[Security] Bump org.springframework.version from 5.2.1.RELEASE to 5.3.7

[dependabot-preview]

Bumps org.springframework.version from 5.2.1.RELEASE to 5.3.7.
Updates spring-core from 5.2.1.RELEASE to 5.3.7

Release notes

Sourced from spring-core's releases.

v5.3.7

⭐ New Features

• Ensure multipart temp directories do not collide #26931
• SpringBeanAutowiringSupport should log at warn level when autowiring fails #26925
• spring-context-indexer doesn't support Java records #26909
• Ignore trailing slash in CorsConfiguration origin patterns #26892
• RSocketRequester disposal of underlying RSocketClient #26886
• Add PreFlightRequestWebFilter #26885
• Avoid memory leak when PropertyComparator is reused #26869
• Support MySQL safe updates mode in MySQLMaxValueIncrementer #26858
• HttpStatus.resolve allocates HttpStatus.values() once per invocation #26842
• InvalidPathException in log when running SpringBootTest with NIO Path property on Windows #26828
• Use String.startsWith() instead of String.substring() in PatternMatchUtils #26822
• Access to the cachedSessions in CachingConnectionFactory #26811
• Reduce log level in ExecutorConfigurationSupport.initialize #26810
• Avoid exceptions when evaluating validation hints #26787

🪲 Bug Fixes

• UriComponentsBuilder handles invalid port numbers correctly #26905
• Incorrect check in AbstractBrokerRegistration's constructor #26896
• DataClassRowMapper doesn't correctly convert generic fields #26881
• CorsRegistration#combine is a noop #26877
• LinkedCaseInsensitiveMap#putIfAbsent does not honor the case where the key is associated with a null value #26868
• Provide control over fallback charset to use in WebClientResponseException #26866
• @ModelAttribute(binding=false) is not honored with WebFlux #26856
• Fix Kotlin filter parameter bug in Router DSLs #26838
• AbstractListenerReadPublisher publishing onComplete signal before onNext during heavy load #26834
• MockMvc's MVC_RESULT_ATTRIBUTE lost with HandlerMappingIntrospector and RouterFunctions in use #26833
• webmvc.fn onError doesn't work with CompletableFuture #26831
• Daylight saving time issue in CronExpression #26830
• HandlerMappingIntrospector does not work with PathPattern backed HandlerMappings #26814
• Addition of fallback patterns to DateFormatter loses cause in Spring 5.3.5 #26804
• Support empty file uploads with HtmlUnit and MockMvc #26799
• Cache setup failure does not provide nested cause #25250
• Fix web parameters resolution when injected via constructor #25200

📔 Documentation

• Document feature to load @ModelAttribute through type conversion from a request value #26873
• Improve advice on response handling in an ExchangeFilterFunction #26819
• Remove leftover Javadoc from WebClient #26807
• Add information about changed behaviour for resolving @AuthenticationPrincipal annotation #26791
• Update Javadoc on CORS in spring-websocket #26753
• Add advice on Spring MVC path matching for 5.3 and above to the reference documentation #26750

🔨 Dependency Upgrades

• Upgrade to Kotlin 1.5.0 #26792

... (truncated)

Commits

• b1280ff Release v5.3.7
• 0d0d75e Ensure DefaultPartHttpMessageReader temp directories do not collide
• cce60c4 Ensure Synchronoss temp directories do not collide
• 1469bdb Nullability refinements and related polishing
• be52ec8 DataClassRowMapper exposes generic constructor parameters for type conversion
• cd9cad3 Increase the likelihood that timed tests pass on CI server
• 60c551a Correct clientInboundChannel assertion (includes constructor javadoc)
• 4164fc6 CandidateComponentsIndexer introspects any kind of class (including records)
• 0865abe Expose current cached session count
• 90af2d5 Log delegate service initialization at debug level (instead of info)
• Additional commits viewable in compare view

Updates spring-tx from 5.2.1.RELEASE to 5.3.7

Release notes

Sourced from spring-tx's releases.

v5.3.7

⭐ New Features

• Ensure multipart temp directories do not collide #26931
• SpringBeanAutowiringSupport should log at warn level when autowiring fails #26925
• spring-context-indexer doesn't support Java records #26909
• Ignore trailing slash in CorsConfiguration origin patterns #26892
• RSocketRequester disposal of underlying RSocketClient #26886
• Add PreFlightRequestWebFilter #26885
• Avoid memory leak when PropertyComparator is reused #26869
• Support MySQL safe updates mode in MySQLMaxValueIncrementer #26858
• HttpStatus.resolve allocates HttpStatus.values() once per invocation #26842
• InvalidPathException in log when running SpringBootTest with NIO Path property on Windows #26828
• Use String.startsWith() instead of String.substring() in PatternMatchUtils #26822
• Access to the cachedSessions in CachingConnectionFactory #26811
• Reduce log level in ExecutorConfigurationSupport.initialize #26810
• Avoid exceptions when evaluating validation hints #26787

🪲 Bug Fixes

• UriComponentsBuilder handles invalid port numbers correctly #26905
• Incorrect check in AbstractBrokerRegistration's constructor #26896
• DataClassRowMapper doesn't correctly convert generic fields #26881
• CorsRegistration#combine is a noop #26877
• LinkedCaseInsensitiveMap#putIfAbsent does not honor the case where the key is associated with a null value #26868
• Provide control over fallback charset to use in WebClientResponseException #26866
• @ModelAttribute(binding=false) is not honored with WebFlux #26856
• Fix Kotlin filter parameter bug in Router DSLs #26838
• AbstractListenerReadPublisher publishing onComplete signal before onNext during heavy load #26834
• MockMvc's MVC_RESULT_ATTRIBUTE lost with HandlerMappingIntrospector and RouterFunctions in use #26833
• webmvc.fn onError doesn't work with CompletableFuture #26831
• Daylight saving time issue in CronExpression #26830
• HandlerMappingIntrospector does not work with PathPattern backed HandlerMappings #26814
• Addition of fallback patterns to DateFormatter loses cause in Spring 5.3.5 #26804
• Support empty file uploads with HtmlUnit and MockMvc #26799
• Cache setup failure does not provide nested cause #25250
• Fix web parameters resolution when injected via constructor #25200

📔 Documentation

• Document feature to load @ModelAttribute through type conversion from a request value #26873
• Improve advice on response handling in an ExchangeFilterFunction #26819
• Remove leftover Javadoc from WebClient #26807
• Add information about changed behaviour for resolving @AuthenticationPrincipal annotation #26791
• Update Javadoc on CORS in spring-websocket #26753
• Add advice on Spring MVC path matching for 5.3 and above to the reference documentation #26750

🔨 Dependency Upgrades

• Upgrade to Kotlin 1.5.0 #26792

... (truncated)

Commits

• b1280ff Release v5.3.7
• 0d0d75e Ensure DefaultPartHttpMessageReader temp directories do not collide
• cce60c4 Ensure Synchronoss temp directories do not collide
• 1469bdb Nullability refinements and related polishing
• be52ec8 DataClassRowMapper exposes generic constructor parameters for type conversion
• cd9cad3 Increase the likelihood that timed tests pass on CI server
• 60c551a Correct clientInboundChannel assertion (includes constructor javadoc)
• 4164fc6 CandidateComponentsIndexer introspects any kind of class (including records)
• 0865abe Expose current cached session count
• 90af2d5 Log delegate service initialization at debug level (instead of info)
• Additional commits viewable in compare view

Updates spring-jdbc from 5.2.1.RELEASE to 5.3.7

Release notes

Sourced from spring-jdbc's releases.

v5.3.7

⭐ New Features

• Ensure multipart temp directories do not collide #26931
• SpringBeanAutowiringSupport should log at warn level when autowiring fails #26925
• spring-context-indexer doesn't support Java records #26909
• Ignore trailing slash in CorsConfiguration origin patterns #26892
• RSocketRequester disposal of underlying RSocketClient #26886
• Add PreFlightRequestWebFilter #26885
• Avoid memory leak when PropertyComparator is reused #26869
• Support MySQL safe updates mode in MySQLMaxValueIncrementer #26858
• HttpStatus.resolve allocates HttpStatus.values() once per invocation #26842
• InvalidPathException in log when running SpringBootTest with NIO Path property on Windows #26828
• Use String.startsWith() instead of String.substring() in PatternMatchUtils #26822
• Access to the cachedSessions in CachingConnectionFactory #26811
• Reduce log level in ExecutorConfigurationSupport.initialize #26810
• Avoid exceptions when evaluating validation hints #26787

🪲 Bug Fixes

• UriComponentsBuilder handles invalid port numbers correctly #26905
• Incorrect check in AbstractBrokerRegistration's constructor #26896
• DataClassRowMapper doesn't correctly convert generic fields #26881
• CorsRegistration#combine is a noop #26877
• LinkedCaseInsensitiveMap#putIfAbsent does not honor the case where the key is associated with a null value #26868
• Provide control over fallback charset to use in WebClientResponseException #26866
• @ModelAttribute(binding=false) is not honored with WebFlux #26856
• Fix Kotlin filter parameter bug in Router DSLs #26838
• AbstractListenerReadPublisher publishing onComplete signal before onNext during heavy load #26834
• MockMvc's MVC_RESULT_ATTRIBUTE lost with HandlerMappingIntrospector and RouterFunctions in use #26833
• webmvc.fn onError doesn't work with CompletableFuture #26831
• Daylight saving time issue in CronExpression #26830
• HandlerMappingIntrospector does not work with PathPattern backed HandlerMappings #26814
• Addition of fallback patterns to DateFormatter loses cause in Spring 5.3.5 #26804
• Support empty file uploads with HtmlUnit and MockMvc #26799
• Cache setup failure does not provide nested cause #25250
• Fix web parameters resolution when injected via constructor #25200

📔 Documentation

• Document feature to load @ModelAttribute through type conversion from a request value #26873
• Improve advice on response handling in an ExchangeFilterFunction #26819
• Remove leftover Javadoc from WebClient #26807
• Add information about changed behaviour for resolving @AuthenticationPrincipal annotation #26791
• Update Javadoc on CORS in spring-websocket #26753
• Add advice on Spring MVC path matching for 5.3 and above to the reference documentation #26750

🔨 Dependency Upgrades

• Upgrade to Kotlin 1.5.0 #26792

... (truncated)

Commits

• b1280ff Release v5.3.7
• 0d0d75e Ensure DefaultPartHttpMessageReader temp directories do not collide
• cce60c4 Ensure Synchronoss temp directories do not collide
• 1469bdb Nullability refinements and related polishing
• be52ec8 DataClassRowMapper exposes generic constructor parameters for type conversion
• cd9cad3 Increase the likelihood that timed tests pass on CI server
• 60c551a Correct clientInboundChannel assertion (includes constructor javadoc)
• 4164fc6 CandidateComponentsIndexer introspects any kind of class (including records)
• 0865abe Expose current cached session count
• 90af2d5 Log delegate service initialization at debug level (instead of info)
• Additional commits viewable in compare view

Updates spring-beans from 5.2.1.RELEASE to 5.3.7

Release notes

Sourced from spring-beans's releases.

v5.3.7

⭐ New Features

• Ensure multipart temp directories do not collide #26931
• SpringBeanAutowiringSupport should log at warn level when autowiring fails #26925
• spring-context-indexer doesn't support Java records #26909
• Ignore trailing slash in CorsConfiguration origin patterns #26892
• RSocketRequester disposal of underlying RSocketClient #26886
• Add PreFlightRequestWebFilter #26885
• Avoid memory leak when PropertyComparator is reused #26869
• Support MySQL safe updates mode in MySQLMaxValueIncrementer #26858
• HttpStatus.resolve allocates HttpStatus.values() once per invocation #26842
• InvalidPathException in log when running SpringBootTest with NIO Path property on Windows #26828
• Use String.startsWith() instead of String.substring() in PatternMatchUtils #26822
• Access to the cachedSessions in CachingConnectionFactory #26811
• Reduce log level in ExecutorConfigurationSupport.initialize #26810
• Avoid exceptions when evaluating validation hints #26787

🪲 Bug Fixes

• UriComponentsBuilder handles invalid port numbers correctly #26905
• Incorrect check in AbstractBrokerRegistration's constructor #26896
• DataClassRowMapper doesn't correctly convert generic fields #26881
• CorsRegistration#combine is a noop #26877
• LinkedCaseInsensitiveMap#putIfAbsent does not honor the case where the key is associated with a null value #26868
• Provide control over fallback charset to use in WebClientResponseException #26866
• @ModelAttribute(binding=false) is not honored with WebFlux #26856
• Fix Kotlin filter parameter bug in Router DSLs #26838
• AbstractListenerReadPublisher publishing onComplete signal before onNext during heavy load #26834
• MockMvc's MVC_RESULT_ATTRIBUTE lost with HandlerMappingIntrospector and RouterFunctions in use #26833
• webmvc.fn onError doesn't work with CompletableFuture #26831
• Daylight saving time issue in CronExpression #26830
• HandlerMappingIntrospector does not work with PathPattern backed HandlerMappings #26814
• Addition of fallback patterns to DateFormatter loses cause in Spring 5.3.5 #26804
• Support empty file uploads with HtmlUnit and MockMvc #26799
• Cache setup failure does not provide nested cause #25250
• Fix web parameters resolution when injected via constructor #25200

📔 Documentation

• Document feature to load @ModelAttribute through type conversion from a request value #26873
• Improve advice on response handling in an ExchangeFilterFunction #26819
• Remove leftover Javadoc from WebClient #26807
• Add information about changed behaviour for resolving @AuthenticationPrincipal annotation #26791
• Update Javadoc on CORS in spring-websocket #26753
• Add advice on Spring MVC path matching for 5.3 and above to the reference documentation #26750

🔨 Dependency Upgrades

• Upgrade to Kotlin 1.5.0 #26792

... (truncated)

Commits

• b1280ff Release v5.3.7
• 0d0d75e Ensure DefaultPartHttpMessageReader temp directories do not collide
• cce60c4 Ensure Synchronoss temp directories do not collide
• 1469bdb Nullability refinements and related polishing
• be52ec8 DataClassRowMapper exposes generic constructor parameters for type conversion
• cd9cad3 Increase the likelihood that timed tests pass on CI server
• 60c551a Correct clientInboundChannel assertion (includes constructor javadoc)
• 4164fc6 CandidateComponentsIndexer introspects any kind of class (including records)
• 0865abe Expose current cached session count
• 90af2d5 Log delegate service initialization at debug level (instead of info)
• Additional commits viewable in compare view

Updates spring-context from 5.2.1.RELEASE to 5.3.7

Release notes

Sourced from spring-context's releases.

v5.3.7

⭐ New Features

• Ensure multipart temp directories do not collide #26931
• SpringBeanAutowiringSupport should log at warn level when autowiring fails #26925
• spring-context-indexer doesn't support Java records #26909
• Ignore trailing slash in CorsConfiguration origin patterns #26892
• RSocketRequester disposal of underlying RSocketClient #26886
• Add PreFlightRequestWebFilter #26885
• Avoid memory leak when PropertyComparator is reused #26869
• Support MySQL safe updates mode in MySQLMaxValueIncrementer #26858
• HttpStatus.resolve allocates HttpStatus.values() once per invocation #26842
• InvalidPathException in log when running SpringBootTest with NIO Path property on Windows #26828
• Use String.startsWith() instead of String.substring() in PatternMatchUtils #26822
• Access to the cachedSessions in CachingConnectionFactory #26811
• Reduce log level in ExecutorConfigurationSupport.initialize #26810
• Avoid exceptions when evaluating validation hints #26787

🪲 Bug Fixes

• UriComponentsBuilder handles invalid port numbers correctly #26905
• Incorrect check in AbstractBrokerRegistration's constructor #26896
• DataClassRowMapper doesn't correctly convert generic fields #26881
• CorsRegistration#combine is a noop #26877
• LinkedCaseInsensitiveMap#putIfAbsent does not honor the case where the key is associated with a null value #26868
• Provide control over fallback charset to use in WebClientResponseException #26866
• @ModelAttribute(binding=false) is not honored with WebFlux #26856
• Fix Kotlin filter parameter bug in Router DSLs #26838
• AbstractListenerReadPublisher publishing onComplete signal before onNext during heavy load #26834
• MockMvc's MVC_RESULT_ATTRIBUTE lost with HandlerMappingIntrospector and RouterFunctions in use #26833
• webmvc.fn onError doesn't work with CompletableFuture #26831
• Daylight saving time issue in CronExpression #26830
• HandlerMappingIntrospector does not work with PathPattern backed HandlerMappings #26814
• Addition of fallback patterns to DateFormatter loses cause in Spring 5.3.5 #26804
• Support empty file uploads with HtmlUnit and MockMvc #26799
• Cache setup failure does not provide nested cause #25250
• Fix web parameters resolution when injected via constructor #25200

📔 Documentation

• Document feature to load @ModelAttribute through type conversion from a request value #26873
• Improve advice on response handling in an ExchangeFilterFunction #26819
• Remove leftover Javadoc from WebClient #26807
• Add information about changed behaviour for resolving @AuthenticationPrincipal annotation #26791
• Update Javadoc on CORS in spring-websocket #26753
• Add advice on Spring MVC path matching for 5.3 and above to the reference documentation #26750

🔨 Dependency Upgrades

• Upgrade to Kotlin 1.5.0 #26792

... (truncated)

Commits

• b1280ff Release v5.3.7
• 0d0d75e Ensure DefaultPartHttpMessageReader temp directories do not collide
• cce60c4 Ensure Synchronoss temp directories do not collide
• 1469bdb Nullability refinements and related polishing
• be52ec8 DataClassRowMapper exposes generic constructor parameters for type conversion
• cd9cad3 Increase the likelihood that timed tests pass on CI server
• 60c551a Correct clientInboundChannel assertion (includes constructor javadoc)
• 4164fc6 CandidateComponentsIndexer introspects any kind of class (including records)
• 0865abe Expose current cached session count
• 90af2d5 Log delegate service initialization at debug level (instead of info)
• Additional commits viewable in compare view

Updates spring-orm from 5.2.1.RELEASE to 5.3.7

Release notes

Sourced from spring-orm's releases.

v5.3.7

⭐ New Features

• Ensure multipart temp directories do not collide #26931
• SpringBeanAutowiringSupport should log at warn level when autowiring fails #26925
• spring-context-indexer doesn't support Java records #26909
• Ignore trailing slash in CorsConfiguration origin patterns #26892
• RSocketRequester disposal of underlying RSocketClient #26886
• Add PreFlightRequestWebFilter #26885
• Avoid memory leak when PropertyComparator is reused #26869
• Support MySQL safe updates mode in MySQLMaxValueIncrementer #26858
• HttpStatus.resolve allocates HttpStatus.values() once per invocation #26842
• InvalidPathException in log when running SpringBootTest with NIO Path property on Windows #26828
• Use String.startsWith() instead of String.substring() in PatternMatchUtils #26822
• Access to the cachedSessions in CachingConnectionFactory #26811
• Reduce log level in ExecutorConfigurationSupport.initialize #26810
• Avoid exceptions when evaluating validation hints #26787

🪲 Bug Fixes

• UriComponentsBuilder handles invalid port numbers correctly #26905
• Incorrect check in AbstractBrokerRegistration's constructor #26896
• DataClassRowMapper doesn't correctly convert generic fields #26881
• CorsRegistration#combine is a noop #26877
• LinkedCaseInsensitiveMap#putIfAbsent does not honor the case where the key is associated with a null value #26868
• Provide control over fallback charset to use in WebClientResponseException #26866
• @ModelAttribute(binding=false) is not honored with WebFlux #26856
• Fix Kotlin filter parameter bug in Router DSLs #26838
• AbstractListenerReadPublisher publishing onComplete signal before onNext during heavy load #26834
• MockMvc's MVC_RESULT_ATTRIBUTE lost with HandlerMappingIntrospector and RouterFunctions in use #26833
• webmvc.fn onError doesn't work with CompletableFuture #26831
• Daylight saving time issue in CronExpression #26830
• HandlerMappingIntrospector does not work with PathPattern backed HandlerMappings #26814
• Addition of fallback patterns to DateFormatter loses cause in Spring 5.3.5 #26804
• Support empty file uploads with HtmlUnit and MockMvc #26799
• Cache setup failure does not provide nested cause #25250
• Fix web parameters resolution when injected via constructor #25200

📔 Documentation

• Document feature to load @ModelAttribute through type conversion from a request value #26873
• Improve advice on response handling in an ExchangeFilterFunction #26819
• Remove leftover Javadoc from WebClient #26807
• Add information about changed behaviour for resolving @AuthenticationPrincipal annotation #26791
• Update Javadoc on CORS in spring-websocket #26753
• Add advice on Spring MVC path matching for 5.3 and above to the reference documentation #26750

🔨 Dependency Upgrades

• Upgrade to Kotlin 1.5.0 #26792

... (truncated)

Commits

• b1280ff Release v5.3.7
• 0d0d75e Ensure DefaultPartHttpMessageReader temp directories do not collide
• cce60c4 Ensure Synchronoss temp directories do not collide
• 1469bdb Nullability refinements and related polishing
• be52ec8 DataClassRowMapper exposes generic constructor parameters for type conversion
• cd9cad3 Increase the likelihood that timed tests pass on CI server
• 60c551a Correct clientInboundChannel assertion (includes constructor javadoc)
• 4164fc6 CandidateComponentsIndexer introspects any kind of class (including records)
• 0865abe Expose current cached session count
• 90af2d5 Log delegate service initialization at debug level (instead of info)
• Additional commits viewable in compare view

Updates spring-test from 5.2.1.RELEASE to 5.3.7

Release notes

Sourced from spring-test's releases.

v5.3.7

⭐ New Features

• Ensure multipart temp directories do not collide #26931
• SpringBeanAutowiringSupport should log at warn level when autowiring fails #26925
• spring-context-indexer doesn't support Java records #26909
• Ignore trailing slash in CorsConfiguration origin patterns #26892
• RSocketRequester disposal of underlying RSocketClient #26886
• Add PreFlightRequestWebFilter #26885
• Avoid memory leak when PropertyComparator is reused #26869
• Support MySQL safe updates mode in MySQLMaxValueIncrementer #26858
• HttpStatus.resolve allocates HttpStatus.values() once per invocation #26842
• InvalidPathException in log when running SpringBootTest with NIO Path property on Windows #26828
• Use String.startsWith() instead of String.substring() in PatternMatchUtils #26822
• Access to the cachedSessions in CachingConnectionFactory #26811
• Reduce log level in ExecutorConfigurationSupport.initialize #26810
• Avoid exceptions when evaluating validation hints #26787

🪲 Bug Fixes

• UriComponentsBuilder handles invalid port numbers correctly #26905
• Incorrect check in AbstractBrokerRegistration's constructor #26896
• DataClassRowMapper doesn't correctly convert generic fields #26881
• CorsRegistration#combine is a noop #26877
• LinkedCaseInsensitiveMap#putIfAbsent does not honor the case where the key is associated with a null value #26868
• Provide control over fallback charset to use in WebClientResponseException #26866
• @ModelAttribute(binding=false) is not honored with WebFlux #26856
• Fix Kotlin filter parameter bug in Router DSLs #26838
• AbstractListenerReadPublisher publishing onComplete signal before onNext during heavy load #26834
• MockMvc's MVC_RESULT_ATTRIBUTE lost with HandlerMappingIntrospector and RouterFunctions in use #26833
• webmvc.fn onError doesn't work with CompletableFuture #26831
• Daylight saving time issue in CronExpression #26830
• HandlerMappingIntrospector does not work with PathPattern backed HandlerMappings #26814
• Addition of fallback patterns to DateFormatter loses cause in Spring 5.3.5 #26804
• Support empty file uploads with HtmlUnit and MockMvc #26799
• Cache setup failure does not provide nested cause #25250
• Fix web parameters resolution when injected via constructor #25200

📔 Documentation

• Document feature to load @ModelAttribute through type conversion from a request value #26873
• Improve advice on response handling in an ExchangeFilterFunction #26819
• Remove leftover Javadoc from WebClient #26807
• Add information about changed behaviour for resolving @AuthenticationPrincipal annotation #26791
• Update Javadoc on CORS in spring-websocket #26753
• Add advice on Spring MVC path matching for 5.3 and above to the reference documentation #26750

🔨 Dependency Upgrades

• Upgrade to Kotlin 1.5.0 #26792

... (truncated)

Commits

• b1280ff Release v5.3.7
• 0d0d75e Ensure DefaultPartHttpMessageReader temp directories do not collide
• cce60c4 Ensure Synchronoss temp directories do not collide
• 1469bdb Nullability refinements and related polishing
• be52ec8 DataClassRowMapper exposes generic constructor parameters for type conversion
• cd9cad3 Increase the likelihood that timed tests pass on CI server
• 60c551a Correct clientInboundChannel assertion (includes constructor javadoc)
• 4164fc6 CandidateComponentsIndexer introspects any kind of class (including records)
• 0865abe Expose current cached session count
• 90af2d5 Log delegate service initialization at debug level (instead of info)
• Additional commits viewable in compare view

Updates spring-web from 5.2.1.RELEASE to 5.3.7

Release notes

Sourced from spring-web's releases.

v5.3.7

⭐ New Features

• Ensure multipart temp directories do not collide #26931
• SpringBeanAutowiringSupport should log at warn level when autowiring fails #26925
• spring-context-indexer doesn't support Java records #26909
• Ignore trailing slash in CorsConfiguration origin patterns #26892
• RSocketRequester disposal of underlying RSocketClient #26886
• Add PreFlightRequestWebFilter #26885
• Avoid memory leak when PropertyComparator is reused #26869
• Support MySQL safe updates mode in MySQLMaxValueIncrementer #26858
• HttpStatus.resolve allocates HttpStatus.values() once per invocation #26842
• InvalidPathException in log when running SpringBootTest with NIO Path property on Windows #26828
• Use String.startsWith() instead of String.substring() in PatternMatchUtils #26822
• Access to the cachedSessions in CachingConnectionFactory #26811
• Reduce log level in ExecutorConfigurationSupport.initialize #26810
• Avoid exceptions when evaluating validation hints #26787

🪲 Bug Fixes

• UriComponentsBuilder handles invalid port numbers correctly #26905
• Incorrect check in AbstractBrokerRegistration's constructor #26896
• DataClassRowMapper doesn't correctly convert generic fields #26881
• CorsRegistration#combine is a noop #26877
• LinkedCaseInsensitiveMap#putIfAbsent does not honor the case where the key is associated with a null value #26868
• Provide control over fallback charset to use in WebClientResponseException #26866
• @ModelAttribute(binding=false) is not honored with WebFlux #26856
• Fix Kotlin filter parameter bug in Router DSLs #26838
• AbstractListenerReadPublisher publishing onComplete signal before onNext during heavy load #26834
• MockMvc's MVC_RESULT_ATTRIBUTE lost with HandlerMappingIntrospector and RouterFunctions in use #26833
• webmvc.fn onError doesn't work with CompletableFuture #26831
• Daylight saving time issue in CronExpression #26830
• HandlerMappingIntrospector does not work with PathPattern backed HandlerMappings #26814
• Addition of fallback patterns to DateFormatter loses cause in Spring 5.3.5 #26804
• Support empty file uploads with HtmlUnit and MockMvc #26799
• Cache setup failure does not provide nested cause #25250
• Fix web parameters resolution when injected via constructor #25200

📔 Documentation

• Document feature to load @ModelAttribute through type conversion from a request value #26873
• Improve advice on response handling in an ExchangeFilterFunction #26819
• Remove leftover Javadoc from WebClient #26807
• Add information about changed behaviour for resolving @AuthenticationPrincipal annotation #26791
• Update Javadoc on CORS in spring-websocket #26753
• Add advice on Spring MVC path matching for 5.3 and above to the reference documentation #26750

🔨 Dependency Upgrades

• Upgrade to Kotlin 1.5.0 #26792

... (truncated)

Commits

• b1280ff Release v5.3.7
• 0d0d75e Ensure DefaultPartHttpMessageReader temp directories do not collide
• cce60c4 Ensure Synchronoss temp directories do not collide
• 1469bdb Nullability refinements and related polishing
• be52ec8 DataClassRowMapper exposes generic constructor parameters for type conversion
• cd9cad3 Increase the likelihood that timed tests pass on CI server
• 60c551a Correct clientInboundChannel assertion (includes constructor javadoc)
• 4164fc6 CandidateComponentsIndexer introspects any kind of class (including records)
• 0865abe Expose current cached session count
• 90af2d5 Log delegate service initialization at debug level (instead of info)
• Additional commits viewable in compare view

Updates spring-webmvc from 5.2.1.RELEASE to 5.3.7 This update includes security fixes.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects org.springframework:spring-webmvc and org.springframework:spring-webflux Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack.

Affected versions: >= 5.2.0, < 5.2.3

Sourced from The GitHub Security Advisory Database.

High severity vulnerability that affects org.springframework:spring-webmvc and org.springframework:spring-webflux In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.

Affected versions: >= 5.2.0, < 5.2.3

Release notes

Sourced from spring-webmvc's releases.

v5.3.7

⭐ New Features

• Ensure multipart temp directories do not collide #26931
• SpringBeanAutowiringSupport should log at warn level when autowiring fails #26925
• spring-context-indexer doesn't support Java records #26909
• Ignore trailing slash in CorsConfiguration origin patterns #26892
• RSocketRequester disposal of underlying RSocketClient #26886
• Add PreFlightRequestWebFilter #26885
• Avoid memory leak when PropertyComparator is reused #26869
• Support MySQL safe updates mode in MySQLMaxValueIncrementer #26858
• HttpStatus.resolve allocates HttpStatus.values() once per invocation #26842
• InvalidPathException in log when running SpringBootTest with NIO Path property on Windows #26828
• Use String.startsWith() instead of String.substring() in PatternMatchUtils #26822
• Access to the cachedSessions in CachingConnectionFactory #26811
• Reduce log level in ExecutorConfigurationSupport.initialize #26810
• Avoid exceptions when evaluating validation hints #26787

🪲 Bug Fixes

• UriComponentsBuilder handles invalid port numbers correctly #26905
• Incorrect check in AbstractBrokerRegistration's constructor #26896
• DataClassRowMapper doesn't correctly convert generic fields #26881
• CorsRegistration#combine is a noop #26877
• LinkedCaseInsensitiveMap#putIfAbsent does not honor the case where the key is associated with a null value #26868
• Provide control over fallback charset to use in WebClientResponseException #26866
• @ModelAttribute(binding=false) is not honored with WebFlux #26856
• Fix Kotlin filter parameter bug in Router DSLs #26838
• AbstractListenerReadPublisher publishing onComplete signal before onNext during heavy load #26834
• MockMvc's MVC_RESULT_ATTRIBUTE lost with HandlerMappingIntrospector and RouterFunctions in use #26833
• webmvc.fn onError doesn't work with CompletableFuture #26831
• Daylight saving time issue in CronExpression #26830
• HandlerMappingIntrospector does not work with PathPattern backed HandlerMappings #26814
• Addition of fallback patterns to DateFormatter loses cause in Spring 5.3.5 #26804
• Support empty file uploads with HtmlUnit and MockMvc #26799
• Cache setup failure does not provide nested cause #25250
• Fix web parameters resolution when injected via constructor #25200

📔 Documentation

• Document feature to load @ModelAttribute through type conversion from a request value #26873
• Improve advice on response handling in an ExchangeFilterFunction #26819
• Remove leftover Javadoc from WebClient #26807
• Add information about changed behaviour for resolving @AuthenticationPrincipal annotation #26791
• Update Javadoc on CORS in spring-websocket #26753
• Add advice on Spring MVC path matching for 5.3 and above to the reference documentation #26750

🔨 Dependency Upgrades

• Upgrade to Kotlin 1.5.0 #26792

... (truncated)

Commits

• b1280ff Release v5.3.7
• 0d0d75e Ensure DefaultPartHttpMessageReader temp directories do not collide
• cce60c4 Ensure Synchronoss temp directories do not collide
• 1469bdb Nullability refinements and related polishing
• be52ec8 DataClassRowMapper exposes generic constructor parameters for type conversion
• cd9cad3 Increase the likelihood that timed tests pass on CI server
• 60c551a Correct clientInboundChannel assertion (includes constructor javadoc)
• 4164fc6 CandidateComponentsIndexer introspects any kind of class (including records)
• 0865abe Expose current cached session count
• 90af2d5 Log delegate service initialization at debug level (instead of info)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

---

This change is 

[dependabot-preview]

Superseded by #43.