Update `OriginTrackedYamlLoader` to remove node limits and recursive
parsing restrictions. SnakeYAML 1.26 introduced these options in order
to protect against the "billion laugh attacks" but since we consider
`application.yml` files to be trusted, we don't need these restrictions.
Fixes gh-23096
Extend `initializeSystem` to search the exception stack for a
FileNotFoundException before reporting the error. This allows
us to provide a similar stack trace to the one that used to be
thrown when we had the `ResourceUtils.getURL` check.
See gh-22946
Remove `ResourceUtils.getURL` checking from `LoggingApplicationListener`
so that logging systems can implement custom location support.
Prior to this commit, we checked in the listener if the specified config
location could be opened as a URL. This unfortunately prevents Log4J
extensions such as `log4j-spring-cloud-config-client` from implementing
configurable SSL and credentials support.
See gh-22946
Prior to this commit, DebugAgentEnvironmentPostProcessor throws a
RuntimeException with a generic error message if its initialization
fails. The causing exception is discarded, which makes error analysis
unnecessarily difficult.
This commit attaches the cause to the newly thrown RuntimeException.
See gh-22777
Prior to this commit, the HTTP/2 server auto-configuration for Jetty
would require Conscrypt as a hard dependency.
This commit updates the auto-configuration for more flexibility and now
allows the following deployments:
* JDK9+ with the JDK ALPN implementation
* JDK8u252+ with the backported ALPN implementation
* Conscrypt with no JDK requirement
The auto-configuration now improves detection and guides developers in
case there is a missing `jetty-alpn-*-server` dependency.
The reference docs in the HOWTO section has been updated accordingly.
Closes gh-22188
Prior to this change, TaskExecutorBuilder used seconds as its precision
to map the awaitTerminationPeriod value. This caused a loss of
millisecond information in the period.
This commit fixes the loss by converting the period to millisecond and
using setAwaitTerminationMillis to configure the executor.
See gh-22604
Previously, ignoring invalid fields would cause the failure for an
unknown field to be ignored, irrespective of the ignoreUnknownFields
attribute on `@ConfigurationProperties`.
This commit updates the NoUnboundElementsBindHandler to ensure that
any UnboundConfigurationPropertiesException is thrown rather than
being ignored when the handler has been wrapped by an
IgnoreErrorsBindHandler.
Fixes gh-22308
Previously, regular bean definitions for configuration properties classes
that attempt to use constructor binding were detected in a bean factory
post-processor, ConfigurationPropertiesBeanDefinitionValidator. This
validation examined every standard bean definition and failed if it
encountered one for a class that should have used constructor binding.
There were two downsides to this approach:
1. Reflection used to identify if the bean should be using constructor
binding triggered class loading that could prevent subsequent
instrumentation by a load-time weaver.
2. The cost of the validation was incurred when there was no
misconfiguration to report.
This commit replaces ConfigurationPropertiesBeanDefinitionValidator
with a failure analyzer. This failure analyzer only runs once a failure
has occurred and the application context is not going to complete
refresh. This avoids causing problems with subsequent instrumentation
and also avoids the cost of validation and error reporting unless there
is an error.
Fixes gh-20798
Previously, the tests used absolute values to verify that the work
had completed sufficiently quickly. This led to flaky tests in
environments where the performance can be variable such as CI.
This commit tries to make the tests more robust by comparing the
performance to a baseline and requiring it to be twice as fast.
Closes gh-22137
Previously, when file-based logging was enabled, Logback would output
the following during logging system initialization:
LOGBACK: No context given for c.q.l.core.rolling.SizeAndTimeBasedRollingPolicy
This commit updates the default logback configuration to set the
context on the SizeAndTimeBasedRollingPolicy that it creates.
Fixes gh-21056
Previously, Spring Boot's modules published Gradle Module Metadata
(GMM) the declared a platform dependency on spring-boot-dependencies.
This provided versions for each module's own dependencies but also had
they unwanted side-effect of pulling in spring-boot-dependencies
constraints which would influence the version of other dependencies
declared in the same configuration. This was undesirable as users
should be able to opt in to this level of dependency management, either
by using the dependency management plugin or by using Gradle's built-in
support via a platform dependency on spring-boot-dependencies.
This commit reworks how Spring Boot's build uses
spring-boot-dependencies and spring-boot-parent to provide its own
dependency management. Configurations that aren't seen by consumers are
configured to extend a dependencyManagement configuration that has an
enforced platform dependency on spring-boot-parent. This enforces
spring-boot-parent's version constraints on Spring Boot's build without
making them visible to consumers. To ensure that the versions that
Spring Boot has been built against are visible to consumers, the
Maven publication that produces pom files and GMM for the published
modules is configured to use the resolved versions from the module's
runtime classpath.
Fixes gh-21911
Update `AvailabilityChangeEvent` to be a `PayloadEvent` and ensure
that the `getResolvableType` method returns a generic compatible
result.
Prior to this commit, a ClassCastExeption would be thrown if the
following event listener was declared:
@EventListener
void onEvent(AvailabilityChangeEvent<ReadinessState> event) {
...
}
Closes gh-21898
This commit aligns log4j2's behavior with logback such that loggers
with a null configuredLevel are also returned by the actuator endpoint.
Fixes gh-20037
Allow `BeanDefinitionLoader` to load classes that don't have public
constructors. The constraint was first introduced in d82c50804f to
solve an issue with anonymous Groovy classes but causes particular
problems with `@SpringBootTest`.
See gh-20929
Update `SpringBootServletInitializer` to use the `ServletContext` that
was provided to the initial `onStartup` call rather than the
one from the `ServletContextEvent`. This allows the `getClassLoader()`
call to complete without throwing an `UnsupportedOperationException`.
Fixes gh-21684
Update `SpringConfigurationPropertySource` so that wrapped random
property sources can be used. It's assumed that wrapped random
sources will use the name of the source as the prefix.
Closes gh-21595
Previously, an AvailabilityChangeEvent was published when the servlet
and reactive web server application contexts were closed, irrespective
of whether or not the context was active. This caused problems when
the context was not active due to a refresh failure as the event
publication could then trigger bean creation and post-processing that
relied upon beans that had been destroyed when cleaning up after the
refresh failure. The most commonly seen symptom was a missing
importRegistry bean that is required by ImportAwareBeanPostProcessor.
This commit updates the two web server application contexts to only
publish the availability change event if the context is active.
Fixes gh-21588
There's a bug in Undertow that means it may leak a file handle is
the server is stopped immediately after a response to an SSL request
has been received. The stop processing races with Undertow's SSL
support tidying things up after sending the response. When the stop
processing wins, the tidying up fails with a NullPointerException that
prevents an input stream from being closed. On Windows, the input
stream remaining open prevents JUnit from being able to clean up its
temporary directory.
This commit uses Awaitility to wait for the file that's being served
over SSL to be deleted before stopping the server. On Windows, this
will delay the stop processing from beginning until after the tidy up
that's performed after sending the response has been completed,
hopefully eliminating the race condition that resulted in the input
stream being left open.
Fixes gh-21172
Stephane Nicoll
Phillip Webb
Ralph Goers
Andy Wilkinson
spencergibb
Scott Frederick
Lopfest
Madhura Bhave
davidbilge
Brian Clozel
Tadaya Tsuyukubo
May
Johnny Lim
dreis2211
Vlad Kisel
OrangeDog
wonwoo