Previously we used IpAddressMatcher for matching ips.
After upgrade to Spring boot 3.3, my tests start failing on cases I provide null as 'address'. due to internal checks NPE is thrown when null address supplied.
To Reproduce
Spring framework: 6.1.10
Spring boot: 3.3.1
perform:
new IpAddressMatcher().matches(null)
Expected behavior
spring matcher should internally consider null as localhost
Thanks in advance.
If this intention to not have default assumption over null please let me know.
I did not found it in any release note/ migration guide
Previously we used IpAddressMatcher for matching ips. After upgrade to Spring boot 3.3, my tests start failing on cases I provide null as 'address'. due to internal checks NPE is thrown when null address supplied.
https://github.com/spring-projects/spring-security/blob/main/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java#L103
in previous version (SB3.1) when null was provided it was internally handled as localhost ip ("localhost/127.0.0.1" InnetAddress). https://github.com/spring-projects/spring-security/blob/main/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java#L109
To Reproduce Spring framework: 6.1.10 Spring boot: 3.3.1
perform: new IpAddressMatcher().matches(null)
Expected behavior spring matcher should internally consider null as localhost
Thanks in advance. If this intention to not have default assumption over null please let me know. I did not found it in any release note/ migration guide