From 9cc862246f93aff1ffe76a5c8e424853700cf77e Mon Sep 17 00:00:00 2001
From: Juergen Hoeller <jhoeller@pivotal.io>
Date: Wed, 6 Mar 2019 16:23:45 +0100
Subject: [PATCH 1/2] Local https URL resolution attempt with fallback to
 parser's default

See gh-22504
---
 .../beans/factory/xml/ResourceEntityResolver.java | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/spring-beans/src/main/java/org/springframework/beans/factory/xml/ResourceEntityResolver.java b/spring-beans/src/main/java/org/springframework/beans/factory/xml/ResourceEntityResolver.java
index 989576a3fdb..e8fc351df50 100644
--- a/spring-beans/src/main/java/org/springframework/beans/factory/xml/ResourceEntityResolver.java
+++ b/spring-beans/src/main/java/org/springframework/beans/factory/xml/ResourceEntityResolver.java
@@ -114,9 +114,18 @@ public class ResourceEntityResolver extends DelegatingEntityResolver {
 				if (url.startsWith("http:")) {
 					url = "https:" + url.substring(5);
 				}
-				source = new InputSource(url);
-				source.setPublicId(publicId);
-				return source;
+				try {
+					source = new InputSource(new URL(url).openStream());
+					source.setPublicId(publicId);
+					source.setSystemId(systemId);
+				}
+				catch (IOException ex) {
+					if (logger.isDebugEnabled()) {
+						logger.debug("Could not resolve XML entity [" + systemId + "] through URL [" + url + "]", ex);
+					}
+					// Fall back to the parser's default behavior.
+					source = null;
+				}
 			}
 		}
 

From b8f29962acc8c3d67a0d828313ffa43b17ed4f82 Mon Sep 17 00:00:00 2001
From: Juergen Hoeller <jhoeller@pivotal.io>
Date: Wed, 6 Mar 2019 16:24:14 +0100
Subject: [PATCH 2/2] Upgrade to SLF4J 1.7.26, H2 1.4.198, OkHttp 3.13.1,
 WebJars Locator 0.37

Includes Mockito 2.25, Undertow 2.0.19, OpenPDF 1.2.10, JRuby 9.2.6.
---
 build.gradle                         | 6 +++---
 spring-jdbc/spring-jdbc.gradle       | 2 +-
 spring-web/spring-web.gradle         | 4 ++--
 spring-webflux/spring-webflux.gradle | 6 +++---
 spring-webmvc/spring-webmvc.gradle   | 6 +++---
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/build.gradle b/build.gradle
index ea7bd24a890..96d0715f69c 100644
--- a/build.gradle
+++ b/build.gradle
@@ -42,10 +42,10 @@ ext {
 	rxjavaVersion        = "1.3.8"
 	rxjavaAdapterVersion = "1.2.1"
 	rxjava2Version       = "2.2.7"
-	slf4jVersion         = "1.7.25"	  // spring-jcl + consistent 3rd party deps
+	slf4jVersion         = "1.7.26"	  // spring-jcl + consistent 3rd party deps
 	tiles3Version        = "3.0.8"
 	tomcatVersion        = "9.0.16"
-	undertowVersion      = "2.0.18.Final"
+	undertowVersion      = "2.0.19.Final"
 
 	gradleScriptDir = "${rootProject.projectDir}/gradle"
 	withoutJclOverSlf4J = {
@@ -156,7 +156,7 @@ configure(allprojects) { project ->
 		testCompile("junit:junit:4.12") {
 			exclude group: "org.hamcrest", module: "hamcrest-core"
 		}
-		testCompile("org.mockito:mockito-core:2.24.0") {
+		testCompile("org.mockito:mockito-core:2.25.0") {
 			exclude group: "org.hamcrest", module: "hamcrest-core"
 		}
 		testCompile("com.nhaarman:mockito-kotlin:1.6.0") {
diff --git a/spring-jdbc/spring-jdbc.gradle b/spring-jdbc/spring-jdbc.gradle
index 89cdd6309bd..6cb7d0f3958 100644
--- a/spring-jdbc/spring-jdbc.gradle
+++ b/spring-jdbc/spring-jdbc.gradle
@@ -7,7 +7,7 @@ dependencies {
 	optional(project(":spring-context"))  // for JndiDataSourceLookup
 	optional("javax.transaction:javax.transaction-api:1.3")
 	optional("org.hsqldb:hsqldb:${hsqldbVersion}")
-	optional("com.h2database:h2:1.4.197")
+	optional("com.h2database:h2:1.4.198")
 	optional("org.apache.derby:derby:10.14.2.0")
 	optional("org.apache.derby:derbyclient:10.14.2.0")
 	optional("org.jetbrains.kotlin:kotlin-reflect:${kotlinVersion}")
diff --git a/spring-web/spring-web.gradle b/spring-web/spring-web.gradle
index 4e7b0a679e9..fabb2266046 100644
--- a/spring-web/spring-web.gradle
+++ b/spring-web/spring-web.gradle
@@ -38,7 +38,7 @@ dependencies {
 		exclude group: "javax.servlet", module: "javax.servlet-api"
 	}
 	optional("org.eclipse.jetty:jetty-reactive-httpclient:1.0.2")
-	optional("com.squareup.okhttp3:okhttp:3.12.1")
+	optional("com.squareup.okhttp3:okhttp:3.13.1")
 	optional("org.apache.httpcomponents:httpclient:4.5.7") {
 		exclude group: "commons-logging", module: "commons-logging"
 	}
@@ -74,7 +74,7 @@ dependencies {
 	testCompile("org.apache.tomcat.embed:tomcat-embed-core:${tomcatVersion}")
 	testCompile("org.eclipse.jetty:jetty-server")
 	testCompile("org.eclipse.jetty:jetty-servlet")
-	testCompile("com.squareup.okhttp3:mockwebserver:3.12.1")
+	testCompile("com.squareup.okhttp3:mockwebserver:3.13.1")
 	testCompile("org.jetbrains.kotlin:kotlin-reflect:${kotlinVersion}")
 	testCompile("org.skyscreamer:jsonassert:1.5.0")
 	testCompile("org.xmlunit:xmlunit-matchers:2.6.2")
diff --git a/spring-webflux/spring-webflux.gradle b/spring-webflux/spring-webflux.gradle
index 5df33a8b247..f8903b3c9e9 100644
--- a/spring-webflux/spring-webflux.gradle
+++ b/spring-webflux/spring-webflux.gradle
@@ -17,7 +17,7 @@ dependencies {
 	optional(project(":spring-context-support"))  // for FreeMarker support
 	optional("javax.servlet:javax.servlet-api:4.0.1")
 	optional("javax.websocket:javax.websocket-api:1.1")
-	optional("org.webjars:webjars-locator-core:0.36")
+	optional("org.webjars:webjars-locator-core:0.37")
 	optional("org.freemarker:freemarker:${freemarkerVersion}")
 	optional("com.fasterxml.jackson.core:jackson-databind:${jackson2Version}")
 	optional("com.fasterxml.jackson.dataformat:jackson-dataformat-smile:${jackson2Version}")
@@ -51,11 +51,11 @@ dependencies {
 	testCompile("org.eclipse.jetty:jetty-server")
 	testCompile("org.eclipse.jetty:jetty-servlet")
 	testCompile("org.eclipse.jetty:jetty-reactive-httpclient:1.0.2")
-	testCompile("com.squareup.okhttp3:mockwebserver:3.12.1")
+	testCompile("com.squareup.okhttp3:mockwebserver:3.13.1")
 	testCompile("org.jetbrains.kotlin:kotlin-script-runtime:${kotlinVersion}")
 	testRuntime("org.jetbrains.kotlin:kotlin-script-util:${kotlinVersion}")
 	testRuntime("org.jetbrains.kotlin:kotlin-compiler:${kotlinVersion}")
-	testRuntime("org.jruby:jruby:9.2.5.0")
+	testRuntime("org.jruby:jruby:9.2.6.0")
 	testRuntime("org.python:jython-standalone:2.7.1")
 	testRuntime("org.synchronoss.cloud:nio-multipart-parser:1.1.0")
 	testRuntime("org.webjars:underscorejs:1.8.3")
diff --git a/spring-webmvc/spring-webmvc.gradle b/spring-webmvc/spring-webmvc.gradle
index 21290919f93..e6c78825a05 100644
--- a/spring-webmvc/spring-webmvc.gradle
+++ b/spring-webmvc/spring-webmvc.gradle
@@ -21,9 +21,9 @@ dependencies {
 	optional("javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:1.2.1")
 	optional("javax.el:javax.el-api:3.0.1-b04")
 	optional("javax.xml.bind:jaxb-api:2.3.1")
-	optional("org.webjars:webjars-locator-core:0.36")
+	optional("org.webjars:webjars-locator-core:0.37")
 	optional("com.rometools:rome:1.12.0")
-	optional("com.github.librepdf:openpdf:1.2.7")
+	optional("com.github.librepdf:openpdf:1.2.10")
 	optional("org.apache.poi:poi-ooxml:4.0.1")
 	optional("org.freemarker:freemarker:${freemarkerVersion}")
 	optional("com.fasterxml.jackson.core:jackson-databind:${jackson2Version}")
@@ -74,7 +74,7 @@ dependencies {
 	testCompile("org.jetbrains.kotlin:kotlin-script-runtime:${kotlinVersion}")
 	testRuntime("org.jetbrains.kotlin:kotlin-script-util:${kotlinVersion}")
 	testRuntime("org.jetbrains.kotlin:kotlin-compiler:${kotlinVersion}")
-	testRuntime("org.jruby:jruby:9.2.5.0")
+	testRuntime("org.jruby:jruby:9.2.6.0")
 	testRuntime("org.python:jython-standalone:2.7.1")
 	testRuntime("org.webjars:underscorejs:1.8.3")
 	testRuntime("org.glassfish:javax.el:3.0.1-b08")