379d2e6da0
Fix location checks for servlet 3 resources
...
SPR-12354 applied new checks to make sure that served static resources
are under authorized locations.
Prior to this change, serving static resources from Servlet 3 locations
such as "/webjars/" would not work since those locations can be within
one of the JARs on path. In that case, the checkLocation method would
return false and disallow serving that static resource.
This change fixes this issue by making sure to call the
`ServletContextResource.getPath()` method for servlet context resources.
Note that there's a known workaround for this issue, which is using a
classpath scheme as location, such as:
"classpath:/META-INF/resources/webjars/" instead of "/webjars".
Issue: SPR-12432
(cherry picked from commit 1214624
11 years ago
c75e370eaf
Use https for maven repositories
...
(cherry picked from commit 493e846
11 years ago
4b4bc2dae0
Revised fix for SPR-12334, now finding duplicates at the collectImports level
...
Issue: SPR-12442
11 years ago
feb6552d2c
Avoid early initialization of Derby driver (for "derby.stream.error.method" system property)
...
Issue: SPR-12437
11 years ago
7f1e5a49a4
Polishing
...
(cherry picked from commit 2675ce7
11 years ago
f6e1856276
Rearranged WebAsyncTask constructor interdependencies and assertions
...
Issue: SPR-12457
(cherry picked from commit aadb93f
11 years ago
d02d9cea4e
MethodParameter generally uses volatile variables where applicable now (as well as a local copy of the parameterNameDiscoverer field)
...
Issue: SPR-12453
(cherry picked from commit 7fcadaa
11 years ago
cf5077861a
Next Development Version
12 years ago
e2b42614c4
Update changelog
12 years ago
3f68cd633f
Apply extra checks to static resource handling
...
- remove leading '/' and control chars
- improve url and relative path checks
- account for URL encoding
- add isResourceUnderLocation final verification
Issue: SPR-12354
12 years ago
e1d6826fcd
Polishing
12 years ago
6b353e889a
Improve exception message
...
Issue: SPR-12230
(cherry picked from commit 2d0a677
12 years ago
983ebaf658
Log context cache statistics in the TCF
...
Prior to this commit, finding out how many application contexts had
been loaded within a test suite required the use of reflection and a
bit of hacking.
This commit addresses this issue by logging ContextCache statistics
whenever an application context is loaded by the Spring TestContext
Framework (TCF).
The log output can be enabled by setting the
"org.springframework.test.context.cache" logging category to DEBUG.
Issue: SPR-12409
(cherry picked from commit a09bc9b
12 years ago
d5e4592728
Polishing
12 years ago
233393e3d5
Test for <util:map> with LinkedCaseInsensitiveMap and specified key/value types, with corresponding 3.2.x fix
...
Issue: SPR-10994
(cherry picked from commit de8645b
12 years ago
bb6349f8cc
SimpleMetadataReaderFactory is capable of resolving inner class names with dot syntax now (analogous to ClassUtils.forName)
...
Issue: SPR-12390
(cherry picked from commit 2d874d7
12 years ago
d53b67f5cb
TilesConfigurer defensively expects null from getResources in case of no resources found
...
Also includes order preservation for resource results with Tiles 2 as well as retrieval failure logging with Tiles 3.
Issue: SPR-12362
(cherry picked from commit c8b8dc5
12 years ago
f812998826
Set ResponseStatusExceptionResolver.messageSource in the MVC Java config
...
Issue: SPR-12380
(cherry picked from commit aa82da8
12 years ago
7d44c7cb51
QualifierAnnotationAutowireCandidateResolver calls BeanFactory.getType defensively
...
Issue: SPR-12191
(cherry picked from commit 73ce3b5
12 years ago
be89612ec0
ConfigurationClassParser avoids ImportBeanDefinitionRegistrar double scan
...
Issue: SPR-12334
12 years ago
4ab27d83a1
Consistently accept empty Content-Type header and empty character encoding
...
Issue: SPR-12173
(cherry picked from commit a1c0905
12 years ago
de3ea5dad6
Deprecated BeanDefinitionDocumentReader's setEnvironment method in favor of access via XmlReaderContext
...
Issue: SPR-12248
12 years ago
1341fd4e73
Consistent use of LinkedHashSet for interfaces (since interface order may matter in subtle cases)
...
(cherry picked from commit 6f9d7da
12 years ago
473d97350e
Explicitly detect (and log) private @Scheduled methods on CGLIB proxies
...
Issue: SPR-12308
(cherry picked from commit 47ed4d6
12 years ago
76ab5b9de2
Consistent reset of resource holders on doBegin failure
...
Issue: SPR-12280
(cherry picked from commit 9758bc7
12 years ago
6183e83b6a
Provider declaration for @Value method argument works again
...
Issue: SPR-12297
(cherry picked from commit c672678
12 years ago
a1538a451a
Further locking optimizations for the retrieval of non-singleton beans
...
Issue: SPR-12250
(cherry picked from commit ac4103d
12 years ago
b45d08f192
Remove outdated references to ContextLoaderServlet
...
Issue: SPR-7725
12 years ago
65d47afc11
WebAsyncManager avoids concurrentResult.toString() and builds correct DeferredResultProcessingInterceptor keys
...
Issue: SPR-12253
(cherry picked from commit 901346e
12 years ago
2c921681fe
LiveBeansView escapes double quotes in resource descriptions
...
Issue: SPR-12252
(cherry picked from commit 1ffefcb
12 years ago
834ddad616
Polishing
...
(cherry picked from commit 50e50d0
12 years ago
37da70629f
ScheduledAnnotationBeanPostProcessor avoids needless re-scanning of non-annotated classes
...
Issue: SPR-12189
(cherry picked from commit 58b22ce
12 years ago
5cf452463e
Log warning for single optional constructor when no default constructor to fall back to
...
Issue: SPR-12161
(cherry picked from commit 80cec01
12 years ago
e819999c08
Polishing
12 years ago
3a1f7b6d14
Client request implementations enforce RFC 6265 (cookies in a single header)
...
Issue: SPR-12196
(cherry picked from commit 26a93b6
12 years ago
44c52a9096
Accept empty Content-Type header
...
Issue: SPR-12173
(cherry picked from commit 70412a9
12 years ago
f2675f7571
Next Development Version
12 years ago
0262d33f11
Polish
12 years ago
ab8c3c785f
Update changelog for 3.2.11 version
12 years ago
3264437cec
Polishing
12 years ago
3d4e73b10c
Polishing
12 years ago
42557743e8
CachingConnectionFactory proceeds to physicalClose in case of logicalClose exceptions
...
Issue: SPR-12148
(cherry picked from commit 82f8b43
12 years ago
d18bdf6448
Polishing
...
(cherry picked from commit d2ef6dc
12 years ago
5da8a16284
AbstractAutowireCapableBeanFactory avoids early FactoryBean instantiation on currently created configuration bean
...
Issue: SPR-12141
(cherry picked from commit 4432c41
12 years ago
3b64db18f7
Include ALL source artifacts in published sources jars
...
This commit updates the Gradle build to ensure that *all* source
artifacts are including in published 'sources' jars.
To achieve this, we are now assembling 'sources' jars from
'sourceSets.main.allSource' and not explicitly including or excluding
anything by default.
Issue: SPR-12085
(cherry picked from commit 07629a3c7c
12 years ago
21f0057990
Polishing
12 years ago
3e17331fd9
PropertySource implementations perform conversion to String arrays via StringUtils (getting rid of EMPTY_NAMES_ARRAY)
...
(cherry picked from commit b73c531
12 years ago
a4c8e6176c
Consistent attribute documentation/formatting in spring-context and spring-mvc schemas
...
(cherry picked from commit b5763fe
12 years ago
7cf4a4ed2d
DispatcherServlet's checkMultipart detects wrapped MultipartRequest as well
...
Issue: SPR-12114
(cherry picked from commit 786fd92
12 years ago
388561df61
PersistenceAnnotationBeanPostProcessor defensively handles BeanDefinition access for extended EntityManagers
...
Issue: SPR-8834
(cherry picked from commit 592e344
12 years ago
Brian Clozel
Juergen Hoeller
Spring Buildmaster
Stephane Nicoll
Rossen Stoyanchev
Sam Brannen