Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
Maintainers recommend investigating alternative components or a potential mitigating control. Version 4.2.6 and 3.2.17 contain enhanced documentation advising users to take precautions against unsafe Java deserialization, version 5.3.0 deprecate the impacted classes and version 6.0.0 removed it entirely.
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
Applications that parse ETags from If-Match or If-None-Match request headers are vulnerable to DoS attack.
Affected Spring Products and Versions
org.springframework:spring-web in versions
6.1.0 through 6.1.11
6.0.0 through 6.0.22
5.3.0 through 5.3.37
Older, unsupported versions are also affected
Mitigation
Users of affected versions should upgrade to the corresponding fixed version.
6.1.x -> 6.1.12
6.0.x -> 6.0.23
5.3.x -> 5.3.38
No other mitigation steps are necessary.
Users of older, unsupported versions could enforce a size limit on If-Match and If-None-Match headers, e.g. through a Filter.
Release Notes
spring-projects/spring-framework (org.springframework:spring-web)
### [`v6.0.0`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v6.0.0)
See [What's New in Spring Framework 6.x](https://redirect.github.com/spring-projects/spring-framework/wiki/What%27s-New-in-Spring-Framework-6.x) and [Upgrading to Spring Framework 6.x](https://redirect.github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x) for upgrade instructions and details of new features.
#### :star: New Features
- Avoid direct URL construction and URL equality checks [#29486](https://redirect.github.com/spring-projects/spring-framework/issues/29486)
- Simplify creating RFC 7807 responses from functional endpoints [#29462](https://redirect.github.com/spring-projects/spring-framework/issues/29462)
- Allow test classes to provide runtime hints via declarative mechanisms [#29455](https://redirect.github.com/spring-projects/spring-framework/issues/29455)
#### :notebook_with_decorative_cover: Documentation
- Align javadoc of DefaultParameterNameDiscoverer with its behavior [#29494](https://redirect.github.com/spring-projects/spring-framework/pull/29494)
- Document AOT support in the TestContext framework [#29482](https://redirect.github.com/spring-projects/spring-framework/issues/29482)
- Document Ahead of Time processing in the reference guide [#29350](https://redirect.github.com/spring-projects/spring-framework/issues/29350)
#### :hammer: Dependency Upgrades
- Upgrade to Reactor 2022.0.0 [#29465](https://redirect.github.com/spring-projects/spring-framework/issues/29465)
#### :heart: Contributors
Thank you to all the contributors who worked on this release:
[@ophiuhus](https://redirect.github.com/ophiuhus) and [@wilkinsona](https://redirect.github.com/wilkinsona)
### [`v5.3.39`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.39)
#### :star: New Features
- SimpleEvaluationContext should disable array allocation [#33386](https://redirect.github.com/spring-projects/spring-framework/issues/33386)
### [`v5.3.38`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.38)
#### :star: New Features
- Efficient handling of conditional HTTP requests [#33378](https://redirect.github.com/spring-projects/spring-framework/issues/33378)
#### :lady_beetle: Bug Fixes
- Fix incorrect weak ETag validation [#33377](https://redirect.github.com/spring-projects/spring-framework/issues/33377)
- `SimpleEvaluationContext` does not enforce read-only semantics [#33320](https://redirect.github.com/spring-projects/spring-framework/issues/33320)
- `ConversionService` cannot convert primitive array to `Object[]` [#33314](https://redirect.github.com/spring-projects/spring-framework/issues/33314)
- SpEL `Indexer` silently ignores failure to set property as index [#33312](https://redirect.github.com/spring-projects/spring-framework/issues/33312)
- Mockito mock falsely initialized as CGLIB proxy with AspectJ aspect [#33142](https://redirect.github.com/spring-projects/spring-framework/issues/33142)
- "file:." cannot be resolved to `java.nio.file.Path` (and plain "." value resolves to classpath root) [#33140](https://redirect.github.com/spring-projects/spring-framework/issues/33140)
#### :notebook_with_decorative_cover: Documentation
- Typo in Annotation-driven Listener Endpoints section of Spring Framework documentation [#33052](https://redirect.github.com/spring-projects/spring-framework/issues/33052)
- Container Extension Points section of Spring Framework documentation refers to the wrong property name [#33039](https://redirect.github.com/spring-projects/spring-framework/issues/33039)
- Incorrect constructor details in the javadoc for ApplicationContextEvent [#33034](https://redirect.github.com/spring-projects/spring-framework/issues/33034)
#### :hammer: Dependency Upgrades
- Upgrade to Reactor 2020.0.47 [#33322](https://redirect.github.com/spring-projects/spring-framework/issues/33322)
### [`v5.3.37`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.37)
#### :star: New Features
- AnnotationUtils performance degrades with deep stacks [#32923](https://redirect.github.com/spring-projects/spring-framework/issues/32923)
#### :lady_beetle: Bug Fixes
- AspectJ CTW aspects executed twice [#32974](https://redirect.github.com/spring-projects/spring-framework/issues/32974)
- SpEL compilation fails when indexing into a `Map` with a primitive [#32911](https://redirect.github.com/spring-projects/spring-framework/issues/32911)
- SpEL compilation fails when indexing into an array or list with an `Integer` [#32909](https://redirect.github.com/spring-projects/spring-framework/issues/32909)
- Application not starting with `@EnableTransactionManagement`(mode = AdviceMode.ASPECTJ) [#32885](https://redirect.github.com/spring-projects/spring-framework/issues/32885)
#### :hammer: Dependency Upgrades
- Upgrade to Reactor 2020.0.45 [#33010](https://redirect.github.com/spring-projects/spring-framework/issues/33010)
### [`v5.3.36`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.36)
#### :lady_beetle: Bug Fixes
- Overridden aspect method runs twice [#32868](https://redirect.github.com/spring-projects/spring-framework/issues/32868)
- `@DateTimeFormat(iso = DateTimeFormat.ISO.DATE\_TIME)` cannot convert UTC without milliseconds to `java.util.Date` [#32860](https://redirect.github.com/spring-projects/spring-framework/issues/32860)
- Spring AOP fails against registered `@Configurable` aspect [#32840](https://redirect.github.com/spring-projects/spring-framework/issues/32840)
### [`v5.3.35`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.35)
#### :star: New Features
- Accept ajc-compiled `@Aspect` classes for Spring AOP proxy usage [#32818](https://redirect.github.com/spring-projects/spring-framework/issues/32818)
#### :lady_beetle: Bug Fixes
- DeferredQueryInvocationHandler fails to unwrap QuerySqmImpl class outside of transaction [#32770](https://redirect.github.com/spring-projects/spring-framework/issues/32770)
- `MergedAnnotations` search does not find container for repeatable annotation [#32751](https://redirect.github.com/spring-projects/spring-framework/issues/32751)
- `AnnotationConfigWebApplicationContext` should propagate `ApplicationStartup` to `BeanFactory` [#32749](https://redirect.github.com/spring-projects/spring-framework/issues/32749)
- Ignore non-String keys in `PropertiesPropertySource.getPropertyNames()` [#32744](https://redirect.github.com/spring-projects/spring-framework/issues/32744)
- "multiple subscribers not supported" when using WebClient exchange [#32728](https://redirect.github.com/spring-projects/spring-framework/issues/32728)
- Deadlock/Stall in ConcurrentWebSocketSessionDecorator with Undertow 2.3.10 [#32698](https://redirect.github.com/spring-projects/spring-framework/issues/32698)
#### :notebook_with_decorative_cover: Documentation
- Correct documentation on streaming with MockMvcWebTestClient [#32723](https://redirect.github.com/spring-projects/spring-framework/issues/32723)
- Update links to HttpOnly documentation at OWASP in `ResponseCookie` [#32668](https://redirect.github.com/spring-projects/spring-framework/issues/32668)
#### :hammer: Dependency Upgrades
- Upgrade to Reactor 2020.0.44 [#32788](https://redirect.github.com/spring-projects/spring-framework/issues/32788)
### [`v5.3.34`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.34)
[Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.33...v5.3.34)
#### :star: New Features
- Log column type for limited support message in `JdbcUtils.getResultSetValue` [#32603](https://redirect.github.com/spring-projects/spring-framework/issues/32603)
- Avoid additional unnecessary `Annotation` array cloning in `TypeDescriptor` [#32477](https://redirect.github.com/spring-projects/spring-framework/issues/32477)
- Avoid cloning empty `Annotation` array in `TypeDescriptor` [#32466](https://redirect.github.com/spring-projects/spring-framework/issues/32466)
#### :lady_beetle: Bug Fixes
- Refine scheme, userinfo, host and port parsing in UriComponentsBuilder [#32618](https://redirect.github.com/spring-projects/spring-framework/issues/32618)
- `MethodIntrospector.selectMethods()` fails to detect bridge methods across ApplicationContexts [#32588](https://redirect.github.com/spring-projects/spring-framework/issues/32588)
- JmsUtils.commitIfNecessary catches and ignores JMS IllegalStateException, losing message with ActiveMQ Artemis [#32480](https://redirect.github.com/spring-projects/spring-framework/issues/32480)
- Consistently apply TaskDecorator to ManagedExecutorService as well [#32457](https://redirect.github.com/spring-projects/spring-framework/issues/32457)
#### :hammer: Dependency Upgrades
- Upgrade to Reactor 2020.0.43 [#32594](https://redirect.github.com/spring-projects/spring-framework/issues/32594)
### [`v5.3.33`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.33)
[Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.32...v5.3.33)
#### :star: New Features
- Extract reusable method for URI validations [#32442](https://redirect.github.com/spring-projects/spring-framework/issues/32442)
- Allow UriTemplate to be built with an empty template [#32438](https://redirect.github.com/spring-projects/spring-framework/issues/32438)
- Refine `*HttpMessageConverter#getContentLength` return value null safety [#32332](https://redirect.github.com/spring-projects/spring-framework/issues/32332)
#### :lady_beetle: Bug Fixes
- AopUtils.getMostSpecificMethod does not return original method for proxy-derived method anymore [#32369](https://redirect.github.com/spring-projects/spring-framework/issues/32369)
- Better protect against concurrent error handling for async requests [#32342](https://redirect.github.com/spring-projects/spring-framework/issues/32342)
- Restore Jetty 10 compatibility in JettyClientHttpResponse [#32337](https://redirect.github.com/spring-projects/spring-framework/issues/32337)
- ContentCachingResponseWrapper no longer honors Content-Type and Content-Length [#32322](https://redirect.github.com/spring-projects/spring-framework/issues/32322)
#### :notebook_with_decorative_cover: Documentation
- Build KDoc against `5.3.x` Spring Framework Javadoc [#32414](https://redirect.github.com/spring-projects/spring-framework/issues/32414)
#### :hammer: Dependency Upgrades
- Upgrade to Reactor 2020.0.42 [#32422](https://redirect.github.com/spring-projects/spring-framework/issues/32422)
### [`v5.3.32`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.32)
[Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.31...v5.3.32)
#### :star: New Features
- Add CORS support for Private Network Access [#31974](https://redirect.github.com/spring-projects/spring-framework/issues/31974)
- Avoid early getMostSpecificMethod resolution in CommonAnnotationBeanPostProcessor [#31969](https://redirect.github.com/spring-projects/spring-framework/issues/31969)
#### :lady_beetle: Bug Fixes
- Consistent parsing of user information in UriComponentsBuilder [#32247](https://redirect.github.com/spring-projects/spring-framework/issues/32247)
- QualifierAnnotationAutowireCandidateResolver.checkQualifier does identity checks when comparing arrays used as qualifier fields [#32108](https://redirect.github.com/spring-projects/spring-framework/issues/32108)
- Guard against multiple body subscriptions in Jetty and JDK reactive responses [#32101](https://redirect.github.com/spring-projects/spring-framework/issues/32101)
- Static resources caching issues with ShallowEtagHeaderFilter and Jetty caching directives [#32051](https://redirect.github.com/spring-projects/spring-framework/issues/32051)
- ChannelSendOperator.WriteBarrier race condition in request(long) method leads to response being dropped [#32021](https://redirect.github.com/spring-projects/spring-framework/issues/32021)
- Spring AOP does not propagate arguments for dynamic prototype-scoped advice [#31964](https://redirect.github.com/spring-projects/spring-framework/issues/31964)
- MergedAnnotation swallows IllegalAccessException for attribute method [#31961](https://redirect.github.com/spring-projects/spring-framework/issues/31961)
- CronTrigger hard-codes default ZoneId instead of participating in scheduler-wide Clock setup [#31950](https://redirect.github.com/spring-projects/spring-framework/issues/31950)
- `MergedAnnotations` finds duplicate annotations on method in multi-level interface hierarchy [#31825](https://redirect.github.com/spring-projects/spring-framework/issues/31825)
- PathEditor cannot handle absolute Windows paths with forward slashes [#31728](https://redirect.github.com/spring-projects/spring-framework/issues/31728)
- Include Hibernate's `Query.scroll()` in `SharedEntityManagerCreator`'s `queryTerminatingMethods` set [#31684](https://redirect.github.com/spring-projects/spring-framework/issues/31684)
- TypeDescriptor does not check generics in `equals` method (for ConversionService caching) [#31674](https://redirect.github.com/spring-projects/spring-framework/issues/31674)
- Slow SpEL performance due to method sorting in ReflectiveMethodResolver [#31665](https://redirect.github.com/spring-projects/spring-framework/issues/31665)
- Jackson encoder releases resources in wrong order [#31657](https://redirect.github.com/spring-projects/spring-framework/issues/31657)
- WebSocketMessageBrokerStats has null stats for stompSubProtocolHandler since 5.3.2 [#31642](https://redirect.github.com/spring-projects/spring-framework/issues/31642)
#### :notebook_with_decorative_cover: Documentation
- Document cron-vs-quartz parsing convention for dayOfWeek part in CronExpression [#32131](https://redirect.github.com/spring-projects/spring-framework/issues/32131)
#### :hammer: Dependency Upgrades
- Upgrade to Reactor 2020.0.41 [#32276](https://redirect.github.com/spring-projects/spring-framework/issues/32276)
### [`v5.3.31`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.31)
[Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.30...v5.3.31)
#### :star: New Features
- `Log4jLog` needs to re-resolve `ExtendedLogger` on deserialization (for compatibility with Log4J 2.21) [#31583](https://redirect.github.com/spring-projects/spring-framework/issues/31583)
#### :lady_beetle: Bug Fixes
- MessageBuilder#createMessage should not define the payload as `@Nullable` [#31611](https://redirect.github.com/spring-projects/spring-framework/issues/31611)
- Avoid duplicate JAR resources in `PathMatchingResourcePatternResolver` on MS Windows [#31603](https://redirect.github.com/spring-projects/spring-framework/issues/31603)
- Spring web integration commons fileupload receives files and other parameter uploads, with a null pointer [#31564](https://redirect.github.com/spring-projects/spring-framework/issues/31564)
- Function column out doesn't resolve to `SqlOutParameter` [#31560](https://redirect.github.com/spring-projects/spring-framework/issues/31560)
- Resolve to empty MultiValueMap when no matrix variables are provided [#31484](https://redirect.github.com/spring-projects/spring-framework/issues/31484)
- BeanUtils.copyProperties() consumes large amount of memory [#31481](https://redirect.github.com/spring-projects/spring-framework/issues/31481)
- CGLIB `BeanCopier` falls back to `ClassLoader.defineClass` for public target [#31436](https://redirect.github.com/spring-projects/spring-framework/issues/31436)
- R2DBC Connection is closed during transaction when using TransactionAwareConnectionFactoryProxy [#31411](https://redirect.github.com/spring-projects/spring-framework/issues/31411)
- `HibernateJpaDialect` and `HibernateExceptionTranslator` throw `SQLExceptionTranslator`-provided exception instead of returning it [#31410](https://redirect.github.com/spring-projects/spring-framework/issues/31410)
- `NamedParameterJdbcTemplate` throws unexpected exception for `null` query [#31394](https://redirect.github.com/spring-projects/spring-framework/issues/31394)
- `LazyResolutionMessage` does not implement proper `toString` [#31385](https://redirect.github.com/spring-projects/spring-framework/issues/31385)
- Illegal reflective access in `ContextOverridingClassLoader.isEligibleForOverriding` [#31233](https://redirect.github.com/spring-projects/spring-framework/issues/31233)
#### :notebook_with_decorative_cover: Documentation
- Clarify documentation for `@Transactional` on interfaces [#31401](https://redirect.github.com/spring-projects/spring-framework/issues/31401)
- Default behavior of BeanPropertyRowMapper.getColumnValue(ResultSet, int, Class) inconsistent with code [#31349](https://redirect.github.com/spring-projects/spring-framework/issues/31349)
- Referencing a `@Bean` method in a `@Configuration` class' `@PostConstruct` method leads to circular reference [#31339](https://redirect.github.com/spring-projects/spring-framework/issues/31339)
- Incorrect reference information about CGLIB supported method visibility [#31311](https://redirect.github.com/spring-projects/spring-framework/issues/31311)
#### :hammer: Dependency Upgrades
- Upgrade to Reactor 2020.0.38 [#31584](https://redirect.github.com/spring-projects/spring-framework/issues/31584)
### [`v5.3.30`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.30)
[Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.29...v5.3.30)
#### :star: New Features
- Optimize `ClassUtils#getMostSpecificMethod` [#31100](https://redirect.github.com/spring-projects/spring-framework/issues/31100)
- Optimize whitespace checks in `StringUtils` [#31069](https://redirect.github.com/spring-projects/spring-framework/issues/31069)
- Align validation metadata handling in `PayloadMethodArgumentResolver` [#31056](https://redirect.github.com/spring-projects/spring-framework/issues/31056)
- Register an override for an existing adapter in `ReactiveAdapterRegistry` [#31048](https://redirect.github.com/spring-projects/spring-framework/issues/31048)
- Make bean initialization deterministic for multiple `@Autowired` methods on same bean class [#30994](https://redirect.github.com/spring-projects/spring-framework/issues/30994)
- Performance bottlenecks while creating scoped bean instances [#30892](https://redirect.github.com/spring-projects/spring-framework/issues/30892)
#### :lady_beetle: Bug Fixes
- Possible classloader leak through incomplete clearing of annotation caches [#31176](https://redirect.github.com/spring-projects/spring-framework/issues/31176)
- Spring `LogFactory` implementation deviates from original Apache `LogFactory` in terms of abstract method declarations [#31167](https://redirect.github.com/spring-projects/spring-framework/issues/31167)
- Bean injection fails due to `nullSafeConciseToString()` invoking `isEmpty()` on a `Map`/`Collection` proxy [#31156](https://redirect.github.com/spring-projects/spring-framework/issues/31156)
- SpelExpressionParser throws IllegalStateException instead of ParseException for invalid expression [#31099](https://redirect.github.com/spring-projects/spring-framework/issues/31099)
- `@DynamicPropertySource` in `@Nested` test class cannot override dynamic properties from enclosing class [#31085](https://redirect.github.com/spring-projects/spring-framework/issues/31085)
- `TransactionalApplicationListenerMethodAdapter` should find `@TransactionalEventListener` on target class method [#31037](https://redirect.github.com/spring-projects/spring-framework/issues/31037)
- ScheduledAnnotationBeanPostProcessor: graceful shutdown should not interrupt currently running jobs [#31020](https://redirect.github.com/spring-projects/spring-framework/issues/31020)
- Permgen memory leak due to `ClassInfo` caching in `java.beans.Introspector` on JDK 11/17 [#31005](https://redirect.github.com/spring-projects/spring-framework/issues/31005)
- `MethodIntrospector.selectMethods(?)` fails to find methods in case of special bridge method arrangement [#30907](https://redirect.github.com/spring-projects/spring-framework/issues/30907)
#### :notebook_with_decorative_cover: Documentation
- Fix documentation: Passing in Lists of Values for IN Clause does not work with JdbcTemplate [#31229](https://redirect.github.com/spring-projects/spring-framework/issues/31229)
- Refine CORS documentation for wildcard processing [#31168](https://redirect.github.com/spring-projects/spring-framework/issues/31168)
- Propagation REQUIRES_NEW may cause connection pool deadlock [#31040](https://redirect.github.com/spring-projects/spring-framework/issues/31040)
- Clarify R2DBC `ConnectionAccessor` and `DatabasePopulator` exception declarations [#30933](https://redirect.github.com/spring-projects/spring-framework/issues/30933)
- Doc: Avoid deadlock in `@PostConstruct` through SmartInitializingSingleton or ContextRefreshedEvent [#30889](https://redirect.github.com/spring-projects/spring-framework/issues/30889)
### [`v5.3.29`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.29)
[Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.28...v5.3.29)
#### :star: New Features
- Avoid illegal reflective access in ContextOverridingClassLoader.isEligibleForOverriding [#30868](https://redirect.github.com/spring-projects/spring-framework/issues/30868)
- Improve diagnostics for CGLIB ClassLoader issues with shared classes in parent ClassLoader [#30866](https://redirect.github.com/spring-projects/spring-framework/issues/30866)
- `JdbcTemplate` does not call `handleWarnings` in case of exception [#30852](https://redirect.github.com/spring-projects/spring-framework/issues/30852)
- Tolerate `AnnotationUtils.isCandidateClass` call with `null` as annotation type [#30843](https://redirect.github.com/spring-projects/spring-framework/issues/30843)
- Simplify `DefaultSingletonBeanRegistry.isDependent()` [#30841](https://redirect.github.com/spring-projects/spring-framework/issues/30841)
- Provide explicit support for collections, maps, and arrays in `ObjectUtils.nullSafeConciseToString()` [#30811](https://redirect.github.com/spring-projects/spring-framework/issues/30811)
- Extend list of supported types in `ObjectUtils.nullSafeConciseToString()` [#30806](https://redirect.github.com/spring-projects/spring-framework/issues/30806)
- Align ConcurrentMapCacheManager locking behavior with CaffeineCacheManager [#30781](https://redirect.github.com/spring-projects/spring-framework/issues/30781)
- `ResolvableType.hasUnresolvableGenerics()` should cache its result [#30715](https://redirect.github.com/spring-projects/spring-framework/issues/30715)
- Ensure Spring `LogFactory` contains all public methods from Apache `LogFactory` [#30711](https://redirect.github.com/spring-projects/spring-framework/issues/30711)
- Translate SQL Exception with State S0001 and Vendor Code 2628 to a Spring Exception in MSSQL 2019 [#30682](https://redirect.github.com/spring-projects/spring-framework/issues/30682)
#### :lady_beetle: Bug Fixes
- For a prototype bean, if first-time rejected value is null, subsequent value will wrongly be null always [#30809](https://redirect.github.com/spring-projects/spring-framework/issues/30809)
- Revert changes to `toString()` in `FieldError` [#30800](https://redirect.github.com/spring-projects/spring-framework/issues/30800)
- Fix log level on error with `@TransactionalEventListener` [#30784](https://redirect.github.com/spring-projects/spring-framework/issues/30784)
- SerializableTypeWrapper does not consistently catch InvocationTargetException [#30767](https://redirect.github.com/spring-projects/spring-framework/issues/30767)
- NPE in MvcUriComponentsBuilder with no-arg target method on interface [#30757](https://redirect.github.com/spring-projects/spring-framework/issues/30757)
- `Jackson2ObjectMapperBuilder` breaks when `modules` customizer follows `modulesToInstall` [#30752](https://redirect.github.com/spring-projects/spring-framework/issues/30752)
- Spring ORM SpringBeanContainer when trying to create a bean fails with not found bean definition, and fallbacks to default hibernate bean creation [#30685](https://redirect.github.com/spring-projects/spring-framework/issues/30685)
#### :notebook_with_decorative_cover: Documentation
- ResultSet holdability into the View layer broken by Hibernate 5 [#30863](https://redirect.github.com/spring-projects/spring-framework/issues/30863)
- Clarify `ReactiveTransactionManager` exception declarations [#30819](https://redirect.github.com/spring-projects/spring-framework/issues/30819)
- Doc: `JdbcTransactionManager` vs `DataSourceTransactionManager` [#30814](https://redirect.github.com/spring-projects/spring-framework/issues/30814)
#### :hammer: Dependency Upgrades
- Upgrade to Reactor 2020.0.34 [#30873](https://redirect.github.com/spring-projects/spring-framework/issues/30873)
### [`v5.3.28`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.28)
[Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.27...v5.3.28)
#### :star: New Features
- ClassLoader can be null in DeserializingConverter and should be annotated with `@Nullable` [#30672](https://redirect.github.com/spring-projects/spring-framework/issues/30672)
- Performance optimization in AbstractBeanFactoryBasedTargetSource.hashCode() [#30585](https://redirect.github.com/spring-projects/spring-framework/issues/30585)
- Consistent support for MultiValueMap and common Map implementations in CollectionFactory [#30441](https://redirect.github.com/spring-projects/spring-framework/issues/30441)
- Reject null and empty SpEL expressions [#30373](https://redirect.github.com/spring-projects/spring-framework/issues/30373)
- Introduce `Environment.matchesProfiles()` for profile expressions [#30226](https://redirect.github.com/spring-projects/spring-framework/issues/30226)
#### :lady_beetle: Bug Fixes
- Change of behaviour for UUID in bean validation output in v5.3.27 [#30662](https://redirect.github.com/spring-projects/spring-framework/issues/30662)
- Spring Framework 5.3.27 appears to cause issues in OSGi environment [#30637](https://redirect.github.com/spring-projects/spring-framework/issues/30637)
- Inconsistent ProxyCallbackFilter#equals/hashCode methods in CglibAopProxy [#30616](https://redirect.github.com/spring-projects/spring-framework/issues/30616)
- EclipseLinkJpaDialect: Unexpected default isolation levels [#30589](https://redirect.github.com/spring-projects/spring-framework/issues/30589)
- ThreadLocalTargetSource does not include actual target bean name in NamedThreadLocal [#30586](https://redirect.github.com/spring-projects/spring-framework/issues/30586)
- ApplicationListenerMethodAdapter inconsistently publishes events from CompletableFuture [#30584](https://redirect.github.com/spring-projects/spring-framework/issues/30584)
- For `@Bean` method that returns `null`, `@Autowired` injects `NullBean` instead of `null` for cached arguments [#30551](https://redirect.github.com/spring-projects/spring-framework/issues/30551)
- Make maximum SpEL expression length configurable [#30446](https://redirect.github.com/spring-projects/spring-framework/issues/30446)
- Respect TaskDecorator configuration on DefaultManagedTaskExecutor [#30443](https://redirect.github.com/spring-projects/spring-framework/issues/30443)
#### :notebook_with_decorative_cover: Documentation
- Document which `@Scheduled` attributes support SpEL expressions [#30642](https://redirect.github.com/spring-projects/spring-framework/issues/30642)
- FileSystemUtils::deleteRecursively Javadoc refers to File instead of Path [#30555](https://redirect.github.com/spring-projects/spring-framework/issues/30555)
#### :hammer: Dependency Upgrades
- Upgrade to Reactor 2020.0.33 [#30656](https://redirect.github.com/spring-projects/spring-framework/issues/30656)
### [`v5.3.27`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.27)
[Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.26...v5.3.27)
#### :star: New Features
- Limit string concatenation in SpEL expressions [#30331](https://redirect.github.com/spring-projects/spring-framework/issues/30331)
- Limit SpEL expression length [#30329](https://redirect.github.com/spring-projects/spring-framework/issues/30329)
- Disable variable assignment in SimpleEvaluationContext [#30327](https://redirect.github.com/spring-projects/spring-framework/issues/30327)
- Introduce `StringUtils.truncate()` [#30291](https://redirect.github.com/spring-projects/spring-framework/issues/30291)
- Introduce `ObjectUtils.nullSafeConciseToString()` [#30287](https://redirect.github.com/spring-projects/spring-framework/issues/30287)
- Make `HttpComponentsHeadersAdapter#getFirst` nullable [#30269](https://redirect.github.com/spring-projects/spring-framework/issues/30269)
#### :lady_beetle: Bug Fixes
- Fix regression in ReactorServerHttpRequest related to IPV6 Zone id with "%" [#30314](https://redirect.github.com/spring-projects/spring-framework/issues/30314)
- SSE breaks with indenting serializer in WebMvc.fn [#30302](https://redirect.github.com/spring-projects/spring-framework/issues/30302)
- Increase max regex length in SpEL expressions [#30298](https://redirect.github.com/spring-projects/spring-framework/issues/30298)
- NullPointerException on timeout in HttpComponentsClientHttpConnector when using Apache HttpComponents [#30246](https://redirect.github.com/spring-projects/spring-framework/issues/30246)
- Wrong MockRestRequestMatchers.header() method in spring-test being invoked (JDK issue?) [#30235](https://redirect.github.com/spring-projects/spring-framework/issues/30235)
- TypeNotPresentException: org/springframework/cglib/proxy/NoOp not present on Java 17 [#30228](https://redirect.github.com/spring-projects/spring-framework/issues/30228)
- Refine generic type management in `AbstractMessageWriterResultHandler` [#30215](https://redirect.github.com/spring-projects/spring-framework/issues/30215)
- MvcUriComponentsBuilder.fromMethodCall breaks for controller with CharSequence return type [#30212](https://redirect.github.com/spring-projects/spring-framework/issues/30212)
- Handle all exceptions for stored proc output param retrieval in `SharedEntityManagerCreator` [#30164](https://redirect.github.com/spring-projects/spring-framework/issues/30164)
#### :notebook_with_decorative_cover: Documentation
- Fix `@PathVariable` reference documentation code snippets [#30258](https://redirect.github.com/spring-projects/spring-framework/issues/30258)
- Fix example in Javadoc for `@EnableWebSocket` [#30187](https://redirect.github.com/spring-projects/spring-framework/issues/30187)
- Fix anchor in link to "Web on Reactive Stack" chapter [#30163](https://redirect.github.com/spring-projects/spring-framework/issues/30163)
#### :hammer: Dependency Upgrades
- Upgrade to Reactor 2020.0.31 [#30315](https://redirect.github.com/spring-projects/spring-framework/issues/30315)
### [`v5.3.26`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.26)
[Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.25...v5.3.26)
#### :star: New Features
- Improve diagnostics in SpEL for `matches` operator [#30145](https://redirect.github.com/spring-projects/spring-framework/issues/30145)
- Improve diagnostics in SpEL for repeated text [#30143](https://redirect.github.com/spring-projects/spring-framework/issues/30143)
- Increase scope of regex pattern cache for the SpEL `matches` operator [#30141](https://redirect.github.com/spring-projects/spring-framework/issues/30141)
- Minor updates in HandlerMappingIntrospector [#30128](https://redirect.github.com/spring-projects/spring-framework/issues/30128)
- Allow SnakeYaml 2.0 runtime compatibility [#30097](https://redirect.github.com/spring-projects/spring-framework/issues/30097)
- Add missing `@Nullable` annotations to `LogMessage.format` methods [#30009](https://redirect.github.com/spring-projects/spring-framework/issues/30009)
- ASM upgrade for JDK 20/21 support [#29966](https://redirect.github.com/spring-projects/spring-framework/issues/29966)
- Allow MockRest to match header/queryParam value list with one Matcher [#29964](https://redirect.github.com/spring-projects/spring-framework/issues/29964)
- Add `MockMvc.multipart()` Kotlin extensions with `HttpMethod` [#29941](https://redirect.github.com/spring-projects/spring-framework/issues/29941)
- Release R2DBC connection when cleanup fails in transaction [#29925](https://redirect.github.com/spring-projects/spring-framework/issues/29925)
- org.springframework.web.context.ContextLoader should lazily load ContextLoader.properties [#29909](https://redirect.github.com/spring-projects/spring-framework/issues/29909)
- Improve generated default name for `@JmsListener` subscription [#29902](https://redirect.github.com/spring-projects/spring-framework/issues/29902)
- Include all Hibernate query methods in `SharedEntityManagerCreator`'s `queryTerminatingMethods` set [#29888](https://redirect.github.com/spring-projects/spring-framework/issues/29888)
- SQL supplier in R2DBC `DatabaseClient` is eagerly invoked [#29887](https://redirect.github.com/spring-projects/spring-framework/issues/29887)
- Spring Framework 5.3.x is incompatible with Jetty 10 (Client) [#29867](https://redirect.github.com/spring-projects/spring-framework/issues/29867)
- Possible infinite forward loop with MockMvcWebConnection [#29866](https://redirect.github.com/spring-projects/spring-framework/issues/29866)
- Refine `Jackson2ObjectMapperBuilder#configureFeature` exception handling [#29860](https://redirect.github.com/spring-projects/spring-framework/issues/29860)
- Fix R2dbcTransactionManager debug log: don't log a Mono [#29824](https://redirect.github.com/spring-projects/spring-framework/issues/29824)
#### :lady_beetle: Bug Fixes
- RequestedContentTypeResolver does not ignore quality factor when filtering \*/\* media types [#30121](https://redirect.github.com/spring-projects/spring-framework/issues/30121)
- SpEL: cannot call methods declared in `java.lang.Object` on a JDK proxy [#30118](https://redirect.github.com/spring-projects/spring-framework/issues/30118)
- CaffeineCacheManager getCache method cause thread block [#30085](https://redirect.github.com/spring-projects/spring-framework/issues/30085)
- Protect JMS connection creation against prepareConnection errors [#30051](https://redirect.github.com/spring-projects/spring-framework/issues/30051)
- ReactorServerHttpRequest does not reflect forwarded host and port when `forwarding-header-strategy=native` or cloud platform detected [#29974](https://redirect.github.com/spring-projects/spring-framework/issues/29974)
- WebSocket stats not updated correctly when sessions cleared [#29947](https://redirect.github.com/spring-projects/spring-framework/issues/29947)
- Explicit target ClassLoader for interface-based proxies in MvcUriComponentsBuilder [#29914](https://redirect.github.com/spring-projects/spring-framework/issues/29914)
- Closing an ApplicationContext leads to Exception at ExecutorServiceAdapter [#29908](https://redirect.github.com/spring-projects/spring-framework/issues/29908)
- Invalid Accept header results in IllegalStateException [#29836](https://redirect.github.com/spring-projects/spring-framework/issues/29836)
- JettyWebSocketCreator referenced from a method is not visible from class loader with `Jetty10RequestUpgradeStrategy` [#29256](https://redirect.github.com/spring-projects/spring-framework/issues/29256)
#### :notebook_with_decorative_cover: Documentation
- Fix minor spacings in webflux docs [#30095](https://redirect.github.com/spring-projects/spring-framework/issues/30095)
- `@AspectJ` argument name resolution algorithm is outdated in reference manual [#30057](https://redirect.github.com/spring-projects/spring-framework/issues/30057)
- Fix "Configuring a Global Date and Time Format" example [#30036](https://redirect.github.com/spring-projects/spring-framework/issues/30036)
- Consistent `@Bean` method return type for equivalence with XML example [#29970](https://redirect.github.com/spring-projects/spring-framework/issues/29970)
- Update `@DynamicPropertySource` examples regarding changes in Testcontainers [#29940](https://redirect.github.com/spring-projects/spring-framework/issues/29940)
- Clarify semantics of `primitivesDefaultedForNullValue` in `BeanPropertyRowMapper` [#29926](https://redirect.github.com/spring-projects/spring-framework/issues/29926)
- Clearly document that `DataClassRowMapper` supports Java records [#29922](https://redirect.github.com/spring-projects/spring-framework/issues/29922)
- Outdated Javadoc for AbstractApplicationContext.postProcessBeanFactory [#29916](https://redirect.github.com/spring-projects/spring-framework/issues/29916)
#### :hammer: Dependency Upgrades
- Upgrade to Reactor Netty 2020.0.30 [#30116](https://redirect.github.com/spring-projects/spring-framework/issues/30116)
### [`v5.3.25`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.25)
[Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.24...v5.3.25)
#### :star: New Features
- JmsTemplate.convertAndSend throws NullPointerException during shutdown [#29719](https://redirect.github.com/spring-projects/spring-framework/issues/29719)
- Optimize object creation in RequestMappingHandlerMapping#handleNoMatch [#29667](https://redirect.github.com/spring-projects/spring-framework/issues/29667)
- Add title to SockJS iFrames for accessibility compliance [#29596](https://redirect.github.com/spring-projects/spring-framework/issues/29596)
#### :lady_beetle: Bug Fixes
- ResourceHandlers cannot resolve static resources with certain wildcard patterns [#29716](https://redirect.github.com/spring-projects/spring-framework/issues/29716)
- AnnotatedElementUtils.findMergedRepeatableAnnotations does not fetch results when other attributes exist for container annotation [#29686](https://redirect.github.com/spring-projects/spring-framework/issues/29686)
- BeanWrapperImpl NPE in setWrappedInstance after invoking getPropertyValue (with SimpleBeanInfoFactory) [#29684](https://redirect.github.com/spring-projects/spring-framework/issues/29684)
- SpEL `ConstructorReference` does not generate AST representation of arrays [#29666](https://redirect.github.com/spring-projects/spring-framework/issues/29666)
- SpEL: Two double quotes are replaced by one double quote in single quoted `String` literal (and vice versa) [#29653](https://redirect.github.com/spring-projects/spring-framework/issues/29653)
- SpEL string literal misses single quotation marks in toStringAST() [#29652](https://redirect.github.com/spring-projects/spring-framework/issues/29652)
- 500 error from WebFlux when parsing Content-Type leads to InvalidMediaTypeException [#29637](https://redirect.github.com/spring-projects/spring-framework/issues/29637)
- `WebMvcConfigurationSupport` should not catch `Throwable` for `SourceHttpMessageConverter` [#29537](https://redirect.github.com/spring-projects/spring-framework/issues/29537)
#### :notebook_with_decorative_cover: Documentation
- Update Jakarta Mail info in ref docs [#29708](https://redirect.github.com/spring-projects/spring-framework/issues/29708)
- Improve documentation for literals in SpEL expressions [#29701](https://redirect.github.com/spring-projects/spring-framework/issues/29701)
- Fix some typos in Kotlin WebClient example code [#29542](https://redirect.github.com/spring-projects/spring-framework/issues/29542)
- Fix link to Bean Utils Light Library in BeanUtils Javadoc [#29536](https://redirect.github.com/spring-projects/spring-framework/issues/29536)
- Fix link to WebFlux section in reference manual [#29526](https://redirect.github.com/spring-projects/spring-framework/issues/29526)
- Link to Spring WebFlux section is broken [#29517](https://redirect.github.com/spring-projects/spring-framework/issues/29517)
#### :hammer: Dependency Upgrades
- Upgrade to Reactor 2020.0.27 [#29798](https://redirect.github.com/spring-projects/spring-framework/issues/29798)
### [`v5.3.24`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.24)
[Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.23...v5.3.24)
#### :star: New Features
- Avoid reflection for annotation method invocations [#29448](https://redirect.github.com/spring-projects/spring-framework/issues/29448)
- Avoid unnecessary allocations in StompDecoder#unescape [#29443](https://redirect.github.com/spring-projects/spring-framework/pull/29443)
- Avoid String allocations in MediaType.checkParameters [#29428](https://redirect.github.com/spring-projects/spring-framework/pull/29428)
- Reduce allocations caused by producible media types [#29412](https://redirect.github.com/spring-projects/spring-framework/pull/29412)
- Provide optional SimpleBeanInfoFactory for better introspection performance in 5.3.x [#29330](https://redirect.github.com/spring-projects/spring-framework/issues/29330)
- Filter out `null` WebSocket session attributes [#29315](https://redirect.github.com/spring-projects/spring-framework/issues/29315)
- Introduce TestSocketUtils as a replacement for SocketUtils [#29132](https://redirect.github.com/spring-projects/spring-framework/pull/29132)
- Avoid Commons Logging API for using LoggingCacheErrorHandler with a custom logger [#28678](https://redirect.github.com/spring-projects/spring-framework/pull/28678)
#### :lady_beetle: Bug Fixes
- Missing SessionFactory property (filter AutoCloseable from PropertyDescriptors) [#29480](https://redirect.github.com/spring-projects/spring-framework/issues/29480)
- SpEL ternary and Elvis expressions are missing enclosing parentheses in toStringAST() [#29463](https://redirect.github.com/spring-projects/spring-framework/issues/29463)
- If-Unmodified-Since header check removes Last-Modified and Etag headers from response, even if condition passes [#29362](https://redirect.github.com/spring-projects/spring-framework/issues/29362)
- Annotation searches fail for non-public repeatable annotations [#29301](https://redirect.github.com/spring-projects/spring-framework/issues/29301)
- AbstractBeanFactory's interaction with BeanPostProcessorCacheAwareList is not fully thread-safe [#29299](https://redirect.github.com/spring-projects/spring-framework/issues/29299)
- WebTestClient cannot assert custom HTTP status code [#29283](https://redirect.github.com/spring-projects/spring-framework/issues/29283)
- Body token not expected error when trying to upload a large multipart file [#29227](https://redirect.github.com/spring-projects/spring-framework/issues/29227)
- Avoid resizing of Maps created by CollectionUtils [#29190](https://redirect.github.com/spring-projects/spring-framework/pull/29190)
- DefaultWebClient logging sensitive information in URI [#29148](https://redirect.github.com/spring-projects/spring-framework/issues/29148)
- Fix SimpleMailMessage nullability annotations [#29139](https://redirect.github.com/spring-projects/spring-framework/pull/29139)
- Webflux fails to apply the rule for controller methods returning void to kotlin suspend functions returning Unit [#27629](https://redirect.github.com/spring-projects/spring-framework/issues/27629)
- Resource.isFile() return true when the resource path actually not exists [#26707](https://redirect.github.com/spring-projects/spring-framework/issues/26707)
- AnnotatedElementUtils does not find merged repeatable annotations on other repeatable annotations [#20279](https://redirect.github.com/spring-projects/spring-framework/issues/20279)
#### :notebook_with_decorative_cover: Documentation
- Fix two typos in integration.adoc and webflux.adoc [#29469](https://redirect.github.com/spring-projects/spring-framework/pull/29469)
- Fix typo: "as describe in" -> "as described in" [#29393](https://redirect.github.com/spring-projects/spring-framework/pull/29393)
- Fix typos [#29364](https://redirect.github.com/spring-projects/spring-framework/pull/29364)
- Correct documentation for "other return values" from a web controller method [#29349](https://redirect.github.com/spring-projects/spring-framework/issues/29349)
- Document how to use WebJars without `webjars-locator-core` dependency [#29322](https://redirect.github.com/spring-projects/spring-framework/issues/29322)
- Update RestTemplate Javadoc with regards to setting interceptors on startup vs at runtime [#29311](https://redirect.github.com/spring-projects/spring-framework/issues/29311)
- Document how to switch to the default set of TestExecutionListeners [#29281](https://redirect.github.com/spring-projects/spring-framework/issues/29281)
- Document limitation of AopTestUtils.getUltimateTargetObject() regarding non-static TargetSource [#29276](https://redirect.github.com/spring-projects/spring-framework/issues/29276)
- Fix typo in WebSocket reference doc regarding subscription header [#29228](https://redirect.github.com/spring-projects/spring-framework/pull/29228)
- Fix MockMvc sample setup [#29201](https://redirect.github.com/spring-projects/spring-framework/pull/29201)
#### :hammer: Dependency Upgrades
- Upgrade to Reactor 2020.0.25 [#29464](https://redirect.github.com/spring-projects/spring-framework/issues/29464)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@sangmin7648](https://redirect.github.com/sangmin7648)
- [@izeye](https://redirect.github.com/izeye)
- [@dreis2211](https://redirect.github.com/dreis2211)
- [@catmug](https://redirect.github.com/catmug)
- [@inabajunmr](https://redirect.github.com/inabajunmr)
- [@iamgd67](https://redirect.github.com/iamgd67)
- [@davidcostanzo](https://redirect.github.com/davidcostanzo)
- [@jprinet](https://redirect.github.com/jprinet)
- [@stgerhardt](https://redirect.github.com/stgerhardt)
- [@onobc](https://redirect.github.com/onobc)
- [@vpavic](https://redirect.github.com/vpavic)
### [`v5.3.23`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.23)
[Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.22...v5.3.23)
#### :star: New Features
- Introduce AnnotationUtils.isSynthesizedAnnotation(Annotation) [#29054](https://redirect.github.com/spring-projects/spring-framework/issues/29054)
- Introduce createContext() factory method in AbstractGenericWebContextLoader [#28983](https://redirect.github.com/spring-projects/spring-framework/issues/28983)
- Support TreeSet collection type in CollectionFactory.createCollection() without using reflection [#28949](https://redirect.github.com/spring-projects/spring-framework/pull/28949)
- Document when RequestEntity.getUrl() throws an UnsupportedOperationException [#28930](https://redirect.github.com/spring-projects/spring-framework/issues/28930)
- Deprecate NestedIOException [#28929](https://redirect.github.com/spring-projects/spring-framework/issues/28929)
- Make isConnected() in WebSocketConnectionManager public [#28785](https://redirect.github.com/spring-projects/spring-framework/pull/28785)
- Expose headers from STOMP RECEIPT frame to registered callbacks [#28715](https://redirect.github.com/spring-projects/spring-framework/pull/28715)
- Make WebClientException serializable [#28321](https://redirect.github.com/spring-projects/spring-framework/issues/28321)
#### :lady_beetle: Bug Fixes
- Ordering inconsistency with beans defined in parent context [#29105](https://redirect.github.com/spring-projects/spring-framework/issues/29105)
- RelativeRedirectResponseWrapper does not commit response in sendRedirect [#29050](https://redirect.github.com/spring-projects/spring-framework/pull/29050)
- MockServerContainerContextCustomizerFactory does not support `@Nested` tests [#29037](https://redirect.github.com/spring-projects/spring-framework/issues/29037)
- Request to improve KotlinSerializationJsonHttpMessageConverter logic in RestTemplate [#29008](https://redirect.github.com/spring-projects/spring-framework/issues/29008)
- WebFlux: multipart requests hang sometimes [#28963](https://redirect.github.com/spring-projects/spring-framework/issues/28963)
- DataBufferUtils.write(Publisher, Path) loses context [#28933](https://redirect.github.com/spring-projects/spring-framework/issues/28933)
- connectionTimeOut and readTimeout not working on UrlResource [#28909](https://redirect.github.com/spring-projects/spring-framework/issues/28909)
- SockJsServiceRegistration#setSupressCors has a typo and should be deprecated [#28853](https://redirect.github.com/spring-projects/spring-framework/pull/28853)
- RenderingResponse does not set status code on redirect views [#28839](https://redirect.github.com/spring-projects/spring-framework/issues/28839)
- Avoid IllegalArgumentException when setting WebSocket error status [#28836](https://redirect.github.com/spring-projects/spring-framework/pull/28836)
- Loss of context path after using ServerRequest.from [#28820](https://redirect.github.com/spring-projects/spring-framework/issues/28820)
- ResponseCookie does not declare nullability annotations consistently for domain and path [#28780](https://redirect.github.com/spring-projects/spring-framework/pull/28780)
#### :notebook_with_decorative_cover: Documentation
- Fix typo in data-access section [#29048](https://redirect.github.com/spring-projects/spring-framework/pull/29048)
- Correct description of `@RequestParam` with WebFlux [#28944](https://redirect.github.com/spring-projects/spring-framework/pull/28944)
- Fix broken kdoc-api links in kotlin.adoc [#28908](https://redirect.github.com/spring-projects/spring-framework/pull/28908)
- Fix typos in Javadoc of class AbstractEncoder [#28885](https://redirect.github.com/spring-projects/spring-framework/pull/28885)
- Fix links in Javadoc and reference docs [#28876](https://redirect.github.com/spring-projects/spring-framework/pull/28876)
- Add missing closing parenthesis in reference doc [#28867](https://redirect.github.com/spring-projects/spring-framework/pull/28867)
- Fix typos in Javadoc, reference docs, and code [#28822](https://redirect.github.com/spring-projects/spring-framework/pull/28822)
- Replace use of the `` HTML tag in Javadoc [#28819](https://redirect.github.com/spring-projects/spring-framework/pull/28819)
- Fix broken link in rsocket documentation [#28817](https://redirect.github.com/spring-projects/spring-framework/pull/28817)
- Clarify docs on JNDI properties in Servlet environment [#28488](https://redirect.github.com/spring-projects/spring-framework/pull/28488)
- Improve documentation of Caching annotations [#28183](https://redirect.github.com/spring-projects/spring-framework/pull/28183)
#### :hammer: Dependency Upgrades
- Upgrade to Reactor 2020.0.23 [#29129](https://redirect.github.com/spring-projects/spring-framework/issues/29129)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@boahc077](https://redirect.github.com/boahc077)
- [@1993heqiang](https://redirect.github.com/1993heqiang)
- [@luvarqpp](https://redirect.github.com/luvarqpp)
- [@arend-von-reinersdorff](https://redirect.github.com/arend-von-reinersdorff)
- [@jensdietrich](https://redirect.github.com/jensdietrich)
- [@wilkinsona](https://redirect.github.com/wilkinsona)
- [@npriebe](https://redirect.github.com/npriebe)
- [@vpavic](https://redirect.github.com/vpavic)
- [@jupiterhub](https://redirect.github.com/jupiterhub)
- [@izeye](https://redirect.github.com/izeye)
- [@napstr](https://redirect.github.com/napstr)
- [@marcwrobel](https://redirect.github.com/marcwrobel)
- [@arvyy](https://redirect.github.com/arvyy)
- [@jbotuck](https://redirect.github.com/jbotuck)
- [@chanhyeong](https://redirect.github.com/chanhyeong)
- [@yuezk](https://redirect.github.com/yuezk)
- [@edfeff](https://redirect.github.com/edfeff)
- [@adrianbob](https://redirect.github.com/adrianbob)
- [@FlorianKirmaier](https://redirect.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
4.3.30.RELEASE
->6.0.0
GitHub Vulnerability Alerts
CVE-2016-1000027
Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
Maintainers recommend investigating alternative components or a potential mitigating control. Version 4.2.6 and 3.2.17 contain enhanced documentation advising users to take precautions against unsafe Java deserialization, version 5.3.0 deprecate the impacted classes and version 6.0.0 removed it entirely.
CVE-2024-22259
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243, but with different input.
CVE-2024-22262
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
CVE-2024-38809
Description
Applications that parse ETags from
If-Match
orIf-None-Match
request headers are vulnerable to DoS attack.Affected Spring Products and Versions
org.springframework:spring-web in versions
6.1.0 through 6.1.11 6.0.0 through 6.0.22 5.3.0 through 5.3.37
Older, unsupported versions are also affected
Mitigation
Users of affected versions should upgrade to the corresponding fixed version. 6.1.x -> 6.1.12 6.0.x -> 6.0.23 5.3.x -> 5.3.38 No other mitigation steps are necessary.
Users of older, unsupported versions could enforce a size limit on
If-Match
andIf-None-Match
headers, e.g. through a Filter.Release Notes
spring-projects/spring-framework (org.springframework:spring-web)
### [`v6.0.0`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v6.0.0) See [What's New in Spring Framework 6.x](https://redirect.github.com/spring-projects/spring-framework/wiki/What%27s-New-in-Spring-Framework-6.x) and [Upgrading to Spring Framework 6.x](https://redirect.github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x) for upgrade instructions and details of new features. #### :star: New Features - Avoid direct URL construction and URL equality checks [#29486](https://redirect.github.com/spring-projects/spring-framework/issues/29486) - Simplify creating RFC 7807 responses from functional endpoints [#29462](https://redirect.github.com/spring-projects/spring-framework/issues/29462) - Allow test classes to provide runtime hints via declarative mechanisms [#29455](https://redirect.github.com/spring-projects/spring-framework/issues/29455) #### :notebook_with_decorative_cover: Documentation - Align javadoc of DefaultParameterNameDiscoverer with its behavior [#29494](https://redirect.github.com/spring-projects/spring-framework/pull/29494) - Document AOT support in the TestContext framework [#29482](https://redirect.github.com/spring-projects/spring-framework/issues/29482) - Document Ahead of Time processing in the reference guide [#29350](https://redirect.github.com/spring-projects/spring-framework/issues/29350) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2022.0.0 [#29465](https://redirect.github.com/spring-projects/spring-framework/issues/29465) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@ophiuhus](https://redirect.github.com/ophiuhus) and [@wilkinsona](https://redirect.github.com/wilkinsona) ### [`v5.3.39`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.39) #### :star: New Features - SimpleEvaluationContext should disable array allocation [#33386](https://redirect.github.com/spring-projects/spring-framework/issues/33386) ### [`v5.3.38`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.38) #### :star: New Features - Efficient handling of conditional HTTP requests [#33378](https://redirect.github.com/spring-projects/spring-framework/issues/33378) #### :lady_beetle: Bug Fixes - Fix incorrect weak ETag validation [#33377](https://redirect.github.com/spring-projects/spring-framework/issues/33377) - `SimpleEvaluationContext` does not enforce read-only semantics [#33320](https://redirect.github.com/spring-projects/spring-framework/issues/33320) - `ConversionService` cannot convert primitive array to `Object[]` [#33314](https://redirect.github.com/spring-projects/spring-framework/issues/33314) - SpEL `Indexer` silently ignores failure to set property as index [#33312](https://redirect.github.com/spring-projects/spring-framework/issues/33312) - Mockito mock falsely initialized as CGLIB proxy with AspectJ aspect [#33142](https://redirect.github.com/spring-projects/spring-framework/issues/33142) - "file:." cannot be resolved to `java.nio.file.Path` (and plain "." value resolves to classpath root) [#33140](https://redirect.github.com/spring-projects/spring-framework/issues/33140) #### :notebook_with_decorative_cover: Documentation - Typo in Annotation-driven Listener Endpoints section of Spring Framework documentation [#33052](https://redirect.github.com/spring-projects/spring-framework/issues/33052) - Container Extension Points section of Spring Framework documentation refers to the wrong property name [#33039](https://redirect.github.com/spring-projects/spring-framework/issues/33039) - Incorrect constructor details in the javadoc for ApplicationContextEvent [#33034](https://redirect.github.com/spring-projects/spring-framework/issues/33034) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.47 [#33322](https://redirect.github.com/spring-projects/spring-framework/issues/33322) ### [`v5.3.37`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.37) #### :star: New Features - AnnotationUtils performance degrades with deep stacks [#32923](https://redirect.github.com/spring-projects/spring-framework/issues/32923) #### :lady_beetle: Bug Fixes - AspectJ CTW aspects executed twice [#32974](https://redirect.github.com/spring-projects/spring-framework/issues/32974) - SpEL compilation fails when indexing into a `Map` with a primitive [#32911](https://redirect.github.com/spring-projects/spring-framework/issues/32911) - SpEL compilation fails when indexing into an array or list with an `Integer` [#32909](https://redirect.github.com/spring-projects/spring-framework/issues/32909) - Application not starting with `@EnableTransactionManagement`(mode = AdviceMode.ASPECTJ) [#32885](https://redirect.github.com/spring-projects/spring-framework/issues/32885) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.45 [#33010](https://redirect.github.com/spring-projects/spring-framework/issues/33010) ### [`v5.3.36`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.36) #### :lady_beetle: Bug Fixes - Overridden aspect method runs twice [#32868](https://redirect.github.com/spring-projects/spring-framework/issues/32868) - `@DateTimeFormat(iso = DateTimeFormat.ISO.DATE\_TIME)` cannot convert UTC without milliseconds to `java.util.Date` [#32860](https://redirect.github.com/spring-projects/spring-framework/issues/32860) - Spring AOP fails against registered `@Configurable` aspect [#32840](https://redirect.github.com/spring-projects/spring-framework/issues/32840) ### [`v5.3.35`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.35) #### :star: New Features - Accept ajc-compiled `@Aspect` classes for Spring AOP proxy usage [#32818](https://redirect.github.com/spring-projects/spring-framework/issues/32818) #### :lady_beetle: Bug Fixes - DeferredQueryInvocationHandler fails to unwrap QuerySqmImpl class outside of transaction [#32770](https://redirect.github.com/spring-projects/spring-framework/issues/32770) - `MergedAnnotations` search does not find container for repeatable annotation [#32751](https://redirect.github.com/spring-projects/spring-framework/issues/32751) - `AnnotationConfigWebApplicationContext` should propagate `ApplicationStartup` to `BeanFactory` [#32749](https://redirect.github.com/spring-projects/spring-framework/issues/32749) - Ignore non-String keys in `PropertiesPropertySource.getPropertyNames()` [#32744](https://redirect.github.com/spring-projects/spring-framework/issues/32744) - "multiple subscribers not supported" when using WebClient exchange [#32728](https://redirect.github.com/spring-projects/spring-framework/issues/32728) - Deadlock/Stall in ConcurrentWebSocketSessionDecorator with Undertow 2.3.10 [#32698](https://redirect.github.com/spring-projects/spring-framework/issues/32698) #### :notebook_with_decorative_cover: Documentation - Correct documentation on streaming with MockMvcWebTestClient [#32723](https://redirect.github.com/spring-projects/spring-framework/issues/32723) - Update links to HttpOnly documentation at OWASP in `ResponseCookie` [#32668](https://redirect.github.com/spring-projects/spring-framework/issues/32668) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.44 [#32788](https://redirect.github.com/spring-projects/spring-framework/issues/32788) ### [`v5.3.34`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.34) [Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.33...v5.3.34) #### :star: New Features - Log column type for limited support message in `JdbcUtils.getResultSetValue` [#32603](https://redirect.github.com/spring-projects/spring-framework/issues/32603) - Avoid additional unnecessary `Annotation` array cloning in `TypeDescriptor` [#32477](https://redirect.github.com/spring-projects/spring-framework/issues/32477) - Avoid cloning empty `Annotation` array in `TypeDescriptor` [#32466](https://redirect.github.com/spring-projects/spring-framework/issues/32466) #### :lady_beetle: Bug Fixes - Refine scheme, userinfo, host and port parsing in UriComponentsBuilder [#32618](https://redirect.github.com/spring-projects/spring-framework/issues/32618) - `MethodIntrospector.selectMethods()` fails to detect bridge methods across ApplicationContexts [#32588](https://redirect.github.com/spring-projects/spring-framework/issues/32588) - JmsUtils.commitIfNecessary catches and ignores JMS IllegalStateException, losing message with ActiveMQ Artemis [#32480](https://redirect.github.com/spring-projects/spring-framework/issues/32480) - Consistently apply TaskDecorator to ManagedExecutorService as well [#32457](https://redirect.github.com/spring-projects/spring-framework/issues/32457) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.43 [#32594](https://redirect.github.com/spring-projects/spring-framework/issues/32594) ### [`v5.3.33`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.33) [Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.32...v5.3.33) #### :star: New Features - Extract reusable method for URI validations [#32442](https://redirect.github.com/spring-projects/spring-framework/issues/32442) - Allow UriTemplate to be built with an empty template [#32438](https://redirect.github.com/spring-projects/spring-framework/issues/32438) - Refine `*HttpMessageConverter#getContentLength` return value null safety [#32332](https://redirect.github.com/spring-projects/spring-framework/issues/32332) #### :lady_beetle: Bug Fixes - AopUtils.getMostSpecificMethod does not return original method for proxy-derived method anymore [#32369](https://redirect.github.com/spring-projects/spring-framework/issues/32369) - Better protect against concurrent error handling for async requests [#32342](https://redirect.github.com/spring-projects/spring-framework/issues/32342) - Restore Jetty 10 compatibility in JettyClientHttpResponse [#32337](https://redirect.github.com/spring-projects/spring-framework/issues/32337) - ContentCachingResponseWrapper no longer honors Content-Type and Content-Length [#32322](https://redirect.github.com/spring-projects/spring-framework/issues/32322) #### :notebook_with_decorative_cover: Documentation - Build KDoc against `5.3.x` Spring Framework Javadoc [#32414](https://redirect.github.com/spring-projects/spring-framework/issues/32414) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.42 [#32422](https://redirect.github.com/spring-projects/spring-framework/issues/32422) ### [`v5.3.32`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.32) [Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.31...v5.3.32) #### :star: New Features - Add CORS support for Private Network Access [#31974](https://redirect.github.com/spring-projects/spring-framework/issues/31974) - Avoid early getMostSpecificMethod resolution in CommonAnnotationBeanPostProcessor [#31969](https://redirect.github.com/spring-projects/spring-framework/issues/31969) #### :lady_beetle: Bug Fixes - Consistent parsing of user information in UriComponentsBuilder [#32247](https://redirect.github.com/spring-projects/spring-framework/issues/32247) - QualifierAnnotationAutowireCandidateResolver.checkQualifier does identity checks when comparing arrays used as qualifier fields [#32108](https://redirect.github.com/spring-projects/spring-framework/issues/32108) - Guard against multiple body subscriptions in Jetty and JDK reactive responses [#32101](https://redirect.github.com/spring-projects/spring-framework/issues/32101) - Static resources caching issues with ShallowEtagHeaderFilter and Jetty caching directives [#32051](https://redirect.github.com/spring-projects/spring-framework/issues/32051) - ChannelSendOperator.WriteBarrier race condition in request(long) method leads to response being dropped [#32021](https://redirect.github.com/spring-projects/spring-framework/issues/32021) - Spring AOP does not propagate arguments for dynamic prototype-scoped advice [#31964](https://redirect.github.com/spring-projects/spring-framework/issues/31964) - MergedAnnotation swallows IllegalAccessException for attribute method [#31961](https://redirect.github.com/spring-projects/spring-framework/issues/31961) - CronTrigger hard-codes default ZoneId instead of participating in scheduler-wide Clock setup [#31950](https://redirect.github.com/spring-projects/spring-framework/issues/31950) - `MergedAnnotations` finds duplicate annotations on method in multi-level interface hierarchy [#31825](https://redirect.github.com/spring-projects/spring-framework/issues/31825) - PathEditor cannot handle absolute Windows paths with forward slashes [#31728](https://redirect.github.com/spring-projects/spring-framework/issues/31728) - Include Hibernate's `Query.scroll()` in `SharedEntityManagerCreator`'s `queryTerminatingMethods` set [#31684](https://redirect.github.com/spring-projects/spring-framework/issues/31684) - TypeDescriptor does not check generics in `equals` method (for ConversionService caching) [#31674](https://redirect.github.com/spring-projects/spring-framework/issues/31674) - Slow SpEL performance due to method sorting in ReflectiveMethodResolver [#31665](https://redirect.github.com/spring-projects/spring-framework/issues/31665) - Jackson encoder releases resources in wrong order [#31657](https://redirect.github.com/spring-projects/spring-framework/issues/31657) - WebSocketMessageBrokerStats has null stats for stompSubProtocolHandler since 5.3.2 [#31642](https://redirect.github.com/spring-projects/spring-framework/issues/31642) #### :notebook_with_decorative_cover: Documentation - Document cron-vs-quartz parsing convention for dayOfWeek part in CronExpression [#32131](https://redirect.github.com/spring-projects/spring-framework/issues/32131) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.41 [#32276](https://redirect.github.com/spring-projects/spring-framework/issues/32276) ### [`v5.3.31`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.31) [Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.30...v5.3.31) #### :star: New Features - `Log4jLog` needs to re-resolve `ExtendedLogger` on deserialization (for compatibility with Log4J 2.21) [#31583](https://redirect.github.com/spring-projects/spring-framework/issues/31583) #### :lady_beetle: Bug Fixes - MessageBuilder#createMessage should not define the payload as `@Nullable` [#31611](https://redirect.github.com/spring-projects/spring-framework/issues/31611) - Avoid duplicate JAR resources in `PathMatchingResourcePatternResolver` on MS Windows [#31603](https://redirect.github.com/spring-projects/spring-framework/issues/31603) - Spring web integration commons fileupload receives files and other parameter uploads, with a null pointer [#31564](https://redirect.github.com/spring-projects/spring-framework/issues/31564) - Function column out doesn't resolve to `SqlOutParameter` [#31560](https://redirect.github.com/spring-projects/spring-framework/issues/31560) - Resolve to empty MultiValueMap when no matrix variables are provided [#31484](https://redirect.github.com/spring-projects/spring-framework/issues/31484) - BeanUtils.copyProperties() consumes large amount of memory [#31481](https://redirect.github.com/spring-projects/spring-framework/issues/31481) - CGLIB `BeanCopier` falls back to `ClassLoader.defineClass` for public target [#31436](https://redirect.github.com/spring-projects/spring-framework/issues/31436) - R2DBC Connection is closed during transaction when using TransactionAwareConnectionFactoryProxy [#31411](https://redirect.github.com/spring-projects/spring-framework/issues/31411) - `HibernateJpaDialect` and `HibernateExceptionTranslator` throw `SQLExceptionTranslator`-provided exception instead of returning it [#31410](https://redirect.github.com/spring-projects/spring-framework/issues/31410) - `NamedParameterJdbcTemplate` throws unexpected exception for `null` query [#31394](https://redirect.github.com/spring-projects/spring-framework/issues/31394) - `LazyResolutionMessage` does not implement proper `toString` [#31385](https://redirect.github.com/spring-projects/spring-framework/issues/31385) - Illegal reflective access in `ContextOverridingClassLoader.isEligibleForOverriding` [#31233](https://redirect.github.com/spring-projects/spring-framework/issues/31233) #### :notebook_with_decorative_cover: Documentation - Clarify documentation for `@Transactional` on interfaces [#31401](https://redirect.github.com/spring-projects/spring-framework/issues/31401) - Default behavior of BeanPropertyRowMapper.getColumnValue(ResultSet, int, Class) inconsistent with code [#31349](https://redirect.github.com/spring-projects/spring-framework/issues/31349) - Referencing a `@Bean` method in a `@Configuration` class' `@PostConstruct` method leads to circular reference [#31339](https://redirect.github.com/spring-projects/spring-framework/issues/31339) - Incorrect reference information about CGLIB supported method visibility [#31311](https://redirect.github.com/spring-projects/spring-framework/issues/31311) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.38 [#31584](https://redirect.github.com/spring-projects/spring-framework/issues/31584) ### [`v5.3.30`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.30) [Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.29...v5.3.30) #### :star: New Features - Optimize `ClassUtils#getMostSpecificMethod` [#31100](https://redirect.github.com/spring-projects/spring-framework/issues/31100) - Optimize whitespace checks in `StringUtils` [#31069](https://redirect.github.com/spring-projects/spring-framework/issues/31069) - Align validation metadata handling in `PayloadMethodArgumentResolver` [#31056](https://redirect.github.com/spring-projects/spring-framework/issues/31056) - Register an override for an existing adapter in `ReactiveAdapterRegistry` [#31048](https://redirect.github.com/spring-projects/spring-framework/issues/31048) - Make bean initialization deterministic for multiple `@Autowired` methods on same bean class [#30994](https://redirect.github.com/spring-projects/spring-framework/issues/30994) - Performance bottlenecks while creating scoped bean instances [#30892](https://redirect.github.com/spring-projects/spring-framework/issues/30892) #### :lady_beetle: Bug Fixes - Possible classloader leak through incomplete clearing of annotation caches [#31176](https://redirect.github.com/spring-projects/spring-framework/issues/31176) - Spring `LogFactory` implementation deviates from original Apache `LogFactory` in terms of abstract method declarations [#31167](https://redirect.github.com/spring-projects/spring-framework/issues/31167) - Bean injection fails due to `nullSafeConciseToString()` invoking `isEmpty()` on a `Map`/`Collection` proxy [#31156](https://redirect.github.com/spring-projects/spring-framework/issues/31156) - SpelExpressionParser throws IllegalStateException instead of ParseException for invalid expression [#31099](https://redirect.github.com/spring-projects/spring-framework/issues/31099) - `@DynamicPropertySource` in `@Nested` test class cannot override dynamic properties from enclosing class [#31085](https://redirect.github.com/spring-projects/spring-framework/issues/31085) - `TransactionalApplicationListenerMethodAdapter` should find `@TransactionalEventListener` on target class method [#31037](https://redirect.github.com/spring-projects/spring-framework/issues/31037) - ScheduledAnnotationBeanPostProcessor: graceful shutdown should not interrupt currently running jobs [#31020](https://redirect.github.com/spring-projects/spring-framework/issues/31020) - Permgen memory leak due to `ClassInfo` caching in `java.beans.Introspector` on JDK 11/17 [#31005](https://redirect.github.com/spring-projects/spring-framework/issues/31005) - `MethodIntrospector.selectMethods(?)` fails to find methods in case of special bridge method arrangement [#30907](https://redirect.github.com/spring-projects/spring-framework/issues/30907) #### :notebook_with_decorative_cover: Documentation - Fix documentation: Passing in Lists of Values for IN Clause does not work with JdbcTemplate [#31229](https://redirect.github.com/spring-projects/spring-framework/issues/31229) - Refine CORS documentation for wildcard processing [#31168](https://redirect.github.com/spring-projects/spring-framework/issues/31168) - Propagation REQUIRES_NEW may cause connection pool deadlock [#31040](https://redirect.github.com/spring-projects/spring-framework/issues/31040) - Clarify R2DBC `ConnectionAccessor` and `DatabasePopulator` exception declarations [#30933](https://redirect.github.com/spring-projects/spring-framework/issues/30933) - Doc: Avoid deadlock in `@PostConstruct` through SmartInitializingSingleton or ContextRefreshedEvent [#30889](https://redirect.github.com/spring-projects/spring-framework/issues/30889) ### [`v5.3.29`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.29) [Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.28...v5.3.29) #### :star: New Features - Avoid illegal reflective access in ContextOverridingClassLoader.isEligibleForOverriding [#30868](https://redirect.github.com/spring-projects/spring-framework/issues/30868) - Improve diagnostics for CGLIB ClassLoader issues with shared classes in parent ClassLoader [#30866](https://redirect.github.com/spring-projects/spring-framework/issues/30866) - `JdbcTemplate` does not call `handleWarnings` in case of exception [#30852](https://redirect.github.com/spring-projects/spring-framework/issues/30852) - Tolerate `AnnotationUtils.isCandidateClass` call with `null` as annotation type [#30843](https://redirect.github.com/spring-projects/spring-framework/issues/30843) - Simplify `DefaultSingletonBeanRegistry.isDependent()` [#30841](https://redirect.github.com/spring-projects/spring-framework/issues/30841) - Provide explicit support for collections, maps, and arrays in `ObjectUtils.nullSafeConciseToString()` [#30811](https://redirect.github.com/spring-projects/spring-framework/issues/30811) - Extend list of supported types in `ObjectUtils.nullSafeConciseToString()` [#30806](https://redirect.github.com/spring-projects/spring-framework/issues/30806) - Align ConcurrentMapCacheManager locking behavior with CaffeineCacheManager [#30781](https://redirect.github.com/spring-projects/spring-framework/issues/30781) - `ResolvableType.hasUnresolvableGenerics()` should cache its result [#30715](https://redirect.github.com/spring-projects/spring-framework/issues/30715) - Ensure Spring `LogFactory` contains all public methods from Apache `LogFactory` [#30711](https://redirect.github.com/spring-projects/spring-framework/issues/30711) - Translate SQL Exception with State S0001 and Vendor Code 2628 to a Spring Exception in MSSQL 2019 [#30682](https://redirect.github.com/spring-projects/spring-framework/issues/30682) #### :lady_beetle: Bug Fixes - For a prototype bean, if first-time rejected value is null, subsequent value will wrongly be null always [#30809](https://redirect.github.com/spring-projects/spring-framework/issues/30809) - Revert changes to `toString()` in `FieldError` [#30800](https://redirect.github.com/spring-projects/spring-framework/issues/30800) - Fix log level on error with `@TransactionalEventListener` [#30784](https://redirect.github.com/spring-projects/spring-framework/issues/30784) - SerializableTypeWrapper does not consistently catch InvocationTargetException [#30767](https://redirect.github.com/spring-projects/spring-framework/issues/30767) - NPE in MvcUriComponentsBuilder with no-arg target method on interface [#30757](https://redirect.github.com/spring-projects/spring-framework/issues/30757) - `Jackson2ObjectMapperBuilder` breaks when `modules` customizer follows `modulesToInstall` [#30752](https://redirect.github.com/spring-projects/spring-framework/issues/30752) - Spring ORM SpringBeanContainer when trying to create a bean fails with not found bean definition, and fallbacks to default hibernate bean creation [#30685](https://redirect.github.com/spring-projects/spring-framework/issues/30685) #### :notebook_with_decorative_cover: Documentation - ResultSet holdability into the View layer broken by Hibernate 5 [#30863](https://redirect.github.com/spring-projects/spring-framework/issues/30863) - Clarify `ReactiveTransactionManager` exception declarations [#30819](https://redirect.github.com/spring-projects/spring-framework/issues/30819) - Doc: `JdbcTransactionManager` vs `DataSourceTransactionManager` [#30814](https://redirect.github.com/spring-projects/spring-framework/issues/30814) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.34 [#30873](https://redirect.github.com/spring-projects/spring-framework/issues/30873) ### [`v5.3.28`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.28) [Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.27...v5.3.28) #### :star: New Features - ClassLoader can be null in DeserializingConverter and should be annotated with `@Nullable` [#30672](https://redirect.github.com/spring-projects/spring-framework/issues/30672) - Performance optimization in AbstractBeanFactoryBasedTargetSource.hashCode() [#30585](https://redirect.github.com/spring-projects/spring-framework/issues/30585) - Consistent support for MultiValueMap and common Map implementations in CollectionFactory [#30441](https://redirect.github.com/spring-projects/spring-framework/issues/30441) - Reject null and empty SpEL expressions [#30373](https://redirect.github.com/spring-projects/spring-framework/issues/30373) - Introduce `Environment.matchesProfiles()` for profile expressions [#30226](https://redirect.github.com/spring-projects/spring-framework/issues/30226) #### :lady_beetle: Bug Fixes - Change of behaviour for UUID in bean validation output in v5.3.27 [#30662](https://redirect.github.com/spring-projects/spring-framework/issues/30662) - Spring Framework 5.3.27 appears to cause issues in OSGi environment [#30637](https://redirect.github.com/spring-projects/spring-framework/issues/30637) - Inconsistent ProxyCallbackFilter#equals/hashCode methods in CglibAopProxy [#30616](https://redirect.github.com/spring-projects/spring-framework/issues/30616) - EclipseLinkJpaDialect: Unexpected default isolation levels [#30589](https://redirect.github.com/spring-projects/spring-framework/issues/30589) - ThreadLocalTargetSource does not include actual target bean name in NamedThreadLocal [#30586](https://redirect.github.com/spring-projects/spring-framework/issues/30586) - ApplicationListenerMethodAdapter inconsistently publishes events from CompletableFuture [#30584](https://redirect.github.com/spring-projects/spring-framework/issues/30584) - For `@Bean` method that returns `null`, `@Autowired` injects `NullBean` instead of `null` for cached arguments [#30551](https://redirect.github.com/spring-projects/spring-framework/issues/30551) - Make maximum SpEL expression length configurable [#30446](https://redirect.github.com/spring-projects/spring-framework/issues/30446) - Respect TaskDecorator configuration on DefaultManagedTaskExecutor [#30443](https://redirect.github.com/spring-projects/spring-framework/issues/30443) #### :notebook_with_decorative_cover: Documentation - Document which `@Scheduled` attributes support SpEL expressions [#30642](https://redirect.github.com/spring-projects/spring-framework/issues/30642) - FileSystemUtils::deleteRecursively Javadoc refers to File instead of Path [#30555](https://redirect.github.com/spring-projects/spring-framework/issues/30555) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.33 [#30656](https://redirect.github.com/spring-projects/spring-framework/issues/30656) ### [`v5.3.27`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.27) [Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.26...v5.3.27) #### :star: New Features - Limit string concatenation in SpEL expressions [#30331](https://redirect.github.com/spring-projects/spring-framework/issues/30331) - Limit SpEL expression length [#30329](https://redirect.github.com/spring-projects/spring-framework/issues/30329) - Disable variable assignment in SimpleEvaluationContext [#30327](https://redirect.github.com/spring-projects/spring-framework/issues/30327) - Introduce `StringUtils.truncate()` [#30291](https://redirect.github.com/spring-projects/spring-framework/issues/30291) - Introduce `ObjectUtils.nullSafeConciseToString()` [#30287](https://redirect.github.com/spring-projects/spring-framework/issues/30287) - Make `HttpComponentsHeadersAdapter#getFirst` nullable [#30269](https://redirect.github.com/spring-projects/spring-framework/issues/30269) #### :lady_beetle: Bug Fixes - Fix regression in ReactorServerHttpRequest related to IPV6 Zone id with "%" [#30314](https://redirect.github.com/spring-projects/spring-framework/issues/30314) - SSE breaks with indenting serializer in WebMvc.fn [#30302](https://redirect.github.com/spring-projects/spring-framework/issues/30302) - Increase max regex length in SpEL expressions [#30298](https://redirect.github.com/spring-projects/spring-framework/issues/30298) - NullPointerException on timeout in HttpComponentsClientHttpConnector when using Apache HttpComponents [#30246](https://redirect.github.com/spring-projects/spring-framework/issues/30246) - Wrong MockRestRequestMatchers.header() method in spring-test being invoked (JDK issue?) [#30235](https://redirect.github.com/spring-projects/spring-framework/issues/30235) - TypeNotPresentException: org/springframework/cglib/proxy/NoOp not present on Java 17 [#30228](https://redirect.github.com/spring-projects/spring-framework/issues/30228) - Refine generic type management in `AbstractMessageWriterResultHandler` [#30215](https://redirect.github.com/spring-projects/spring-framework/issues/30215) - MvcUriComponentsBuilder.fromMethodCall breaks for controller with CharSequence return type [#30212](https://redirect.github.com/spring-projects/spring-framework/issues/30212) - Handle all exceptions for stored proc output param retrieval in `SharedEntityManagerCreator` [#30164](https://redirect.github.com/spring-projects/spring-framework/issues/30164) #### :notebook_with_decorative_cover: Documentation - Fix `@PathVariable` reference documentation code snippets [#30258](https://redirect.github.com/spring-projects/spring-framework/issues/30258) - Fix example in Javadoc for `@EnableWebSocket` [#30187](https://redirect.github.com/spring-projects/spring-framework/issues/30187) - Fix anchor in link to "Web on Reactive Stack" chapter [#30163](https://redirect.github.com/spring-projects/spring-framework/issues/30163) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.31 [#30315](https://redirect.github.com/spring-projects/spring-framework/issues/30315) ### [`v5.3.26`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.26) [Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.25...v5.3.26) #### :star: New Features - Improve diagnostics in SpEL for `matches` operator [#30145](https://redirect.github.com/spring-projects/spring-framework/issues/30145) - Improve diagnostics in SpEL for repeated text [#30143](https://redirect.github.com/spring-projects/spring-framework/issues/30143) - Increase scope of regex pattern cache for the SpEL `matches` operator [#30141](https://redirect.github.com/spring-projects/spring-framework/issues/30141) - Minor updates in HandlerMappingIntrospector [#30128](https://redirect.github.com/spring-projects/spring-framework/issues/30128) - Allow SnakeYaml 2.0 runtime compatibility [#30097](https://redirect.github.com/spring-projects/spring-framework/issues/30097) - Add missing `@Nullable` annotations to `LogMessage.format` methods [#30009](https://redirect.github.com/spring-projects/spring-framework/issues/30009) - ASM upgrade for JDK 20/21 support [#29966](https://redirect.github.com/spring-projects/spring-framework/issues/29966) - Allow MockRest to match header/queryParam value list with one Matcher [#29964](https://redirect.github.com/spring-projects/spring-framework/issues/29964) - Add `MockMvc.multipart()` Kotlin extensions with `HttpMethod` [#29941](https://redirect.github.com/spring-projects/spring-framework/issues/29941) - Release R2DBC connection when cleanup fails in transaction [#29925](https://redirect.github.com/spring-projects/spring-framework/issues/29925) - org.springframework.web.context.ContextLoader should lazily load ContextLoader.properties [#29909](https://redirect.github.com/spring-projects/spring-framework/issues/29909) - Improve generated default name for `@JmsListener` subscription [#29902](https://redirect.github.com/spring-projects/spring-framework/issues/29902) - Include all Hibernate query methods in `SharedEntityManagerCreator`'s `queryTerminatingMethods` set [#29888](https://redirect.github.com/spring-projects/spring-framework/issues/29888) - SQL supplier in R2DBC `DatabaseClient` is eagerly invoked [#29887](https://redirect.github.com/spring-projects/spring-framework/issues/29887) - Spring Framework 5.3.x is incompatible with Jetty 10 (Client) [#29867](https://redirect.github.com/spring-projects/spring-framework/issues/29867) - Possible infinite forward loop with MockMvcWebConnection [#29866](https://redirect.github.com/spring-projects/spring-framework/issues/29866) - Refine `Jackson2ObjectMapperBuilder#configureFeature` exception handling [#29860](https://redirect.github.com/spring-projects/spring-framework/issues/29860) - Fix R2dbcTransactionManager debug log: don't log a Mono [#29824](https://redirect.github.com/spring-projects/spring-framework/issues/29824) #### :lady_beetle: Bug Fixes - RequestedContentTypeResolver does not ignore quality factor when filtering \*/\* media types [#30121](https://redirect.github.com/spring-projects/spring-framework/issues/30121) - SpEL: cannot call methods declared in `java.lang.Object` on a JDK proxy [#30118](https://redirect.github.com/spring-projects/spring-framework/issues/30118) - CaffeineCacheManager getCache method cause thread block [#30085](https://redirect.github.com/spring-projects/spring-framework/issues/30085) - Protect JMS connection creation against prepareConnection errors [#30051](https://redirect.github.com/spring-projects/spring-framework/issues/30051) - ReactorServerHttpRequest does not reflect forwarded host and port when `forwarding-header-strategy=native` or cloud platform detected [#29974](https://redirect.github.com/spring-projects/spring-framework/issues/29974) - WebSocket stats not updated correctly when sessions cleared [#29947](https://redirect.github.com/spring-projects/spring-framework/issues/29947) - Explicit target ClassLoader for interface-based proxies in MvcUriComponentsBuilder [#29914](https://redirect.github.com/spring-projects/spring-framework/issues/29914) - Closing an ApplicationContext leads to Exception at ExecutorServiceAdapter [#29908](https://redirect.github.com/spring-projects/spring-framework/issues/29908) - Invalid Accept header results in IllegalStateException [#29836](https://redirect.github.com/spring-projects/spring-framework/issues/29836) - JettyWebSocketCreator referenced from a method is not visible from class loader with `Jetty10RequestUpgradeStrategy` [#29256](https://redirect.github.com/spring-projects/spring-framework/issues/29256) #### :notebook_with_decorative_cover: Documentation - Fix minor spacings in webflux docs [#30095](https://redirect.github.com/spring-projects/spring-framework/issues/30095) - `@AspectJ` argument name resolution algorithm is outdated in reference manual [#30057](https://redirect.github.com/spring-projects/spring-framework/issues/30057) - Fix "Configuring a Global Date and Time Format" example [#30036](https://redirect.github.com/spring-projects/spring-framework/issues/30036) - Consistent `@Bean` method return type for equivalence with XML example [#29970](https://redirect.github.com/spring-projects/spring-framework/issues/29970) - Update `@DynamicPropertySource` examples regarding changes in Testcontainers [#29940](https://redirect.github.com/spring-projects/spring-framework/issues/29940) - Clarify semantics of `primitivesDefaultedForNullValue` in `BeanPropertyRowMapper` [#29926](https://redirect.github.com/spring-projects/spring-framework/issues/29926) - Clearly document that `DataClassRowMapper` supports Java records [#29922](https://redirect.github.com/spring-projects/spring-framework/issues/29922) - Outdated Javadoc for AbstractApplicationContext.postProcessBeanFactory [#29916](https://redirect.github.com/spring-projects/spring-framework/issues/29916) #### :hammer: Dependency Upgrades - Upgrade to Reactor Netty 2020.0.30 [#30116](https://redirect.github.com/spring-projects/spring-framework/issues/30116) ### [`v5.3.25`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.25) [Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.24...v5.3.25) #### :star: New Features - JmsTemplate.convertAndSend throws NullPointerException during shutdown [#29719](https://redirect.github.com/spring-projects/spring-framework/issues/29719) - Optimize object creation in RequestMappingHandlerMapping#handleNoMatch [#29667](https://redirect.github.com/spring-projects/spring-framework/issues/29667) - Add title to SockJS iFrames for accessibility compliance [#29596](https://redirect.github.com/spring-projects/spring-framework/issues/29596) #### :lady_beetle: Bug Fixes - ResourceHandlers cannot resolve static resources with certain wildcard patterns [#29716](https://redirect.github.com/spring-projects/spring-framework/issues/29716) - AnnotatedElementUtils.findMergedRepeatableAnnotations does not fetch results when other attributes exist for container annotation [#29686](https://redirect.github.com/spring-projects/spring-framework/issues/29686) - BeanWrapperImpl NPE in setWrappedInstance after invoking getPropertyValue (with SimpleBeanInfoFactory) [#29684](https://redirect.github.com/spring-projects/spring-framework/issues/29684) - SpEL `ConstructorReference` does not generate AST representation of arrays [#29666](https://redirect.github.com/spring-projects/spring-framework/issues/29666) - SpEL: Two double quotes are replaced by one double quote in single quoted `String` literal (and vice versa) [#29653](https://redirect.github.com/spring-projects/spring-framework/issues/29653) - SpEL string literal misses single quotation marks in toStringAST() [#29652](https://redirect.github.com/spring-projects/spring-framework/issues/29652) - 500 error from WebFlux when parsing Content-Type leads to InvalidMediaTypeException [#29637](https://redirect.github.com/spring-projects/spring-framework/issues/29637) - `WebMvcConfigurationSupport` should not catch `Throwable` for `SourceHttpMessageConverter` [#29537](https://redirect.github.com/spring-projects/spring-framework/issues/29537) #### :notebook_with_decorative_cover: Documentation - Update Jakarta Mail info in ref docs [#29708](https://redirect.github.com/spring-projects/spring-framework/issues/29708) - Improve documentation for literals in SpEL expressions [#29701](https://redirect.github.com/spring-projects/spring-framework/issues/29701) - Fix some typos in Kotlin WebClient example code [#29542](https://redirect.github.com/spring-projects/spring-framework/issues/29542) - Fix link to Bean Utils Light Library in BeanUtils Javadoc [#29536](https://redirect.github.com/spring-projects/spring-framework/issues/29536) - Fix link to WebFlux section in reference manual [#29526](https://redirect.github.com/spring-projects/spring-framework/issues/29526) - Link to Spring WebFlux section is broken [#29517](https://redirect.github.com/spring-projects/spring-framework/issues/29517) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.27 [#29798](https://redirect.github.com/spring-projects/spring-framework/issues/29798) ### [`v5.3.24`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.24) [Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.23...v5.3.24) #### :star: New Features - Avoid reflection for annotation method invocations [#29448](https://redirect.github.com/spring-projects/spring-framework/issues/29448) - Avoid unnecessary allocations in StompDecoder#unescape [#29443](https://redirect.github.com/spring-projects/spring-framework/pull/29443) - Avoid String allocations in MediaType.checkParameters [#29428](https://redirect.github.com/spring-projects/spring-framework/pull/29428) - Reduce allocations caused by producible media types [#29412](https://redirect.github.com/spring-projects/spring-framework/pull/29412) - Provide optional SimpleBeanInfoFactory for better introspection performance in 5.3.x [#29330](https://redirect.github.com/spring-projects/spring-framework/issues/29330) - Filter out `null` WebSocket session attributes [#29315](https://redirect.github.com/spring-projects/spring-framework/issues/29315) - Introduce TestSocketUtils as a replacement for SocketUtils [#29132](https://redirect.github.com/spring-projects/spring-framework/pull/29132) - Avoid Commons Logging API for using LoggingCacheErrorHandler with a custom logger [#28678](https://redirect.github.com/spring-projects/spring-framework/pull/28678) #### :lady_beetle: Bug Fixes - Missing SessionFactory property (filter AutoCloseable from PropertyDescriptors) [#29480](https://redirect.github.com/spring-projects/spring-framework/issues/29480) - SpEL ternary and Elvis expressions are missing enclosing parentheses in toStringAST() [#29463](https://redirect.github.com/spring-projects/spring-framework/issues/29463) - If-Unmodified-Since header check removes Last-Modified and Etag headers from response, even if condition passes [#29362](https://redirect.github.com/spring-projects/spring-framework/issues/29362) - Annotation searches fail for non-public repeatable annotations [#29301](https://redirect.github.com/spring-projects/spring-framework/issues/29301) - AbstractBeanFactory's interaction with BeanPostProcessorCacheAwareList is not fully thread-safe [#29299](https://redirect.github.com/spring-projects/spring-framework/issues/29299) - WebTestClient cannot assert custom HTTP status code [#29283](https://redirect.github.com/spring-projects/spring-framework/issues/29283) - Body token not expected error when trying to upload a large multipart file [#29227](https://redirect.github.com/spring-projects/spring-framework/issues/29227) - Avoid resizing of Maps created by CollectionUtils [#29190](https://redirect.github.com/spring-projects/spring-framework/pull/29190) - DefaultWebClient logging sensitive information in URI [#29148](https://redirect.github.com/spring-projects/spring-framework/issues/29148) - Fix SimpleMailMessage nullability annotations [#29139](https://redirect.github.com/spring-projects/spring-framework/pull/29139) - Webflux fails to apply the rule for controller methods returning void to kotlin suspend functions returning Unit [#27629](https://redirect.github.com/spring-projects/spring-framework/issues/27629) - Resource.isFile() return true when the resource path actually not exists [#26707](https://redirect.github.com/spring-projects/spring-framework/issues/26707) - AnnotatedElementUtils does not find merged repeatable annotations on other repeatable annotations [#20279](https://redirect.github.com/spring-projects/spring-framework/issues/20279) #### :notebook_with_decorative_cover: Documentation - Fix two typos in integration.adoc and webflux.adoc [#29469](https://redirect.github.com/spring-projects/spring-framework/pull/29469) - Fix typo: "as describe in" -> "as described in" [#29393](https://redirect.github.com/spring-projects/spring-framework/pull/29393) - Fix typos [#29364](https://redirect.github.com/spring-projects/spring-framework/pull/29364) - Correct documentation for "other return values" from a web controller method [#29349](https://redirect.github.com/spring-projects/spring-framework/issues/29349) - Document how to use WebJars without `webjars-locator-core` dependency [#29322](https://redirect.github.com/spring-projects/spring-framework/issues/29322) - Update RestTemplate Javadoc with regards to setting interceptors on startup vs at runtime [#29311](https://redirect.github.com/spring-projects/spring-framework/issues/29311) - Document how to switch to the default set of TestExecutionListeners [#29281](https://redirect.github.com/spring-projects/spring-framework/issues/29281) - Document limitation of AopTestUtils.getUltimateTargetObject() regarding non-static TargetSource [#29276](https://redirect.github.com/spring-projects/spring-framework/issues/29276) - Fix typo in WebSocket reference doc regarding subscription header [#29228](https://redirect.github.com/spring-projects/spring-framework/pull/29228) - Fix MockMvc sample setup [#29201](https://redirect.github.com/spring-projects/spring-framework/pull/29201) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.25 [#29464](https://redirect.github.com/spring-projects/spring-framework/issues/29464) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@sangmin7648](https://redirect.github.com/sangmin7648) - [@izeye](https://redirect.github.com/izeye) - [@dreis2211](https://redirect.github.com/dreis2211) - [@catmug](https://redirect.github.com/catmug) - [@inabajunmr](https://redirect.github.com/inabajunmr) - [@iamgd67](https://redirect.github.com/iamgd67) - [@davidcostanzo](https://redirect.github.com/davidcostanzo) - [@jprinet](https://redirect.github.com/jprinet) - [@stgerhardt](https://redirect.github.com/stgerhardt) - [@onobc](https://redirect.github.com/onobc) - [@vpavic](https://redirect.github.com/vpavic) ### [`v5.3.23`](https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.23) [Compare Source](https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.22...v5.3.23) #### :star: New Features - Introduce AnnotationUtils.isSynthesizedAnnotation(Annotation) [#29054](https://redirect.github.com/spring-projects/spring-framework/issues/29054) - Introduce createContext() factory method in AbstractGenericWebContextLoader [#28983](https://redirect.github.com/spring-projects/spring-framework/issues/28983) - Support TreeSet collection type in CollectionFactory.createCollection() without using reflection [#28949](https://redirect.github.com/spring-projects/spring-framework/pull/28949) - Document when RequestEntity.getUrl() throws an UnsupportedOperationException [#28930](https://redirect.github.com/spring-projects/spring-framework/issues/28930) - Deprecate NestedIOException [#28929](https://redirect.github.com/spring-projects/spring-framework/issues/28929) - Make isConnected() in WebSocketConnectionManager public [#28785](https://redirect.github.com/spring-projects/spring-framework/pull/28785) - Expose headers from STOMP RECEIPT frame to registered callbacks [#28715](https://redirect.github.com/spring-projects/spring-framework/pull/28715) - Make WebClientException serializable [#28321](https://redirect.github.com/spring-projects/spring-framework/issues/28321) #### :lady_beetle: Bug Fixes - Ordering inconsistency with beans defined in parent context [#29105](https://redirect.github.com/spring-projects/spring-framework/issues/29105) - RelativeRedirectResponseWrapper does not commit response in sendRedirect [#29050](https://redirect.github.com/spring-projects/spring-framework/pull/29050) - MockServerContainerContextCustomizerFactory does not support `@Nested` tests [#29037](https://redirect.github.com/spring-projects/spring-framework/issues/29037) - Request to improve KotlinSerializationJsonHttpMessageConverter logic in RestTemplate [#29008](https://redirect.github.com/spring-projects/spring-framework/issues/29008) - WebFlux: multipart requests hang sometimes [#28963](https://redirect.github.com/spring-projects/spring-framework/issues/28963) - DataBufferUtils.write(Publisher, Path) loses context [#28933](https://redirect.github.com/spring-projects/spring-framework/issues/28933) - connectionTimeOut and readTimeout not working on UrlResource [#28909](https://redirect.github.com/spring-projects/spring-framework/issues/28909) - SockJsServiceRegistration#setSupressCors has a typo and should be deprecated [#28853](https://redirect.github.com/spring-projects/spring-framework/pull/28853) - RenderingResponse does not set status code on redirect views [#28839](https://redirect.github.com/spring-projects/spring-framework/issues/28839) - Avoid IllegalArgumentException when setting WebSocket error status [#28836](https://redirect.github.com/spring-projects/spring-framework/pull/28836) - Loss of context path after using ServerRequest.from [#28820](https://redirect.github.com/spring-projects/spring-framework/issues/28820) - ResponseCookie does not declare nullability annotations consistently for domain and path [#28780](https://redirect.github.com/spring-projects/spring-framework/pull/28780) #### :notebook_with_decorative_cover: Documentation - Fix typo in data-access section [#29048](https://redirect.github.com/spring-projects/spring-framework/pull/29048) - Correct description of `@RequestParam` with WebFlux [#28944](https://redirect.github.com/spring-projects/spring-framework/pull/28944) - Fix broken kdoc-api links in kotlin.adoc [#28908](https://redirect.github.com/spring-projects/spring-framework/pull/28908) - Fix typos in Javadoc of class AbstractEncoder [#28885](https://redirect.github.com/spring-projects/spring-framework/pull/28885) - Fix links in Javadoc and reference docs [#28876](https://redirect.github.com/spring-projects/spring-framework/pull/28876) - Add missing closing parenthesis in reference doc [#28867](https://redirect.github.com/spring-projects/spring-framework/pull/28867) - Fix typos in Javadoc, reference docs, and code [#28822](https://redirect.github.com/spring-projects/spring-framework/pull/28822) - Replace use of the `` HTML tag in Javadoc [#28819](https://redirect.github.com/spring-projects/spring-framework/pull/28819) - Fix broken link in rsocket documentation [#28817](https://redirect.github.com/spring-projects/spring-framework/pull/28817) - Clarify docs on JNDI properties in Servlet environment [#28488](https://redirect.github.com/spring-projects/spring-framework/pull/28488) - Improve documentation of Caching annotations [#28183](https://redirect.github.com/spring-projects/spring-framework/pull/28183) #### :hammer: Dependency Upgrades - Upgrade to Reactor 2020.0.23 [#29129](https://redirect.github.com/spring-projects/spring-framework/issues/29129) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@boahc077](https://redirect.github.com/boahc077) - [@1993heqiang](https://redirect.github.com/1993heqiang) - [@luvarqpp](https://redirect.github.com/luvarqpp) - [@arend-von-reinersdorff](https://redirect.github.com/arend-von-reinersdorff) - [@jensdietrich](https://redirect.github.com/jensdietrich) - [@wilkinsona](https://redirect.github.com/wilkinsona) - [@npriebe](https://redirect.github.com/npriebe) - [@vpavic](https://redirect.github.com/vpavic) - [@jupiterhub](https://redirect.github.com/jupiterhub) - [@izeye](https://redirect.github.com/izeye) - [@napstr](https://redirect.github.com/napstr) - [@marcwrobel](https://redirect.github.com/marcwrobel) - [@arvyy](https://redirect.github.com/arvyy) - [@jbotuck](https://redirect.github.com/jbotuck) - [@chanhyeong](https://redirect.github.com/chanhyeong) - [@yuezk](https://redirect.github.com/yuezk) - [@edfeff](https://redirect.github.com/edfeff) - [@adrianbob](https://redirect.github.com/adrianbob) - [@FlorianKirmaier](https://redirect.Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.