825] [#20380](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20380) > > ## :beetle: Bug Fixes > > - StompDecoder Logs Null Session IDs for Heartbeats [SPR-15937] [#20491](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20491) > - Error on type argument constraint validation failure [SPR-15916] [#20470](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20470) > - StringIndexOutOfBoundsException from RestTemplate.doExecute IOException handler when query string is empty [SPR-15900] [#20454](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20454) > - SimpleAsyncTaskExecutor not respect ConcurrencyThrottleSupport.NO_CONCURRENCY limit [SPR-15895] [#20449](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20449) > - Should call getNativeResponse() instead of getNativeRequest() in FrameworkServlet [SPR-15867] [#20422](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20422) > - Unable to use Hibernate Validator 4.3.2 if Bean Validation API 1.1 is on the classpath [SPR-15856] [#20411](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20411) > - SimpleApplicationEventMulticaster does not deal with lambda-defined listeners when ErrorHandler is set [SPR-15838] [#20393](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20393) > - spring-aspects should remain on AspectJ 1.8.9 by default (since aspectjrt 1.8.10 requires Java 7+) [SPR-15836] [#20391](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20391) > - Parameter values are null when making a PUT request [SPR-15828] [#20383](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20383) > - Follow-up: AbstractMethodError when calling validated method of MethodValidationPostProcessor is using a `[**Lazy**](https://github.com/Lazy)` validator [SPR-15807] [#20362](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20362) > - Logs fill with broken pipe when using SockJS [SPR-15802] [#20357](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20357) > - Invalid WARN when returning a BeanDefinitionRegistryPostProcessor from within a `[**Configuration**](https://github.com/Configuration)` class [SPR-14603] [#19172](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/19172) > > ## 4.3.10 Release > ## :star: New Features > > - Ignore (Auto)Closeable for interface-based proxy decision [SPR-15779] [#20334](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20334) > - Bean factory method collision with configuration class name gives unclear error message [SPR-15775] [#20330](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20330) > - CustomizableTraceInterceptor should allow INVOCATION_TIME placeholder in setExceptionMessage and make stack trace logging configurable [SPR-15763] [#20318](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20318) > - LinkedCaseInsensitiveMap cannot access locale from subclass [SPR-15752] [#20307](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20307) > - ForwardedHeaderFilter should expose option for not converting relative redirects to absolute ones [SPR-15717] [#20273](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20273) > - AbstractValueAdaptingCache does not allow for flexible null value serialization [SPR-15693] [#20252](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20252) > - Fine-tune HTTP/RMI Invoker exception handling [SPR-15684] [#20243](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20243) > - Support CachingHttpAsyncClient from httpasyncclient-cache in HttpComponentsAsyncClientHttpRequestFactory [SPR-15664] [#20223](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20223) > - Cron expression validation method in CronSequenceGenerator improved [SPR-15604] [#20163](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20163) > - Upgrade to Objenesis 2.6 for Google App Engine Standard on Java 8 and for better JDK 9 support [SPR-15600] [#20159](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20159) > > ## :beetle: Bug Fixes > > - UriUtils.extractFileExtension() does not properly handle all fragments [SPR-15786] [#20341](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20341) > - PropertyOrFieldReference invalidly reuses cached PropertyAccessor [SPR-15769] [#20324](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20324) > - ClassCastException during deserialization of ScopedObject [SPR-15766] [#20321](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20321) > - AbstractJackson2HttpMessageConverter throws exception if log level is ERROR [SPR-15760] [#20315](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20315) > - ReflectionTestUtils accidentally requires spring-aop on the classpath [SPR-15757] [#20312](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20312) > - MockMvc duplicates PUT Parameter value [SPR-15753] [#20308](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20308) > - JSP tags doesn't pick up JSTL-defined time zone at page level [SPR-15746] [#20302](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20302) > - JMS Integration with Tibco causes deadlock while using DefaultMessageListenerContainer [SPR-15738] [#20294](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20294) > - Memory Leak due to not pruning factoryBeanObjectCache when closing the ApplicationContext [SPR-15722] [#20278](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20278) > - WebAsyncManager is not compatible with the crosscontext mode [SPR-15709] [#20266](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20266) > - Netty4ClientHttpRequest does not include port along with host [SPR-15706] [#20263](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20263) > - `[**EventListener**](https://github.com/EventListener)`'s 'condition' doesn't work as expected with proxied beans [SPR-15678] [#20237](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20237) > ... (truncated)

Commits

- [`32c4f6e`](https://github.com/spring-projects/spring-framework/commit/32c4f6eb1876bc19ab83fad8ac5a0cf2104c7964) Release version 5.1.4.RELEASE - [`72dddfb`](https://github.com/spring-projects/spring-framework/commit/72dddfbc7be0e6aff25b710e62d8bb7101e78aab) Polishing - [`dc3f953`](https://github.com/spring-projects/spring-framework/commit/dc3f953f4b82e411a1f4b35fe0ab2cd4973c4967) Correction for commit #b219c6c - [`4058361`](https://github.com/spring-projects/spring-framework/commit/4058361e8430b48777c811d0e0558220330806f6) Upgrade to Reactor Californium SR4 - [`952045c`](https://github.com/spring-projects/spring-framework/commit/952045c216d5d95e0dcfed346b6f06f8303bd13b) SPR-17606 [**Profile**](https://github.com/Profile) mishandles "not" operand mixed with "&" ([#2066](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/2066)) - [`815f151`](https://github.com/spring-projects/spring-framework/commit/815f15144814d9ee47bcc3246a0c6784c5168e03) Upgrade to Checkstyle 8.16 - [`605e247`](https://github.com/spring-projects/spring-framework/commit/605e2477b947c90e6550e7cc2e1d4424f546bba2) Polishing - [`304c85e`](https://github.com/spring-projects/spring-framework/commit/304c85ec7029a6f24b7569516c8ad8ac2b4288c2) Link explicitly to JUnit 5.3.2 instead of current version - [`f56fa91`](https://github.com/spring-projects/spring-framework/commit/f56fa9143084cc28a75c7f2a3e99fe0a5105ac4b) Polishing - [`9cb5369`](https://github.com/spring-projects/spring-framework/commit/9cb5369cb9ead57245a945a4a3c21cfe321891b0) DependencyDescriptor supports TypeDescriptor resolution for fields - Additional commits viewable in [compare view](https://github.com/spring-projects/spring-framework/compare/v4.0.9.RELEASE...v5.1.4.RELEASE)

Updates spring-web from 4.0.9.RELEASE to 5.1.4.RELEASE. This update includes security fixes.

Vulnerabilities fixed

*Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/5c31df94-6945-4798-8b6c-b807dba2712b).* > **[CVE-2015-5211] Improper Input Validation** > Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. > > Affected versions: [3.2.0, 3.2.14]; [4.0.0, 4.0.9]; [4.1.0, 4.1.7]; [4.2.0, 4.2.1] *Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/567af0d7-0b7d-40bc-be29-461aa5116f2e).* > **[CVE-2015-3192] Improper Restriction of Operations within the Bounds of a Memory Buffer** > Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. > > Affected versions: [3.2.0, 3.2.13]; [4.0.0, 4.1.6]

Release notes

*Sourced from [spring-web's releases](https://github.com/spring-projects/spring-framework/releases).* > ## 4.3.11 Release > ## :star: New Features > > - `[**Lazy**](https://github.com/Lazy)` collection of optional elements should not crash when no candidates are found [SPR-15858] [#20413](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20413) > - WebAsyncManager should cancel task thread on timeout [SPR-15852] [#20407](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20407) > - Consistent logging in Environment and PropertySource implementations [SPR-15825] [#20380](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20380) > > ## :beetle: Bug Fixes > > - StompDecoder Logs Null Session IDs for Heartbeats [SPR-15937] [#20491](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20491) > - Error on type argument constraint validation failure [SPR-15916] [#20470](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20470) > - StringIndexOutOfBoundsException from RestTemplate.doExecute IOException handler when query string is empty [SPR-15900] [#20454](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20454) > - SimpleAsyncTaskExecutor not respect ConcurrencyThrottleSupport.NO_CONCURRENCY limit [SPR-15895] [#20449](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20449) > - Should call getNativeResponse() instead of getNativeRequest() in FrameworkServlet [SPR-15867] [#20422](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20422) > - Unable to use Hibernate Validator 4.3.2 if Bean Validation API 1.1 is on the classpath [SPR-15856] [#20411](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20411) > - SimpleApplicationEventMulticaster does not deal with lambda-defined listeners when ErrorHandler is set [SPR-15838] [#20393](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20393) > - spring-aspects should remain on AspectJ 1.8.9 by default (since aspectjrt 1.8.10 requires Java 7+) [SPR-15836] [#20391](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20391) > - Parameter values are null when making a PUT request [SPR-15828] [#20383](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20383) > - Follow-up: AbstractMethodError when calling validated method of MethodValidationPostProcessor is using a `[**Lazy**](https://github.com/Lazy)` validator [SPR-15807] [#20362](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20362) > - Logs fill with broken pipe when using SockJS [SPR-15802] [#20357](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20357) > - Invalid WARN when returning a BeanDefinitionRegistryPostProcessor from within a `[**Configuration**](https://github.com/Configuration)` class [SPR-14603] [#19172](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/19172) > > ## 4.3.10 Release > ## :star: New Features > > - Ignore (Auto)Closeable for interface-based proxy decision [SPR-15779] [#20334](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20334) > - Bean factory method collision with configuration class name gives unclear error message [SPR-15775] [#20330](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20330) > - CustomizableTraceInterceptor should allow INVOCATION_TIME placeholder in setExceptionMessage and make stack trace logging configurable [SPR-15763] [#20318](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20318) > - LinkedCaseInsensitiveMap cannot access locale from subclass [SPR-15752] [#20307](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20307) > - ForwardedHeaderFilter should expose option for not converting relative redirects to absolute ones [SPR-15717] [#20273](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20273) > - AbstractValueAdaptingCache does not allow for flexible null value serialization [SPR-15693] [#20252](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20252) > - Fine-tune HTTP/RMI Invoker exception handling [SPR-15684] [#20243](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20243) > - Support CachingHttpAsyncClient from httpasyncclient-cache in HttpComponentsAsyncClientHttpRequestFactory [SPR-15664] [#20223](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20223) > - Cron expression validation method in CronSequenceGenerator improved [SPR-15604] [#20163](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20163) > - Upgrade to Objenesis 2.6 for Google App Engine Standard on Java 8 and for better JDK 9 support [SPR-15600] [#20159](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20159) > > ## :beetle: Bug Fixes > > - UriUtils.extractFileExtension() does not properly handle all fragments [SPR-15786] [#20341](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20341) > - PropertyOrFieldReference invalidly reuses cached PropertyAccessor [SPR-15769] [#20324](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20324) > - ClassCastException during deserialization of ScopedObject [SPR-15766] [#20321](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20321) > - AbstractJackson2HttpMessageConverter throws exception if log level is ERROR [SPR-15760] [#20315](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20315) > - ReflectionTestUtils accidentally requires spring-aop on the classpath [SPR-15757] [#20312](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20312) > - MockMvc duplicates PUT Parameter value [SPR-15753] [#20308](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20308) > - JSP tags doesn't pick up JSTL-defined time zone at page level [SPR-15746] [#20302](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20302) > - JMS Integration with Tibco causes deadlock while using DefaultMessageListenerContainer [SPR-15738] [#20294](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20294) > - Memory Leak due to not pruning factoryBeanObjectCache when closing the ApplicationContext [SPR-15722] [#20278](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20278) > - WebAsyncManager is not compatible with the crosscontext mode [SPR-15709] [#20266](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20266) > - Netty4ClientHttpRequest does not include port along with host [SPR-15706] [#20263](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20263) > - `[**EventListener**](https://github.com/EventListener)`'s 'condition' doesn't work as expected with proxied beans [SPR-15678] [#20237](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20237) > ... (truncated)

Commits

Updates spring-tx from 4.0.9.RELEASE to 5.1.4.RELEASE

Release notes

*Sourced from [spring-tx's releases](https://github.com/spring-projects/spring-framework/releases).* > ## 4.3.11 Release > ## :star: New Features > > - `[**Lazy**](https://github.com/Lazy)` collection of optional elements should not crash when no candidates are found [SPR-15858] [#20413](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20413) > - WebAsyncManager should cancel task thread on timeout [SPR-15852] [#20407](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20407) > - Consistent logging in Environment and PropertySource implementations [SPR-15825] [#20380](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20380) > > ## :beetle: Bug Fixes > > - StompDecoder Logs Null Session IDs for Heartbeats [SPR-15937] [#20491](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20491) > - Error on type argument constraint validation failure [SPR-15916] [#20470](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20470) > - StringIndexOutOfBoundsException from RestTemplate.doExecute IOException handler when query string is empty [SPR-15900] [#20454](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20454) > - SimpleAsyncTaskExecutor not respect ConcurrencyThrottleSupport.NO_CONCURRENCY limit [SPR-15895] [#20449](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20449) > - Should call getNativeResponse() instead of getNativeRequest() in FrameworkServlet [SPR-15867] [#20422](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20422) > - Unable to use Hibernate Validator 4.3.2 if Bean Validation API 1.1 is on the classpath [SPR-15856] [#20411](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20411) > - SimpleApplicationEventMulticaster does not deal with lambda-defined listeners when ErrorHandler is set [SPR-15838] [#20393](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20393) > - spring-aspects should remain on AspectJ 1.8.9 by default (since aspectjrt 1.8.10 requires Java 7+) [SPR-15836] [#20391](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20391) > - Parameter values are null when making a PUT request [SPR-15828] [#20383](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20383) > - Follow-up: AbstractMethodError when calling validated method of MethodValidationPostProcessor is using a `[**Lazy**](https://github.com/Lazy)` validator [SPR-15807] [#20362](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20362) > - Logs fill with broken pipe when using SockJS [SPR-15802] [#20357](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20357) > - Invalid WARN when returning a BeanDefinitionRegistryPostProcessor from within a `[**Configuration**](https://github.com/Configuration)` class [SPR-14603] [#19172](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/19172) > > ## 4.3.10 Release > ## :star: New Features > > - Ignore (Auto)Closeable for interface-based proxy decision [SPR-15779] [#20334](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20334) > - Bean factory method collision with configuration class name gives unclear error message [SPR-15775] [#20330](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20330) > - CustomizableTraceInterceptor should allow INVOCATION_TIME placeholder in setExceptionMessage and make stack trace logging configurable [SPR-15763] [#20318](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20318) > - LinkedCaseInsensitiveMap cannot access locale from subclass [SPR-15752] [#20307](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20307) > - ForwardedHeaderFilter should expose option for not converting relative redirects to absolute ones [SPR-15717] [#20273](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20273) > - AbstractValueAdaptingCache does not allow for flexible null value serialization [SPR-15693] [#20252](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20252) > - Fine-tune HTTP/RMI Invoker exception handling [SPR-15684] [#20243](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20243) > - Support CachingHttpAsyncClient from httpasyncclient-cache in HttpComponentsAsyncClientHttpRequestFactory [SPR-15664] [#20223](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20223) > - Cron expression validation method in CronSequenceGenerator improved [SPR-15604] [#20163](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20163) > - Upgrade to Objenesis 2.6 for Google App Engine Standard on Java 8 and for better JDK 9 support [SPR-15600] [#20159](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20159) > > ## :beetle: Bug Fixes > > - UriUtils.extractFileExtension() does not properly handle all fragments [SPR-15786] [#20341](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20341) > - PropertyOrFieldReference invalidly reuses cached PropertyAccessor [SPR-15769] [#20324](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20324) > - ClassCastException during deserialization of ScopedObject [SPR-15766] [#20321](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20321) > - AbstractJackson2HttpMessageConverter throws exception if log level is ERROR [SPR-15760] [#20315](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20315) > - ReflectionTestUtils accidentally requires spring-aop on the classpath [SPR-15757] [#20312](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20312) > - MockMvc duplicates PUT Parameter value [SPR-15753] [#20308](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20308) > - JSP tags doesn't pick up JSTL-defined time zone at page level [SPR-15746] [#20302](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20302) > - JMS Integration with Tibco causes deadlock while using DefaultMessageListenerContainer [SPR-15738] [#20294](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20294) > - Memory Leak due to not pruning factoryBeanObjectCache when closing the ApplicationContext [SPR-15722] [#20278](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20278) > - WebAsyncManager is not compatible with the crosscontext mode [SPR-15709] [#20266](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20266) > - Netty4ClientHttpRequest does not include port along with host [SPR-15706] [#20263](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20263) > - `[**EventListener**](https://github.com/EventListener)`'s 'condition' doesn't work as expected with proxied beans [SPR-15678] [#20237](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20237) > ... (truncated)

Commits

Updates spring-webmvc from 4.0.9.RELEASE to 5.1.4.RELEASE. This update includes security fixes.

Vulnerabilities fixed

Release notes

*Sourced from [spring-webmvc's releases](https://github.com/spring-projects/spring-framework/releases).* > ## 4.3.11 Release > ## :star: New Features > > - `[**Lazy**](https://github.com/Lazy)` collection of optional elements should not crash when no candidates are found [SPR-15858] [#20413](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20413) > - WebAsyncManager should cancel task thread on timeout [SPR-15852] [#20407](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20407) > - Consistent logging in Environment and PropertySource implementations [SPR-15825] [#20380](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20380) > > ## :beetle: Bug Fixes > > - StompDecoder Logs Null Session IDs for Heartbeats [SPR-15937] [#20491](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20491) > - Error on type argument constraint validation failure [SPR-15916] [#20470](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20470) > - StringIndexOutOfBoundsException from RestTemplate.doExecute IOException handler when query string is empty [SPR-15900] [#20454](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20454) > - SimpleAsyncTaskExecutor not respect ConcurrencyThrottleSupport.NO_CONCURRENCY limit [SPR-15895] [#20449](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20449) > - Should call getNativeResponse() instead of getNativeRequest() in FrameworkServlet [SPR-15867] [#20422](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20422) > - Unable to use Hibernate Validator 4.3.2 if Bean Validation API 1.1 is on the classpath [SPR-15856] [#20411](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20411) > - SimpleApplicationEventMulticaster does not deal with lambda-defined listeners when ErrorHandler is set [SPR-15838] [#20393](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20393) > - spring-aspects should remain on AspectJ 1.8.9 by default (since aspectjrt 1.8.10 requires Java 7+) [SPR-15836] [#20391](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20391) > - Parameter values are null when making a PUT request [SPR-15828] [#20383](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20383) > - Follow-up: AbstractMethodError when calling validated method of MethodValidationPostProcessor is using a `[**Lazy**](https://github.com/Lazy)` validator [SPR-15807] [#20362](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20362) > - Logs fill with broken pipe when using SockJS [SPR-15802] [#20357](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20357) > - Invalid WARN when returning a BeanDefinitionRegistryPostProcessor from within a `[**Configuration**](https://github.com/Configuration)` class [SPR-14603] [#19172](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/19172) > > ## 4.3.10 Release > ## :star: New Features > > - Ignore (Auto)Closeable for interface-based proxy decision [SPR-15779] [#20334](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20334) > - Bean factory method collision with configuration class name gives unclear error message [SPR-15775] [#20330](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20330) > - CustomizableTraceInterceptor should allow INVOCATION_TIME placeholder in setExceptionMessage and make stack trace logging configurable [SPR-15763] [#20318](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20318) > - LinkedCaseInsensitiveMap cannot access locale from subclass [SPR-15752] [#20307](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20307) > - ForwardedHeaderFilter should expose option for not converting relative redirects to absolute ones [SPR-15717] [#20273](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20273) > - AbstractValueAdaptingCache does not allow for flexible null value serialization [SPR-15693] [#20252](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20252) > - Fine-tune HTTP/RMI Invoker exception handling [SPR-15684] [#20243](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20243) > - Support CachingHttpAsyncClient from httpasyncclient-cache in HttpComponentsAsyncClientHttpRequestFactory [SPR-15664] [#20223](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20223) > - Cron expression validation method in CronSequenceGenerator improved [SPR-15604] [#20163](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20163) > - Upgrade to Objenesis 2.6 for Google App Engine Standard on Java 8 and for better JDK 9 support [SPR-15600] [#20159](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20159) > > ## :beetle: Bug Fixes > > - UriUtils.extractFileExtension() does not properly handle all fragments [SPR-15786] [#20341](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20341) > - PropertyOrFieldReference invalidly reuses cached PropertyAccessor [SPR-15769] [#20324](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20324) > - ClassCastException during deserialization of ScopedObject [SPR-15766] [#20321](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20321) > - AbstractJackson2HttpMessageConverter throws exception if log level is ERROR [SPR-15760] [#20315](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20315) > - ReflectionTestUtils accidentally requires spring-aop on the classpath [SPR-15757] [#20312](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20312) > - MockMvc duplicates PUT Parameter value [SPR-15753] [#20308](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20308) > - JSP tags doesn't pick up JSTL-defined time zone at page level [SPR-15746] [#20302](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20302) > - JMS Integration with Tibco causes deadlock while using DefaultMessageListenerContainer [SPR-15738] [#20294](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20294) > - Memory Leak due to not pruning factoryBeanObjectCache when closing the ApplicationContext [SPR-15722] [#20278](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20278) > - WebAsyncManager is not compatible with the crosscontext mode [SPR-15709] [#20266](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20266) > - Netty4ClientHttpRequest does not include port along with host [SPR-15706] [#20263](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20263) > - `[**EventListener**](https://github.com/EventListener)`'s 'condition' doesn't work as expected with proxied beans [SPR-15678] [#20237](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20237) > ... (truncated)

Commits

Updates spring-orm from 4.0.9.RELEASE to 5.1.4.RELEASE

Release notes

*Sourced from [spring-orm's releases](https://github.com/spring-projects/spring-framework/releases).* > ## 4.3.11 Release > ## :star: New Features > > - `[**Lazy**](https://github.com/Lazy)` collection of optional elements should not crash when no candidates are found [SPR-15858] [#20413](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20413) > - WebAsyncManager should cancel task thread on timeout [SPR-15852] [#20407](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20407) > - Consistent logging in Environment and PropertySource implementations [SPR-15825] [#20380](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20380) > > ## :beetle: Bug Fixes > > - StompDecoder Logs Null Session IDs for Heartbeats [SPR-15937] [#20491](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20491) > - Error on type argument constraint validation failure [SPR-15916] [#20470](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20470) > - StringIndexOutOfBoundsException from RestTemplate.doExecute IOException handler when query string is empty [SPR-15900] [#20454](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20454) > - SimpleAsyncTaskExecutor not respect ConcurrencyThrottleSupport.NO_CONCURRENCY limit [SPR-15895] [#20449](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20449) > - Should call getNativeResponse() instead of getNativeRequest() in FrameworkServlet [SPR-15867] [#20422](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20422) > - Unable to use Hibernate Validator 4.3.2 if Bean Validation API 1.1 is on the classpath [SPR-15856] [#20411](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20411) > - SimpleApplicationEventMulticaster does not deal with lambda-defined listeners when ErrorHandler is set [SPR-15838] [#20393](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20393) > - spring-aspects should remain on AspectJ 1.8.9 by default (since aspectjrt 1.8.10 requires Java 7+) [SPR-15836] [#20391](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20391) > - Parameter values are null when making a PUT request [SPR-15828] [#20383](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20383) > - Follow-up: AbstractMethodError when calling validated method of MethodValidationPostProcessor is using a `[**Lazy**](https://github.com/Lazy)` validator [SPR-15807] [#20362](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20362) > - Logs fill with broken pipe when using SockJS [SPR-15802] [#20357](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20357) > - Invalid WARN when returning a BeanDefinitionRegistryPostProcessor from within a `[**Configuration**](https://github.com/Configuration)` class [SPR-14603] [#19172](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/19172) > > ## 4.3.10 Release > ## :star: New Features > > - Ignore (Auto)Closeable for interface-based proxy decision [SPR-15779] [#20334](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20334) > - Bean factory method collision with configuration class name gives unclear error message [SPR-15775] [#20330](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20330) > - CustomizableTraceInterceptor should allow INVOCATION_TIME placeholder in setExceptionMessage and make stack trace logging configurable [SPR-15763] [#20318](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20318) > - LinkedCaseInsensitiveMap cannot access locale from subclass [SPR-15752] [#20307](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20307) > - ForwardedHeaderFilter should expose option for not converting relative redirects to absolute ones [SPR-15717] [#20273](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20273) > - AbstractValueAdaptingCache does not allow for flexible null value serialization [SPR-15693] [#20252](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20252) > - Fine-tune HTTP/RMI Invoker exception handling [SPR-15684] [#20243](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20243) > - Support CachingHttpAsyncClient from httpasyncclient-cache in HttpComponentsAsyncClientHttpRequestFactory [SPR-15664] [#20223](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20223) > - Cron expression validation method in CronSequenceGenerator improved [SPR-15604] [#20163](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20163) > - Upgrade to Objenesis 2.6 for Google App Engine Standard on Java 8 and for better JDK 9 support [SPR-15600] [#20159](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20159) > > ## :beetle: Bug Fixes > > - UriUtils.extractFileExtension() does not properly handle all fragments [SPR-15786] [#20341](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20341) > - PropertyOrFieldReference invalidly reuses cached PropertyAccessor [SPR-15769] [#20324](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20324) > - ClassCastException during deserialization of ScopedObject [SPR-15766] [#20321](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20321) > - AbstractJackson2HttpMessageConverter throws exception if log level is ERROR [SPR-15760] [#20315](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20315) > - ReflectionTestUtils accidentally requires spring-aop on the classpath [SPR-15757] [#20312](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20312) > - MockMvc duplicates PUT Parameter value [SPR-15753] [#20308](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20308) > - JSP tags doesn't pick up JSTL-defined time zone at page level [SPR-15746] [#20302](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20302) > - JMS Integration with Tibco causes deadlock while using DefaultMessageListenerContainer [SPR-15738] [#20294](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20294) > - Memory Leak due to not pruning factoryBeanObjectCache when closing the ApplicationContext [SPR-15722] [#20278](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20278) > - WebAsyncManager is not compatible with the crosscontext mode [SPR-15709] [#20266](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20266) > - Netty4ClientHttpRequest does not include port along with host [SPR-15706] [#20263](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20263) > - `[**EventListener**](https://github.com/EventListener)`'s 'condition' doesn't work as expected with proxied beans [SPR-15678] [#20237](https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/20237) > ... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

arquillian / arquillian-extension-spring

[Security] Bump version.spring_framework from 4.0.9.RELEASE to 5.1.4.RELEASE #52