fix(deps): update dependency org.springframework:spring-core to v6 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework:spring-core	5.3.31 -> 6.0.15

GitHub Vulnerability Alerts

CVE-2024-22233

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

• the application uses Spring MVC
• Spring Security 6.1.6+ or 6.2.1+ is on the classpath

Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.

---

Release Notes

spring-projects/spring-framework (org.springframework:spring-core)

v6.0.15

Compare Source

⭐ New Features

• Skip buffer allocation in StreamUtils.copy(String) #​31631

🐞 Bug Fixes

• <replaced-method /> unnecessarily requires explicit arg-type since 6.0 #​31828
• MergedAnnotations finds duplicate annotations on method in multi-level interface hierarchy #​31824
• Fix condition for "Too many elements" in MimeTypeUtils.sortBySpecificity() #​31773
• Spring unable to decode aggregated JSON content #​31772
• Multipart messages with empty parts are not correctly parsed in WebFlux #​31766
• PathEditor cannot handle absolute Windows paths with forward slashes #​31727
• TraceId is missing in WebFlux controller handlers #​31716
• Wrong observation status tag when a Not Found in a webflux application #​31715
• Fail to register MBean with bean name containing invalid character #​31708
• Include Hibernate's Query.scroll() in SharedEntityManagerCreator's queryTerminatingMethods set #​31683
• TypeDescriptor does not check generics in equals method (for ConversionService caching) #​31673
• SpEL expression on a reloadable type can no longer be resolved #​31670
• Slow SpEL performance due to method sorting in ReflectiveMethodResolver #​31664
• Jackson encoder releases resources in wrong order #​31656
• Current Observation.Context missing from WebClient request #​31646
• WebSocketMessageBrokerStats has null stats for stompSubProtocolHandler since 5.3.2 #​31641
• <jee:local-slsb> no longer works with a business-interface attribute #​31630
• GeneratedFiles#addSourceFile should not allow to add a source in the default package #​31629
• PathResourceResolver.getResource() does not log warning if Resource#getURL() throws exception #​31624

📔 Documentation

• Document explicit @ModelAttribute is required for reflection hints inference #​31767
• Documentation needs to be updated with instructions for STOMP Client #​31678
• Improve STOMP WebSocket documentation for input message buffer size #​31654

🔨 Dependency Upgrades

• Upgrade to Reactor 2022.0.14 #​31815

v6.0.14

Compare Source

⭐ New Features

• Provide caching for HandlerMappingIntrospector lookups #​31588
• Log4jLog needs to re-resolve ExtendedLogger on deserialization (for compatibility with Log4J 2.21) #​31582
• Optimize StandardTypeLocator for hotspot when the same classes are resolved #​31579
• Add duplicate key exception error code for SAP HANA database #​31554
• Do not delegate TRACE to HttpServlet on ERROR dispatch #​31457
• Add properties setter to ProblemDetail #​31430

🐞 Bug Fixes

• GeneratedFiles#addSource does not provide proper context if the specified class name is invalid #​31612
• MessageBuilder#createMessage should not define the payload as @Nullable #​31610
• Default Mixin added by Jackson2ObjectMapperBuilder are missing required runtime hints #​31606
• NettyDataBuffer#toByteBuffer fails if readPosition > 0 #​31605
• Avoid duplicate JAR resources in PathMatchingResourcePatternResolver on MS Windows #​31598
• NamedParameterUtils broken parsing related to square brackets #​31596
• Multipart cleanup is done too eagerly #​31567
• Jakarta validation field constraints in superclass are ignored in native image #​31552
• Function column out doesn't resolve to SqlOutParameter #​31550
• Restore support for recursive annotations in Kotlin #​31518
• Resolve to empty MultiValueMap when no matrix variables are provided #​31483
• ProxyFactoryBean declaration may lead to unexpected non-fatal "FactoryBean threw exception from getObjectType" stacktrace output #​31473
• Use of @Value in compact constructor of a record should not register method injection #​31433
• Prevent duplicate HTTP server observations for cancelled exchanges #​31417
• Spring MVC raises MissingPathVariableException resulting in 500 instead of 400 error when path segment is u001F or u00D and cannot be converted to target type UUID #​31382
• Ensure consistent value count in ConcurrentReferenceHashMap#Segment #​31373
• HeaderContentNegotiationStrategy.resolveMediaTypes throws unexpected IllegalArgumentException #​31254
• Session Cookie in Reactive WebSession is not deleted if maxAge is set through cookie initializer (e.g. via Boot application property) #​31214
• DefaultWebClient logs URI without the port number #​30519
• CGLIB BeanCopier falls back to ClassLoader.defineClass for public target #​28699
• BeanUtils.copyProperties() consumes large amount of memory #​27246

📔 Documentation

• RestTemplate initialization documentation in 6.0.x mentions Netty, yet no ClientHttpRequestFactory is present in the package. #​31526
• Correct typo in annotations.adoc #​31519
• Document X-Forwarded-* Headers #​31491
• Improve support and documentation for the "default" bean definition profile name #​29071
• Document that pertypewithin is supported by Spring AOP #​25887
• Document alternatives of using multiple PropertyPlaceholderConfigurers [SPR-9989] #​14623

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.10.13 #​31586
• Upgrade to Reactor 2022.0.13 #​31585

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​CrotchBurnt, @​GVictorG7, @​PiotrFLEURY, @​baratrax, @​bernie-schelberg-invicara, @​huyachigege, @​izeye, @​lorenzsimon, @​martin-lukas, and @​rwinch

v6.0.13

Compare Source

⭐ New Features

• Improve diagnostics for negative repeated text count in SpEL #​31342
• Improve diagnostics when repeated text size calculation results in overflow in SpEL #​31341
• UnknownContentTypeException is not Serializable #​31283
• Reintroduce FastClass in CGLIB class names for @Configuration classes #​31272

🐞 Bug Fixes

• HibernateJpaDialect and HibernateExceptionTranslator throw SQLExceptionTranslator-provided exception instead of returning it #​31409
• AnnotationScanner scanning leads to StackOverflowError with recursive annotation #​31400
• NamedParameterJdbcTemplate throws unexpected exception for null query #​31391
• HTTP server exchange observations have incorrect UNKNOWN status tag if the client disconnected #​31388
• Breaking change from 6.0.11 to 6.0.12 if you expect query parameters in @RequestBody #​31327
• SpEL's CompoundExpression.toStringAST() omits ? for null-safe navigation #​31326
• ConcurrentLruCache no longer supports capacity = 0 #​31317
• Using R2dbc transactional and non transactional on a database connection pool will fail for Oracle. #​31268
• AOT-generated code no longer set bean class for beans created from a @Bean method #​31242
• CGLIB proxy classes are no longer cached properly #​31238
• Illegal reflective access in ContextOverridingClassLoader.isEligibleForOverriding #​31232
• Fix RuntimeHintsPredicates matching rules for public/declared elements #​31224
• MultipartParser should respect read position #​31110
• WebClient reports 'Host is not specified' for URI with hostname and port, but without scheme #​31033
• R2DBC Connection is closed during transaction when using TransactionAwareConnectionFactoryProxy #​28133
• SpEL cannot evaluate or compile expression with null-safe void method invocation #​27421
• LazyResolutionMessage does not implement proper toString #​21265

📔 Documentation

• Document Kotlin declaration site variance subtleties #​31370
• Add missing conversionService field in doc example #​31330
• Clarify documentation on Spring Web MVC pattern comparison #​31294
• Improved documentation for MethodParameter#getAnnotatedElement #​30397
• Javadoc for BeanPropertyRowMapper.getColumnValue(ResultSet, int, Class) is inconsistent with code #​29285
• Referencing a @Bean method in a @Configuration class' @PostConstruct method leads to circular reference #​27876
• Incorrect reference information about CGLIB supported method visibility #​25001
• Clarify documentation for @Transactional on interfaces #​23538

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.10.12 #​31404
• Upgrade to Reactor 2022.0.12 #​31405

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​jihuayu and @​wfouche

v6.0.12

Compare Source

⭐ New Features

• ArithmeticException: long overflow on @Scheduled(fixedDelay = Long.MAX_VALUE, timeUnit = TimeUnit.MINUTES) #​31210
• Polish resolveArgument method in RequestResponseBodyMethodProcessor #​31175
• Update logging level in BeanValidationBeanRegistrationAotProcessor for validation exceptions #​31147
• Skip searching of nonexistent directory in PathMatchingResourcePatternResolver #​31111
• Add @Nullable to argValue in doSetValue() in Argument[Type]PreparedStatementSetter #​31086
• Optimize whitespace checks in StringUtils #​31067
• Missing proxy hint when using a simple JPARepository #​31050
• Register an override for an existing adapter in ReactiveAdapterRegistry #​31047
• DefaultListableBeanFactory#getBeanNamesForType does not take target type into account for FactoryBean resolution #​30987
• Give spring-core access to org.jboss.vfs for VfsUtils support on WildFly #​30973
• Use readNBytes in StringHttpMessageConverter when contentLength is available #​30942
• Skip array sort when the length of array not greater than 1 #​30934
• Avoid flushing for each SseEventBuilder entry #​30912
• Make DefaultGenerationContext(DefaultGenerationContext, String) constructor protected #​30895
• Add missing @Nullable annotations in AbstractResourceResolver subclasses in Spring MVC #​30893
• Performance bottlenecks while creating scoped bean instances #​30883
• Make bean initialization deterministic for multiple @Autowired methods on same bean class #​30359
• Optimize ClassUtils#getMostSpecificMethod #​30272
• Missing native hints for Hibernate Native Query proxy #​29603
• Check exception cause for @PropertySource(ignoreResourceNotFound) support #​22276
• Align validation metadata handling in PayloadMethodArgumentResolver #​21852

🐞 Bug Fixes

• Spring Boot fails with "does not reside in the file system: manifoldclass://622488023/.../" #​31216
• WebClientResponseException.getResponseBodyAs throws exception instead of returning null for empty body #​31179
• Possible classloader leak through incomplete clearing of annotation caches #​31170
• Spring LogFactory implementation deviates from original Apache LogFactory in terms of abstract method declarations #​31166
• graalvm native image feature PreComputeFieldFeature disable all netty native transports #​31141
• Bean injection fails due to nullSafeConciseToString() invoking isEmpty() on a Map/Collection proxy #​31138
• R2DBC: Skip release connection after nested with existing transaction #​31133
• SpelExpressionParser throws IllegalStateException instead of ParseException for invalid expression #​31097
• @DynamicPropertySource in @Nested test class cannot override dynamic properties from enclosing class #​31083
• Spring Boot WebFlux validation of invalid inputs #​31045
• TransactionalApplicationListenerMethodAdapter should find @TransactionalEventListener on target class method #​31034
• ScheduledAnnotationBeanPostProcessor: graceful shutdown should not interrupt currently running jobs #​31019
• TypeBootstrapContext constructor not called in custom types with Hibernate 6 #​30924
• MethodIntrospector.selectMethods(?) fails to find methods in case of special bridge method arrangement #​30906
• Spring webflux @ModelAttribute annotated methods not working with kotlin suspend methods #​30894
• Support Kotlin Serialization custom serializers #​30870
• Test AOT processing fails if a feature name prefix is reused #​30861
• NoUniqueBeanDefinitionException should make sure beansNameFound is serializable #​29753
• Permgen memory leak due to ClassInfo caching in java.beans.Introspector on JDK 11/17 #​27781
• Model.set() Kotlin extension method does not allow null value #​27115
• Allow PropertySourcesPlaceholderConfigurer subclass to customize PropertyResolver #​26761

📔 Documentation

• Fix documentation: Passing in Lists of Values for IN Clause does not work with JdbcTemplate #​31228
• Fix typo in comment in XML configuration example #​31194
• Document some non-nullable Kotlin extensions can throw NoSuchElementException #​31189
• Improve documentation on applicability of mapped interceptors with the Spring MVC config #​31185
• Add Javadoc since tags in FilePatternResourceHintsRegistrar #​31174
• Refine CORS documentation for wildcard processing #​31143
• Fix invalid type name in RSocket section of the reference documentation #​31091
• @Transactional on package-private/protected methods for class-based proxies #​31057
• Change Kotlin Any to be a nullable type in AOP refdoc examples #​31015
• Versioned redirect seems to all redirect to "current" version #​31009
• Javadoc for PathPatternParser.defaultInstance is outdated #​30976
• Clarify R2DBC ConnectionAccessor and DatabasePopulator exception declarations #​30932
• Document purpose of name attribute in @PropertySource #​30195
• Document how to configure the ApplicationEventMulticaster used by the ApplicationContext #​29996
• Document inference of destroy methods with Java config more prominently #​29546
• Revise FilePatternResourceHintsRegistrar API and improve documentation #​29161
• Document how to configure the cache infrastructure globally #​28250
• SpEL T() operator not able to locate user types with default StandardTypeLocator configuration #​26253
• Propagation REQUIRES_NEW may cause connection pool deadlock #​26250
• Modify DefaultMessageListenerContainer javadoc #​25503
• Doc: Avoid deadlock in @PostConstruct through SmartInitializingSingleton or ContextRefreshedEvent #​25074
• Document expected behavior of a method annotated with multiple @Scheduled annotations #​23959
• Improve documentation for FactoryBean's getObject automatic call through @ManagedResource [SPR-17139] #​21676
• Injecting EntityManagers through constructor injection (and at non-@PersistenceContext injection points in general) [SPR-10443] #​15076

🔨 Dependency Upgrades

• Upgrade to Context Propagation 1.0.5 #​31223
• Upgrade to Micrometer 1.10.11 #​31221
• Upgrade to Reactor 2022.0.11 #​31222

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​1zg12, @​aahlenst, @​christophejan, @​gnagy, @​izeye, @​jongwooo, @​kilink, @​marschall, @​michaldo, @​perlun, @​pstrsr, @​quaff, @​remeio, @​rwinch, @​shin-mallang, and @​zakaria-shahen

v6.0.11

Compare Source

⭐ New Features

• Reduce WARN level log output during test AOT processing #​30867
• Avoid need for reflection hints for MBeanExporter in native image #​30846
• Tolerate AnnotationUtils.isCandidateClass call with null as annotation type #​30842
• Simplify DefaultSingletonBeanRegistry.isDependent() #​30839
• Add missing @Nullable annotations in ContentDisposition.Builder #​30820
• Provide explicit support for collections, maps, and arrays in ObjectUtils.nullSafeConciseToString() #​30810
• Extend list of supported types in ObjectUtils.nullSafeConciseToString() #​30805
• Align ConcurrentMapCacheManager locking behavior with CaffeineCacheManager #​30780
• Improve logging for missing dependencies in MicrometerObservationRegistryTestExecutionListener #​30747
• Optimize KotlinReflectionParameterNameDiscoverer #​30725
• Change InvocableHandlerMethod#invokeSuspendingFunction return type to Object #​30716
• ResolvableType.hasUnresolvableGenerics() should cache its result #​30713
• Deprecate RootBeanDefinition(ResolvableType) constructor #​30704
• Reinstate dependency injection support for legacy JSR-250 @javax.annotation.Resource annotation #​30695
• Translate SQL Exception with State S0001 and Vendor Code 2628 to a Spring Exception in MSSQL 2019 #​30681
• Ensure Spring LogFactory contains all public methods from Apache LogFactory #​30668
• Infer hints required for aspects #​28711
• Improve diagnostics for CGLIB ClassLoader issues with shared classes in parent ClassLoader #​25940
• JdbcTemplate does not call handleWarnings in case of exception #​23106
• Avoid illegal reflective access in ContextOverridingClassLoader.isEligibleForOverriding #​22791

🐞 Bug Fixes

• Revert changes to toString() in FieldError #​30799
• For a prototype bean, if first-time rejected value is null, subsequent value will wrongly be null always #​30794
• Fix log level on error with @TransactionalEventListener #​30776
• ClassCastException in AbstractBeanDefinition.getBeanClassName() when getting bean multithreaded #​30773
• SerializableTypeWrapper does not consistently catch InvocationTargetException #​30764
• NPE in MvcUriComponentsBuilder with no-arg target method on interface #​30756
• ArithmeticException: long overflow on @Scheduled(fixedDelay = Long.MAX_VALUE) #​30754
• Jackson2ObjectMapperBuilder breaks when modules customizer follows modulesToInstall #​30751
• NullPointerException in reactive TransactionalOperatorImpl #​30729
• MicrometerObservationRegistryTestExecutionListener uses wrong ClassLoader to detect dependencies #​30726
• Support [package-]private init/destroy methods in AOT mode #​30724
• Package-private init/destroy methods are not always invoked #​30718
• Generic RedisKeyExpiredEvent not delivered to @EventListener anymore in 6.0.9 #​30712
• Explicit BeanDefinition#targetType is not honoured in AOT scenarios #​30689
• Spring ORM SpringBeanContainer when trying to create a bean fails with not found bean definition, and fallbacks to default hibernate bean creation #​30683
• PathResourceResolver#resolve*Internal is missing @Nullable declarations #​30601
• Code generation should only apply shortcut if the target method is not ambiguous #​29278

📔 Documentation

• Update STOMP documentation with the new guidelines #​30857
• Clarify ReactiveTransactionManager exception declarations #​30817
• Doc: JdbcTransactionManager vs DataSourceTransactionManager #​30802
• Fix typo in Javadoc for BeanDefinitionDsl.kt #​30798
• Remove @Aspect for classes containing only @Pointcut declarations in reference documentation #​30790
• NestedRuntimeException javadoc not updated after implementation change #​30748
• AbstractMessageListenerContainer documentation and code disagree regarding log level #​30730
• Fix link text from "null" to "Component Classes" in Testing chapter #​30714
• Document that RowCallbackHandler can be used with NamedParameterJdbcTemplate #​30705
• Javadoc HTML tables are no longer rendered properly since upgrade to Java 17 #​30701
• Fix typo in UriUtils Javadoc #​30598
• Fix example in Javadoc for MultipartBodyBuilder #​30593
• Elaborate on ShallowEtagHeaderFilter limitations #​30517
• Document how to configure a custom LocalContainerEntityManagerFactoryBean to work with native #​30498
• Document that @Sql requires spring-jdbc and spring-tx on the classpath #​30280
• Document limitations of Servlet Filter observations #​29398
• Warn against direct usage of Servlet API in WebFlux applications #​28872
• ResultSet holdability into the View layer broken by Hibernate 5 #​26557

🔨 Dependency Upgrades

• Upgrade to micrometer-bom 1.10.9 and context-propagation 1.0.4 #​30860
• Upgrade to me.champeau.jmh 0.7.1 #​30690
• Upgrade to Reactor 2022.0.9 #​30871

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​KSH-code, @​antongub, @​bnbakp0582, @​cwatzl, @​heoYH, @​izeye, @​kilink, @​maartenc, @​quaff, @​rwinch, @​valfirst, and @​vbaidak

v6.0.10

Compare Source

⭐ New Features

• ClassLoader can be null in DeserializingConverter and should be annotated with @Nullable #​30670
• Introduce TestExecutionListener for Micrometer's ObservationRegistry in the TestContext framework #​30658
• Add missing hint for ResourceEditor #​30628
• Add missing hint for converting String to URI #​30627
• Redesign inner Pointcut implementations as standalone classes #​30621
• Add missing @Nullable in DefaultJmsListenerContainerFactory #​30620
• Handle custom JMS acknowledgment modes as client acknowledge #​30619
• Declare Advisor#isPerInstance() as default method #​30614
• Improve error message for unsupported character in SpEL expression #​30602
• Multipart data is always read irrelevant of handler response #​30590
• Performance optimization in AbstractBeanFactoryBasedTargetSource.hashCode() #​30576
• Log a warning when commons-logging is in the classpath #​30575
• Always use MethodArgumentNotValidException(MethodParameter, BindingResult) constructor #​30558
• Remove non-empty filename check in ContentDisposition builder #​30537
• Add missing EntityManagerFactory hints for SharedEntityManagerCreator #​30523
• Disable Hibernate reflection optimizer with native #​30521
• Introduce a method in MockHttpServletRequestBuilder to set remote address #​30497
• Skip class transformer in PersistenceUnitInfoDescriptor for native images #​30492
• @Bean 'lite' mode not supported if @Bean methods are not declared locally #​30449
• Align HibernateJpaVendorAdapter with Hibernate ORM 6.2 #​30288
• Add nested propagation support to R2dbcTransactionManager #​30134

🐞 Bug Fixes

• Cron expression scheduling might be triggered 1 millisecond earlier #​30666
• Change of behaviour for UUID in bean validation output in v5.3.27 #​30661
• Test context cache stats are not logged when ApplicationContext fails to load #​30635
• Inconsistent ProxyCallbackFilter#equals/hashCode methods in CglibAopProxy #​30615
• SpEL's CompoundExpression.toStringAST() incorrectly includes . for indexed properties #​30610
• NPE in ReactiveTransactionSupport.unwrapIfResourceCleanupFailure #​30597
• CollectionFactory.createMap(HashMap.class, 0) now returns a LinkedHashMap rather than a HashMap #​30596
• ThreadLocalTargetSource does not include actual target bean name in NamedThreadLocal #​30581
• ApplicationListenerMethodAdapter inconsistently publishes events from CompletableFuture #​30578
• Unsupported SQL type: TIMESTAMP_WITH_TIMEZONE when using OffsetDateTime with MySQL #​30556
• SpringBeanContainer not called with Hibernate ORM 6.2 #​30545
• WebFlux returns 406 instead of RFC 7807 response for subtype of ProblemDetail #​30533
• HTTP Interface client cannot send URI query parameter with multipart request #​30520
• Transaction isolation level not working with R2dbcTransactionManager #​30508
• Support for AOT processing with GraalVM tracing agent is not consistent #​30511
• For @Bean method that returns null, @Autowired injects NullBean instead of null for cached arguments #​30485
• MediaType property binding issue in native builds #​30491
• InjectionMetadata AOT contributions do not check for existing property value #​30476
• Spring Framework 6.0.8 appears to cause issues in OSGi environment #​30389
• Empty @RequestMapping method should match both "" and "/" consistently #​30293
• EclipseLinkJpaDialect: Unexpected default isolation levels #​29997
• Memory leak with CglibAopProxy$ProxyCallbackFilter #​26266

📔 Documentation

• Fix markup issue in Javadoc of QuartzCronField #​30646
• Document @DirtiesContext semantics when declared at the class level and method level #​30623
• Add missing Javadoc for RegisteredBean.resolveAutowiredArgument() #​30609
• Fix invalid link in transaction resources #​30570
• FileSystemUtils::deleteRecursively Javadoc refers to File instead of Path #​30554
• Improve Javadoc for ExchangeFilterFunction #​30543
• Update Javadoc and reference doc for WebMvcConfigurer to mention Boot's HttpMessageConverters #​30538
• Add Javadoc since to InjectedElement.shouldInject() #​30512
• Fix wording in r2dbc Statement Filters section of ref docs #​30482
• Typo in Spring official documentation #​30473
• Link for @javax.annotation.Nonnull is wrong in Javadoc for Spring's @NonNull #​30455
• Improve how the build deals with javadoc invalid references #​30428
• Docs: Remove duplicate in SpEL feature list #​30404
• Document which @Scheduled attributes support SpEL expressions #​29290

🔨 Dependency Upgrades

• Upgrade to micrometer-bom 1.10.8 and context-propagation 1.0.3 #​30657
• Upgrade to Reactor 2022.0.8 #​30655

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Foolkin, @​anyuruf, @​galingerv, @​izeye, @​jmewes, @​kihyuk-sung, @​leewin12, @​marcingrzejszczak, @​rweisleder, @​rwinch, @​scordio, @​ssang1105, and @​vpavic

v6.0.9

Compare Source

⭐ New Features

• Consistent support for MultiValueMap and common Map implementations in CollectionFactory #​30440
• Introduce internal constants for implicit bounds in TypeUtils #​30423
• Update major/minor version properties in MockServletContext #​30395
• Reject null and empty SpEL expressions #​30371
• Support Test AOT processing with GraalVM tracing agent and Native Build Tools #​30281
• Introduce Environment.matchesProfiles() for profile expressions #​30206
• Optimize MultiValueMap iteration operations #​29972

🐞 Bug Fixes

• Respect TaskDecorator configuration on DefaultManagedTaskExecutor #​30442
• Qualifiers registered programmatically are not supported by AOT #​30410
• Support for InjectionPoint in bean factory methods when using AOT #​30401
• Bean methods with generic array/varargs parameters break native compilation #​30407
• ApplicationListenerMethodAdapter supports non-matching generic events #​30399
• Processing several @PersistenceContext injection points on the same class with AOT generates code that does not compile #​30437
• Make maximum SpEL expression length configurable #​30380
• Record beans do not compile to native images #​30383
• Missing resource hint for @PropertySource#value #​30376
• ApplicationEventPublisher - PayloadApplicationEvent not received by EventListener if event fired from child context #​30360
• StringDecoder.decode() should release chunks on cancellation #​30299
• Quote '?' in Quoted Printable filename #​30252
• Missing reflection hint for custom PropertySourceFactory in native image #​30175
• Aot generated sources fail to compile with 'File name too long' error #​29846

📔 Documentation

• Update package-info for CGLIB fork #​30461
• Clarify differences between GenericBeanDefinition and RootBeanDefinition #​30444
• Document how to configure FactoryBean with a configurable target with AOT #​30434
• Add Antora docs-build branch #​30415
• Switch the reference documentation to Antora #​30414
• @ResponseStatus documentation incorrect #​30305

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.10.7 #​30451
• Upgrade to Reactor 2022.0.7 #​30450

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​divcon, @​izeye, @​luozhenyu, @​rwinch, @​sigee, and @​yuzawa-san

v6.0.8

Compare Source

⭐ New Features

• Disable variable assignment in SimpleEvaluationContext #​30326
• Limit SpEL expression length #​30325
• Limit string concatenation in SpEL expressions #​30324
• Introduce StringUtils.truncate() #​30290
• Introduce ObjectUtils.nullSafeConciseToString() #​30286
• Introduce assertions against Cookie attributes in CookieResultMatchers for MockMvc #​30285
• Polishing #​30267
• Support SameSite cookie attribute in MockMvcHttpConnector #​30264
• Update MockCookie to make use of Servlet 6.0 APIs and semantics for "attributes" #​30263
• Refine initRequestBuilder in DefaultWebClient #​30254
• HttpServerErrorException contains not-serializable field of type DefaultResponseErrorHandler #​30224
• Add class hints for Jackson annotations on fields and methods #​30208
• Add HttpMethod reflection hint to ObjectToObjectConverterRuntimeHints #​30201
• Improve performance of canRead() in HttpMessageReader's #​30192
• Optimize array creation in SpEL ConstructorReference #​30189
• ConstructorResolver error hints about mixing indexed and named args #​30169
• Replace Collections.unmodifiableList(new ArrayList(..)) with List.copyOf() #​30166
• Add assert null validations for DefaultServerResponseBuilder #​30157
• Use InputStream.readAllBytes() in FileCopyUtils.copyToByteArray() [#​30155](https://togithub

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.