Update dependency org.springframework:spring-web to v5.3.14 - autoclosed

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
org.springframework:spring-web	dependencies	patch	5.3.4 -> 5.3.14

By merging this PR, the issue #3 will be automatically resolved and closed:

Severity	CVSS Score	CVE
High	7.8	CVE-2021-22118
Medium	4.3	CVE-2021-22060
Medium	4.3	CVE-2021-22096

---

Release Notes

spring-projects/spring-framework

v5.3.14

⭐ New Features

• Add default methods to CachingConfigurer #​27811
• Provide a variant of ListableBeanFactory.findAnnotationOnBean(String, Class) that does not initialize factory beans #​27796
• Convert single null argument to Optional.empty() in SpEL varargs expression #​27795
• Declare serialVersionUID on DefaultAopProxyFactory #​27784
• The ReactorClientHttpConnector must apply mapper before tcpConfiguration() #​27749
• Add getter for RequestMappingInfo builder config #​27723
• Give warning when using capturing patterns with the AntPathMatcher #​27688
• Support for customization of 404 response when RouterFunctionWebHandler finds no routes #​25358
• ModelAndView.status does not work with RedirectView #​25092
• ThreadPoolExecutorFactoryBean add ability to prestart threads #​1246
• Support empty attributes in TagWriter #​910

🐞 Bug Fixes

• AsyncConfigurer implementations are loaded too early #​27808
• Possible NPE in Spring MVC LogFormatUtils #​27782
• Extending CachingConfigurerSupport results in at least one log message about not being eligible for full post-processing #​27751
• WebFlux ServerResponse does not overwrite already present response headers #​27741
• Passing single null value in varargs SpEL expression results in NullPointerException #​27719
• UriUtils::extractFileExtension does not properly handle empty file names #​27639
• References of CountingBeforeAdvice target its previous location #​22246
• ProxyFactoryBean getObject called before setInterceptorNames, silently creating an invalid proxy [SPR-7582] #​12238

📔 Documentation

• Remove references to AsyncConfigurerSupport as AsyncConfigurer should be used instead #​27812
• Fix javadoc reference to ThrowsAdvice #​27804
• Suggested WebSocket config causes circular bean reference #​27746
• Document the difference in generics resolution between @Autowired and beanFactory.getBeanProvider #​27727
• Clarify that interface-level cache annotations work for target-class proxies as well #​27726
• SchedulerFactoryBean no longer sets the job store's DataSource when the job store class has been customized #​27709
• Fix typo #​27699
• Fix incorrect example of error handling in WebClient Javadoc #​27645
• Missing reference documentation for WebSocketScope #​25172
• Clarify behaviour of AnnotationBeanNameGenerator with acronyms #​2030
• Fix simple data format in appendix #​1025
• Update StoredProcedure.java declareParameter method JavaDoc #​1000
• Document @Bean definitions via default methods #​767
• Improved DataBinder Javadoc for xxx*yyy pattern matching. #​699

🔨 Dependency Upgrades

• Upgrade to ASM 9.3 (for early Java 19 support) #​27740
• Upgrade to JUnit 5.8.2 #​27744
• Upgrade to Reactor 2020.0.14 #​27793

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​kazuki43zoo
• @​bananayong
• @​filiphr
• @​quaff
• @​qxo
• @​diguage
• @​d4ksn
• @​neiser
• @​fededonna
• @​aoyvx
• @​ivd-git
• @​djechelon
• @​thomasdarimont
• @​awgtek
• @​marcokrikke
• @​julianladisch
• @​jprinet
• @​jkatada
• @​matips

v5.3.13

⭐ New Features

• Use ByteArrayDecoder in DefaultClientResponse::createException #​27666
• Improve the efficiency of UrlPathHelper.getSanitizedPath() #​27623
• Add option to cleanup multipart temp files #​27613
• Add support for custom expression parsing in CachedExpressionEvaluator #​27604
• Use LocalDataSourceJobStore only if one is not specified via Quartz properties #​27560
• Introduce TypeFilterUtils for processing @ComponentScan.Filter #​27553
• Improve mapping function in ExtendedEntityManagerCreator.createProxy() #​27456

🐞 Bug Fixes

• Static resources are missing when jar does not have a directory entry #​27624
• MultipartParser emits DataBufferLimitException about "Part headers exceeded the memory usage limit" unexpectedly #​27612
• UndertowHeadersAdapter's remove() method violates Map contract #​27592
• SpEL vararg method invocation fails if string literal contains a comma #​27582

📔 Documentation

• Fix grammar in webflux-webclient.adoc #​27657
• Lazy annotation throws exception if non-required bean does not exist #​27649
• Clarify LogFormatUtils limitLength vs replaceNewlines parameters #​27632
• PersistenceExceptionTranslationInterceptor attempting to instantiate prototype PersistenceExceptionTranslator beans #​26412

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.13 #​27636

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​Abdullah8006
• @​Xjzon
• @​p-daniil
• @​no-brand
• @​kenzo-spaulding
• @​happyWilliam0
• @​Xxpain
• @​stsypanov

v5.3.12

🐞 Bug Fixes

• Update warn log message for empty static resource locations #​27575
• Default content type of response changed in v5.3.11 #​27573
• Fix assertion failure messages in DefaultDataBuffer.checkIndex() #​27567

📔 Documentation

• Incorrect Javadoc in [NamedParameter]JdbcOperations.queryForObject methods regarding exceptions #​27559

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​smilep
• @​ebradshaw

v5.3.11

⭐ New Features

• Enhance DefaultResponseErrorHandler to allow logging complete error response body #​27552
• Include correct keyword in CookieAssertions failure messages #​27550
• Use Arrays.hashCode() in ByteArrayResource.hashCode() #​27544
• Allow default CacheAwareContextLoaderDelegate configuration via a system property #​27540
• Invoke bean-derived (Auto)Closeable.close() method directly #​27504
• Defensive reference to JNDI API for JDK 9+ (optional java.naming module) #​27483
• DefaultMessageListenerContainer does not log an error/warning when consumer tasks have been rejected #​27451
• Provide accessor on externallyManaged RootBeanDefinition attributes #​27449
• Allow to avoid class validation in CglibAopProxy via ProxyFactory #​27439
• Add support for non-public record declarations #​27437
• Emit WebClientResponseException for malformed HTTP response #​27262
• DatabasePopulatorUtils.execute should commit if the current Connection has auto-commit set to false #​27008

🐞 Bug Fixes

• CronTrigger uses new Date() instead of context's Clock #​27546
• Performance impact of con.getContentLengthLong() in AbstractFileResolvingResource.isReadable() downloading huge jars to check component length #​27541
• Performance impact of ResourceUrlEncodingFilter on HttpServletResponse#encodeURL #​27538
• UriTemplateRequestEntity doesn't override hashCode() and equals() #​27531
• DataBufferUtils.write loses context #​27517
• Avoid duplicate JCacheOperationSource bean registration in <cache:annotation-driven /> #​27499
• Proxy generation with Java 17 fails with "Cannot invoke "Object.getClass()" because "cause" is null" #​27490
• MediaType.sortBySpecificityAndQuality throws java.lang.IllegalArgumentException: Comparison method violates its general contract #​27488
• Leading whitespaces are removed while reading SSE response #​27473
• Non-escaped closing curly brace in RegEx results in initialization error on Android #​27467
• ConcurrentReferenceHashMap's entrySet violates the Map contract #​27454
• Avoid early ConversionService determination in StandardBeanExpressionResolver #​27446
• Spring Framework >= 5.3.8 ASM ClassReader fails to parse class file due to InputStream optimization #​27429
• StringUtils.collectionToDelimitedString(?) fails with NullPointerException when the collection contains null #​27419
• Spring HATEOAS results in 406 with Kotlin Coroutine and ResponseEntity in WebFlux #​27292

📔 Documentation

• Remove remark about missing caching API. #​27501

🔨 Dependency Upgrades

• Upgrade to JUnit 5.8.1 #​27450
• Upgrade to Reactor 2020.0.12 #​27527
• Upgrade to SmallRye Mutiny 1.1.1 #​27555

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​hantsy
• @​koenpunt
• @​schauder
• @​Koooooo-7
• @​ascopes
• @​nivolg
• @​xixingya
• @​stsypanov

v5.3.10

⭐ New Features

• Invalid JavaBean property 'logoutHandlers' being accessed (warning in the logs for Spring Security's ConcurrentSessionFilter) #​27372
• Convenient configuration of type permissions for XStream 1.4.18 #​27343
• Add SmallRye Mutiny support to ReactiveAdapterRegistry #​27331
• Introduce ExceptionCollector testing utility #​27316
• Support TimeUnit in the @Scheduled annotation #​27309
• Make it possible to determine if circular references are prohibited or if the cycle just couldn't be broken #​27289
• Support Charset for character encoding in MockMvc #​27231
• Support default character encoding for response in MockMvc #​27230
• Introduce setDefaultCharacterEncoding() in MockHttpServletResponse #​27214
• Use MessageSource for @ExceptionHandler methods #​27203
• ResponseStatusException.initCause always throws IllegalStateException #​27196
• Introduce soft assertions for WebTestClient #​26969
• Introduce soft assertions for MockMvc #​26917
• Blockhound flags a blocking call when WebFlux serves a static resource #​26631
• Optimize memory allocations in StringUtils#cleanPath #​26316
• InvocableHandlerMethod calls makeAccessible(getBridgedMethod()) on every call [SPR-15230] #​19795

🐞 Bug Fixes

• Support char, float, and double primitive default values in BeanUtils.instantiateClass() #​27390
• Fix memory leak on AOP Proxy class definition cache #​27375
• Fix response body missing 1st byte inside UnknownContentTypeException #​27374
• CommonsMultipartResolver and DEBUG logging lead to empty fileMap in MultipartHttpServletRequest #​27350
• Fix UrlPathHelper#shouldRemoveSemicolonContent() #​27303
• CompositeUriComponentsContributor#hasContributors: method name is not compliant with its intention #​27271
• Error with formatMapping method in AbstractMethodMessageHandler.java #​27247
• Apply default ResultHandlers before default ResultMatchers in MockMvc #​27225
• MockHttpServletResponse.characterEncoding should not be @Nullable #​27219
• WebSocketMessageBrokerStats.getExecutorStatsInfo() throws exception if Executor is not a ThreadPoolExecutor #​27209
• HtmlUnitRequestBuilder ignores file uploaded via HtmlFileInput.setData() #​27199

📔 Documentation

• Fix wording in Javadoc of ClientResponse.mutate() #​27389
• Fix some typos and mistakes in docs #​27388
• Fix misplaced comma in AOP doc #​27387
• Fix Kotlin example for filtering handler functions #​27337
• Document when prepareTestInstance() is invoked when using the SpringMethodRule #​27305
• Fix duplicated "the" occurrences in Javadoc and XSD #​27291
• Fix typo in DefaultPartHttpMessageReader #​27260
• Fix reference to Optional.isPresent() in ObjectUtils.isEmpty() #​27223
• Clarify that ClientRequest.from(..) also copies body #​27220
• @Cacheable caches empty Optionals but documentation states otherwise #​27184
• Reference docs missing left-hand side navigation #​27177

🔨 Dependency Upgrades

• Compatibility with Jackson 2.13 #​27206
• Upgrade to JUnit 5.8 #​27392
• Upgrade to Kotlin 1.5.30 #​27371
• Upgrade to Reactor 2020.0.11 #​27399

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​leeseojune53
• @​AlexejTimonin
• @​joshua-qa
• @​marschall
• @​hantsy
• @​juchanei
• @​izeye
• @​takeaction21
• @​yokotaso
• @​gushev
• @​Yin-Jui
• @​evpaassen
• @​matvs
• @​crlikcngroup
• @​ydh6226
• @​knittl
• @​Inmord
• @​benelog
• @​Axzial
• @​quaff
• @​di72nn
• @​aoudiamoncef
• @​lyxell
• @​mustafau
• @​xak2000
• @​manish-in-java
• @​wyhasany
• @​GrantFleming
• @​w3-3w
• @​Syuziko

v5.3.9

⭐ New Features

• Configure CommonsMultipartResolver to support specific HTTP methods #​27161
• Allow BeanDefinitionBuilder to set an instance supplier with a ResolvableType #​27160
• Reason of @ResponseStatus on handler method is not resolved by MessageSource #​27156
• ResourceHandlerRegistry#getHandlerMapping should initialize handler once in outer loop #​27153
• Set synthetic flag using BeanDefinitionBuilder #​27141
• BeanCreationException error message should always include declaring class of constructor (or factory method) #​27139
• Improve Jetty 10 check in JettyClientHttpResponse #​27136
• Jetty10RequestUpgradeStrategy use an old jetty 9 class HandshakeRFC6455 #​27121
• ClassNotFoundException using Jetty 10 and its reactive client #​27112
• Use StringBuilder.append(char) where possible #​27098
• Consider "wss" and "https" for secure flag in Forwarded header checks #​27097
• SynchronossPartHttpMessageReader should only create temp directory when needed #​27092
• Implement equals, hashCode, & toString in BeanMethod and *Metadata types #​27076
• Remove logging dependency in BeanUtils #​27070
• Exclude sealed interfaces from auto-proxying (for JDK 17 compatibility) #​27027
• Blockhound error when running with transaction with a TransactionOperator #​26955
• Configure StandardServletMultipartResolver to only support multipart/form-data #​26826
• Add a way to set executeExistingDelayedTasksAfterShutdown from ThreadPoolTaskScheduler #​26719
• Apply dynamic changes in ThreadPoolTaskExecutor before setting local value #​26700

🪲 Bug Fixes

• JettyHttpHandlerAdapter is not aware of Server[Request|Response]Wrapper #​27146
• {*path} pattern (CaptureTheRestPathElement) includes undocumented leading slash in @PathVariable path #​27132
• NoSuchMethodError when invoke JettyWebSocketSession.getRemoteAddress in jetty 10 #​27120
• CronExpression is still broken on spring-context-5.3.8 #​27117
• SimpleMethodMetadataReadingVisitor.Source.toString() omits separator for method arguments #​27095
• DefaultPathSegment allows shared empty parameters map to be mutated #​27064
• AOP auto-proxying with proxyTargetClass=true and introduction advice does not work for JDK proxy targets #​27044
• ServletRequestDataBinder assumes Standard servlet multipart handling #​26999
• DataClassRowMapper should not override Kotlin init properties #​26569

📔 Documentation

• Add Javadoc @since to BeanDefinitionBuilder.setSynthetic() #​27155
• Fix link to Javadoc API #​27151
• Added description for HandlerInterceptor #​27122
• Fix typo in core-beans.adoc #​27113
• Fix typo in BeanDefinitionDsl.kt #​27105
• Improve docs for getContentAsByteArray method of ContentCachingRequestWrapper #​27068
• Fix explanation on default settings for content negotiation in reference doc #​27067
• Document that any @Valid* annotation triggers validation in the reference manual #​27050
• Improve RequestPartMethodArgumentResolver Javadoc #​27043
• Improve RequestResponseBodyMethodProcessor Javadoc #​27042
• Clarify that baseName in ResourceBundleMessageSource does not support multiple locations #​27038
• Link alternate documentation formats #​27015

🔨 Dependency Upgrades

• Compatibility with HtmlUnit 2.51 #​27147
• Upgrade to ASM 9.2 (for early Java 18 support) #​27069
• Upgrade to Kotlin 1.5.21 #​27110
• Upgrade to Kotlin Coroutines 1.5.1 #​27157
• Upgrade to Mockk 1.11.0 #​27109
• Upgrade to Reactor 2020.0.9 #​27158

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​hrybs
• @​filiphr
• @​takumi34
• @​diguage
• @​dennie170
• @​duan847
• @​Dunemaster
• @​izeye
• @​GungnirLaevatain
• @​Buzzardo
• @​devorio
• @​HubertWo
• @​sangyongchoi

v5.3.8

⭐ New Features

• HttpComponentsClientHttpConnector should close underlying resources #​27032
• Default value of StandaloneMockMvcBuilder.useSuffixPatternMatch differs from the same property in RequestMappingHandlerMapping #​27030
• Lookup method autowiring ignores method's generic info #​26998
• Set BEST_MATCHING_PATTERN_ATTRIBUTE on requests with WebMvc.fn #​26963
• Remove jackson-module-kotlin warning #​26962
• Switch back to parallel thread after WebSession id is generated #​26958
• Introduce ResponseEntity.internalServerError() #​26952
• Polish PORT_PATTERN in UriComponentsBuilder #​26951
• Deprecate/Remove internal APIs in ScriptUtils implementations #​26947
• Consider returning static DefaultApplicationStartup step #​26939
• Exception in Tomcat when SockJS top URL is a WebSocket upgrade #​26933
• Improve support for port numbers in allowedOriginPattern of CorsConfiguration #​26927
• Add ApplicationEvent constructor for specifying timestamp #​26871
• Add awaitExchangeOrNull extension function to reactive webclient #​26778

🪲 Bug Fixes

• Revisit fix for gh-26905 in UriComponentsBuilder #​27039
• MultipartHttpMessageWriter in WebClient doesn't use custom Jackson Encoder since 5.3.3 #​27017
• PartFile name lost when building a MultiPart #​27007
• No replacement of deprecated CronSequenceGenerator.isValidExpression #​26996
• NPE if StompEndpointRegistry has allowedOrigins with null #​26987
• CronExpression is broken on spring-context-5.3.6 #​26964
• FlightRecorderApplicationStartup is not thread safe #​26941
• Ignore delimiter enclosed in double quotes in ScriptUtils #​26935
• Ignore comments when searching for SQL statement delimiter in ScriptUtils #​26911

📔 Documentation

• spring-framework-main-code attribute has not been expanded in docs #​27041
• Document that class-level @ResponseStatus is inherited by @ExceptionHandler methods #​27031
• Improve @Transactional docs regarding method visibility #​27003
• Fix @Transactional examples regarding method visibility #​27001
• Fix typo in code example #​26980
• Document transactional semantics for @TransactionalEventListener after completion methods #​26974
• Fix typo #​26973
• Fix broken Javadoc tags #​26967

🔨 Dependency Upgrades

• Upgrade to ASM master #​27023
• Upgrade to Coroutines 1.5.0 #​26897
• Upgrade to JUnit 5.7.2 #​26946
• Upgrade to Kotlin 1.5.10 #​27035

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​hrybs
• @​dreis2211
• @​dregimbal
• @​eas5
• @​Beca-se
• @​nhavuong
• @​hunjipo
• @​gabrielerzinger
• @​aaguilera
• @​izeye
• @​medwards
• @​chenqimiao
• @​jbotuck
• @​stsypanov
• @​korektur

v5.3.7

⭐ New Features

• Ensure multipart temp directories do not collide #​26931
• SpringBeanAutowiringSupport should log at warn level when autowiring fails #​26925
• spring-context-indexer doesn't support Java records #​26909
• Ignore trailing slash in CorsConfiguration origin patterns #​26892
• RSocketRequester disposal of underlying RSocketClient #​26886
• Add PreFlightRequestWebFilter #​26885
• Avoid memory leak when PropertyComparator is reused #​26869
• Support MySQL safe updates mode in MySQLMaxValueIncrementer #​26858
• HttpStatus.resolve allocates HttpStatus.values() once per invocation #​26842
• InvalidPathException in log when running SpringBootTest with NIO Path property on Windows #​26828
• Use String.startsWith() instead of String.substring() in PatternMatchUtils #​26822
• Access to the cachedSessions in CachingConnectionFactory #​26811
• Reduce log level in ExecutorConfigurationSupport.initialize #​26810
• Avoid exceptions when evaluating validation hints #​26787

🪲 Bug Fixes

• UriComponentsBuilder handles invalid port numbers correctly #​26905
• Incorrect check in AbstractBrokerRegistration's constructor #​26896
• DataClassRowMapper doesn't correctly convert generic fields #​26881
• CorsRegistration#combine is a noop #​26877
• LinkedCaseInsensitiveMap#putIfAbsent does not honor the case where the key is associated with a null value #​26868
• Provide control over fallback charset to use in WebClientResponseException #​26866
• @ModelAttribute(binding=false) is not honored with WebFlux #​26856
• Fix Kotlin filter parameter bug in Router DSLs #​26838
• AbstractListenerReadPublisher publishing onComplete signal before onNext during heavy load #​26834
• MockMvc's MVC_RESULT_ATTRIBUTE lost with HandlerMappingIntrospector and RouterFunctions in use #​26833
• webmvc.fn onError doesn't work with CompletableFuture #​26831
• Daylight saving time issue in CronExpression #​26830
• HandlerMappingIntrospector does not work with PathPattern backed HandlerMappings #​26814
• Addition of fallback patterns to DateFormatter loses cause in Spring 5.3.5 #​26804
• Support empty file uploads with HtmlUnit and MockMvc #​26799
• Cache setup failure does not provide nested cause #​25250
• Fix web parameters resolution when injected via constructor #​25200

📔 Documentation

• Document feature to load @ModelAttribute through type conversion from a request value #​26873
• Improve advice on response handling in an ExchangeFilterFunction #​26819
• Remove leftover Javadoc from WebClient #​26807
• Add information about changed behaviour for resolving @AuthenticationPrincipal annotation #​26791
• Update Javadoc on CORS in spring-websocket #​26753
• Add advice on Spring MVC path matching for 5.3 and above to the reference documentation #​26750

🔨 Dependency Upgrades

• Upgrade to Kotlin 1.5.0 #​26792
• Upgrade to Kotlin Serialization 1.2.0 #​26887
• Upgrade to Reactor 2020.0.7 #​26890

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​hrybs
• @​PizzaCola-K
• @​izeye
• @​dreis2211
• @​mustafau
• @​encircled
• @​T45K
• @​mdeinum
• @​stsypanov
• @​glqdlt
• @​FlorianKirmaier
• @​BryceYangS
• @​ShindongLee
• @​hojongs
• @​bjh970913

v5.3.6

⭐ New Features

• Make sure file storage directory exists before usage in DefaultPartHttpMessageReader #​26790
• Allow spring-expression to be more easily repackaged for embedding in third-party JARs #​26779
• Support 'Accept-Patch' header in MVC and WebFlux #​26759
• Invalid IPv6 Address with X-Forwarded-For leads to number format exception #​26748
• awaitBodyOrNull function to handle empty body #​26731
• Reactive AbstractErrorWebExceptionHandler#htmlEscape() may be blocking #​26712
• Improve Docs on Testing Streaming Responses in Spring MVC #​26687
• Exceptions for missing request values should expose information when they are missing after conversion #​26679

🪲 Bug Fixes

• Addition of fallback patterns to temporal parser loses cause in Spring 5.3.5 #​26777
• ResourceHttpRequestHandler fails to resolve encoded paths when PathPattern is used #​26775
• Scheduling a task that runs once a day results in March 28 being skipped #​26744
• Support UTF-8 in DefaultPartHttpMessageReader #​26736
• Root path resolution for java.nio.Path properties does not work on Linux anymore #​26702
• @DirtiesContext not applied when class-level @EnabledIf evaluates to false #​26694
• MappedInterceptor in 5.3 does not support all AntPatternMatcher patterns #​26690
• BridgeMethodResolver#isBridgeMethodFor return incorrect result for kotlin code in certain circumstance #​26585

📔 Documentation

• Update ref docs regarding RequiredAnnotationBeanPostProcessor registration #​26783
• Update documentation for <context:annotation-config/> #​26782
• Fix javadoc link syntax #​26776

🔨 Dependency Upgrades

• Upgrade to Objenesis 3.2 #​26714
• Upgrade to Reactor 2020.0.6 #​26767

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​hrybs
• @​izeye
• @​runningcode
• @​BFergerson
• @​ValentinShakhov
• @​KENNYSOFT
• @​Rebwon

v5.3.5

⭐ New Features

• Expose @JmsListener endpoint id to annotation-derived listener container (for transaction definition name) #​26683
• Add support for Oracle bind marker scheme using R2DBC #​26680
• Add HTTP request cookies to the WebSocket handshake info #​26674
• Add an MockMVC alwaysDo equivalent to WebTestClient #​26662
• Ensure ClientResponse logPrefix Contains the Connection Id When Available #​26656
• Make use of Reactor Netty API for request id #​26649
• WriteResultPublisher does not pass cancel signals #​26642
• @EventListener annotated bean cannot be removed from the ApplicationEventMulticaster #​26638
• Support global @MessageExceptionHandler via @ControllerAdvice in RSocket #​26636
• Support UTF-16 and UTF-32 in Jackson HttpMessageConverters #​26627
• Add missing nullable annotation to ResponseEntity ok convenience method #​26613
• OncePerRequestFilter.isAsyncDispatch may return a NPE #​26602
• Allow AOP proxies to be created using the original ClassLoader #​26601
• WebSocketHandlerRegistration is missing option for allowedOriginPatterns #​26593
• HandlerMapping for WebSocket Requests Only #​26565
• Support cookies with Expires attribute but no Max-Age attribute in MockHttpServletResponse #​26558
• Allow logging REST endpoint mappings independent of other log categories #​26539
• Introduce 'idleReceivesPerTaskLimit' in DefaultMessageListenerContainer #​26442
• Improve handling of malformed Accept header for @ExceptionHandler methods #​24539
• Support fallback parsing patterns in @DateTimeFormat #​20292

🪲 Bug Fixes

• StatusAssertion value methods fail when used with custom status code #​26658
• Jaxb2XmlEncoder Support for Custom XML Media Types #​26655
• Local @CrossOrigin maxAge value should override global value #​26619
• Multipart boundary should strip quotes #​26616
• ServerHttpRequest content-type cannot be mutated #​26615
• Correctly set auto-growing array's element #​26600
• Change in behaviour for cron expression with day of the week range starting with SUN #​26598
• Fix handling of "file:" paths to non-existent files on Windows #​26575
• ClassLoader.getResource can throw IllegalArgumentException #​26574
• ResourceUrlProvider detects wrong set of handler mappings #​26561
• Dependency on Servlet 4.0 in spring-test makes it challenging to have Servlet 3.1 at runtime #​26555
• Response writing fails to complete with WebFlux on Tomcat #​26434
• LoadTimeWeaver no longer weaves bean classes annotated with @Component #​26199

📔 Documentation

• Fix Commons FileUpload URL in reference guide #​26678
• Update reference to deprecated CronSequenceGenerator #​26651
• Update ref docs regarding deprecated @Required annotation #​26578
• Fix build output directory for ref docs in CONTRIBUTING.md #​26556
• Document all supported SpringProperties keys in the reference manual #​26554

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.5 #​26650

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​koen-serneels
• @​sokomishalov
• @​MichelTenVoorde
• @​1993heqiang
• @​koosg
• @​limo520
• @​MichalStehlikCz
• @​cprayer
• @​Rebwon
• @​drgnchan
• @​GungnirLaevatain
• @​ShaoqiangLu
• @​izeye
• @​mp911de
• @​chenqimiao
• @​kevin0x90
• @​alex-krav
• @​candrews
• @​nullzl

---

• If you want to rebase/retry this PR, check this box