Using the "quotes" substitution group by default leads to side effect
when the "*" character is used. This is especially true for AOP pointcut
or for MVC mappings.
Plain verbatim might work most of the time unless you intend to highlight
a piece of code or a comment.
Issue: SPR-12456
Upgrade undertow dependency to 1.1.0.Final.
Add support for undertow 1.1.0.Final in the
UndertowRequestUpgradeStrategy, after a breaking change in the
`io.undertow.websockets.jsr.ConfiguredServerEndpoint` constructor.
Issue: SPR-12302
SPR-12354 applied new checks to make sure that served static resources
are under authorized locations.
Prior to this change, serving static resources from Servlet 3 locations
such as "/webjars/" would not work since those locations can be within
one of the JARs on path. In that case, the checkLocation method would
return false and disallow serving that static resource.
This change fixes this issue by making sure to call the
`ServletContextResource.getPath()` method for servlet context resources.
Note that there's a known workaround for this issue, which is using a
classpath scheme as location, such as:
"classpath:/META-INF/resources/webjars/" instead of "/webjars".
Issue: SPR-12432
This commit fixes the parsing of message destinations such as
"/user/anna/queue/foo", reverting a regression introduced by SPR-11506,
which worked well with @SendToUser use cases but caused issues for
messages sent to other users.
Issue: SPR-12444
Prior to this commit, JOptCommandLinePropertySource prevented the
possibility of non-String option arguments. This effectively prevents
the use of JOpt's #ofType support (which allows specifying custom
argument types).
Now, non-String arguments are detected and converted to strings as
necessary. JOpt's #ofType now works as expected. A test has been added
to cover this case.
Without this change the plus operator would fail to
include a CHECKCAST in generated bytecode when it
was compiled in cases where one of the operands
has a runtime type of String but a statically
declared type that was not String (i.e. Object).
Issue: SPR-12426
- remove leading '/' and control chars
- improve url and relative path checks
- account for URL encoding
- add isResourceUnderLocation final verification
Issue: SPR-12354
The following commit allowed HTTP DELETE with body:
584b831bb9
However it broke buffered requests even without a body since JDK 1.6
and 1.7 do not support calls to getOutputStream with HTTP DELETE.
This commit set the doOutput flag back to false if the actual buffered
body is 0 length.
Issue: SPR-12361
Prior to this commit, finding out how many application contexts had
been loaded within a test suite required the use of reflection and a
bit of hacking.
This commit addresses this issue by logging ContextCache statistics
whenever an application context is loaded by the Spring TestContext
Framework (TCF).
The log output can be enabled by setting the
"org.springframework.test.context.cache" logging category to DEBUG.
Issue: SPR-12409
Prior to this change, duplicate SubProtocolHandlers could be registered
when configuring STOMP with several registrations:
public void registerStompEndpoints
(final StompEndpointRegistry registry) {
this.endpointRegistry.addEndpoint("/stompOverWebSocket");
this.endpointRegistry.addEndpoint("/stompOverSockJS").withSockJS();
}
This commit registers sub-protocols in a Set instead of a list (see
SubProtocolWebSocketHandler), thus fixing the issue.
Issue: SPR-12403
As indicated by our recent Spring Integration test failure, autowiring attempts after context closing did not fail before. After the introduction of the separately managed manualSingletonNames set, the algorithm could run into a situation where a singleton name is still in the manualSingletonNames set but not in the singletonObjects map anymore. As a remedy, destroySingletons needs to explicitly clear the manualSingletonNames set in order to remove references to non-disposable singleton beans as well (which are otherwise left in the set since individual destroySingleton calls only come in for disposable beans with destroy methods).
Issue: SPR-12404
Juergen Hoeller
Stephane Nicoll
Brian Clozel
Chris Beams
Andy Clement
Gary Russell
Spring Buildmaster
Rossen Stoyanchev
Sebastien Deleuze
Sam Brannen