Update Spring All

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework:spring-messaging	5.3.27 -> 5.3.36
org.springframework:spring-jms	5.3.27 -> 5.3.36
org.springframework:spring-webmvc	5.3.27 -> 5.3.36
org.springframework:spring-web	5.3.27 -> 5.3.36
org.springframework:spring-tx	5.3.27 -> 5.3.36
org.springframework:spring-orm	5.3.27 -> 5.3.36
org.springframework:spring-jdbc	5.3.27 -> 5.3.36
org.springframework:spring-jcl	5.3.27 -> 5.3.36
org.springframework:spring-expression	5.3.27 -> 5.3.36
org.springframework:spring-core	5.3.27 -> 5.3.36
org.springframework:spring-context-support	5.3.27 -> 5.3.36
org.springframework:spring-context	5.3.27 -> 5.3.36
org.springframework:spring-beans	5.3.27 -> 5.3.36
org.springframework:spring-aspects	5.3.27 -> 5.3.36
org.springframework:spring-aop	5.3.27 -> 5.3.36
org.springframework.cloud:spring-cloud-dependencies (source)	2021.0.1 -> 2021.0.9
org.springframework.retry:spring-retry (source)	2.0.3 -> 2.0.6
org.springframework.security:spring-security-oauth2-core (source)	5.7.10 -> 5.8.12
org.springframework.security:spring-security-core (source)	5.7.10 -> 5.8.12
org.springframework.security:spring-security-config (source)	5.7.10 -> 5.8.12
org.springframework.security:spring-security-web (source)	5.7.10 -> 5.8.12
org.springframework.security:spring-security-crypto (source)	5.7.10 -> 5.8.12
org.springframework.security:spring-security-oauth2-resource-server (source)	5.7.10 -> 5.8.12
io.spring.dependency-management	1.0.12.RELEASE -> 1.1.5

---

Release Notes

spring-projects/spring-framework (org.springframework:spring-messaging)

v5.3.36

🐞 Bug Fixes

• Overridden aspect method runs twice #​32868
• @DateTimeFormat(iso = DateTimeFormat.ISO.DATE\_TIME) cannot convert UTC without milliseconds to java.util.Date #​32860
• Spring AOP fails against registered @Configurable aspect #​32840

v5.3.35

⭐ New Features

• Accept ajc-compiled @Aspect classes for Spring AOP proxy usage #​32818

🐞 Bug Fixes

• DeferredQueryInvocationHandler fails to unwrap QuerySqmImpl class outside of transaction #​32770
• MergedAnnotations search does not find container for repeatable annotation #​32751
• AnnotationConfigWebApplicationContext should propagate ApplicationStartup to BeanFactory #​32749
• Ignore non-String keys in PropertiesPropertySource.getPropertyNames() #​32744
• "multiple subscribers not supported" when using WebClient exchange #​32728
• Deadlock/Stall in ConcurrentWebSocketSessionDecorator with Undertow 2.3.10 #​32698

📔 Documentation

• Correct documentation on streaming with MockMvcWebTestClient #​32723
• Update links to HttpOnly documentation at OWASP in ResponseCookie #​32668

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.44 #​32788

v5.3.34

v5.3.33

⭐ New Features

• Extract reusable method for URI validations #​32442
• Allow UriTemplate to be built with an empty template #​32438
• Refine *HttpMessageConverter#getContentLength return value null safety #​32332

🐞 Bug Fixes

• AopUtils.getMostSpecificMethod does not return original method for proxy-derived method anymore #​32369
• Better protect against concurrent error handling for async requests #​32342
• Restore Jetty 10 compatibility in JettyClientHttpResponse #​32337
• ContentCachingResponseWrapper no longer honors Content-Type and Content-Length #​32322

📔 Documentation

• Build KDoc against 5.3.x Spring Framework Javadoc #​32414

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.42 #​32422

v5.3.32

⭐ New Features

• Add CORS support for Private Network Access #​31974
• Avoid early getMostSpecificMethod resolution in CommonAnnotationBeanPostProcessor #​31969

🐞 Bug Fixes

• Consistent parsing of user information in UriComponentsBuilder #​32247
• QualifierAnnotationAutowireCandidateResolver.checkQualifier does identity checks when comparing arrays used as qualifier fields #​32108
• Guard against multiple body subscriptions in Jetty and JDK reactive responses #​32101
• Static resources caching issues with ShallowEtagHeaderFilter and Jetty caching directives #​32051
• ChannelSendOperator.WriteBarrier race condition in request(long) method leads to response being dropped #​32021
• Spring AOP does not propagate arguments for dynamic prototype-scoped advice #​31964
• MergedAnnotation swallows IllegalAccessException for attribute method #​31961
• CronTrigger hard-codes default ZoneId instead of participating in scheduler-wide Clock setup #​31950
• MergedAnnotations finds duplicate annotations on method in multi-level interface hierarchy #​31825
• PathEditor cannot handle absolute Windows paths with forward slashes #​31728
• Include Hibernate's Query.scroll() in SharedEntityManagerCreator's queryTerminatingMethods set #​31684
• TypeDescriptor does not check generics in equals method (for ConversionService caching) #​31674
• Slow SpEL performance due to method sorting in ReflectiveMethodResolver #​31665
• Jackson encoder releases resources in wrong order #​31657
• WebSocketMessageBrokerStats has null stats for stompSubProtocolHandler since 5.3.2 #​31642

📔 Documentation

• Document cron-vs-quartz parsing convention for dayOfWeek part in CronExpression #​32131

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.41 #​32276

v5.3.31

⭐ New Features

• Log4jLog needs to re-resolve ExtendedLogger on deserialization (for compatibility with Log4J 2.21) #​31583

🐞 Bug Fixes

• MessageBuilder#createMessage should not define the payload as @Nullable #​31611
• Avoid duplicate JAR resources in PathMatchingResourcePatternResolver on MS Windows #​31603
• Spring web integration commons fileupload receives files and other parameter uploads, with a null pointer #​31564
• Function column out doesn't resolve to SqlOutParameter #​31560
• Resolve to empty MultiValueMap when no matrix variables are provided #​31484
• BeanUtils.copyProperties() consumes large amount of memory #​31481
• CGLIB BeanCopier falls back to ClassLoader.defineClass for public target #​31436
• R2DBC Connection is closed during transaction when using TransactionAwareConnectionFactoryProxy #​31411
• HibernateJpaDialect and HibernateExceptionTranslator throw SQLExceptionTranslator-provided exception instead of returning it #​31410
• NamedParameterJdbcTemplate throws unexpected exception for null query #​31394
• LazyResolutionMessage does not implement proper toString #​31385
• Illegal reflective access in ContextOverridingClassLoader.isEligibleForOverriding #​31233

📔 Documentation

• Clarify documentation for @Transactional on interfaces #​31401
• Default behavior of BeanPropertyRowMapper.getColumnValue(ResultSet, int, Class) inconsistent with code #​31349
• Referencing a @Bean method in a @Configuration class' @PostConstruct method leads to circular reference #​31339
• Incorrect reference information about CGLIB supported method visibility #​31311

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.38 #​31584

v5.3.30

⭐ New Features

• Optimize ClassUtils#getMostSpecificMethod #​31100
• Optimize whitespace checks in StringUtils #​31069
• Align validation metadata handling in PayloadMethodArgumentResolver #​31056
• Register an override for an existing adapter in ReactiveAdapterRegistry #​31048
• Make bean initialization deterministic for multiple @Autowired methods on same bean class #​30994
• Performance bottlenecks while creating scoped bean instances #​30892

🐞 Bug Fixes

• Possible classloader leak through incomplete clearing of annotation caches #​31176
• Spring LogFactory implementation deviates from original Apache LogFactory in terms of abstract method declarations #​31167
• Bean injection fails due to nullSafeConciseToString() invoking isEmpty() on a Map/Collection proxy #​31156
• SpelExpressionParser throws IllegalStateException instead of ParseException for invalid expression #​31099
• @DynamicPropertySource in @Nested test class cannot override dynamic properties from enclosing class #​31085
• TransactionalApplicationListenerMethodAdapter should find @TransactionalEventListener on target class method #​31037
• ScheduledAnnotationBeanPostProcessor: graceful shutdown should not interrupt currently running jobs #​31020
• Permgen memory leak due to ClassInfo caching in java.beans.Introspector on JDK 11/17 #​31005
• MethodIntrospector.selectMethods(?) fails to find methods in case of special bridge method arrangement #​30907

📔 Documentation

• Fix documentation: Passing in Lists of Values for IN Clause does not work with JdbcTemplate #​31229
• Refine CORS documentation for wildcard processing #​31168
• Propagation REQUIRES_NEW may cause connection pool deadlock #​31040
• Clarify R2DBC ConnectionAccessor and DatabasePopulator exception declarations #​30933
• Doc: Avoid deadlock in @PostConstruct through SmartInitializingSingleton or ContextRefreshedEvent #​30889

v5.3.29

⭐ New Features

• Avoid illegal reflective access in ContextOverridingClassLoader.isEligibleForOverriding #​30868
• Improve diagnostics for CGLIB ClassLoader issues with shared classes in parent ClassLoader #​30866
• JdbcTemplate does not call handleWarnings in case of exception #​30852
• Tolerate AnnotationUtils.isCandidateClass call with null as annotation type #​30843
• Simplify DefaultSingletonBeanRegistry.isDependent() #​30841
• Provide explicit support for collections, maps, and arrays in ObjectUtils.nullSafeConciseToString() #​30811
• Extend list of supported types in ObjectUtils.nullSafeConciseToString() #​30806
• Align ConcurrentMapCacheManager locking behavior with CaffeineCacheManager #​30781
• ResolvableType.hasUnresolvableGenerics() should cache its result #​30715
• Ensure Spring LogFactory contains all public methods from Apache LogFactory #​30711
• Translate SQL Exception with State S0001 and Vendor Code 2628 to a Spring Exception in MSSQL 2019 #​30682

🐞 Bug Fixes

• For a prototype bean, if first-time rejected value is null, subsequent value will wrongly be null always #​30809
• Revert changes to toString() in FieldError #​30800
• Fix log level on error with @TransactionalEventListener #​30784
• SerializableTypeWrapper does not consistently catch InvocationTargetException #​30767
• NPE in MvcUriComponentsBuilder with no-arg target method on interface #​30757
• Jackson2ObjectMapperBuilder breaks when modules customizer follows modulesToInstall #​30752
• Spring ORM SpringBeanContainer when trying to create a bean fails with not found bean definition, and fallbacks to default hibernate bean creation #​30685

📔 Documentation

• ResultSet holdability into the View layer broken by Hibernate 5 #​30863
• Clarify ReactiveTransactionManager exception declarations #​30819
• Doc: JdbcTransactionManager vs DataSourceTransactionManager #​30814

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.34 #​30873

v5.3.28

⭐ New Features

• ClassLoader can be null in DeserializingConverter and should be annotated with @Nullable #​30672
• Performance optimization in AbstractBeanFactoryBasedTargetSource.hashCode() #​30585
• Consistent support for MultiValueMap and common Map implementations in CollectionFactory #​30441
• Reject null and empty SpEL expressions #​30373
• Introduce Environment.matchesProfiles() for profile expressions #​30226

🐞 Bug Fixes

• Change of behaviour for UUID in bean validation output in v5.3.27 #​30662
• Spring Framework 5.3.27 appears to cause issues in OSGi environment #​30637
• Inconsistent ProxyCallbackFilter#equals/hashCode methods in CglibAopProxy #​30616
• EclipseLinkJpaDialect: Unexpected default isolation levels #​30589
• ThreadLocalTargetSource does not include actual target bean name in NamedThreadLocal #​30586
• ApplicationListenerMethodAdapter inconsistently publishes events from CompletableFuture #​30584
• For @Bean method that returns null, @Autowired injects NullBean instead of null for cached arguments #​30551
• Make maximum SpEL expression length configurable #​30446
• Respect TaskDecorator configuration on DefaultManagedTaskExecutor #​30443

📔 Documentation

• Document which @Scheduled attributes support SpEL expressions #​30642
• FileSystemUtils::deleteRecursively Javadoc refers to File instead of Path #​30555

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.33 #​30656

spring-cloud/spring-cloud-release (org.springframework.cloud:spring-cloud-dependencies)

v2021.0.9

Compare Source

v2021.0.8: 2021.0.8

Compare Source

⭐ Releases

• spring-cloud-build 3.1.8
• spring-cloud-bus 3.1.2
• spring-cloud-circuitbreaker 2.1.7
• spring-cloud-cli 3.1.1
• spring-cloud-cloudfoundry 3.1.3
• spring-cloud-commons 3.1.7
• spring-cloud-config 3.1.8
• spring-cloud-consul 3.1.4
• spring-cloud-contract 3.1.8
• spring-cloud-function 3.2.11
• spring-cloud-gateway 3.1.8
• spring-cloud-kubernetes 2.1.8
• spring-cloud-netflix 3.1.7
• spring-cloud-openfeign 3.1.8
• spring-cloud-sleuth 3.1.9
• spring-cloud-stream 3.2.9
• spring-cloud-task 2.4.6
• spring-cloud-vault 3.1.3
• spring-cloud-zookeeper 3.1.4

v2021.0.7

Compare Source

v2021.0.6

Compare Source

v2021.0.5

Compare Source

v2021.0.4

Compare Source

v2021.0.3

Compare Source

v2021.0.2

Compare Source

spring-projects/spring-retry (org.springframework.retry:spring-retry)

v2.0.6

⭐ New Features

• No distinction in the logs between different retried methods #​422
• Rework Exception-wrapping #​82

🐞 Bug Fixes

• @Retryable annotation retrying with ExponentialBackOff instead of ExponentialRandomBackOff when randomExpression provided #​427
• fix: Null pointer error may occur #​421

📔 Documentation

• Wrong method recommended for build.gradle? #​423
• put GAV in docs #​418
• Improve Javadoc for setThrowLastExceptionOnExhausted of RetryTemplate #​137

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.0.20 #​435

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​aozeyu

v2.0.5

⭐ New Features

• Expose the number of max attempts to the retry context for all policies #​395
• classifiable's self class checked twice #​212
• Provide The Ability to Exclude Global RetryListeners #​211

🐞 Bug Fixes

• Unexpected exception type thrown instead of actual CHECKED exception when noRetryFor is used #​405
• NPE in CircuitBreaker, wrong null check #​403
• Retryable with exponential backoff not working with delayExpression #​397
• Restore the interrupted thread status in the provided backoff policies #​386

📔 Documentation

• Unable to define recover method where the method is returning a generic List #​402
• Fix incorrect return type of RetryListener's open method in README.md #​401
• ExponentialRandomBackOffPolicy not always random #​391

🔨 Dependency Upgrades

• Upgrade to AspectJ 1.9.20.1 #​406
• Upgrade to Spring Framework 6.0.15 #​408

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​hoonti06

v2.0.4

🐞 Bug Fixes

• maxAttemptsExpression is not evaluated when an exceptionExpression is set #​383

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.0.13 #​385

spring-projects/spring-security (org.springframework.security:spring-security-oauth2-core)

v5.8.12

Compare Source

🪲 Bug Fixes

• Conditional check for data-source-ref is incorrect #​14742

🔨 Dependency Upgrades

• Bump io.projectreactor.netty:reactor-netty from 1.0.43 to 1.0.44 #​14878
• Bump io.projectreactor:reactor-bom from 2020.0.42 to 2020.0.43 #​14877
• Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 #​14822
• Bump org.springframework:spring-framework-bom from 5.3.33 to 5.3.34 #​14891

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​dependabot[bot]
• @​sheriumair

v5.8.11

Compare Source

🪲 Bug Fixes

• Allow tab in HTTP header values. #​14590
• Check for null Authentication #​14664
• PostAuthorize Method Interceptors Should Use Order from AuthorizationInterceptorsOrder #​14720
• Remove duplicate setSecurityContextHolderStrategy #​14603
• Spring security's ServerLogoutHandler order problem. #​14379

🔨 Dependency Upgrades

• Bump io.projectreactor.netty:reactor-netty from 1.0.41 to 1.0.43 #​14730
• Bump io.projectreactor:reactor-bom from 2020.0.41 to 2020.0.42 #​14729
• Bump org.springframework:spring-framework-bom from 5.3.32 to 5.3.33 #​14759

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​chbecker2
• @​kse-music
• @​dependabot[bot]

v5.8.10

Compare Source

⭐ New Features

• Updated broken documentation link in javadocs #​14329

🪲 Bug Fixes

• Fix security filter sort in javadoc #​14552
• ReactiveMethodSecurityConfiguration is initialized prematurely when the context contains a BeanPostProcessor #​11596
• Saml2 LogoutFilter Should Come Before Common LogoutFilter #​14549

🔨 Dependency Upgrades

• Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 #​14584
• Bump gradle/gradle-build-action from 2 to 3 #​14505
• Bump io-spring-javaformat from 0.0.40 to 0.0.41 #​14438
• Bump io.projectreactor.netty:reactor-netty from 1.0.40 to 1.0.41 #​14432
• Bump io.projectreactor:reactor-bom from 2020.0.39 to 2020.0.40 #​14431
• Bump io.projectreactor:reactor-bom from 2020.0.40 to 2020.0.41 #​14614
• Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 #​14464
• Bump org-aspectj from 1.9.20.1 to 1.9.21.1 #​14607
• Bump org-eclipse-jetty from 9.4.53.v20231009 to 9.4.54.v20240208 #​14608
• Bump org.springframework:spring-framework-bom from 5.3.31 to 5.3.32 #​14622
• Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 #​14506
• Bump spring-io/spring-github-workflows from eaf17a1 to 1e8b058 #​14585

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​kse-music
• @​geirhe
• @​aspan
• @​dependabot[bot]

v5.8.9

Compare Source

⭐ New Features

• Document that Shibboleth Repository is Required for SAML Support #​14286
• OAuth2 Resource Server is exposing server information. #​13730
• Resolve RequestMatcher at request-time #​14078
• Update Java Config Spring MVC documentation #​14220

🪲 Bug Fixes

• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #​13625
• Authentication not propagated correctly after migrating to SB3 #​12877
• Authorization does not show up on Features section #​14099
• Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #​13718
• Fix caching error state in ReactiveRemoteJWKSource #​13976
• fix wrong document about "jws-algorithms" #​14252
• Improve error message when ServletRegistration API is unavailable #​14221
• References to WebFlux docs do not link to them #​14100
• relay_state should not be included in signing calculation when it is null #​13913
• Security configuration is failed to be initialized in a Servlet 6.0 container #​13794
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #​13644
• X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #​11948
• XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #​12483

🔨 Dependency Upgrades

• Bump actions/che

---

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.