Prior to this commit, the Jackson2 decoders (JSON, Smile, CBOR) could
leak buffers in case the decoding operation times out or is cancelled
and some buffers are still in flight.
This commit ensures that buffers are released on cancel signals.
Fixes gh-33731
This new interface is not strictly necessary and introduces a binary
incompatibility. This commit merges back all the method definitions into
`SseBuilder` and `StreamBuilder` interfaces.
Closes gh-33736
This commit refines the contribution with the following changes:
- Move the support to findPrimaryConstructor
- Use a for loop instead of a Stream for more efficiency
- Support other visibilities than public
- Polishing
Closes gh-33707
Prior to this commit, OverrideMetadata was the only public type in the
org.springframework.test.context.bean.override package whose name did
not start with BeanOverride. In addition, an OverrideMetadata component
plays multiple roles in addition to serving as a holder for metadata.
This commit therefore renames OverrideMetadata to BeanOverrideHandler.
In addition, this commit updates the affected documentation and renames
the following related methods in the Bean Override support.
- BeanOverrideHandler: createOverride() -> createOverrideInstance()
- BeanOverrideHandler: track() -> trackOverrideInstance()
- BeanOverrideProcessor: createMetadata() -> createHandler()
- BeanOverrideContextCustomizer: getMetadata() -> getBeanOverrideHandlers()
- BeanOverrideRegistrar: registerNameForMetadata() -> registerBeanOverrideHandler()
- BeanOverrideRegistrar: markWrapEarly() -> registerWrappingBeanOverrideHandler()
Closes gh-33702
See gh-33715
```
Map has no value for 'thescheme'
java.lang.IllegalArgumentException: Map has no value for 'thescheme'
at org.springframework.web.util.UriComponents$MapTemplateVariables.getValue(UriComponents.java:348)
at org.springframework.web.util.UriComponents.expandUriComponent(UriComponents.java:263)
at org.springframework.web.util.HierarchicalUriComponents.expandInternal(HierarchicalUriComponents.java:436)
at org.springframework.web.util.HierarchicalUriComponents.expandInternal(HierarchicalUriComponents.java:53)
at org.springframework.web.util.UriComponents.expand(UriComponents.java:161)
at org.springframework.web.util.UriComponentsBuilder.buildAndExpand(UriComponentsBuilder.java:364)
```
This change remove the support for Mockito annotations, `MockitoSession`
and opening/closing of mocks that was inherited from Boot's `@MockBean`
support, as well as the switch to `MockitoSession` made in 1c893e6.
Attempting to take responsability for things Mockito's own JUnit
Jupiter extension does better is not ideal, and we found it leads to
several corner cases which make `SpringExtension` and `MockitoExtension`
incompatible in the current approach.
Instead, this change refocuses our Mockito bean overriding support
exclusively on aspects specific to the Framework. `MockitoExtension`
will thus be usable in conjunction with `SpringExtension` if one needs
to use `@Captor`/`@InitMocks`/`@Mock`/`@Spy` or other Mockito utilities.
See gh-33318
Closes gh-33692
Prior to this commit, our XML parser usage would be already haredened
against XXE (XML External Entities) attacks. Still, we recently received
several invalid security reports claiming that our setup should be
hardened.
This commit documents a few usages of XML parsers to add some more
context and hopefully prevent future invalid reports.
Closes gh-33713
Because Spring Framework already has a security policy, this shows up in
the issue template automatically. This commit removes the extra external
link and updates the original security policy.
See gh-33711
Prior to this commit, this repository had a single issue template
markdown file that listed all the information for creating a new issue
in this project. Because there was a lot, people missed warnings against
creating security reports publicly or asking questions in the issue
tracker.
This commit introduces an issue template configuration that provides
developers with a choice before creating the actual issue.
Closes gh-33711
Sébastien Deleuze
Brian Clozel
Stéphane Nicoll
Johnny Lim
Sam Brannen
evgenijnikiforov
Juergen Hoeller
rstoyanchev
Habin Song
github-actions[bot]
Yanming Zhou
Simon Baslé
Rossen Stoyanchev