[Security] Bump spring.version from 4.2.5.RELEASE to 5.1.9.RELEASE in /dhis-2

[dependabot-preview]

Bumps spring.version from 4.2.5.RELEASE to 5.1.9.RELEASE.

Updates spring-aop from 4.2.5.RELEASE to 5.1.9.RELEASE

Release notes

Sourced from spring-aop's releases.

v5.1.9.RELEASE

⭐ New Features

• WebClient's retrieve doesn't support custom HTTP status code #23367
• Can't wrap a ClientResponse with a custom status code in a builder #23366
• Javadoc missing on some public BeanDefinitionParserDelegate methods #23349
• In contrast to the Javadoc, ServerHttpRequest.Builder implementation does not override headers #23333
• Hibernate Query.list() is not included in SharedEntityManagerCreator.queryTerminatingMethods set, causing database connection not to be unreleased when query is proxied #23248
• Exception while WebClient onStatus handler is applied leads to ByteBuf leak #23230
• Error signal not propagated if writeFunction in ChannelSendOperator fails immediately #23175
• PathPatternParser does not allow any non-Java characters in variables like "-" #23101

🪲 Bug Fixes

• MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #23352
• Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #23346
• Inconsistent use of getInterfaceMethodIfPossible for init method invocation #23323
• ResolvableType.forRawClass fails isAssignable against TypeVariable #23321
• ForwardedHeaderTransformer preserves escape sequences when applying X-Forwarded-Prefix #23305
• Accept header with trailing comma produces HTTP "406 Not Acceptable" #23241
• FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240
• SpEL ReflectivePropertyAccessor: ConversionService missing annotations on concrete implementations #23210
• Defensively register ReactiveReturnValueHandler for messaging methods #23207
• Raise log level when bean destruction fails #23200
• New OncePerRequestFilter behavior breaks RequestContextFilter on Jetty after sendError #23196
• SpringValidatorAdapter's ObjectError subclass is not Serializable #23181
• WebSocketHttpRequestHandler not writing headers after interceptor returns false #23179
• Reliable detection of user change from interceptor in StompSubProtocolHandler #23160
• Fixes issue with optional @RequestPart Mono argument being resolved to null instead of Mono.empty #23070

📔 Documentation

• Add Javadoc since for Jaxb2XmlDecoder(MimeType...) #23353
• Fix typo in webflux.adoc #23329
• Clarify use of MultipartBodyBuilder with RestTemplate #23295
• Improve documentation for @Autowired constructors #23263
• AbstractCacheManager.getCache() breaks contract of CacheManager.getCache() #23193
• PriorityOrdered Javadoc is misleading #23187
• Document that Ordered is not supported for @ControllerAdvice beans #23172
• Fix Jackson documentation broken links #23153
• Document how to specify Jackson JSON view serialization hints #23150
• HtmlUtils Javadoc refers to deprecated Apache Commons Lang #23122
• Docs for Spring MVC Test should cover async requests [SPR-15099] #19666

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​AndreasKl

... (truncated)

Commits

• b1171d8 Release version 5.1.9.RELEASE
• 7c2e2d4 Polishing
• d8e624e Consistent suppression of get/clearWarnings without target connection
• 762ea3e Document all remaining public methods on BeanDefinitionParserDelegate
• 871bb57 TransactionAwareDataSourceProxy locally handles get/clearWarnings call
• aebc485 MethodParameter.equals properly checks overridden containing class
• ea4f7d3 Deprecate logger field in HandlerMethodArgumentResolverComposite
• 438b40f Consistent ordering of WebClient.Builder methods
• 59064f0 Upgrade to Undertow 2.0.23 and Apache Johnzon 1.1.12
• 960079e Retain non-null HttpStatus return value in Client(Http)Response
• Additional commits viewable in compare view

Updates spring-beans from 4.2.5.RELEASE to 5.1.9.RELEASE

Release notes

Sourced from spring-beans's releases.

v5.1.9.RELEASE

⭐ New Features

• WebClient's retrieve doesn't support custom HTTP status code #23367
• Can't wrap a ClientResponse with a custom status code in a builder #23366
• Javadoc missing on some public BeanDefinitionParserDelegate methods #23349
• In contrast to the Javadoc, ServerHttpRequest.Builder implementation does not override headers #23333
• Hibernate Query.list() is not included in SharedEntityManagerCreator.queryTerminatingMethods set, causing database connection not to be unreleased when query is proxied #23248
• Exception while WebClient onStatus handler is applied leads to ByteBuf leak #23230
• Error signal not propagated if writeFunction in ChannelSendOperator fails immediately #23175
• PathPatternParser does not allow any non-Java characters in variables like "-" #23101

🪲 Bug Fixes

• MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #23352
• Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #23346
• Inconsistent use of getInterfaceMethodIfPossible for init method invocation #23323
• ResolvableType.forRawClass fails isAssignable against TypeVariable #23321
• ForwardedHeaderTransformer preserves escape sequences when applying X-Forwarded-Prefix #23305
• Accept header with trailing comma produces HTTP "406 Not Acceptable" #23241
• FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240
• SpEL ReflectivePropertyAccessor: ConversionService missing annotations on concrete implementations #23210
• Defensively register ReactiveReturnValueHandler for messaging methods #23207
• Raise log level when bean destruction fails #23200
• New OncePerRequestFilter behavior breaks RequestContextFilter on Jetty after sendError #23196
• SpringValidatorAdapter's ObjectError subclass is not Serializable #23181
• WebSocketHttpRequestHandler not writing headers after interceptor returns false #23179
• Reliable detection of user change from interceptor in StompSubProtocolHandler #23160
• Fixes issue with optional @RequestPart Mono argument being resolved to null instead of Mono.empty #23070

📔 Documentation

• Add Javadoc since for Jaxb2XmlDecoder(MimeType...) #23353
• Fix typo in webflux.adoc #23329
• Clarify use of MultipartBodyBuilder with RestTemplate #23295
• Improve documentation for @Autowired constructors #23263
• AbstractCacheManager.getCache() breaks contract of CacheManager.getCache() #23193
• PriorityOrdered Javadoc is misleading #23187
• Document that Ordered is not supported for @ControllerAdvice beans #23172
• Fix Jackson documentation broken links #23153
• Document how to specify Jackson JSON view serialization hints #23150
• HtmlUtils Javadoc refers to deprecated Apache Commons Lang #23122
• Docs for Spring MVC Test should cover async requests [SPR-15099] #19666

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​AndreasKl

... (truncated)

Commits

• b1171d8 Release version 5.1.9.RELEASE
• 7c2e2d4 Polishing
• d8e624e Consistent suppression of get/clearWarnings without target connection
• 762ea3e Document all remaining public methods on BeanDefinitionParserDelegate
• 871bb57 TransactionAwareDataSourceProxy locally handles get/clearWarnings call
• aebc485 MethodParameter.equals properly checks overridden containing class
• ea4f7d3 Deprecate logger field in HandlerMethodArgumentResolverComposite
• 438b40f Consistent ordering of WebClient.Builder methods
• 59064f0 Upgrade to Undertow 2.0.23 and Apache Johnzon 1.1.12
• 960079e Retain non-null HttpStatus return value in Client(Http)Response
• Additional commits viewable in compare view

Updates spring-context from 4.2.5.RELEASE to 5.1.9.RELEASE

Release notes

Sourced from spring-context's releases.

v5.1.9.RELEASE

⭐ New Features

• WebClient's retrieve doesn't support custom HTTP status code #23367
• Can't wrap a ClientResponse with a custom status code in a builder #23366
• Javadoc missing on some public BeanDefinitionParserDelegate methods #23349
• In contrast to the Javadoc, ServerHttpRequest.Builder implementation does not override headers #23333
• Hibernate Query.list() is not included in SharedEntityManagerCreator.queryTerminatingMethods set, causing database connection not to be unreleased when query is proxied #23248
• Exception while WebClient onStatus handler is applied leads to ByteBuf leak #23230
• Error signal not propagated if writeFunction in ChannelSendOperator fails immediately #23175
• PathPatternParser does not allow any non-Java characters in variables like "-" #23101

🪲 Bug Fixes

• MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #23352
• Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #23346
• Inconsistent use of getInterfaceMethodIfPossible for init method invocation #23323
• ResolvableType.forRawClass fails isAssignable against TypeVariable #23321
• ForwardedHeaderTransformer preserves escape sequences when applying X-Forwarded-Prefix #23305
• Accept header with trailing comma produces HTTP "406 Not Acceptable" #23241
• FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240
• SpEL ReflectivePropertyAccessor: ConversionService missing annotations on concrete implementations #23210
• Defensively register ReactiveReturnValueHandler for messaging methods #23207
• Raise log level when bean destruction fails #23200
• New OncePerRequestFilter behavior breaks RequestContextFilter on Jetty after sendError #23196
• SpringValidatorAdapter's ObjectError subclass is not Serializable #23181
• WebSocketHttpRequestHandler not writing headers after interceptor returns false #23179
• Reliable detection of user change from interceptor in StompSubProtocolHandler #23160
• Fixes issue with optional @RequestPart Mono argument being resolved to null instead of Mono.empty #23070

📔 Documentation

• Add Javadoc since for Jaxb2XmlDecoder(MimeType...) #23353
• Fix typo in webflux.adoc #23329
• Clarify use of MultipartBodyBuilder with RestTemplate #23295
• Improve documentation for @Autowired constructors #23263
• AbstractCacheManager.getCache() breaks contract of CacheManager.getCache() #23193
• PriorityOrdered Javadoc is misleading #23187
• Document that Ordered is not supported for @ControllerAdvice beans #23172
• Fix Jackson documentation broken links #23153
• Document how to specify Jackson JSON view serialization hints #23150
• HtmlUtils Javadoc refers to deprecated Apache Commons Lang #23122
• Docs for Spring MVC Test should cover async requests [SPR-15099] #19666

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​AndreasKl

... (truncated)

Commits

• b1171d8 Release version 5.1.9.RELEASE
• 7c2e2d4 Polishing
• d8e624e Consistent suppression of get/clearWarnings without target connection
• 762ea3e Document all remaining public methods on BeanDefinitionParserDelegate
• 871bb57 TransactionAwareDataSourceProxy locally handles get/clearWarnings call
• aebc485 MethodParameter.equals properly checks overridden containing class
• ea4f7d3 Deprecate logger field in HandlerMethodArgumentResolverComposite
• 438b40f Consistent ordering of WebClient.Builder methods
• 59064f0 Upgrade to Undertow 2.0.23 and Apache Johnzon 1.1.12
• 960079e Retain non-null HttpStatus return value in Client(Http)Response
• Additional commits viewable in compare view

Updates spring-context-support from 4.2.5.RELEASE to 5.1.9.RELEASE

Release notes

Sourced from spring-context-support's releases.

v5.1.9.RELEASE

⭐ New Features

• WebClient's retrieve doesn't support custom HTTP status code #23367
• Can't wrap a ClientResponse with a custom status code in a builder #23366
• Javadoc missing on some public BeanDefinitionParserDelegate methods #23349
• In contrast to the Javadoc, ServerHttpRequest.Builder implementation does not override headers #23333
• Hibernate Query.list() is not included in SharedEntityManagerCreator.queryTerminatingMethods set, causing database connection not to be unreleased when query is proxied #23248
• Exception while WebClient onStatus handler is applied leads to ByteBuf leak #23230
• Error signal not propagated if writeFunction in ChannelSendOperator fails immediately #23175
• PathPatternParser does not allow any non-Java characters in variables like "-" #23101

🪲 Bug Fixes

• MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #23352
• Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #23346
• Inconsistent use of getInterfaceMethodIfPossible for init method invocation #23323
• ResolvableType.forRawClass fails isAssignable against TypeVariable #23321
• ForwardedHeaderTransformer preserves escape sequences when applying X-Forwarded-Prefix #23305
• Accept header with trailing comma produces HTTP "406 Not Acceptable" #23241
• FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240
• SpEL ReflectivePropertyAccessor: ConversionService missing annotations on concrete implementations #23210
• Defensively register ReactiveReturnValueHandler for messaging methods #23207
• Raise log level when bean destruction fails #23200
• New OncePerRequestFilter behavior breaks RequestContextFilter on Jetty after sendError #23196
• SpringValidatorAdapter's ObjectError subclass is not Serializable #23181
• WebSocketHttpRequestHandler not writing headers after interceptor returns false #23179
• Reliable detection of user change from interceptor in StompSubProtocolHandler #23160
• Fixes issue with optional @RequestPart Mono argument being resolved to null instead of Mono.empty #23070

📔 Documentation

• Add Javadoc since for Jaxb2XmlDecoder(MimeType...) #23353
• Fix typo in webflux.adoc #23329
• Clarify use of MultipartBodyBuilder with RestTemplate #23295
• Improve documentation for @Autowired constructors #23263
• AbstractCacheManager.getCache() breaks contract of CacheManager.getCache() #23193
• PriorityOrdered Javadoc is misleading #23187
• Document that Ordered is not supported for @ControllerAdvice beans #23172
• Fix Jackson documentation broken links #23153
• Document how to specify Jackson JSON view serialization hints #23150
• HtmlUtils Javadoc refers to deprecated Apache Commons Lang #23122
• Docs for Spring MVC Test should cover async requests [SPR-15099] #19666

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​AndreasKl

... (truncated)

Commits

• b1171d8 Release version 5.1.9.RELEASE
• 7c2e2d4 Polishing
• d8e624e Consistent suppression of get/clearWarnings without target connection
• 762ea3e Document all remaining public methods on BeanDefinitionParserDelegate
• 871bb57 TransactionAwareDataSourceProxy locally handles get/clearWarnings call
• aebc485 MethodParameter.equals properly checks overridden containing class
• ea4f7d3 Deprecate logger field in HandlerMethodArgumentResolverComposite
• 438b40f Consistent ordering of WebClient.Builder methods
• 59064f0 Upgrade to Undertow 2.0.23 and Apache Johnzon 1.1.12
• 960079e Retain non-null HttpStatus return value in Client(Http)Response
• Additional commits viewable in compare view

Updates spring-core from 4.2.5.RELEASE to 5.1.9.RELEASE This update includes security fixes.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects org.springframework:spring-core and org.springframework.security:spring-security-core
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.

Affected versions: < 4.3.1

Sourced from The GitHub Security Advisory Database.

High severity vulnerability that affects org.springframework:spring-core
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

Affected versions: < 4.3.16

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects org.springframework:spring-core
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Affected versions: < 4.3.15

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects org.springframework:spring-core
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Affected versions: < 4.3.15

Sourced from The GitHub Security Advisory Database.

High severity vulnerability that affects org.springframework:spring-core
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Affected versions: < 4.3.16

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects org.springframework:spring-core
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Affected versions: < 4.3.17

Release notes

Sourced from spring-core's releases.

v5.1.9.RELEASE

⭐ New Features

• WebClient's retrieve doesn't support custom HTTP status code #23367
• Can't wrap a ClientResponse with a custom status code in a builder #23366
• Javadoc missing on some public BeanDefinitionParserDelegate methods #23349
• In contrast to the Javadoc, ServerHttpRequest.Builder implementation does not override headers #23333
• Hibernate Query.list() is not included in SharedEntityManagerCreator.queryTerminatingMethods set, causing database connection not to be unreleased when query is proxied #23248
• Exception while WebClient onStatus handler is applied leads to ByteBuf leak #23230
• Error signal not propagated if writeFunction in ChannelSendOperator fails immediately #23175
• PathPatternParser does not allow any non-Java characters in variables like "-" #23101

🪲 Bug Fixes

• MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #23352
• Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #23346
• Inconsistent use of getInterfaceMethodIfPossible for init method invocation #23323
• ResolvableType.forRawClass fails isAssignable against TypeVariable #23321
• ForwardedHeaderTransformer preserves escape sequences when applying X-Forwarded-Prefix #23305
• Accept header with trailing comma produces HTTP "406 Not Acceptable" #23241
• FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240
• SpEL ReflectivePropertyAccessor: ConversionService missing annotations on concrete implementations #23210
• Defensively register ReactiveReturnValueHandler for messaging methods #23207
• Raise log level when bean destruction fails #23200
• New OncePerRequestFilter behavior breaks RequestContextFilter on Jetty after sendError #23196
• SpringValidatorAdapter's ObjectError subclass is not Serializable #23181
• WebSocketHttpRequestHandler not writing headers after interceptor returns false #23179
• Reliable detection of user change from interceptor in StompSubProtocolHandler #23160
• Fixes issue with optional @RequestPart Mono argument being resolved to null instead of Mono.empty #23070

📔 Documentation

• Add Javadoc since for Jaxb2XmlDecoder(MimeType...) #23353
• Fix typo in webflux.adoc #23329
• Clarify use of MultipartBodyBuilder with RestTemplate #23295
• Improve documentation for @Autowired constructors #23263
• AbstractCacheManager.getCache() breaks contract of CacheManager.getCache() #23193
• PriorityOrdered Javadoc is misleading #23187
• Document that Ordered is not supported for @ControllerAdvice beans #23172
• Fix Jackson documentation broken links #23153
• Document how to specify Jackson JSON view serialization hints #23150
• HtmlUtils Javadoc refers to deprecated Apache Commons Lang #23122
• Docs for Spring MVC Test should cover async requests [SPR-15099] #19666

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​AndreasKl

... (truncated)

Commits

• b1171d8 Release version 5.1.9.RELEASE
• 7c2e2d4 Polishing
• d8e624e Consistent suppression of get/clearWarnings without target connection
• 762ea3e Document all remaining public methods on BeanDefinitionParserDelegate
• 871bb57 TransactionAwareDataSourceProxy locally handles get/clearWarnings call
• aebc485 MethodParameter.equals properly checks overridden containing class
• ea4f7d3 Deprecate logger field in HandlerMethodArgumentResolverComposite
• 438b40f Consistent ordering of WebClient.Builder methods
• 59064f0 Upgrade to Undertow 2.0.23 and Apache Johnzon 1.1.12
• 960079e Retain non-null HttpStatus return value in Client(Http)Response
• Additional commits viewable in compare view

Updates spring-expression from 4.2.5.RELEASE to 5.1.9.RELEASE

Release notes

Sourced from spring-expression's releases.

v5.1.9.RELEASE

⭐ New Features

• WebClient's retrieve doesn't support custom HTTP status code #23367
• Can't wrap a ClientResponse with a custom status code in a builder #23366
• Javadoc missing on some public BeanDefinitionParserDelegate methods #23349
• In contrast to the Javadoc, ServerHttpRequest.Builder implementation does not override headers #23333
• Hibernate Query.list() is not included in SharedEntityManagerCreator.queryTerminatingMethods set, causing database connection not to be unreleased when query is proxied #23248
• Exception while WebClient onStatus handler is applied leads to ByteBuf leak #23230
• Error signal not propagated if writeFunction in ChannelSendOperator fails immediately #23175
• PathPatternParser does not allow any non-Java characters in variables like "-" #23101

🪲 Bug Fixes

• MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #23352
• Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #23346
• Inconsistent use of getInterfaceMethodIfPossible for init method invocation #23323
• ResolvableType.forRawClass fails isAssignable against TypeVariable #23321
• ForwardedHeaderTransformer preserves escape sequences when applying X-Forwarded-Prefix #23305
• Accept header with trailing comma produces HTTP "406 Not Acceptable" #23241
• FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240
• SpEL ReflectivePropertyAccessor: ConversionService missing annotations on concrete implementations #23210
• Defensively register ReactiveReturnValueHandler for messaging methods #23207
• Raise log level when bean destruction fails #23200
• New OncePerRequestFilter behavior breaks RequestContextFilter on Jetty after sendError #23196
• SpringValidatorAdapter's ObjectError subclass is not Serializable #23181
• WebSocketHttpRequestHandler not writing headers after interceptor returns false #23179
• Reliable detection of user change from interceptor in StompSubProtocolHandler #23160
• Fixes issue with optional @RequestPart Mono argument being resolved to null instead of Mono.empty #23070

📔 Documentation

• Add Javadoc since for Jaxb2XmlDecoder(MimeType...) #23353
• Fix typo in webflux.adoc #23329
• Clarify use of MultipartBodyBuilder with RestTemplate #23295
• Improve documentation for @Autowired constructors #23263
• AbstractCacheManager.getCache() breaks contract of CacheManager.getCache() #23193
• PriorityOrdered Javadoc is misleading #23187
• Document that Ordered is not supported for @ControllerAdvice beans #23172
• Fix Jackson documentation broken links #23153
• Document how to specify Jackson JSON view serialization hints #23150
• HtmlUtils Javadoc refers to deprecated Apache Commons Lang #23122
• Docs for Spring MVC Test should cover async requests [SPR-15099] #19666

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​AndreasKl

... (truncated)

Commits

• b1171d8 Release version 5.1.9.RELEASE
• 7c2e2d4 Polishing
• d8e624e Consistent suppression of get/clearWarnings without target connection
• 762ea3e Document all remaining public methods on BeanDefinitionParserDelegate
• 871bb57 TransactionAwareDataSourceProxy locally handles get/clearWarnings call
• aebc485 MethodParameter.equals properly checks overridden containing class
• ea4f7d3 Deprecate logger field in HandlerMethodArgumentResolverComposite
• 438b40f Consistent ordering of WebClient.Builder methods
• 59064f0 Upgrade to Undertow 2.0.23 and Apache Johnzon 1.1.12
• 960079e Retain non-null HttpStatus return value in Client(Http)Response
• Additional commits viewable in compare view

Updates spring-jdbc from 4.2.5.RELEASE to 5.1.9.RELEASE

Release notes

Sourced from spring-jdbc's releases.

v5.1.9.RELEASE

⭐ New Features

• WebClient's retrieve doesn't support custom HTTP status code #23367
• Can't wrap a ClientResponse with a custom status code in a builder #23366
• Javadoc missing on some public BeanDefinitionParserDelegate methods #23349
• In contrast to the Javadoc, ServerHttpRequest.Builder implementation does not override headers #23333
• Hibernate Query.list() is not included in SharedEntityManagerCreator.queryTerminatingMethods set, causing database connection not to be unreleased when query is proxied #23248
• Exception while WebClient onStatus handler is applied leads to ByteBuf leak #23230
• Error signal not propagated if writeFunction in ChannelSendOperator fails immediately #23175
• PathPatternParser does not allow any non-Java characters in variables like "-" #23101

🪲 Bug Fixes

• MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #23352
• Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #23346
• Inconsistent use of getInterfaceMethodIfPossible for init method invocation #23323
• ResolvableType.forRawClass fails isAssignable against TypeVariable #23321
• ForwardedHeaderTransformer preserves escape sequences when applying X-Forwarded-Prefix #23305
• Accept header with trailing comma produces HTTP "406 Not Acceptable" #23241
• FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240
• SpEL ReflectivePropertyAccessor: ConversionService missing annotations on concrete implementations #23210
• Defensively register ReactiveReturnValueHandler for messaging methods #23207
• Raise log level when bean destruction fails #23200
• New OncePerRequestFilter behavior breaks RequestContextFilter on Jetty after sendError #23196
• SpringValidatorAdapter's ObjectError subclass is not Serializable #23181
• WebSocketHttpRequestHandler not writing headers after interceptor returns false #23179
• Reliable detection of user change from interceptor in StompSubProtocolHandler #23160
• Fixes issue with optional @RequestPart Mono argument being resolved to null instead of Mono.empty #23070

📔 Documentation

• Add Javadoc since for Jaxb2XmlDecoder(MimeType...) #23353
• Fix typo in webflux.adoc #23329
• Clarify use of MultipartBodyBuilder with RestTemplate #23295
• Improve documentation for @Autowired constructors #23263
• AbstractCacheManager.getCache() breaks contract of CacheManager.getCache() #23193
• PriorityOrdered Javadoc is misleading #23187
• Document that Ordered is not supported for @ControllerAdvice beans #23172
• Fix Jackson documentation broken links #23153
• Document how to specify Jackson JSON view serialization hints #23150
• HtmlUtils Javadoc refers to deprecated Apache Commons Lang #23122
• Docs for Spring MVC Test should cover async requests [SPR-15099] #19666

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​AndreasKl

... (truncated)

Commits

• b1171d8 Release version 5.1.9.RELEASE
• 7c2e2d4 Polishing
• d8e624e Consistent suppression of get/clearWarnings without target connection
• 762ea3e Document all remaining public methods on BeanDefinitionParserDelegate
• 871bb57 TransactionAwareDataSourceProxy locally handles get/clearWarnings call
• aebc485 MethodParameter.equals properly checks overridden containing class
• ea4f7d3 Deprecate logger field in HandlerMethodArgumentResolverComposite
• 438b40f Consistent ordering of WebClient.Builder methods
• 59064f0 Upgrade to Undertow 2.0.23 and Apache Johnzon 1.1.12
• 960079e Retain non-null HttpStatus return value in Client(Http)Response
• Additional commits viewable in compare view

Updates spring-orm from 4.2.5.RELEASE to 5.1.9.RELEASE

Release notes

Sourced from spring-orm's releases.

v5.1.9.RELEASE

⭐ New Features

• WebClient's retrieve doesn't support custom HTTP status code #23367
• Can't wrap a ClientResponse with a custom status code in a builder #23366
• Javadoc missing on some public BeanDefinitionParserDelegate methods #23349
• In contrast to the Javadoc, ServerHttpRequest.Builder implementation does not override headers #23333
• Hibernate Query.list() is not included in SharedEntityManagerCreator.queryTerminatingMethods set, causing database connection not to be unreleased when query is proxied #23248
• Exception while WebClient onStatus handler is applied leads to ByteBuf leak #23230
• Error signal not propagated if writeFunction in ChannelSendOperator fails immediately #23175
• PathPatternParser does not allow any non-Java characters in variables like "-" #23101

🪲 Bug Fixes

• MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #23352
• Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #23346
• Inconsistent use of getInterfaceMethodIfPossible for init method invocation #23323
• ResolvableType.forRawClass fails isAssignable against TypeVariable #23321
• ForwardedHeaderTransformer preserves escape sequences when applying X-Forwarded-Prefix #23305
• Accept header with trailing comma produces HTTP "406 Not Acceptable" #23241
• FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240
• SpEL ReflectivePropertyAccessor: ConversionService missing annotations on concrete implementations #23210
• Defensively register ReactiveReturnValueHandler for messaging methods #23207
• Raise log level when bean destruction fails #23200
• New OncePerRequestFilter behavior breaks RequestContextFilter on Jetty after sendError #23196
• SpringValidatorAdapter's ObjectError subclass is not Serializable #23181
• WebSocketHttpRequestHandler not writing headers after interceptor returns false #23179
• Reliable detection of user change from interceptor in StompSubProtocolHandler #23160
• Fixes issue with optional @RequestPart Mono argument being resolved to null instead of Mono.empty #23070

📔 Documentation

• Add Javadoc since for Jaxb2XmlDecoder(MimeType...) #23353
• Fix typo in webflux.adoc #23329
• Clarify use of MultipartBodyBuilder with RestTemplate #23295
• Improve documentation for @Autowired constructors #23263
• AbstractCacheManager.getCache() breaks contract of CacheManager.getCache() #23193
• PriorityOrdered Javadoc is misleading #23187
• Document that Ordered is not supported for @ControllerAdvice beans #23172
• Fix Jackson documentation broken links #23153
• Document how to specify Jackson JSON view serialization hints #23150
• HtmlUtils Javadoc refers to deprecated Apache Commons Lang #23122
• Docs for Spring MVC Test should cover async requests [SPR-15099] #19666

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​AndreasKl

... (truncated)

Commits

• b1171d8 Release version 5.1.9.RELEASE
• 7c2e2d4 Polishing
• d8e624e Consistent suppression of get/clearWarnings without target connection
• 762ea3e Document all remaining public methods on BeanDefinitionParserDelegate
• 871bb57 TransactionAwareDataSourceProxy locally handles get/clearWarnings call
• aebc485 MethodParameter.equals properly checks overridden containing class
• ea4f7d3 Deprecate logger field in HandlerMethodArgumentResolverComposite
• 438b40f Consistent ordering of WebClient.Builder methods
• 59064f0 Upgrade to Undertow 2.0.23 and Apache Johnzon 1.1.12
• 960079e Retain non-null HttpStatus return value in Client(Http)Response
• Additional commits viewable in compare view

Updates spring-oxm from 4.2.5.RELEASE to 5.1.9.RELEASE

Release notes

Sourced from spring-oxm's releases.

v5.1.9.RELEASE

⭐ New Features

• WebClient's retrieve doesn't support custom HTTP status code #23367
• Can't wrap a ClientResponse with a custom status code in a builder #23366
• Javadoc missing on some public BeanDefinitionParserDelegate methods #23349
• In contrast to the Javadoc, ServerHttpRequest.Builder implementation does not override headers #23333
• Hibernate Query.list() is not included in SharedEntityManagerCreator.queryTerminatingMethods set, causing database connection not to be unreleased when query is proxied #23248
• Exception while WebClient onStatus handler is applied leads to ByteBuf leak #23230
• Error signal not propagated if writeFunction in ChannelSendOperator fails immediately #23175
• PathPatternParser does not allow any non-Java characters in variables like "-" #23101

🪲 Bug Fixes

• MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #23352
• Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #23346
• Inconsistent use of getInterfaceMethodIfPossible for init method invocation #23323
• ResolvableType.forRawClass fails isAssignable against TypeVariable #23321
• ForwardedHeaderTransformer preserves escape sequences when applying X-Forwarded-Prefix #23305
• Accept header with trailing comma produces HTTP "406 Not Acceptable" #23241
• FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240
• SpEL ReflectivePropertyAccessor: ConversionService missing annotations on concrete implementations #23210
• Defensively register ReactiveReturnValueHandler for messaging methods #23207
• Raise log level when bean destruction fails #23200
• New OncePerRequestFilter behavior breaks RequestContextFilter on Jetty after sendError #23196
• SpringValidatorAdapter's ObjectError subclass is not Serializable #23181
• WebSocketHttpRequestHandler not writing headers after interceptor returns false #23179
• Reliable detection of user change from interceptor in StompSubProtocolHandler #23160
• Fixes issue with optional @RequestPart Mono argument being resolved to null instead of Mono.empty #23070

📔 Documentation

• Add Javadoc since for Jaxb2XmlDecoder(MimeType...) #23353
• Fix typo in webflux.adoc #23329
• Clarify use of MultipartBodyBuilder with RestTemplate #23295
• Improve documentation for @Autowired constructors #23263
• AbstractCacheManager.getCache() breaks contract of CacheManager.getCache() #23193
• PriorityOrdered Javadoc is misleading #23187
• Document that Ordered is not supported for @ControllerAdvice beans #23172
• Fix Jackson documentation broken links #23153
• Document how to specify Jackson JSON view serialization hints #23150
• HtmlUtils Javadoc refers to deprecated Apache Commons Lang #23122
• Docs for Spring MVC Test should cover async requests [SPR-15099] #19666

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​AndreasKl

... (truncated)

Commits

• b1171d8 Release version 5.1.9.RELEASE
• 7c2e2d4 Polishing
• d8e624e Consistent suppression of get/clearWarnings without target connection
• 762ea3e Document all remaining public methods on BeanDefinitionParserDelegate
• 871bb57 TransactionAwareDataSourceProxy locally handles get/clearWarnings call
• aebc485 MethodParameter.equals properly checks overridden containing class
• ea4f7d3 Deprecate logger field in HandlerMethodArgumentResolverComposite
• 438b40f Consistent ordering of WebClient.Builder methods
• 59064f0 Upgrade to Undertow 2.0.23 and Apache Johnzon 1.1.12
• 960079e Retain non-null HttpStatus return value in Client(Http)Response
• Additional commits viewable in compare view

Updates spring-test from 4.2.5.RELEASE to 5.1.9.RELEASE

Release notes

Sourced from spring-test's releases.

v5.1.9.RELEASE

⭐ New Features

• WebClient's retrieve doesn't support custom HTTP status code #23367
• Can't wrap a ClientResponse with a custom status code in a builder #23366
• Javadoc missing on some public BeanDefinitionParserDelegate methods #23349
• In contrast to the Javadoc, ServerHttpRequest.Builder implementation does not override headers #23333
• Hibernate Query.list() is not included in SharedEntityManagerCreator.queryTerminatingMethods set, causing database connection not to be unreleased when query is proxied #23248
• Exception while WebClient onStatus handler is applied leads to ByteBuf leak #23230
• Error signal not propagated if writeFunction in ChannelSendOperator fails immediately #23175
• PathPatternParser does not allow any non-Java characters in variables like "-" #23101

🪲 Bug Fixes

• MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #23352
• Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #23346
• Inconsistent use of getInterfaceMethodIfPossible for init method invocation #23323
• ResolvableType.forRawClass fails isAssignable against TypeVariable #23321
• ForwardedHeaderTransformer preserves escape sequences when applying X-Forwarded-Prefix #23305
• Accept header with trailing comma produces HTTP "406 Not Acceptable" #23241
• FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240
• SpEL ReflectivePropertyAccessor: ConversionService missing annotations on concrete implementations #23210
• Defensively register ReactiveReturnValueHandler for messaging methods #23207
• Raise log level when bean destruction fails #23200
• New OncePerRequestFilter behavior breaks RequestContextFilter on Jetty after sendError #23196
• SpringValidatorAdapter's ObjectError subclass is not Serializable #23181
• WebSocketHttpRequestHandler not writing headers after interceptor returns false #23179
• Reliable detection of user change from interceptor in StompSubProtocolHandler #23160
• Fixes issue with optional @RequestPart Mono argument being resolved to null instead of Mono.empty #23070

📔 Documentation

• Add Javadoc since for Jaxb2XmlDecoder(MimeType...) #23353
• Fix typo in webflux.adoc #23329
• Clarify use of MultipartBodyBuilder with RestTemplate #23295
• Improve documentation for @Autowired constructors #23263
• AbstractCacheManager.getCache() breaks contract of CacheManager.getCache() #23193
• PriorityOrdered Javadoc is misleading #23187
• Document that Ordered is not supported for @ControllerAdvice beans #23172
• Fix Jackson documentation broken links #23153
• Document how to specify Jackson JSON view serialization hints #23150
• HtmlUtils Javadoc refers to deprecated Apache Commons Lang #23122
• Docs for Spring MVC Test should cover async requests [SPR-15099] #19666

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​AndreasKl

... (truncated)

Commits

• b1171d8 Release version 5.1.9.RELEASE
• 7c2e2d4 Polishing
• d8e624e Consistent suppression of get/clearWarnings without target connection
• 762ea3e Document all remaining public methods on BeanDefinitionParserDelegate
• 871bb57 TransactionAwareDataSourceProxy locally handles get/clearWarnings call
• aebc485 MethodParameter.equals properly checks overridden containing class
• ea4f7d3 Deprecate logger field in HandlerMethodArgumentResolverComposite
• 438b40f Consistent ordering of WebClient.Builder methods
• 59064f0 Upgrade to Undertow 2.0.23 and Apache Johnzon 1.1.12
• 960079e Retain non-null HttpStatus return value in Client(Http)Response
• Additional commits viewable in compare view

Updates spring-tx from 4.2.5.RELEASE to 5.1.9.RELEASE

Release notes

Sourced from spring-tx's releases.

v5.1.9.RELEASE

⭐ New Features

• WebClient's retrieve doesn't support custom HTTP status code #23367
• Can't wrap a ClientResponse with a custom status code in a builder #23366
• Javadoc missing on some public BeanDefinitionParserDelegate methods #23349
• In contrast to the Javadoc, ServerHttpRequest.Builder implementation does not override headers #23333
• Hibernate Query.list() is not included in SharedEntityManagerCreator.queryTerminatingMethods set, causing database connection not to be unreleased when query is proxied #23248
• Exception while WebClient onStatus handler is applied leads to ByteBuf leak #23230
• Error signal not propagated if writeFunction in ChannelSendOperator fails immediately #23175
• PathPatternParser does not allow any non-Java characters in variables like "-" #23101

🪲 Bug Fixes

• MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #23352
• Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #23346
• Inconsistent use of getInterfaceMethodIfPossible for init method invocation #23323
• ResolvableType.forRawClass fails isAssignable against TypeVariable #23321
• ForwardedHeaderTransformer preserves escape sequences when applying X-Forwarded-Prefix #23305
• Accept header with trailing comma produces HTTP "406 Not Acceptable" #23241
• FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240
• SpEL ReflectivePropertyAccessor: ConversionService missing annotations on concrete implementations #23210
• Defensively register ReactiveReturnValueHandler for messaging methods #23207
• Raise log level when bean destruction fails #23200
• New OncePerRequestFilter behavior breaks RequestContextFilter on Jetty after sendError #23196
• SpringValidatorAdapter's ObjectError subclass is not Serializable #23181
• WebSocketHttpRequestHandler not writing headers after interceptor returns false #23179
• Reliable detection of user change from interceptor in StompSubProtocolHandler #23160
• Fixes issue with optional @RequestPart Mono argument being resolved to null instead of Mono.empty #23070

📔 Documentation

• Add Javadoc since for Jaxb2XmlDecoder(MimeType...) #23353
• Fix typo in webflux.adoc #23329
• Clarify use of MultipartBodyBuilder with RestTemplate #23295
• Improve documentation for @Autowired constructors #23263
• AbstractCacheManager.getCache() breaks contract of CacheManager.getCache() #23193
• PriorityOrdered Javadoc is misleading #23187
• Document that Ordered is not supported for @ControllerAdvice beans #23172
• Fix Jackson documentation broken links #23153
• Document how to specify Jackson JSON view serialization hints #23150
• HtmlUtils Javadoc refers to deprecated Apache Commons Lang #23122
• Docs for Spring MVC Test should cover async requests [SPR-15099] #19666

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​AndreasKl

... (truncated)

Commits

• b1171d8 Release version 5.1.9.RELEASE
• 7c2e2d4 Polishing
• d8e624e Consistent suppression of get/clearWarnings without target connection
• 762ea3e Document all remaining public methods on BeanDefinitionParserDelegate
• 871bb57 TransactionAwareDataSourceProxy locally handles get/clearWarnings call
• aebc485 MethodParameter.equals properly checks overridden containing class
• ea4f7d3 Deprecate logger field in HandlerMethodArgumentResolverComposite
• 438b40f Consistent ordering of WebClient.Builder methods
• 59064f0 Upgrade to Undertow 2.0.23 and Apache Johnzon 1.1.12
• 960079e Retain non-null HttpStatus return value in Client(Http)Response
• Additional commits viewable in compare view

Updates spring-web from 4.2.5.RELEASE to 5.1.9.RELEASE

Release notes

Sourced from spring-web's releases.

v5.1.9.RELEASE

⭐ New Features

• WebClient's retrieve doesn't support custom HTTP status code #23367
• Can't wrap a ClientResponse with a custom status code in a builder #23366
• Javadoc missing on some public BeanDefinitionParserDelegate methods #23349
• In contrast to the Javadoc, ServerHttpRequest.Builder implementation does not override headers #23333
• Hibernate Query.list() is not included in SharedEntityManagerCreator.queryTerminatingMethods set, causing database connection not to be unreleased when query is proxied #23248
• Exception while WebClient onStatus handler is applied leads to ByteBuf leak #23230
• Error signal not propagated if writeFunction in ChannelSendOperator fails immediately #23175
• PathPatternParser does not allow any non-Java characters in variables like "-" #23101

🪲 Bug Fixes

• MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #23352
• Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #23346
• Inconsistent use of getInterfaceMethodIfPossible for init method invocation #23323
• ResolvableType.forRawClass fails isAssignable against TypeVariable #23321
• ForwardedHeaderTransformer preserves escape sequences when applying X-Forwarded-Prefix #23305
• Accept header with trailing comma produces HTTP "406 Not Acceptable" #23241
• FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240
• SpEL ReflectivePropertyAccessor: ConversionService missing annotations on concrete implementations #23210
• Defensively register ReactiveReturnValueHandler for messaging methods #23207
• Raise log level when bean destruction fails #23200
• New OncePerRequestFilter behavior breaks RequestContextFilter on Jetty after sendError #23196
• SpringValidatorAdapter's ObjectError subclass is not Serializable #23181
• WebSocketHttpRequestHandler not writing headers after interceptor returns false #23179
• Reliable detection of user change from interceptor in StompSubProtocolHandler #23160
• Fixes issue with optional @RequestPart Mono argument being resolved to null instead of Mono.empty #23070

📔 Documentation

• Add Javadoc since for Jaxb2XmlDecoder(MimeType...) #23353
• Fix typo in webflux.adoc #23329
• Clarify use of MultipartBodyBuilder with RestTemplate #23295
• Improve documentation for @Autowired constructors #23263
• AbstractCacheManager.getCache() breaks contract of CacheManager.getCache() #23193
• PriorityOrdered Javadoc is misleading #23187
• Document that Ordered is not supported for @ControllerAdvice beans #23172
• Fix Jackson documentation broken links #23153
• Document how to specify Jackson JSON view serialization hints #23150
• HtmlUtils Javadoc refers to deprecated Apache Commons Lang #23122
• Docs for Spring MVC Test should cover async requests [SPR-15099] #19666

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​AndreasKl

... (truncated)

Commits

• b1171d8 Release version 5.1.9.RELEASE
• 7c2e2d4 Polishing
• d8e624e Consistent suppression of get/clearWarnings without target connection
• 762ea3e Document all remaining public methods on BeanDefinitionParserDelegate
• 871bb57 TransactionAwareDataSourceProxy locally handles get/clearWarnings call
• aebc485 MethodParameter.equals properly checks overridden containing class
• ea4f7d3 Deprecate logger field in HandlerMethodArgumentResolverComposite
• 438b40f Consistent ordering of WebClient.Builder methods
• 59064f0 Upgrade to Undertow 2.0.23 and Apache Johnzon 1.1.12
• 960079e Retain non-null HttpStatus return value in Client(Http)Response
• Additional commits viewable in compare view

Updates spring-webmvc from 4.2.5.RELEASE to 5.1.9.RELEASE

Release notes

Sourced from spring-webmvc's releases.

v5.1.9.RELEASE

⭐ New Features

• WebClient's retrieve doesn't support custom HTTP status code #23367
• Can't wrap a ClientResponse with a custom status code in a builder #23366
• Javadoc missing on some public BeanDefinitionParserDelegate methods #23349
• In contrast to the Javadoc, ServerHttpRequest.Builder implementation does not override headers #23333
• Hibernate Query.list() is not included in SharedEntityManagerCreator.queryTerminatingMethods set, causing database connection not to be unreleased when query is proxied #23248
• Exception while WebClient onStatus handler is applied leads to ByteBuf leak #23230
• Error signal not propagated if writeFunction in ChannelSendOperator fails immediately #23175
• PathPatternParser does not allow any non-Java characters in variables like "-" #23101

🪲 Bug Fixes

• MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #23352
• Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #23346
• Inconsistent use of getInterfaceMethodIfPossible for init method invocation #23323
• ResolvableType.forRawClass fails isAssignable against TypeVariable #23321
• ForwardedHeaderTransformer preserves escape sequences when applying X-Forwarded-Prefix #23305
• Accept header with trailing comma produces HTTP "406 Not Acceptable" #23241
• FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240
• SpEL ReflectivePropertyAccessor: ConversionService missing annotations on concrete implementations #23210
• Defensively register ReactiveReturnValueHandler for messaging methods #23207
• Raise log level when bean destruction fails #23200
• New OncePerRequestFilter behavior breaks RequestContextFilter on Jetty after sendError #23196
• SpringValidatorAdapter's ObjectError subclass is not Serializable #23181
• WebSocketHttpRequestHandler not writing headers after interceptor returns false #23179
• Reliable detection of user change from interceptor in StompSubProtocolHandler #23160
• Fixes issue with optional @RequestPart Mono argument being resolved to null instead of Mono.empty #23070

📔 Documentation

• Add Javadoc since for Jaxb2XmlDecoder(MimeType...) #23353
• Fix typo in webflux.adoc #23329
• Clarify use of MultipartBodyBuilder with RestTemplate #23295
• Improve documentation for @Autowired constructors #23263
• AbstractCacheManager.getCache() breaks contract of CacheManager.getCache() #23193
• PriorityOrdered Javadoc is misleading #23187
• Document that Ordered is not supported for @ControllerAdvice beans #23172
• Fix Jackson documentation broken links #23153
• Document how to specify Jackson JSON view serialization hints #23150
• HtmlUtils Javadoc refers to deprecated Apache Commons Lang #23122
• Docs for Spring MVC Test should cover async requests [SPR-15099] #19666

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​AndreasKl

... (truncated)

Commits

• b1171d8 Release version 5.1.9.RELEASE
• 7c2e2d4 Polishing
• d8e624e Consistent suppression of get/clearWarnings without target connection
• 762ea3e Document all remaining public methods on BeanDefinitionParserDelegate
• 871bb57 TransactionAwareDataSourceProxy locally handles get/clearWarnings call
• aebc485 MethodParameter.equals properly checks overridden containing class
• ea4f7d3 Deprecate logger field in HandlerMethodArgumentResolverComposite
• 438b40f Consistent ordering of WebClient.Builder methods
• 59064f0 Upgrade to Undertow 2.0.23 and Apache Johnzon 1.1.12
• 960079e Retain non-null HttpStatus return value in Client(Http)Response
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it). To ignore the version in this PR you can just close it
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.