Update Spring All

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework.security:spring-security-crypto (source)	5.8.10 -> 5.8.14
org.springframework.security:spring-security-rsa (source)	1.1.1 -> 1.1.5
org.springframework:spring-webmvc	5.3.28 -> 5.3.39
org.springframework:spring-web	5.3.28 -> 5.3.39
org.springframework:spring-tx	5.3.28 -> 5.3.39
org.springframework:spring-orm	5.3.28 -> 5.3.39
org.springframework:spring-jdbc	5.3.28 -> 5.3.39
org.springframework:spring-jcl	5.3.28 -> 5.3.39
org.springframework:spring-expression	5.3.28 -> 5.3.39
org.springframework:spring-core	5.3.28 -> 5.3.39
org.springframework:spring-context-support	5.3.28 -> 5.3.39
org.springframework:spring-context	5.3.28 -> 5.3.39
org.springframework:spring-beans	5.3.28 -> 5.3.39
org.springframework:spring-aspects	5.3.28 -> 5.3.39
org.springframework:spring-aop	5.3.28 -> 5.3.39
org.springframework.security:spring-security-crypto (source)	5.7.10 -> 5.8.14
org.springframework.boot	2.5.15 -> 2.7.18
io.spring.dependency-management	1.0.12.RELEASE -> 1.1.6

---

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-crypto)

v5.8.14

Compare Source

⭐ New Features

• Document the role of CredentialsContainer #​15319

🪲 Bug Fixes

• Clarify url Parameter Usage in AD Provider Constructor #​15409
• Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' #​15363

🔨 Dependency Upgrades

• Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 #​15375
• Bump io.projectreactor.netty:reactor-netty from 1.0.46 to 1.0.47 #​15391
• Bump io.projectreactor.netty:reactor-netty from 1.0.47 to 1.0.48 #​15606
• Bump io.projectreactor:reactor-bom from 2020.0.45 to 2020.0.46 #​15390
• Bump io.projectreactor:reactor-bom from 2020.0.46 to 2020.0.47 #​15604
• Bump org-eclipse-jetty from 9.4.54.v20240208 to 9.4.55.v20240627 #​15360
• Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.2 #​15291
• Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 #​15335
• Bump org.springframework:spring-framework-bom from 5.3.37 to 5.3.39 #​15615

🔩 Build Updates

• Automate check of expected branch version #​15226
• Bump @antora/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs #​15447
• Bump @antora/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs #​15484
• Bump @antora/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs #​15558
• Bump @antora/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs #​15633
• Bump @springio/antora-extensions from 1.11.1 to 1.12.0 in /docs #​15417
• Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs #​15523
• Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs #​15559
• Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs #​15632
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs #​15416
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs #​15524
• Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs #​15330
• Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs #​15481
• Bump com.gradle.develocity from 3.17.5 to 3.17.6 #​15463

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​Haarolean
• @​dependabot[bot]

v5.8.13

Compare Source

⭐ New Features

• doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #​14779
• Enhance Logging in RequestMatcherDelegatingAuthorizationManage #​14837
• Improve PasswordEncoder Error Messaging #​14951
• InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #​14880
• Mention all required dependencies in LDAP documentation #​15235
• Remove useBase64 parameter #​14862

🪲 Bug Fixes

• AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #​13849
• Always Use Request-Level ServletContext to Evaluate Request Matcher Paths #​15195
• Assert WebSession is not null #​14977
• Conditionally Add Conventions Plugin #​15152
• DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext #​14418
• Fix Java example in multitenanci.adoc #​15146
• LDIF file on official documentation breaks the startup process #​15089
• Link to article with remember-me-persistent-token strategy is broken #​14358
• ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #​14931
• Resolving invalid CSRF token values is not consistent #​15184
• Restore Build Scan Capability #​15120
• Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #​14855

🔨 Dependency Upgrades

• Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 #​15074
• Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 #​15231
• Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE #​14923
• Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 #​15073
• Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 #​15230
• Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #​15191
• Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 #​15085
• Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 #​15135
• Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 #​15253
• Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 #​14938

🔩 Build Updates

• Attach Antora Docs to Pull Requests #​14992
• Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #​15160
• Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #​15140
• Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #​15001
• Bump com.gradle.develocity from 3.17.2 to 3.17.4 #​15099
• Bump com.gradle.develocity from 3.17.4 to 3.17.5 #​15240
• Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #​14959
• Consider Adding a Build Updates section to the release changelog #​14485
• Migrate to com.gradle.develocity plugin #​15021
• Update Gradle Enterprise plugin to 3.17.2 #​15020

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​caio-henrique
• @​jzheaux
• @​dukbong
• @​Harsh4902
• @​abimael-turing
• @​dependabot[bot]
• @​sheriumair
• @​paschm

v5.8.12

Compare Source

🪲 Bug Fixes

• Conditional check for data-source-ref is incorrect #​14742

🔨 Dependency Upgrades

• Bump io.projectreactor.netty:reactor-netty from 1.0.43 to 1.0.44 #​14878
• Bump io.projectreactor:reactor-bom from 2020.0.42 to 2020.0.43 #​14877
• Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 #​14822
• Bump org.springframework:spring-framework-bom from 5.3.33 to 5.3.34 #​14891

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​dependabot[bot]
• @​sheriumair

v5.8.11

Compare Source

🪲 Bug Fixes

• Allow tab in HTTP header values. #​14590
• Check for null Authentication #​14664
• PostAuthorize Method Interceptors Should Use Order from AuthorizationInterceptorsOrder #​14720
• Remove duplicate setSecurityContextHolderStrategy #​14603
• Spring security's ServerLogoutHandler order problem. #​14379

🔨 Dependency Upgrades

• Bump io.projectreactor.netty:reactor-netty from 1.0.41 to 1.0.43 #​14730
• Bump io.projectreactor:reactor-bom from 2020.0.41 to 2020.0.42 #​14729
• Bump org.springframework:spring-framework-bom from 5.3.32 to 5.3.33 #​14759

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​chbecker2
• @​kse-music
• @​dependabot[bot]

spring-projects/spring-framework (org.springframework:spring-webmvc)

v5.3.39

v5.3.38

v5.3.37

⭐ New Features

• AnnotationUtils performance degrades with deep stacks #​32923

🐞 Bug Fixes

• AspectJ CTW aspects executed twice #​32974
• SpEL compilation fails when indexing into a Map with a primitive #​32911
• SpEL compilation fails when indexing into an array or list with an Integer #​32909
• Application not starting with @EnableTransactionManagement(mode = AdviceMode.ASPECTJ) #​32885

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.45 #​33010

v5.3.36

🐞 Bug Fixes

• Overridden aspect method runs twice #​32868
• @DateTimeFormat(iso = DateTimeFormat.ISO.DATE\_TIME) cannot convert UTC without milliseconds to java.util.Date #​32860
• Spring AOP fails against registered @Configurable aspect #​32840

v5.3.35

⭐ New Features

• Accept ajc-compiled @Aspect classes for Spring AOP proxy usage #​32818

🐞 Bug Fixes

• DeferredQueryInvocationHandler fails to unwrap QuerySqmImpl class outside of transaction #​32770
• MergedAnnotations search does not find container for repeatable annotation #​32751
• AnnotationConfigWebApplicationContext should propagate ApplicationStartup to BeanFactory #​32749
• Ignore non-String keys in PropertiesPropertySource.getPropertyNames() #​32744
• "multiple subscribers not supported" when using WebClient exchange #​32728
• Deadlock/Stall in ConcurrentWebSocketSessionDecorator with Undertow 2.3.10 #​32698

📔 Documentation

• Correct documentation on streaming with MockMvcWebTestClient #​32723
• Update links to HttpOnly documentation at OWASP in ResponseCookie #​32668

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.44 #​32788

v5.3.34

v5.3.33

⭐ New Features

• Extract reusable method for URI validations #​32442
• Allow UriTemplate to be built with an empty template #​32438
• Refine *HttpMessageConverter#getContentLength return value null safety #​32332

🐞 Bug Fixes

• AopUtils.getMostSpecificMethod does not return original method for proxy-derived method anymore #​32369
• Better protect against concurrent error handling for async requests #​32342
• Restore Jetty 10 compatibility in JettyClientHttpResponse #​32337
• ContentCachingResponseWrapper no longer honors Content-Type and Content-Length #​32322

📔 Documentation

• Build KDoc against 5.3.x Spring Framework Javadoc #​32414

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.42 #​32422

v5.3.32

⭐ New Features

• Add CORS support for Private Network Access #​31974
• Avoid early getMostSpecificMethod resolution in CommonAnnotationBeanPostProcessor #​31969

🐞 Bug Fixes

• Consistent parsing of user information in UriComponentsBuilder #​32247
• QualifierAnnotationAutowireCandidateResolver.checkQualifier does identity checks when comparing arrays used as qualifier fields #​32108
• Guard against multiple body subscriptions in Jetty and JDK reactive responses #​32101
• Static resources caching issues with ShallowEtagHeaderFilter and Jetty caching directives #​32051
• ChannelSendOperator.WriteBarrier race condition in request(long) method leads to response being dropped #​32021
• Spring AOP does not propagate arguments for dynamic prototype-scoped advice #​31964
• MergedAnnotation swallows IllegalAccessException for attribute method #​31961
• CronTrigger hard-codes default ZoneId instead of participating in scheduler-wide Clock setup #​31950
• MergedAnnotations finds duplicate annotations on method in multi-level interface hierarchy #​31825
• PathEditor cannot handle absolute Windows paths with forward slashes #​31728
• Include Hibernate's Query.scroll() in SharedEntityManagerCreator's queryTerminatingMethods set #​31684
• TypeDescriptor does not check generics in equals method (for ConversionService caching) #​31674
• Slow SpEL performance due to method sorting in ReflectiveMethodResolver #​31665
• Jackson encoder releases resources in wrong order #​31657
• WebSocketMessageBrokerStats has null stats for stompSubProtocolHandler since 5.3.2 #​31642

📔 Documentation

• Document cron-vs-quartz parsing convention for dayOfWeek part in CronExpression #​32131

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.41 #​32276

v5.3.31

⭐ New Features

• Log4jLog needs to re-resolve ExtendedLogger on deserialization (for compatibility with Log4J 2.21) #​31583

🐞 Bug Fixes

• MessageBuilder#createMessage should not define the payload as @Nullable #​31611
• Avoid duplicate JAR resources in PathMatchingResourcePatternResolver on MS Windows #​31603
• Spring web integration commons fileupload receives files and other parameter uploads, with a null pointer #​31564
• Function column out doesn't resolve to SqlOutParameter #​31560
• Resolve to empty MultiValueMap when no matrix variables are provided #​31484
• BeanUtils.copyProperties() consumes large amount of memory #​31481
• CGLIB BeanCopier falls back to ClassLoader.defineClass for public target #​31436
• R2DBC Connection is closed during transaction when using TransactionAwareConnectionFactoryProxy #​31411
• HibernateJpaDialect and HibernateExceptionTranslator throw SQLExceptionTranslator-provided exception instead of returning it #​31410
• NamedParameterJdbcTemplate throws unexpected exception for null query #​31394
• LazyResolutionMessage does not implement proper toString #​31385
• Illegal reflective access in ContextOverridingClassLoader.isEligibleForOverriding #​31233

📔 Documentation

• Clarify documentation for @Transactional on interfaces #​31401
• Default behavior of BeanPropertyRowMapper.getColumnValue(ResultSet, int, Class) inconsistent with code #​31349
• Referencing a @Bean method in a @Configuration class' @PostConstruct method leads to circular reference #​31339
• Incorrect reference information about CGLIB supported method visibility #​31311

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.38 #​31584

v5.3.30

⭐ New Features

• Optimize ClassUtils#getMostSpecificMethod #​31100
• Optimize whitespace checks in StringUtils #​31069
• Align validation metadata handling in PayloadMethodArgumentResolver #​31056
• Register an override for an existing adapter in ReactiveAdapterRegistry #​31048
• Make bean initialization deterministic for multiple @Autowired methods on same bean class #​30994
• Performance bottlenecks while creating scoped bean instances #​30892

🐞 Bug Fixes

• Possible classloader leak through incomplete clearing of annotation caches #​31176
• Spring LogFactory implementation deviates from original Apache LogFactory in terms of abstract method declarations #​31167
• Bean injection fails due to nullSafeConciseToString() invoking isEmpty() on a Map/Collection proxy #​31156
• SpelExpressionParser throws IllegalStateException instead of ParseException for invalid expression #​31099
• @DynamicPropertySource in @Nested test class cannot override dynamic properties from enclosing class #​31085
• TransactionalApplicationListenerMethodAdapter should find @TransactionalEventListener on target class method #​31037
• ScheduledAnnotationBeanPostProcessor: graceful shutdown should not interrupt currently running jobs #​31020
• Permgen memory leak due to ClassInfo caching in java.beans.Introspector on JDK 11/17 #​31005
• MethodIntrospector.selectMethods(?) fails to find methods in case of special bridge method arrangement #​30907

📔 Documentation

• Fix documentation: Passing in Lists of Values for IN Clause does not work with JdbcTemplate #​31229
• Refine CORS documentation for wildcard processing #​31168
• Propagation REQUIRES_NEW may cause connection pool deadlock #​31040
• Clarify R2DBC ConnectionAccessor and DatabasePopulator exception declarations #​30933
• Doc: Avoid deadlock in @PostConstruct through SmartInitializingSingleton or ContextRefreshedEvent #​30889

v5.3.29

⭐ New Features

• Avoid illegal reflective access in ContextOverridingClassLoader.isEligibleForOverriding #​30868
• Improve diagnostics for CGLIB ClassLoader issues with shared classes in parent ClassLoader #​30866
• JdbcTemplate does not call handleWarnings in case of exception #​30852
• Tolerate AnnotationUtils.isCandidateClass call with null as annotation type #​30843
• Simplify DefaultSingletonBeanRegistry.isDependent() #​30841
• Provide explicit support for collections, maps, and arrays in ObjectUtils.nullSafeConciseToString() #​30811
• Extend list of supported types in ObjectUtils.nullSafeConciseToString() #​30806
• Align ConcurrentMapCacheManager locking behavior with CaffeineCacheManager #​30781
• ResolvableType.hasUnresolvableGenerics() should cache its result #​30715
• Ensure Spring LogFactory contains all public methods from Apache LogFactory #​30711
• Translate SQL Exception with State S0001 and Vendor Code 2628 to a Spring Exception in MSSQL 2019 #​30682

🐞 Bug Fixes

• For a prototype bean, if first-time rejected value is null, subsequent value will wrongly be null always #​30809
• Revert changes to toString() in FieldError #​30800
• Fix log level on error with @TransactionalEventListener #​30784
• SerializableTypeWrapper does not consistently catch InvocationTargetException #​30767
• NPE in MvcUriComponentsBuilder with no-arg target method on interface #​30757
• Jackson2ObjectMapperBuilder breaks when modules customizer follows modulesToInstall #​30752
• Spring ORM SpringBeanContainer when trying to create a bean fails with not found bean definition, and fallbacks to default hibernate bean creation #​30685

📔 Documentation

• ResultSet holdability into the View layer broken by Hibernate 5 #​30863
• Clarify ReactiveTransactionManager exception declarations #​30819
• Doc: JdbcTransactionManager vs DataSourceTransactionManager #​30814

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.34 #​30873

---

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.