Update dependency org.springframework:spring-context to v5.1.0.RC1 - autoclosed

[mend-for-jackfan.us.kg]

This PR contains the following updates:

Package	Update	Change
org.springframework:spring-context	minor	5.0.0.RELEASE -> 5.1.0.RC1

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	7.5	CVE-2018-1272	#80
Medium	6.5	CVE-2022-22950	#501
Medium	5.3	CVE-2018-1199	#134
Medium	4.3	CVE-2021-22096	#464

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	9.8	CVE-2022-22965	#504

---

Release Notes

spring-projects/spring-framework

v5.1.0.RC1

⭐ New Features

• Introduce ResolvableType.toClass() shortcut [SPR-17086] #​21623
• Programmatic ObjectProvider retrieval through BeanFactory API [SPR-17075] #​21613
• Avoid repeated factory class introspection in AbstractAutowireCapableBeanFactory [SPR-17071] #​21609
• Revise ResolvableType.as for introspection performance (limiting serializability) [SPR-17070] #​21608
• Support running Kotlin Spring apps without kotlin-reflect.jar [SPR-17069] #​21607
• Use available type information in functional bean definitions for resolving FactoryBean type [SPR-17063] #​21601
• Support for null bean in functional bean registration [SPR-17057] #​21595
• WebSession/WebSessionStore API are silent on saving a session that may have been invalidated [SPR-17051] #​21589
• Hibernate 5: restore ability to inject "cacheRegionFactory" of LocalSessionFactoryBean [SPR-17043] #​21581
• Support stricter encoding of URI variables in UriComponents [SPR-17039] #​21577
• Consistent non-exposure of null beans in the BeanFactory API [SPR-17034] #​21572
• Publicly expose ResolvableType in RootBeanDefinition [SPR-17028] #​21566
• Evaluate @Cacheable(condition) once per method invocation only [SPR-17024] #​21562
• Revise ClassUtils.isPresent for exposing resolution exceptions in jlinked modules [SPR-17018] #​21556
• Add ServerResponse extensions for json, xml and html [SPR-17017] #​21555
• HibernateJpaDialect cannot translate JDBCException to custom DataAccessException [SPR-17015] #​21553
• Avoid ServerResponse static imports in WebFlux router DSL [SPR-17009] #​21547
• RestTemplate (and probably server side as well) should be able to bootstrap itself if com.sun.org.apache.xalan.* is not available [SPR-17007] #​21545
• DefaultParameterNameDiscoverer should automatically adapt to Graal constraints [SPR-17005] #​21543
• LocalSessionFactoryBean and HibernateTransactionManager for JPA EntityManagerFactory setup [SPR-17002] #​21540
• Perform explicit class checks in ReactiveAdapterRegistry [SPR-17000] #​21538
• Create HttpHeaders.setBearerAuth(String) [SPR-16997] #​21535
• Support platforms where Class is not Serializable in SerializableTypeWrapper [SPR-16992] #​21530
• Add MockClientHttpRequest.getBodyAsString [SPR-16988] #​21526
• AspectJ aspect for @javax.transaction.Transactional is not initialised by default [SPR-16987] #​21525
• Throw a specific exception when an attempt to override a bean definition is rejected [SPR-16982] #​21520
• Provide more control for setting the secure flag on the session cookie [SPR-16980] #​21518
• Spring context indexer is not designed for the Java 9 module path [SPR-16979] #​21517
• CachedIntrospectionResults should build complete descriptor for setter/getter across interface hierarchy [SPR-16978] #​21516
• StandardServletMultipartResolver should support also HTTP PUT method [SPR-16975] #​21513
• Resolved ApplicationListener event type should get cached [SPR-16970] #​21508
• SpringClassRule does not support the Arquillian MethodRuleChain [SPR-16967] #​21505
• Propagate read-only status to Hibernate Session through setDefaultReadOnly [SPR-16956] #​21494
• Create DSL for RouterFunction and RouterFunctions [SPR-16953] #​21491
• Improve logging for development (DEBUG vs TRACE) [SPR-16946] #​21485
• LinkedCaseInsensitiveMap should explicitly implement putIfAbsent and computeIfAbsent [SPR-16926] #​21465
• FilePart.transferTo should accept java.nio.file.Path [SPR-16925] #​21464
• Provide getter to expose the DispatcherServlet instance used in MockMvc [SPR-16924] #​21463
• Optimize AbstractAutowireCapableBeanFactory.populateBean(String, RootBeanDefinition, BeanWrapper) to avoid redundant Java Bean introspection [SPR-16918] #​21457
• Create HttpHeaders.setBasicAuth(String username, String password) [SPR-16913] #​21452
• Improve generic warnings when implementing BodyExtractor [SPR-16909] #​21448
• Introduce Stream support in PropertySources and PropertyValues [SPR-16894] #​21433
• Enable use of both @SendTo and @SendToUser on the same method [SPR-16891] #​21430
• MethodParameter needs to apply tighter assertions [SPR-16889] #​21428
• Revisit PropertyResolver Kotlin extensions [SPR-16883] #​21422
• Subclass-resolved generic return type declarations for handler methods [SPR-16877] #​21416
• Support for form parameters with HTTP DELETE [SPR-16874] #​21413
• WebClient.Builder option to customize every request [SPR-16873] #​21412
• Process X-Forwarded-Ssl headers properly [SPR-16863] #​21402
• Make FormHttpMessageWriter easier to extend [SPR-16855] #​21395
• No type-based error code used by immutable form class when type conversion error occurs [SPR-16854] #​21394
• Java 9: Avoid illegal reflective access warning for SpEL method reference [SPR-16845] #​21385
• Validation failure not exposed next to binding failure for immutable form class [SPR-16841] #​21381
• @DateTimeFormat annotations are necessary both on field and constructor parameter in the immutable form class [SPR-16840] #​21380
• A lite configuration class's member classes are processed when it's imported but not when it's registered directly [SPR-16839] #​21379
• PathMatchingResourcePatternResolver should enforce OS-independent sorting of directory content [SPR-16838] #​21378
• Extending ScheduledTaskRegistrar functionality [SPR-16834] #​21374
• java.nio.file.Path support in FileSystemResource (with regular createRelative behavior, superseding PathResource) [SPR-16833] #​21373
• ClassPathResource.isReadable() returns true for directory in runnable jar result in download empty file [SPR-16832] #​21372
• Apply Hibernate Integrator through LocalSessionFactoryBean [SPR-16828] #​21368
• Improve handling of unknown status codes by WebClient [SPR-16819] #​21359
• Support use of MultipartFile as input to RestTemplate or WebClient [SPR-16808] #​21348
• Improve UnsupportedMediaTypeException and UnsupportedMediaTypeStatusException to include body type [SPR-16805] #​21345
• WebClient support application/x-www-form-urlencoded by default [SPR-16804] #​21344
• Webflux: Default Resource as fallback for non-existing resources [SPR-16788] #​21328
• MockServerWebExchange should allow setting a WebSession [SPR-16772] #​21312
• Provide XML-based assertions in WebTestClient [SPR-16741] #​21282
• WebTestClient does not provide Hamcrest Matcher assertions for JSONPath [SPR-16729] #​21270
• Provide simple way to create ServerRequest [SPR-16706] #​21247
• CookieLocaleResolver is not RFC6265 compliant when setting a locale and time zone [SPR-16700] #​21241
• Document HttpClient connection socket timeout behavior for CONNECT and SSL connections [SPR-16697] #​21238
• Closing a MockHttpServletResponse's PrintWriter does not commit the response [SPR-16683] #​21224
• getRemoteAddress in ServerRequest [SPR-16681] #​21222
• @RequestMethod with "params" doesn't distinguish whether a value is specified or not [SPR-16674] #​21215
• Support use of reactive clients in @MessageMapping methods [SPR-16634] #​21175
• @RequestPart in WebFlux does not support List of parts [SPR-16621] #​21162
• Raise error if both @EnableWebMvc and @EnableWebFlux used [SPR-16609] #​21150
• MultipartHttpServletRequest.getParameterValues does not merge values from query string and body [SPR-16590] #​21132
• Allow spring-jcl to be found by Commons Logging's service discovery [SPR-16585] #​21127
• JdbcTemplate.queryForMap should return first value of equally named columns [SPR-16578] #​21120
• Introduce consumeWith() methods in WebTestClient assertions [SPR-16574] #​21116
• Make SubProtocolWebSocketHandler connection timeout configurable [SPR-16531] #​21074
• HTTP OPTIONS response for @RequestMapping should contain OPTIONS consistently [SPR-16513] #​21056
• MockHttpServletRequest.getReader, getInputStream should each return the same object on repeat calls [SPR-16505] #​21048
• MockHttpServletRequest shouldn't allow calls to both getReader and getInputStream [SPR-16499] #​21042
• Add SAP HANA to common JPA database platforms [SPR-16460] #​21005
• CookieWebSessionIdResolver should leverage SameSite Cookie Attribute [SPR-16418] #​20964
• Support varargs for expectations in MockMvc [SPR-16417] #​20963
• Ability to access Environment in the beans element of the Kotlin bean definition DSL [SPR-16412] #​20958
• Jackson: Add visibility properties to Jackson2ObjectMapperBuilder [SPR-16411] #​20957
• Support for serving Brotli encoded, static resources [SPR-16381] #​20927
• Ability to provide an external base path for controllers [SPR-16336] #​20883
• @RequestMapping produces condition should not impact error responses [SPR-16318] #​20865
• Support Hibernate 5.3's ManagedBeanRegistry for dependency injection [SPR-16305] #​20852
• Support for Hibernate ORM 5.3 [SPR-16303] #​20850
• Kotlin bean definition DSL should provide access to getBeansOfType() [SPR-16269] #​20816
• WebSocket in WebFlux stack doesn't support Session Attributes [SPR-16212] #​20760
• Support for autowire-candidate with @Bean [SPR-16204] #​20752
• WebSocketConfigurationSupport.defaultSockJsTaskScheduler adds NoOpScheduler to context that is not usable in any way [SPR-16189] #​20737
• Provide an Apache Commons Logging's LogFactory provider in spring-jcl to support WebSphere's Parent-First classloader [SPR-15903] #​20457
• MethodHandles.Lookup.defineClass for CGLIB class definition purposes [SPR-15859] #​20414
• Support Protobuf serialization in WebFlux [SPR-15776] #​20331
• improve performance of ContentCachingRequestWrapper [SPR-15762] #​20317
• Pass input message to HttpMessageNotReadableException for better logging [SPR-15588] #​20147
• Accept empty Collection injection for single constructor scenarios [SPR-15338] #​19901
• Jetty HTTP client integration with WebClient [SPR-15092] #​19658
• Specific exceptions for missing request headers, cookies, etc [SPR-14818] #​19384
• Preserve order of broker messages [SPR-13989] #​18562
• Support AND operator in @Profile annotation [SPR-12458] #​17063
• @PathVariable & @MatrixVariable do not work as documented when "=" is in the path variable value part (pre ";") [SPR-11897] #​16516
• ObjectProvider iterable/stream access for "beans of type" resolution in @Bean methods [SPR-11419] #​16046
• Enable REST controller method parameter annotations on an interface [SPR-11055] #​15682
• Add static factory methods to RequestCallback and ResponseExtractor [SPR-8604] #​13247

🪲 Bug Fixes

• ClientResponse's body ignored on UnsupportedMediaTypeException [SPR-17054] #​21592
• org.springframework.orm.hibernate5.SpringBeanContainer ignores the fallback bean instance producer [SPR-17010] #​21548
• AbstractMessageConverterMethodProcessor doesn't respect already handled headers and result-codes [SPR-16921] #​21460
• Spring Boot DevTools on 5.1 fails with java.lang.LinkageError: loader attempted duplicate class definition [SPR-16902] #​21441
• RestTemplate adds duplicate accept header information [SPR-16690] #​21231

📔 Documentation

• Create wiki page on debug/trace logging [SPR-16954] #​21492

v5.0.20.RELEASE

⭐ New Features

• ContentCachingResponseWrapper should not add “Content-Length” when “Transfer-Encoding” is present #​26193
• Inefficient request handling inside ServletRequestDataBinder #​26006
• Avoid creation of unused logger instance in AbstractMediaTypeExpression #​25903

🪲 Bug Fixes

• Remove duplicate "property" in PropertyCacheKey.toString() #​26244
• UrlPathHelper#removeJsessionid doesn't remove the jsessionid from the URL #​26085
• LinkedMultiValueMap downstream issue with MultiValueMapAdapter package private base class #​25962
• Wrong type inference in Kotlin while overriding RequestMappingHandlerMapping#getMappingForMethod #​25873
• ClassCastException when wiring bean using method injection (NullBean instead of 'null') #​25870
• jsessionid breaks request mappings when removeSemicolonContent is turned off #​25868

📔 Documentation

• DateTimeFormat ISO.DATE_TIME javadoc contains misleading default note #​26137
• Incorrect example in javadocs of Assert.notNull(object, messageSupplier) #​25871

v5.0.19.RELEASE

⭐ New Features

• PropertiesLoaderSupport should ignore socket/connect exceptions as well #​25721
• Possible optimization in UrlResource #​25551
• Refine use of substring operations #​25514

🪲 Bug Fixes

• FileUrlResource isWritable method returns true if URL protocol is not indicating a file #​25740
• VerifyErrors when using SpEL compilation with Thymeleaf when invoking a default method defined in an interface #​25712
• CallMetaDataContext.reconcileParameters overwrites cursor name #​25709
• SQLErrorCodesFactory.getErrorCodes(DataSource) returns empty error codes if access to transactional connection fails #​25693
• Joda-Time presence check fails to detect Joda-Time 2.x specifically #​25659
• Potential integer overflow in AbstractResourceBasedMessageSource.setCacheSeconds(int) #​25643
• Lazy dependency proxy does not populate bean dependencies #​25564
• StaticListableBeanFactory.isSingleton() returns false for singleton beans #​25524
• MockHttpServletResponse reset() does not reset charset field #​25511

📔 Documentation

• Document how to specify Jackson JSON view serialization hints with @RestController and Webflux #​25705
• Prevent confusion about build(boolean) method in UriComponentsBuilder #​25702

v5.0.18.RELEASE

⭐ New Features

• Defer creating logger in StandardWebSocketHandlerAdapter #​25434
• Missing null checks in AbstractMessageChannel.addInterceptor/setInterceptors #​25220
• Avoid full synchronization in AbstractRefreshableApplicationContext.getBeanFactory() since it can lead to massive thread blocking #​25218

🪲 Bug fixes

• UriComponentsBuilder.cloneBuilder() cause sharing query parameters between builders #​25425
• DefaultListableBeanFactory.getBean(Class) may throw NoSuchBeanDefinitionException when removeBeanDefinition is being called simultaneously to remove an unrelated bean #​25422
• Oracle LOB segments holding TEMP space after executing SP using SimpleJdbcCall with SqlParameterSource #​25418
• NoRollbackFor rule causes TransactionAspectSupport to log unwarranted "exception overridden" error on WebSphere #​25268
• The AbstractTemplateViewResolver class is not abstract #​25242
• MultiValueMapAdapter.getFirst fails with IndexOutOfBoundsException in case of empty List #​25226
• WebSphereUowTransactionManager causes exception for PROPAGATION_SUPPORTS when timeout is specified #​25224
• Avoid ClassCastException on IllegalArgumentException when invoking sync get cache method #​25222

📔 Documentation

• Clarify enforceInitMethod/enforceDestroyMethod default values in AbstractBeanDefinition #​25404
• Document exception handling limitations in TaskDecorator implementations (specifically for ThreadPoolTaskExecutor#submit) #​25234

v5.0.17.RELEASE

⭐ New Features

• Honor overridden AcceptHeaderLocaleContextResolver.getDefaultLocale() #​24877
• Consistent ROLE_INFRASTRUCTURE declarations for internal configuration classes #​24515

🪲 Bug Fixes

• MockHttpServletRequest should not strip brackets from IPV6 address supplied via Host header #​24918
• Connection created by SingleConnectionDataSource with suppressClose=true always returns isClosed=false even if the target connection is closed #​24859
• DefaultListableBeanFactory.getBean(Class) throws NoSuchBeanDefinitionException on existing bean if getBean(Class) previously tried before registration #​24856
• Recursively copy directory with symbolic link #​24827
• Using UriComponentsBuilder.cloneBuilder does not copy uriVariables #​24780
• Missing nullability declarations for package web.socket.server.jetty #​24751
• MediaTypeNotSupportedStatusException seems unused #​24749
• addCandidateComponentsFromIndex should create ScannedGenericBeanDefinitions #​24640
• Cycle in LogAdapter.Log4jLog initialization within log appender #​24451

📔 Documentation

• Update advice on RestTemplate #​24504

v5.0.16.RELEASE

⭐ New Features

• Cache result of String.getBytes() in ExtendedBeanInfo.PropertyDescriptorComparator #​24109
• Avoid substring allocation in StringUtils.replace #​24025
• Support for new MySQL 8 error code 3572 #​23974

🪲 Bug Fixes

• Unsafe double-checked locking in SpelExpression#compileExpression #​24307
• Escape quotes in filename in ContentDisposition.Builder when charset not specified #​24230
• SqlRowSet accessor methods should be marked @Nullable #​24045
• Allow schemaZip Gradle task to execute on MS Windows #​23988
• Bean definition override leads to NPE due to inconsistent equality check #​23709
• Fix DefaultListableBeanFactory#copyConfigurationFrom #​23708
• Synchronized blocks in MethodOverrides are hurting concurrency #​23707

📔 Documentation

• TypeDescriptor#getElementTypeDescriptor does not throw IllegalStateException anymore #​23998
• Correct Javadoc for WebMvcConfigurer#addInterceptors #​23926

v5.0.15.RELEASE

⭐ New Features

• Javadoc missing on some public BeanDefinitionParserDelegate methods #​23398
• Thread-safe removal of destruction callbacks in web scopes #​23118
• Guard against ConcurrentModificationExceptions in the systemProperties PropertySource #​23112
• Avoid expensive assertions in web resource resolution #​22964

🪲 Bug Fixes

• Session.close() accidentally triggers creation of TransactionAwareDataSourceProxy Connection #​23396
• MethodParameter.equals is too coarse-grained for its use in HandlerMethodArgumentResolverComposite #​23386
• ResolvableType.forRawClass fails isAssignable against TypeVariable #​23322
• FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #​23245
• MappingMediaTypeFileExtensionResolver ConcurrentModificationException #​23113
• Fix MockHttpServletRequest.setCookies to produce single Cookie header #​23085
• Fix ScriptUtils for MS Windows line ending #​23027

📔 Documentation

• Improve documentation for @Autowired constructors #​23309
• Document that Ordered is not supported for @ControllerAdvice beans #​23173
• Reintroduce author list and copyright notice #​23080
• spring-mvc.xsd stale-if-error attribute documentation incorrect #​23000
• AbstractBeanDefinition.getBeanClass() javadoc misleads about returning null #​22966

v5.0.14.RELEASE

⭐ New Features

• Avoid expensive assertions in HttpRange #​22746

🪲 Bug Fixes

• Consistent handling of empty List entries in LinkedMultiValueMap #​22913
• EL1072E when evaluating compiled comparison expression #​22879
• ResourceUrlEncodingFilter throws StringIndexOutOfBoundsException when %ED%B6 is in the URL path #​22863
• Jackson2ObjectMapperBuilder prevents the registration of multiple modules with a null typeId #​22763

v5.0.13.RELEASE

⭐ New Features

• Revisit XML schema handling for consistent local vs external resolution #​22529
• JdbcTemplate.extractOutputParameters should preserve order of parameters #​22493
• Avoid duplicate call to findAnnotations in DefaultListableBeanFactory.findAnnotationOnBean #​22355

🪲 Bug Fixes

• Avoid duplicate registration of @ControllerAdvice implementing both RequestBodyAdvice and ResponseBodyAdvice #​22684
• Locale inconsistently resolves to null for invalid input value #​22658
• Jackson2ObjectMapperBuilder's modulesToInstall function does not eventually override the default configuration #​22625
• Last-Modified Date format changed with SPR-17571 to not have double digit day #​22611
• ServletWebRequest.getHeaderValues throwing NPE when header information is not available #​22550
• Events extending from PayloadApplicationEvent and implementing an interface fail to match @EventListener argument #​22470
• AbstractTraceInterceptor causes problems when implemented in Kotlin #​22456
• DefaultConversionService fails to properly convert an Object[] to a int[] #​22414
• IllegalArgumentException when overriding empty 'excludeFilters' array on @ComponentScan #​22407
• RestTemplate adds duplicate accept header information [SPR-16690] #​22401
• @Transactional beans not getting proxied when being initialized during failed circular reference attempt #​22377
• ApplicationContext.refresh() causes stale listeners to be added to ApplicationEventMulticaster #​22374
• ApplicationListenerMethodAdapter does not find @Ordered annotation for dynamic proxies #​22353

📔 Documentation

• Update documentation for WebJar support #​22615
• Spring MVC documentation has incorrect WebFlux reference #​22380

v5.0.12.RELEASE

⭐ New Features

• NettyDataBufferFactory.join should return original buffer as-is in case of a single element (for compatibility with Netty 4.1.32) [SPR-17560] #​22092

🪲 Bug Fixes

• 'default-lazy-init' attribute is not processed when XSD validation is disabled [SPR-8335] #​12983
• Spring JavaMailSenderImpl does not show proper message when recipient list is empty [SPR-17540] #​22072
• Potential resource leak in DataSourceUtils.doGetConnection [SPR-17559] #​22091
• SpEL variable evaluation fails with NPE against ConcurrentHashMap [SPR-17565] #​22097
• MockHttpServletRequest changes Accept-Language header values [SPR-17566] #​22098
• Exporting a lazily initialized bean (which implements SelfNaming and is annotated with ManagedResource annotation) gives IllegalStateException [SPR-17592] #​22124
• SpEL, error parsing big InlineMap [SPR-17605] #​22137
• @Value Optional<...> field injection fails in case of registered ConversionService [SPR-17607] #​22139
• ChannelSendOperator does not propagate cancel signal to the server [SPR-17609] #​22141
• Cannot convert from Collection to RegularEnumSet [SPR-17619] #​22151
• MockMvcResultMatchers.forwardedUrl argument is not declared as nullable [SPR-17623] #​22155
• UriComponentsBuilder.toUriString() is broken [SPR-17630] #​22161

📔 Documentation

• Error in reference documentation sentence in part 1.8.1. Customizing Beans by Using a BeanPostProcessor [SPR-17556] #​22088
• Typo in SpEL Evaluation Context Sample [SPR-17581] #​22113

v5.0.11.RELEASE

⭐ New Features

• SpringFactoriesLoader should tolerate whitespace [SPR-17413] #​21946
• StandardEvaluationContext does not support concurrent variable access [SPR-17448] #​21980
• The onstatus method of webclient causes a memory leak. [SPR-17473] #​22005
• Expose mapped handler as request attribute in spring-webmvc [SPR-17518] #​22050
• Enforce use of unpooled data buffers for WebFlux on 5.0.x [SPR-17501] #​22033

🪲 Bug Fixes

• Unable to use Kotlin enums with @Validated beans [SPR-16931] #​21470
• ExceptionHandlerExceptionResolver started to log on WARN level [SPR-17383] #​21916
• MethodValidationPostProcessor still validates FactoryBean methods on CGLIB proxies [SPR-17386] #​21919
• Spring logs a nasty looking stack trace for unhandled classpath URL [SPR-17417] #​21950
• ResourceUrlEncodingFilter does not work with HttpServletRequestWrapper [SPR-17421] #​21954
• CssLinkResourceTransformer breaks absolute paths [SPR-17432] #​21965
• Configure ResourceUrlProvider in WebFlux and resource chain infrastructure [SPR-17433] #​21966
• RestTemplate does not throw exception for custom error codes [SPR-17439] #​21971
• ConcurrentModificationException in DispatcherServlet with asynchronous ApplicationEventMulticaster [SPR-17442] #​21974
• WebClient's UriBuilder option should encode path parameters passed into build [SPR-17465] #​21997
• NamedParameterJdbcTemplate batchUpdate returns an array of size 1 when the batchArgs passed is an empty array [SPR-17476] #​22008
• NPE in ClientRequest.attribute(name) when accessing null value [SPR-17486] #​22018
• FastByteArrayInputStream.read() wrong return value [SPR-17492] #​22024
• Remove Content-Length response header before delegating to WebExceptionHandlers [SPR-17502] #​22034
• Reserializing a lenient fallback DefaultListableBeanFactory causes an error [SPR-17508] #​22040
• getBeanNamesForType(ResolvableType) doesn't work for raw singleton instance from @Bean method with generic return type [SPR-17524] #​22056
• ForwardedHeaderTransformer double encodes [SPR-17525] #​22057
• CachingMetadataReaderFactory does not release shared resource cache after context refresh [SPR-17527] #​22059
• Parameter resolution in SpringExtension is not thread-safe [SPR-17533] #​22065
• MethodParameter.findParameterIndex() is not thread-safe [SPR-17534] #​22066

📔 Documentation

• Improve documentation on reactive types for ResponseEntity [SPR-17400] #​21933
• Improve visibility of GitHub wiki [SPR-17469] #​22001
• Misleading alias definition example in reference documentation, part 1.3.1 [SPR-17536] #​22068

v5.0.10.RELEASE

⭐ New Features

• DataBufferUtils does not release DataBuffer on error cases [SPR-16782] #​21322
• Support for removeHeader in MockHttpServletRequest [SPR-17295] #​21828
• Unnecessary sort in AbstractApplicationEventMulticaster [SPR-17307] #​21840
• Sanity checks for HTTP range requests [SPR-17318] #​21851
• HeaderResultMatchers susceptible to slight variations in the date format [SPR-17330] #​21864
• ServerWebInputException is throw each time Http request with mandatory request parameters is handled. [SPR-17338] #​21872

🪲 Bug Fixes

• UriComponentsBuilder.uriComponents doesn't properly clone unmodifiable queryParams [SPR-17256] #​21789
• MockHttpServletResponse doesn't propagate Content-Language response header [SPR-17284] #​21817
• Concurrency Exception during bean configuration related to not thread safe getBeanPostProcessor access [SPR-17286] #​21819
• HTTP 404 for static resources with last modified = 0L (breaks Docker images build with Jib) [SPR-17320] #​21853
• ApplicationListener is missing from Collection returned by getApplicationListeners() if it was added after the multicaster was initialised [SPR-17324] #​21858
• Integer overflow while uploading big files (> 2.1 GB) using webflux [SPR-17345] #​21879
• AnnotationMetadata.getAnnotationAttributes inconsistency for empty array in ASM implementation [SPR-17347] #​21881
• MockAsyncContext not found. Did request wrapper not delegate startAsync? [SPR-17353] #​21887
• Comparators.nullsLow creates wrong kind of NullSafeComparator [SPR-17357] #​21891
• MethodValidationPostProcessor validates FactoryBean methods for which validation is not applicable [SPR-17374] #​21907
• DataBufferUtils#join could leak buffers in case of error from the source [SPR-17025] #​21563

📔 Documentation

• Typo on ServletUriComponentsBuilder javadoc comments [SPR-17255] #​21788
• Javadoc for BufferingClientHttpRequestFactory is missing the end of a sentence [SPR-17261] #​21794
• Misleading description in Autowired javadoc [SPR-17299] #​21832

v5.0.9.RELEASE

⭐ New Features

• Usage of ClassLoader.loadClass() in ConfigurationClassParser [SPR-17253] #​21786
• Spring WebSocket Stomp tomcat cluster with user destinations sends message to wrong subscriber. [SPR-17228] #​21761
• Support both filters and views in AbstractJackson2HttpMessageConverter [SPR-17209] #​21742
• WebFlux JSON request body garbled under heavy load [SPR-17193] #​21728
• Consistent warn logging for handled exceptions [SPR-17178] #​21714
• ClassUtils optimization for less expensive static initialization [SPR-17169] #​21705
• BindingAwareConcurrentModel should properly react to null value [SPR-17141] #​21678
• DataBufferUtils#takeUntilByteCount checks one extra buffer but does not release it [SPR-17118] #​21655
• Initialize pre-filled HashMaps with large enough capacity (e.g. in HttpMethod) [SPR-17105] #​21642
• Avoid unnecessary synthesizable annotation processing [SPR-16933] #​21472

🪲 Bug Fixes

• 'ListBasedXMLEventReader.getElementText()' doesn't work [SPR-17233] #​21766
• EL1072 when evaluating compiled expression using method SpelExpression.getValue(Object rootObject, Class expectedResultType) [SPR-17229] #​21762
• Kotlin inner class nested configuration causes IndexOutOfBoundsException [SPR-17222] #​21755
• WebClient does not write Mono.empty() request body [SPR-17220] #​21753
• Compiled elvis operator does not work correctly when default value is a complex expression [SPR-17214] #​21747
• HeaderAssertions.lastModified/expires takes an int value but it should be long [SPR-17194] #​21729
• SimpleAliasRegistry.hasAlias does not properly resolve multiple chained aliases [SPR-17191] #​21726
• UriComponentsBuilder does not encode "$" properly [SPR-17168] #​21704
• @Scheduled task runs twice on bean with target-class scoped proxy (when injected) [SPR-17166] #​21702
• CheckboxTag incorrectly processing hidden field through RequestDataValueProcessor [SPR-17147] #​21684
• Annotations on generic superclass methods not found by AnnotationUtils [SPR-17146] #​21683
• ContextPathCompositeHandler returns 200 when no path found [SPR-17144] #​21681
• SchedulerAccessor needs to catch primary key violation on reschedule (due to Quartz race condition) [SPR-17114] #​21651
• WebTestClient ignores WebSessionManager bean [SPR-17094] #​21631
• Classification of ClassCastExceptions doesn't work in JDK 11 (OpenJDK) [SPR-17093] #​21630
• Inconsistent handling of dependent lifecycle beans in DefaultLifecycleProcessor [SPR-16901] #​21440

📔 Documentation

• Removed Jackson view property "renderedAttributes" still mentioned in Spring Framework docs [SPR-17182] #​21718
• Rewrite 1.10.8. PDF, Excel paragraph in Spring Framework Documentation [SPR-17180] #​21716
• Fix broken links and address warnings for JavaDoc [SPR-17174] #​21710
• Generate "Use" pages in aggregated Spring API documentation (Javadoc) [SPR-17173] #​21709
• Incorrect CORS code fragment in Spring Framework Documentation [SPR-17167] #​21703
• Preserve-publish-order is mentioned in documentation of 5.0.x [SPR-17106] #​21643
• Incorrect query param code fragment in Spring Framework Documentation [SPR-17104] #​21641
• Revise BeanFactory vs ApplicationContext section in reference docs [SPR-17095] #​21632

v5.0.8.RELEASE

⭐ New Features

• Spring-context optimization: LinkedMultiValueMap and ArrayList should be initialized with specified capacity for preventing collections from resizing [SPR-17079] #​21616
• Cache order result per Class in OrderUtils (for AnnotationAwareOrderComparator) [SPR-17064] #​21602
• Add setter for order for DefaultSimpUserRegistry [SPR-17023] #​21561
• InMemoryWebSessionStore could leak memory if sessions created but never used [SPR-17020] #​21558
• Reduce the impact on startup time of adding Reactor to the classpath [SPR-16981] #​21519
• Lazily initialize SecureRandom in MimeTypeUtils [SPR-16974] #​21512
• StringUtils.cleanPath should not strip off the entire path for file:./ [SPR-16908] #​21447
• InMemoryWebSessionStore method to access map of sessions [SPR-16713] [#​21254](https://togithub.com/spring-projects/spring-frame