fix(deps): update dependency org.springframework:spring-core to v5.3.27 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework:spring-core	5.3.15 -> 5.3.27

GitHub Vulnerability Alerts

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. Versions 5.3.19 and 5.2.21 contain a patch for this issue.

CVE-2022-22971

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

CVE-2022-22970

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

CVE-2023-20861

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

CVE-2023-20863

In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial-of-service (DoS) condition.

---

Release Notes

spring-projects/spring-framework (org.springframework:spring-core)

v5.3.27

Compare Source

⭐ New Features

• Limit string concatenation in SpEL expressions #​30331
• Limit SpEL expression length #​30329
• Disable variable assignment in SimpleEvaluationContext #​30327
• Introduce StringUtils.truncate() #​30291
• Introduce ObjectUtils.nullSafeConciseToString() #​30287
• Make HttpComponentsHeadersAdapter#getFirst nullable #​30269

🐞 Bug Fixes

• Fix regression in ReactorServerHttpRequest related to IPV6 Zone id with "%" #​30314
• SSE breaks with indenting serializer in WebMvc.fn #​30302
• Increase max regex length in SpEL expressions #​30298
• NullPointerException on timeout in HttpComponentsClientHttpConnector when using Apache HttpComponents #​30246
• Wrong MockRestRequestMatchers.header() method in spring-test being invoked (JDK issue?) #​30235
• TypeNotPresentException: org/springframework/cglib/proxy/NoOp not present on Java 17 #​30228
• Refine generic type management in AbstractMessageWriterResultHandler #​30215
• MvcUriComponentsBuilder.fromMethodCall breaks for controller with CharSequence return type #​30212
• Handle all exceptions for stored proc output param retrieval in SharedEntityManagerCreator #​30164

📔 Documentation

• Fix @PathVariable reference documentation code snippets #​30258
• Fix example in Javadoc for @EnableWebSocket #​30187
• Fix anchor in link to "Web on Reactive Stack" chapter #​30163

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.31 #​30315

v5.3.26

Compare Source

⭐ New Features

• Improve diagnostics in SpEL for matches operator #​30145
• Improve diagnostics in SpEL for repeated text #​30143
• Increase scope of regex pattern cache for the SpEL matches operator #​30141
• Minor updates in HandlerMappingIntrospector #​30128
• Allow SnakeYaml 2.0 runtime compatibility #​30097
• Add missing @Nullable annotations to LogMessage.format methods #​30009
• ASM upgrade for JDK 20/21 support #​29966
• Allow MockRest to match header/queryParam value list with one Matcher #​29964
• Add MockMvc.multipart() Kotlin extensions with HttpMethod #​29941
• Release R2DBC connection when cleanup fails in transaction #​29925
• org.springframework.web.context.ContextLoader should lazily load ContextLoader.properties #​29909
• Improve generated default name for @JmsListener subscription #​29902
• Include all Hibernate query methods in SharedEntityManagerCreator's queryTerminatingMethods set #​29888
• SQL supplier in R2DBC DatabaseClient is eagerly invoked #​29887
• Spring Framework 5.3.x is incompatible with Jetty 10 (Client) #​29867
• Possible infinite forward loop with MockMvcWebConnection #​29866
• Refine Jackson2ObjectMapperBuilder#configureFeature exception handling #​29860
• Fix R2dbcTransactionManager debug log: don't log a Mono #​29824

🐞 Bug Fixes

• RequestedContentTypeResolver does not ignore quality factor when filtering */* media types #​30121
• SpEL: cannot call methods declared in java.lang.Object on a JDK proxy #​30118
• CaffeineCacheManager getCache method cause thread block #​30085
• Protect JMS connection creation against prepareConnection errors #​30051
• ReactorServerHttpRequest does not reflect forwarded host and port when forwarding-header-strategy=native or cloud platform detected #​29974
• WebSocket stats not updated correctly when sessions cleared #​29947
• Explicit target ClassLoader for interface-based proxies in MvcUriComponentsBuilder #​29914
• Closing an ApplicationContext leads to Exception at ExecutorServiceAdapter #​29908
• Invalid Accept header results in IllegalStateException #​29836
• JettyWebSocketCreator referenced from a method is not visible from class loader with Jetty10RequestUpgradeStrategy #​29256

📔 Documentation

• Fix minor spacings in webflux docs #​30095
• @AspectJ argument name resolution algorithm is outdated in reference manual #​30057
• Fix "Configuring a Global Date and Time Format" example #​30036
• Consistent @Bean method return type for equivalence with XML example #​29970
• Update @DynamicPropertySource examples regarding changes in Testcontainers #​29940
• Clarify semantics of primitivesDefaultedForNullValue in BeanPropertyRowMapper #​29926
• Clearly document that DataClassRowMapper supports Java records #​29922
• Outdated Javadoc for AbstractApplicationContext.postProcessBeanFactory #​29916

🔨 Dependency Upgrades

• Upgrade to Reactor Netty 2020.0.30 #​30116

v5.3.25

Compare Source

⭐ New Features

• JmsTemplate.convertAndSend throws NullPointerException during shutdown #​29719
• Optimize object creation in RequestMappingHandlerMapping#handleNoMatch #​29667
• Add title to SockJS iFrames for accessibility compliance #​29596

🐞 Bug Fixes

• ResourceHandlers cannot resolve static resources with certain wildcard patterns #​29716
• AnnotatedElementUtils.findMergedRepeatableAnnotations does not fetch results when other attributes exist for container annotation #​29686
• BeanWrapperImpl NPE in setWrappedInstance after invoking getPropertyValue (with SimpleBeanInfoFactory) #​29684
• SpEL ConstructorReference does not generate AST representation of arrays #​29666
• SpEL: Two double quotes are replaced by one double quote in single quoted String literal (and vice versa) #​29653
• SpEL string literal misses single quotation marks in toStringAST() #​29652
• 500 error from WebFlux when parsing Content-Type leads to InvalidMediaTypeException #​29637
• WebMvcConfigurationSupport should not catch Throwable for SourceHttpMessageConverter #​29537

📔 Documentation

• Update Jakarta Mail info in ref docs #​29708
• Improve documentation for literals in SpEL expressions #​29701
• Fix some typos in Kotlin WebClient example code #​29542
• Fix link to Bean Utils Light Library in BeanUtils Javadoc #​29536
• Fix link to WebFlux section in reference manual #​29526
• Link to Spring WebFlux section is broken #​29517

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.27 #​29798

v5.3.24

Compare Source

⭐ New Features

• Avoid reflection for annotation method invocations #​29448
• Avoid unnecessary allocations in StompDecoder#unescape #​29443
• Avoid String allocations in MediaType.checkParameters #​29428
• Reduce allocations caused by producible media types #​29412
• Provide optional SimpleBeanInfoFactory for better introspection performance in 5.3.x #​29330
• Filter out null WebSocket session attributes #​29315
• Introduce TestSocketUtils as a replacement for SocketUtils #​29132
• Avoid Commons Logging API for using LoggingCacheErrorHandler with a custom logger #​28678

🐞 Bug Fixes

• Missing SessionFactory property (filter AutoCloseable from PropertyDescriptors) #​29480
• SpEL ternary and Elvis expressions are missing enclosing parentheses in toStringAST() #​29463
• If-Unmodified-Since header check removes Last-Modified and Etag headers from response, even if condition passes #​29362
• Annotation searches fail for non-public repeatable annotations #​29301
• AbstractBeanFactory's interaction with BeanPostProcessorCacheAwareList is not fully thread-safe #​29299
• WebTestClient cannot assert custom HTTP status code #​29283
• Body token not expected error when trying to upload a large multipart file #​29227
• Avoid resizing of Maps created by CollectionUtils #​29190
• DefaultWebClient logging sensitive information in URI #​29148
• Fix SimpleMailMessage nullability annotations #​29139
• Webflux fails to apply the rule for controller methods returning void to kotlin suspend functions returning Unit #​27629
• Resource.isFile() return true when the resource path actually not exists #​26707
• AnnotatedElementUtils does not find merged repeatable annotations on other repeatable annotations #​20279

📔 Documentation

• Fix two typos in integration.adoc and webflux.adoc #​29469
• Fix typo: "as describe in" -> "as described in" #​29393
• Fix typos #​29364
• Correct documentation for "other return values" from a web controller method #​29349
• Document how to use WebJars without webjars-locator-core dependency #​29322
• Update RestTemplate Javadoc with regards to setting interceptors on startup vs at runtime #​29311
• Document how to switch to the default set of TestExecutionListeners #​29281
• Document limitation of AopTestUtils.getUltimateTargetObject() regarding non-static TargetSource #​29276
• Fix typo in WebSocket reference doc regarding subscription header #​29228
• Fix MockMvc sample setup #​29201

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.25 #​29464

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​sangmin7648
• @​izeye
• @​dreis2211
• @​catmug
• @​inabajunmr
• @​iamgd67
• @​davidcostanzo
• @​jprinet
• @​stgerhardt
• @​onobc
• @​vpavic

v5.3.23

Compare Source

⭐ New Features

• Introduce AnnotationUtils.isSynthesizedAnnotation(Annotation) #​29054
• Introduce createContext() factory method in AbstractGenericWebContextLoader #​28983
• Support TreeSet collection type in CollectionFactory.createCollection() without using reflection #​28949
• Document when RequestEntity.getUrl() throws an UnsupportedOperationException #​28930
• Deprecate NestedIOException #​28929
• Make isConnected() in WebSocketConnectionManager public #​28785
• Expose headers from STOMP RECEIPT frame to registered callbacks #​28715
• Make WebClientException serializable #​28321

🐞 Bug Fixes

• Ordering inconsistency with beans defined in parent context #​29105
• RelativeRedirectResponseWrapper does not commit response in sendRedirect #​29050
• MockServerContainerContextCustomizerFactory does not support @Nested tests #​29037
• Request to improve KotlinSerializationJsonHttpMessageConverter logic in RestTemplate #​29008
• WebFlux: multipart requests hang sometimes #​28963
• DataBufferUtils.write(Publisher, Path) loses context #​28933
• connectionTimeOut and readTimeout not working on UrlResource #​28909
• SockJsServiceRegistration#setSupressCors has a typo and should be deprecated #​28853
• RenderingResponse does not set status code on redirect views #​28839
• Avoid IllegalArgumentException when setting WebSocket error status #​28836
• Loss of context path after using ServerRequest.from #​28820
• ResponseCookie does not declare nullability annotations consistently for domain and path #​28780

📔 Documentation

• Fix typo in data-access section #​29048
• Correct description of @RequestParam with WebFlux #​28944
• Fix broken kdoc-api links in kotlin.adoc #​28908
• Fix typos in Javadoc of class AbstractEncoder #​28885
• Fix links in Javadoc and reference docs #​28876
• Add missing closing parenthesis in reference doc #​28867
• Fix typos in Javadoc, reference docs, and code #​28822
• Replace use of the <tt> HTML tag in Javadoc #​28819
• Fix broken link in rsocket documentation #​28817
• Clarify docs on JNDI properties in Servlet environment #​28488
• Improve documentation of Caching annotations #​28183

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.23 #​29129

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​boahc077
• @​1993heqiang
• @​luvarqpp
• @​arend-von-reinersdorff
• @​jensdietrich
• @​wilkinsona
• @​npriebe
• @​vpavic
• @​jupiterhub
• @​izeye
• @​napstr
• @​marcwrobel
• @​arvyy
• @​jbotuck
• @​chanhyeong
• @​yuezk
• @​edfeff
• @​adrianbob
• @​FlorianKirmaier
• @​meloning

v5.3.22

Compare Source

⭐ New Features

• Improve regex "." matching for URL paths #​28815
• Spring JDBC does not recognize LocalDate and LocalDateTime in javaType to sqlType Mapping #​28778
• ResolvableType.forInstance should return NONE for null instance #​28776
• Correctly identify MaxUploadSizeExceededException through keywords in message from Jetty 9.4.x #​28759
• Introduce StringUtils.trimAllWhitespace(CharSequence) #​28757
• Trim string input in Converters where whitespace is irrelevant #​28756
• Trim string input in PropertyEditors where whitespace is irrelevant #​28755
• Improve diagnostics for CGLIB ClassLoader issues on Java 9+ #​28747
• Create well-known non-interface types in CollectionFactory without using reflection #​28718
• Revise internals of LoggingCacheErrorHandler #​28672
• Simplify creation of LoggingCacheErrorHandler with logged stacktrace #​28670
• Fix DataSourceUtils inconsistent exception handling #​28669
• Introduce lenient parsing in DataSize regarding whitespace #​28643
• Support adding rather than replacing modules in Jackson2ObjectMapperBuilder #​28633
• Add MockMvcRequestBuilders.multipart(HttpMethod, String, Object...) #​28631
• Avoid parsing request body in DispatcherServlet for "parameters={masked}" log message #​28587
• Avoid synchronization in AbstractAspectJAdvice#calculateArgumentBindings #​26377

🐞 Bug Fixes

• WebFlux multipart temporary file not deleted when the client disconnects early #​28740
• Ensure channelExecutors and taskScheduler in STOMP WebSocket config are qualified #​28736
• MockHttpServletResponse addHeader does not allow Comment part with Set-Cookie header #​28730
• Meta-annotations are unnecessarily synthesized in MergedAnotations #​28704
• GenericApplicationContext does not honor ProtocolResolver when a resource loader is set via setResourceLoader() #​28703
• R2DBC: @Transactional(readOnly) is applied to the connection before the transaction has begun #​28610

📔 Documentation

• Fix Kotlin code snippets language #​28810
• Fix typos in reference docs and project documentation #​28805
• Fix and improve Javadoc in spring-beans and spring-aop #​28803
• Fix and improve Javadoc in spring-core and spring-context #​28802
• Fix and improve Javadoc in spring-messaging, spring-jms and spring-expression #​28800
• Fix and improve Javadoc in spring-r2dbc, spring-oxm, spring-orm and spring-jdbc #​28796
• Fix and improve Javadoc in spring-test #​28795
• Fix and improve Javadoc in spring-tx #​28794
• Fix and improve Javadoc in spring-web #​28791
• Fix and improve Javadoc in spring-webflux #​28790
• Fix and improve Javadoc in spring-webmvc #​28789
• Fix and improve Javadoc in spring-websocket #​28788
• Fix Kotlin example for defines a custom @Production #​28680
• Fix a typo in ResponseEntity documentation #​28647
• Document that Kotlin inline classes are not supported yet #​28642
• Refine @Required Kotlin documentation to use annotation use site targets #​28630
• Fix Kotlin example for @ComponentScan basePackages attribute #​28628
• Kotlin examples for setter injection incorrectly use field injection #​28596
• Fix expectations in MockMvc Kotlin documentation #​28301

🔨 Dependency Upgrades

• Update to Bouncycastle 1.71 #​28636
• Upgrade to Reactor 2020.0.21 #​28765

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​jasonjiang9527
• @​izeye
• @​marcwrobel
• @​larsgrefer
• @​jprinet
• @​vikeychen
• @​kacperkrzyzak
• @​kevin0x90
• @​vpavic
• @​CodeInDreams
• @​4ra1n

v5.3.21

Compare Source

⭐ New Features

• Expose ThreadPoolTaskExecutor queue size and capacity for metrics #​28583
• Lazily initialize DataSize.PATTERN #​28560
• MockMvcWebTestClient forces HTTP POST for multipart requests #​28545
• Support for CGLIB BeanCopier utility on JDK 17 #​28530
• Allow changes to org.springframework.web log category at runtime #​28477

🐞 Bug Fixes

• Avoid eager instantiation of non-singleton FactoryBean in getBeanNamesForType #​28616
• ObjectToObjectConverter doesn't consider return type of static methods #​28609
• Charset for input stream ignored in Jaxb2XmlDecoder #​28599
• Support RouterFunction ordering in Spring MVC #​28595
• Always construct new exception on error in DefaultWebClient #​28550
• HierarchicalUriComponents::getPort() throws NumberFormatException with invalid port in URI #​28521
• Cannot serve static resources with spaces from "file:" location when using PathPattern and UrlPathHelper is set to not decode #​27791

📔 Documentation

• Fix code sample for nested router functions #​28603
• Fix Kotlin example for @Required #​28590
• Fix Kotlin example for dependency injection with static factory method #​28589
• Update documentation regarding nested test class support #​28579
• Update reference docs to use PropertySourcesPlaceholderConfigurer #​28572
• Fix typo in webflux.adoc #​28542
• Fix Javadoc for DatabaseClient #​28520
• CachingConnectionFactory with WebLogic JMS not caching producers nor consumers #​28500
• Fix Kotlin example for static factory method #​28399

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.20 #​28612

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​rguihard
• @​hsteinmueller
• @​gorisanson
• @​fsgonz
• @​pokab
• @​eltociear

v5.3.20

Compare Source

⭐ New Features

• Refine CachedIntrospectionResults property introspection #​28445
• Improve tests and Javadoc on binding to a property of type javax.servlet.Part #​27830
• WritableResource doesn't have parity with Resource in @Value etc. [SPR-10656] #​15284

🐞 Bug Fixes

• Ignore invalid STOMP frame #​28443
• @ModelAttribute name attribute is not supported in WebFlux #​28423
• Fix BindingResult error when ModelAttribute has custom name in WebFlux #​28422
• Request body deserialization failures are not captured by exception handlers in WebFlux #​28155

📔 Documentation

• Remove Log4J initialization from package-info.java in spring-web #​28420
• Remove Log4J configurer from package-info.java in spring-core #​28411
• Fix github issue reference in RequestMappingHandlerMapping #​28372
• Add Javadoc since tags for GraphQL constants #​28369
• Fix method reference in Kotlin documentation #​28340

🔨 Dependency Upgrades

• Upgrade to ASM 9.3 #​28390
• Upgrade to Reactor 2020.0.19 #​28437

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​koenpunt
• @​missingdays
• @​zhangmingqi09
• @​binchoo
• @​gorisanson
• @​jprinet
• @​nealshan
• @​bougar

v5.3.19

Compare Source

⭐ New Features

• Remove DNS lookups during websocket connection initiation #​28280
• Add application/graphql+json Media type and MIME type constants #​28271
• Fix debug log for no matching acceptableTypes #​28116
• Provide support for post-processing a LocalValidatorFactoryBean's validator Configuration without requiring sub-classing #​27956

🐞 Bug Fixes

• Improve documentation and matching algorithm in data binders #​28333
• NotWritablePropertyException when attempting to declaratively configure ClassLoader properties #​28269
• BeanPropertyRowMapper's support for direct column name matches is missing in DataClassRowMapper #​28243
• AbstractListenerReadPublisher does not call ServletOutputStream::isReady() when reading chunked data across network packets #​28241
• ResponseEntity objects are accumulated in ConcurrentReferenceHashMap #​28232
• Lambda proxy generation fix causes BeanNotOfRequiredTypeException #​28209
• CodeGenerationException thrown when using AnnotationMBeanExporter on JDK 17 #​28138

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.18 #​28329

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​GatinMI

v5.3.18

Compare Source

⭐ New Features

• Restrict access to property paths on Class references #​28261
• Introduce cancel(boolean mayInterruptIfRunning) in ScheduledTask #​28233

🐞 Bug Fixes

• Move off deprecated API in SessionTransactionData #​28234

📔 Documentation

• Introduce warnings in documentation of SerializationUtils #​28246
• Update copyright date in reference manual #​28237
• @Transactional test does not execute all JPA lifecycle callback methods #​28228

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​quaff

v5.3.17

Compare Source

⭐ New Features

• Using DataClassRowMapper causes "No property found for column" debug messages in logs #​28179
• Improve diagnostics in SpEL for large array creation #​28145
• Support custom HTTP status in client-side REST testing support #​28105
• AsyncRestTemplate logging too verbose #​28049

🐞 Bug Fixes

• java.lang.NoClassDefFoundError: org/springframework/cglib/beans/BeanMapEmitter #​28110
• CronExpression fails to calculate properly next execution when running on the day of winter daylight saving time #​28095
• Private init/destroy method may be invoked twice #​28083
• MappingJacksonValue and Jackson2CodecSupport#registerObjectMappersForType do not work together #​28045
• SpEL fails to recover from error during MIXED mode compilation #​28043
• When returning a ResponseEntity with a Flux while the function is suspended, it fails to encode the body #​27809

📔 Documentation

• Improve documentation for @EnabledIf and @DisabledIf test support #​28157
• Links to Spring Security are broken in the reference guide #​28135
• Document that transaction rollback rules may result in unintentional matches #​28125
• Improve documentation for TestContext events #​27757
• Clarify behavior for generics support in BeanUtils.copyProperties #​27259

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.17 #​28064

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​gorisanson
• @​danthonywalker
• @​AzZureman

v5.3.16

Compare Source

⭐ New Features

• Deprecate SocketUtils #​28052
• Add convenience factory method for ManagedList, ManagedSet and ManagedMap #​28026
• Synthesized annotation toString() doesn't match non-synthesized annotation on Java 9+ #​28015
• Add support for strict JSON comparison in WebTestClient #​27993
• Improve log message when searching for default executor for async processing #​27983
• Inconsistent behaviour in spring-orm between EntityManagerFactoryUtils.closeEntityManager() and SessionFactoryUtils.closeSession() #​27972
• Spring AOP cannot generate proxy for lambda on Java 16+ #​27971
• RestTemplate reading Json prohibits JDK HttpClient connection reuse (keep-alive) #​27969
• Deprecate AsyncTaskExecutor.execute(Runnable task, long startTimeout) #​27959
• Add CacheErrorHandler implementation that logs exceptions rather than rethrowing them #​27826
• Support for CGLIB BeanMap utility on JDK 17 #​27802
• Avoid message listener recovery in case of persistence exceptions from external transaction manager #​1807

🐞 Bug Fixes

• Fix CronExpression fails to calculate next execution on the day of daylight saving time #​28044
• CronExpression fails to calculate next execution on the day of daylight saving time #​28038
• Using recursive annotations in Kotlin causes stack overflow #​28012
• Add formatting for SockJS close GoAway frame to prevent infinite loop for xhr-polling and xhr-streaming transport #​28000
• Reflective method invocation does not detect interface method when interface is declared in a subclass (e.g. HashMap.HashIterator.hasNext) #​27995
• ReflectionUtils.USER_DECLARED_METHODS does not filter methods declared in java.lang.Object #​27970
• CronExpression doesn't handle Quartz weekday of month expressions correctly #​27966
• ServletServerHttpRequest getHeaders() throws IllegalArgumentException instead of ignoring invalid content type / #​27957
• PropertySourcesPlaceholderConfigurer ignores ignoreUnresolvablePlaceholders flag #​27947
• Fix regression in BeanPropertyRowMapper regarding underscore name #​27941
• WebClient corrupts binary data when trying to upload many files #​27939
• Spring fails to determine XML is XSD-based if DOCTYPE appears in a comment #​27915
• ResourceHttpRequestHandler with PathPatternParser cannot resolve resources with a jsessionid URL #​27913

📔 Documentation

• Improve documentation for uri(URI) method in WebTestClient regarding base URI #​28058
• Polish reference docs (core) #​28004
• Fix ServletUriComponentsBuilder examples in ref docs #​27984
• Improve documentation for implementing AspectJ around advice #​27980
• Fix CaffeineCacheManager configuration in the documentation #​27967
• Fix Javadoc links to JSR 305 annotations #​27904
• Document how to register annotated classes with a GenericWebApplicationContext #​27778

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.16 #​28039

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​wkwkhautbois
• @​arey
• @​izeye
• @​elgleidson
• @​An1s9n
• @​drewtul
• @​Drezir
• @​mgmeiner
• @​vikeychen
• @​zbykovskyi
• @​mdeinum
• @​shirohoo

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.