Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump spring-core from 3.1.4.RELEASE to 4.3.21.RELEASE #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump spring-core from 3.1.4.RELEASE to 4.3.21.RELEASE #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 11, 2021

Bumps spring-core from 3.1.4.RELEASE to 4.3.21.RELEASE.

Release notes

Sourced from spring-core's releases.

3.2.12 Release

⭐ New Features

  • Log warning for single optional constructor when no default constructor to fall back to [SPR-12161] #16775
  • HttpHeaders should accept empty Content-Type header [SPR-12173] #16787
  • Scheduled/JmsListenerAnnotationBeanPostProcessor needlessly scans every scoped instance [SPR-12189] #16803
  • Spring HTTP clients do not enforce RFC 6265 (cookies in a single header) [SPR-12196] #16810
  • Make MockRestServiceServer error messages more descriptive [SPR-12230] #16845
  • Further locking optimizations for the retrieval of non-singleton beans [SPR-12250] #16864
  • Log context cache statistics in the TestContext framework [SPR-12409] #17017

🪲 Bug Fixes

  • @Qualifier resolution fails with Spring Batch parent/child context arrangement [SPR-12191] #16805
  • org.springframework.context.support.LiveBeansView.generateJson(Set) generates invalid JSON when resources already double-quoted [SPR-12252] #16866
  • Web Async responses force concurrentResult.toString() call [SPR-12253] #16867
  • DataSourceTransactionManager closes JDBC connection on doBegin failure but leaves it attached to transaction object [SPR-12280] #16885
  • Provider declaration for @Value method argument fails with TypeMismatchException [SPR-12297] #16903
  • Private @Scheduled methods end up on 'empty' proxy instance in case of CGLIB auto-proxying [SPR-12308] #16913
  • Directory traversal with static resource handling (CVE-2014-3625) [SPR-12354] #16959
  • Tiles 2.x: TilesConfigurer NPE when no definitions found [SPR-12362] #16967
  • ResponseStatusExceptionResolver does not get a MessageSource injected in the MVC Java config [SPR-12380] #16987
  • ConfigurationClassUtils fails to introspect inner classes with dot name syntax (and silently ignores it) [SPR-12390] #16998
  • @Import in another annotation still results in double scan [SPR-12334] #16939
  • util:map does not recognize the attribute of value-type [SPR-10994] #15622

📔 Documentation

  • ContextLoaderServlet is mentioned in doc, but does not exist [SPR-7725] #12381

3.2.11 Release

⭐ New Features

  • XmlBeanDefinitionReader runs 10x slower due to resetBeanDefinition check [SPR-8318] #12966
  • Exceptions thrown during AbstractApplicationContext.refresh() not being logged right when they are caught [SPR-12010] #16626
  • RestTemplate with InputStreamResource does not work if Content-Length is not set [SPR-12017] #16633

🪲 Bug Fixes

  • Injecting EXTENDED @PersistenceContext into JUnit 4 test class causes NoSuchBeanDefinitionException [SPR-8834] #13476
  • Exception during context refresh swallowed by subsequent LifecycleProcessor exception handling [SPR-10000] #14634
  • getBean(Object.class) fails when introspecting Environment bean [SPR-10542] #15172
  • UriComponentsBuilder.fromUriString may not parse correctly when there is no path [SPR-11970] #16586
  • StaxStreamXMLReader ignores significant whitespace [SPR-12000] #16616
  • NPE in SelectedValueComparator with null bound value [SPR-12001] #16617
  • Changes to AbstractApplicationEventMulticaster in 3.2.9 break HttpSessionEventPublisher in Google AppEngine Runtime [SPR-12002] #16618
  • AbstractMessageListenerContainer#doExecuteListener can cause a dropped message if using CLIENT_ACKNOWLEDGE and the container is stopped and subsequently started again. [SPR-12015] #16631
  • Tiles 3 TilesViewResolver should allow for custom TilesView subclasses [SPR-12075] #16691
  • MockMvc security filters causes FileUploadException: the request was rejected because no multipart boundary was found [SPR-12114] #16730
  • Plain FactoryBean declaration on @Bean method leads to early call (pre injection) [SPR-12141] #16755

... (truncated)

Commits
  • ca50a47 Release version 4.3.21.RELEASE
  • 9600e01 Revised alias definition example in reference documentation
  • e9f7c35 ResolvableType-based matching consistently respects generic factory method re...
  • cf8479c Upgrade to Tomcat 8.5.35, Netty 4.1.31, Gson 2.8.5, Jackson 2.8.11.3
  • 1c1b942 DefaultResponseErrorHandler detects non-standard error code as well
  • 85b5c5a Polishing
  • ed9afa3 FastByteArrayOutputStream.read byte-to-int conversion
  • 22f4b1c SerializedBeanFactoryReference falls back to dummy with specific id
  • abacc6d BEST_MATCHING_HANDLER_ATTRIBUTE for spring-webmvc
  • 8d668ac Up-to-date version and link in ASM/CGLIB/Objenesis package javadoc
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
0 participants