fix(deps): update dependency org.springframework:spring-expression to v5 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework:spring-expression	4.3.30.RELEASE -> 5.3.39

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2022-22950

In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0.RELEASE - 5.2.19.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

CVE-2023-20861

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

CVE-2023-20863

In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial-of-service (DoS) condition.

CVE-2024-38808

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Older, unsupported versions are also affected.

Specifically, an application is vulnerable when the following is true:

• The application evaluates user-supplied SpEL expressions.

---

Release Notes

spring-projects/spring-framework (org.springframework:spring-expression)

v5.3.39

Compare Source

⭐ New Features

• SimpleEvaluationContext should disable array allocation #​33386

v5.3.38

Compare Source

⭐ New Features

• Efficient handling of conditional HTTP requests #​33378

🐞 Bug Fixes

• Fix incorrect weak ETag validation #​33377
• SimpleEvaluationContext does not enforce read-only semantics #​33320
• ConversionService cannot convert primitive array to Object[] #​33314
• SpEL Indexer silently ignores failure to set property as index #​33312
• Mockito mock falsely initialized as CGLIB proxy with AspectJ aspect #​33142
• "file:." cannot be resolved to java.nio.file.Path (and plain "." value resolves to classpath root) #​33140

📔 Documentation

• Typo in Annotation-driven Listener Endpoints section of Spring Framework documentation #​33052
• Container Extension Points section of Spring Framework documentation refers to the wrong property name #​33039
• Incorrect constructor details in the javadoc for ApplicationContextEvent #​33034

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.47 #​33322

v5.3.37

Compare Source

⭐ New Features

• AnnotationUtils performance degrades with deep stacks #​32923

🐞 Bug Fixes

• AspectJ CTW aspects executed twice #​32974
• SpEL compilation fails when indexing into a Map with a primitive #​32911
• SpEL compilation fails when indexing into an array or list with an Integer #​32909
• Application not starting with @EnableTransactionManagement(mode = AdviceMode.ASPECTJ) #​32885

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.45 #​33010

v5.3.36

Compare Source

🐞 Bug Fixes

• Overridden aspect method runs twice #​32868
• @DateTimeFormat(iso = DateTimeFormat.ISO.DATE\_TIME) cannot convert UTC without milliseconds to java.util.Date #​32860
• Spring AOP fails against registered @Configurable aspect #​32840

v5.3.35

Compare Source

⭐ New Features

• Accept ajc-compiled @Aspect classes for Spring AOP proxy usage #​32818

🐞 Bug Fixes

• DeferredQueryInvocationHandler fails to unwrap QuerySqmImpl class outside of transaction #​32770
• MergedAnnotations search does not find container for repeatable annotation #​32751
• AnnotationConfigWebApplicationContext should propagate ApplicationStartup to BeanFactory #​32749
• Ignore non-String keys in PropertiesPropertySource.getPropertyNames() #​32744
• "multiple subscribers not supported" when using WebClient exchange #​32728
• Deadlock/Stall in ConcurrentWebSocketSessionDecorator with Undertow 2.3.10 #​32698

📔 Documentation

• Correct documentation on streaming with MockMvcWebTestClient #​32723
• Update links to HttpOnly documentation at OWASP in ResponseCookie #​32668

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.44 #​32788

v5.3.34

Compare Source

⭐ New Features

• Log column type for limited support message in JdbcUtils.getResultSetValue #​32603
• Avoid additional unnecessary Annotation array cloning in TypeDescriptor #​32477
• Avoid cloning empty Annotation array in TypeDescriptor #​32466

🐞 Bug Fixes

• Refine scheme, userinfo, host and port parsing in UriComponentsBuilder #​32618
• MethodIntrospector.selectMethods() fails to detect bridge methods across ApplicationContexts #​32588
• JmsUtils.commitIfNecessary catches and ignores JMS IllegalStateException, losing message with ActiveMQ Artemis #​32480
• Consistently apply TaskDecorator to ManagedExecutorService as well #​32457

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.43 #​32594

v5.3.33

Compare Source

⭐ New Features

• Extract reusable method for URI validations #​32442
• Allow UriTemplate to be built with an empty template #​32438
• Refine *HttpMessageConverter#getContentLength return value null safety #​32332

🐞 Bug Fixes

• AopUtils.getMostSpecificMethod does not return original method for proxy-derived method anymore #​32369
• Better protect against concurrent error handling for async requests #​32342
• Restore Jetty 10 compatibility in JettyClientHttpResponse #​32337
• ContentCachingResponseWrapper no longer honors Content-Type and Content-Length #​32322

📔 Documentation

• Build KDoc against 5.3.x Spring Framework Javadoc #​32414

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.42 #​32422

v5.3.32

Compare Source

⭐ New Features

• Add CORS support for Private Network Access #​31974
• Avoid early getMostSpecificMethod resolution in CommonAnnotationBeanPostProcessor #​31969

🐞 Bug Fixes

• Consistent parsing of user information in UriComponentsBuilder #​32247
• QualifierAnnotationAutowireCandidateResolver.checkQualifier does identity checks when comparing arrays used as qualifier fields #​32108
• Guard against multiple body subscriptions in Jetty and JDK reactive responses #​32101
• Static resources caching issues with ShallowEtagHeaderFilter and Jetty caching directives #​32051
• ChannelSendOperator.WriteBarrier race condition in request(long) method leads to response being dropped #​32021
• Spring AOP does not propagate arguments for dynamic prototype-scoped advice #​31964
• MergedAnnotation swallows IllegalAccessException for attribute method #​31961
• CronTrigger hard-codes default ZoneId instead of participating in scheduler-wide Clock setup #​31950
• MergedAnnotations finds duplicate annotations on method in multi-level interface hierarchy #​31825
• PathEditor cannot handle absolute Windows paths with forward slashes #​31728
• Include Hibernate's Query.scroll() in SharedEntityManagerCreator's queryTerminatingMethods set #​31684
• TypeDescriptor does not check generics in equals method (for ConversionService caching) #​31674
• Slow SpEL performance due to method sorting in ReflectiveMethodResolver #​31665
• Jackson encoder releases resources in wrong order #​31657
• WebSocketMessageBrokerStats has null stats for stompSubProtocolHandler since 5.3.2 #​31642

📔 Documentation

• Document cron-vs-quartz parsing convention for dayOfWeek part in CronExpression #​32131

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.41 #​32276

v5.3.31

Compare Source

⭐ New Features

• Log4jLog needs to re-resolve ExtendedLogger on deserialization (for compatibility with Log4J 2.21) #​31583

🐞 Bug Fixes

• MessageBuilder#createMessage should not define the payload as @Nullable #​31611
• Avoid duplicate JAR resources in PathMatchingResourcePatternResolver on MS Windows #​31603
• Spring web integration commons fileupload receives files and other parameter uploads, with a null pointer #​31564
• Function column out doesn't resolve to SqlOutParameter #​31560
• Resolve to empty MultiValueMap when no matrix variables are provided #​31484
• BeanUtils.copyProperties() consumes large amount of memory #​31481
• CGLIB BeanCopier falls back to ClassLoader.defineClass for public target #​31436
• R2DBC Connection is closed during transaction when using TransactionAwareConnectionFactoryProxy #​31411
• HibernateJpaDialect and HibernateExceptionTranslator throw SQLExceptionTranslator-provided exception instead of returning it #​31410
• NamedParameterJdbcTemplate throws unexpected exception for null query #​31394
• LazyResolutionMessage does not implement proper toString #​31385
• Illegal reflective access in ContextOverridingClassLoader.isEligibleForOverriding #​31233

📔 Documentation

• Clarify documentation for @Transactional on interfaces #​31401
• Default behavior of BeanPropertyRowMapper.getColumnValue(ResultSet, int, Class) inconsistent with code #​31349
• Referencing a @Bean method in a @Configuration class' @PostConstruct method leads to circular reference #​31339
• Incorrect reference information about CGLIB supported method visibility #​31311

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.38 #​31584

v5.3.30

Compare Source

⭐ New Features

• Optimize ClassUtils#getMostSpecificMethod #​31100
• Optimize whitespace checks in StringUtils #​31069
• Align validation metadata handling in PayloadMethodArgumentResolver #​31056
• Register an override for an existing adapter in ReactiveAdapterRegistry #​31048
• Make bean initialization deterministic for multiple @Autowired methods on same bean class #​30994
• Performance bottlenecks while creating scoped bean instances #​30892

🐞 Bug Fixes

• Possible classloader leak through incomplete clearing of annotation caches #​31176
• Spring LogFactory implementation deviates from original Apache LogFactory in terms of abstract method declarations #​31167
• Bean injection fails due to nullSafeConciseToString() invoking isEmpty() on a Map/Collection proxy #​31156
• SpelExpressionParser throws IllegalStateException instead of ParseException for invalid expression #​31099
• @DynamicPropertySource in @Nested test class cannot override dynamic properties from enclosing class #​31085
• TransactionalApplicationListenerMethodAdapter should find @TransactionalEventListener on target class method #​31037
• ScheduledAnnotationBeanPostProcessor: graceful shutdown should not interrupt currently running jobs #​31020
• Permgen memory leak due to ClassInfo caching in java.beans.Introspector on JDK 11/17 #​31005
• MethodIntrospector.selectMethods(?) fails to find methods in case of special bridge method arrangement #​30907

📔 Documentation

• Fix documentation: Passing in Lists of Values for IN Clause does not work with JdbcTemplate #​31229
• Refine CORS documentation for wildcard processing #​31168
• Propagation REQUIRES_NEW may cause connection pool deadlock #​31040
• Clarify R2DBC ConnectionAccessor and DatabasePopulator exception declarations #​30933
• Doc: Avoid deadlock in @PostConstruct through SmartInitializingSingleton or ContextRefreshedEvent #​30889

v5.3.29

Compare Source

⭐ New Features

• Avoid illegal reflective access in ContextOverridingClassLoader.isEligibleForOverriding #​30868
• Improve diagnostics for CGLIB ClassLoader issues with shared classes in parent ClassLoader #​30866
• JdbcTemplate does not call handleWarnings in case of exception #​30852
• Tolerate AnnotationUtils.isCandidateClass call with null as annotation type #​30843
• Simplify DefaultSingletonBeanRegistry.isDependent() #​30841
• Provide explicit support for collections, maps, and arrays in ObjectUtils.nullSafeConciseToString() #​30811
• Extend list of supported types in ObjectUtils.nullSafeConciseToString() #​30806
• Align ConcurrentMapCacheManager locking behavior with CaffeineCacheManager #​30781
• ResolvableType.hasUnresolvableGenerics() should cache its result #​30715
• Ensure Spring LogFactory contains all public methods from Apache LogFactory #​30711
• Translate SQL Exception with State S0001 and Vendor Code 2628 to a Spring Exception in MSSQL 2019 #​30682

🐞 Bug Fixes

• For a prototype bean, if first-time rejected value is null, subsequent value will wrongly be null always #​30809
• Revert changes to toString() in FieldError #​30800
• Fix log level on error with @TransactionalEventListener #​30784
• SerializableTypeWrapper does not consistently catch InvocationTargetException #​30767
• NPE in MvcUriComponentsBuilder with no-arg target method on interface #​30757
• Jackson2ObjectMapperBuilder breaks when modules customizer follows modulesToInstall #​30752
• Spring ORM SpringBeanContainer when trying to create a bean fails with not found bean definition, and fallbacks to default hibernate bean creation #​30685

📔 Documentation

• ResultSet holdability into the View layer broken by Hibernate 5 #​30863
• Clarify ReactiveTransactionManager exception declarations #​30819
• Doc: JdbcTransactionManager vs DataSourceTransactionManager #​30814

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.34 #​30873

v5.3.28

Compare Source

⭐ New Features

• ClassLoader can be null in DeserializingConverter and should be annotated with @Nullable #​30672
• Performance optimization in AbstractBeanFactoryBasedTargetSource.hashCode() #​30585
• Consistent support for MultiValueMap and common Map implementations in CollectionFactory #​30441
• Reject null and empty SpEL expressions #​30373
• Introduce Environment.matchesProfiles() for profile expressions #​30226

🐞 Bug Fixes

• Change of behaviour for UUID in bean validation output in v5.3.27 #​30662
• Spring Framework 5.3.27 appears to cause issues in OSGi environment #​30637
• Inconsistent ProxyCallbackFilter#equals/hashCode methods in CglibAopProxy #​30616
• EclipseLinkJpaDialect: Unexpected default isolation levels #​30589
• ThreadLocalTargetSource does not include actual target bean name in NamedThreadLocal #​30586
• ApplicationListenerMethodAdapter inconsistently publishes events from CompletableFuture #​30584
• For @Bean method that returns null, @Autowired injects NullBean instead of null for cached arguments #​30551
• Make maximum SpEL expression length configurable #​30446
• Respect TaskDecorator configuration on DefaultManagedTaskExecutor #​30443

📔 Documentation

• Document which @Scheduled attributes support SpEL expressions #​30642
• FileSystemUtils::deleteRecursively Javadoc refers to File instead of Path #​30555

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.33 #​30656

v5.3.27

Compare Source

⭐ New Features

• Limit string concatenation in SpEL expressions #​30331
• Limit SpEL expression length #​30329
• Disable variable assignment in SimpleEvaluationContext #​30327
• Introduce StringUtils.truncate() #​30291
• Introduce ObjectUtils.nullSafeConciseToString() #​30287
• Make HttpComponentsHeadersAdapter#getFirst nullable #​30269

🐞 Bug Fixes

• Fix regression in ReactorServerHttpRequest related to IPV6 Zone id with "%" #​30314
• SSE breaks with indenting serializer in WebMvc.fn #​30302
• Increase max regex length in SpEL expressions #​30298
• NullPointerException on timeout in HttpComponentsClientHttpConnector when using Apache HttpComponents #​30246
• Wrong MockRestRequestMatchers.header() method in spring-test being invoked (JDK issue?) #​30235
• TypeNotPresentException: org/springframework/cglib/proxy/NoOp not present on Java 17 #​30228
• Refine generic type management in AbstractMessageWriterResultHandler #​30215
• MvcUriComponentsBuilder.fromMethodCall breaks for controller with CharSequence return type #​30212
• Handle all exceptions for stored proc output param retrieval in SharedEntityManagerCreator #​30164

📔 Documentation

• Fix @PathVariable reference documentation code snippets #​30258
• Fix example in Javadoc for @EnableWebSocket #​30187
• Fix anchor in link to "Web on Reactive Stack" chapter #​30163

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.31 #​30315

v5.3.26

Compare Source

⭐ New Features

• Improve diagnostics in SpEL for matches operator #​30145
• Improve diagnostics in SpEL for repeated text #​30143
• Increase scope of regex pattern cache for the SpEL matches operator #​30141
• Minor updates in HandlerMappingIntrospector #​30128
• Allow SnakeYaml 2.0 runtime compatibility #​30097
• Add missing @Nullable annotations to LogMessage.format methods #​30009
• ASM upgrade for JDK 20/21 support #​29966
• Allow MockRest to match header/queryParam value list with one Matcher #​29964
• Add MockMvc.multipart() Kotlin extensions with HttpMethod #​29941
• Release R2DBC connection when cleanup fails in transaction #​29925
• org.springframework.web.context.ContextLoader should lazily load ContextLoader.properties #​29909
• Improve generated default name for @JmsListener subscription #​29902
• Include all Hibernate query methods in SharedEntityManagerCreator's queryTerminatingMethods set #​29888
• SQL supplier in R2DBC DatabaseClient is eagerly invoked #​29887
• Spring Framework 5.3.x is incompatible with Jetty 10 (Client) #​29867
• Possible infinite forward loop with MockMvcWebConnection #​29866
• Refine Jackson2ObjectMapperBuilder#configureFeature exception handling #​29860
• Fix R2dbcTransactionManager debug log: don't log a Mono #​29824

🐞 Bug Fixes

• RequestedContentTypeResolver does not ignore quality factor when filtering */* media types #​30121
• SpEL: cannot call methods declared in java.lang.Object on a JDK proxy #​30118
• CaffeineCacheManager getCache method cause thread block #​30085
• Protect JMS connection creation against prepareConnection errors #​30051
• ReactorServerHttpRequest does not reflect forwarded host and port when forwarding-header-strategy=native or cloud platform detected #​29974
• WebSocket stats not updated correctly when sessions cleared #​29947
• Explicit target ClassLoader for interface-based proxies in MvcUriComponentsBuilder #​29914
• Closing an ApplicationContext leads to Exception at ExecutorServiceAdapter #​29908
• Invalid Accept header results in IllegalStateException #​29836
• JettyWebSocketCreator referenced from a method is not visible from class loader with Jetty10RequestUpgradeStrategy #​29256

📔 Documentation

• Fix minor spacings in webflux docs #​30095
• @AspectJ argument name resolution algorithm is outdated in reference manual #​30057
• Fix "Configuring a Global Date and Time Format" example #​30036
• Consistent @Bean method return type for equivalence with XML example #​29970
• Update @DynamicPropertySource examples regarding changes in Testcontainers #​29940
• Clarify semantics of primitivesDefaultedForNullValue in BeanPropertyRowMapper #​29926
• Clearly document that DataClassRowMapper supports Java records #​29922
• Outdated Javadoc for AbstractApplicationContext.postProcessBeanFactory #​29916

🔨 Dependency Upgrades

• Upgrade to Reactor Netty 2020.0.30 #​30116

v5.3.25

Compare Source

⭐ New Features

• JmsTemplate.convertAndSend throws NullPointerException during shutdown #​29719
• Optimize object creation in RequestMappingHandlerMapping#handleNoMatch #​29667
• Add title to SockJS iFrames for accessibility compliance #​29596

🐞 Bug Fixes

• ResourceHandlers cannot resolve static resources with certain wildcard patterns #​29716
• AnnotatedElementUtils.findMergedRepeatableAnnotations does not fetch results when other attributes exist for container annotation #​29686
• BeanWrapperImpl NPE in setWrappedInstance after invoking getPropertyValue (with SimpleBeanInfoFactory) #​29684
• SpEL ConstructorReference does not generate AST representation of arrays #​29666
• SpEL: Two double quotes are replaced by one double quote in single quoted String literal (and vice versa) #​29653
• SpEL string literal misses single quotation marks in toStringAST() #​29652
• 500 error from WebFlux when parsing Content-Type leads to InvalidMediaTypeException #​29637
• WebMvcConfigurationSupport should not catch Throwable for SourceHttpMessageConverter #​29537

📔 Documentation

• Update Jakarta Mail info in ref docs #​29708
• Improve documentation for literals in SpEL expressions #​29701
• Fix some typos in Kotlin WebClient example code #​29542
• Fix link to Bean Utils Light Library in BeanUtils Javadoc #​29536
• Fix link to WebFlux section in reference manual #​29526
• Link to Spring WebFlux section is broken #​29517

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.27 #​29798

v5.3.24

Compare Source

⭐ New Features

• Avoid reflection for annotation method invocations #​29448
• Avoid unnecessary allocations in StompDecoder#unescape #​29443
• Avoid String allocations in MediaType.checkParameters #​29428
• Reduce allocations caused by producible media types #​29412
• Provide optional SimpleBeanInfoFactory for better introspection performance in 5.3.x #​29330
• Filter out null WebSocket session attributes #​29315
• Introduce TestSocketUtils as a replacement for SocketUtils #​29132
• Avoid Commons Logging API for using LoggingCacheErrorHandler with a custom logger #​28678

🐞 Bug Fixes

• Missing SessionFactory property (filter AutoCloseable from PropertyDescriptors) #​29480
• SpEL ternary and Elvis expressions are missing enclosing parentheses in toStringAST() #​29463
• If-Unmodified-Since header check removes Last-Modified and Etag headers from response, even if condition passes #​29362
• Annotation searches fail for non-public repeatable annotations #​29301
• AbstractBeanFactory's interaction with BeanPostProcessorCacheAwareList is not fully thread-safe #​29299
• WebTestClient cannot assert custom HTTP status code #​29283
• Body token not expected error when trying to upload a large multipart file #​29227
• Avoid resizing of Maps created by CollectionUtils #​29190
• DefaultWebClient logging sensitive information in URI #​29148
• Fix SimpleMailMessage nullability annotations #​29139
• Webflux fails to apply the rule for controller methods returning void to kotlin suspend functions returning Unit #​27629
• Resource.isFile() return true when the resource path actually not exists #​26707
• AnnotatedElementUtils does not find merged repeatable annotations on other repeatable annotations #​20279

📔 Documentation

• Fix two typos in integration.adoc and webflux.adoc #​29469
• Fix typo: "as describe in" -> "as described in" #​29393
• Fix typos #​29364
• Correct documentation for "other return values" from a web controller method #​29349
• Document how to use WebJars without webjars-locator-core dependency #​29322
• Update RestTemplate Javadoc with regards to setting interceptors on startup vs at runtime #​29311
• Document how to switch to the default set of TestExecutionListeners #​29281
• Document limitation of AopTestUtils.getUltimateTargetObject() regarding non-static TargetSource #​29276
• Fix typo in WebSocket reference doc regarding subscription header #​29228
• Fix MockMvc sample setup #​29201

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.25 #​29464

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​sangmin7648
• @​izeye
• @​dreis2211
• @​catmug
• @​inabajunmr
• @​iamgd67
• @​davidcostanzo
• @​jprinet
• @​stgerhardt
• @​onobc
• @​vpavic

v5.3.23

Compare Source

⭐ New Features

• Introduce AnnotationUtils.isSynthesizedAnnotation(Annotation) #​29054
• Introduce createContext() factory method in AbstractGenericWebContextLoader #​28983
• Support TreeSet collection type in CollectionFactory.createCollection() without using reflection #​28949
• Document when RequestEntity.getUrl() throws an UnsupportedOperationException #​28930
• Deprecate NestedIOException #​28929
• Make isConnected() in WebSocketConnectionManager public #​28785
• Expose headers from STOMP RECEIPT frame to registered callbacks #​28715
• Make WebClientException serializable #​28321

🐞 Bug Fixes

• Ordering inconsistency with beans defined in parent context #​29105
• RelativeRedirectResponseWrapper does not commit response in sendRedirect #​29050
• MockServerContainerContextCustomizerFactory does not support @Nested tests #​29037
• Request to improve KotlinSerializationJsonHttpMessageConverter logic in RestTemplate #​29008
• WebFlux: multipart requests hang sometimes #​28963
• DataBufferUtils.write(Publisher, Path) loses context #​28933
• connectionTimeOut and readTimeout not working on UrlResource #​28909
• SockJsServiceRegistration#setSupressCors has a typo and should be deprecated #​28853
• RenderingResponse does not set status code on redirect views #​28839
• Avoid IllegalArgumentException when setting WebSocket error status #​28836
• Loss of context path after using ServerRequest.from #​28820
• ResponseCookie does not declare nullability annotations consistently for domain and path #​28780

📔 Documentation

• Fix typo in data-access section #​29048
• Correct description of @RequestParam with WebFlux #​28944
• Fix broken kdoc-api links in kotlin.adoc #​28908
• Fix typos in Javadoc of class AbstractEncoder #​28885
• Fix links in Javadoc and reference docs #​28876
• Add missing closing parenthesis in reference doc #​28867
• Fix typos in Javadoc, reference docs, and code #​28822
• Replace use of the <tt> HTML tag in Javadoc #​28819
• Fix broken link in rsocket documentation #​28817
• Clarify docs on JNDI properties in Servlet environment #​28488
• Improve documentation of Caching annotations #​28183

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.23 #​29129

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​boahc077
• @​1993heqiang
• @​luvarqpp
• @​arend-von-reinersdorff
• @​jensdietrich
• @​wilkinsona
• @​npriebe
• @​vpavic
• @​jupiterhub
• @​izeye
• @​napstr
• @​marcwrobel
• @​arvyy
• @​jbotuck
• @​chanhyeong
• @​yuezk
• @​edfeff
• @​adrianbob
• @​FlorianKirmaier
• @​meloning

v5.3.22

Compare Source

⭐ New Features

• Improve regex "." matching for URL paths #​28815
• Spring JDBC does not recognize LocalDate and LocalDateTime in javaType to sqlType Mapping #​28778
• ResolvableType.forInstance should return NONE for null instance #​28776
• Correctly identify MaxUploadSizeExceededException through keywords in message from Jetty 9.4.x #​28759
• Introduce StringUtils.trimAllWhitespace(CharSequence) #​28757
• Trim string input in Converters where whitespace is irrelevant #​28756
• Trim string input in PropertyEditors where whitespace is irrelevant #​28755
• Improve diagnostics for CGLIB ClassLoader issues on Java 9+ #​28747
• Create well-known non-interface types in CollectionFactory without using reflection #​28718
• Revise internals of LoggingCacheErrorHandler #​28672
• Simplify creation of LoggingCacheErrorHandler with logged stacktrace #​28670
• Fix DataSourceUtils inconsistent exception handling #​28669
• Introduce lenient parsing in DataSize regarding whitespace #​28643
• Support adding rather than replacing modules in Jackson2ObjectMapperBuilder #​28633
• Add `MockMvcRequestBuilders.multipart(Ht

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.