Javadoc

Add Javadoc note explaining that StringUtils.cleanPath should not be
depended on in security context.

spring-core/src/main/java/org/springframework/util/StringUtils.java

@@ -645,6 +645,9 @@ public abstract class StringUtils {
 	 * inner simple dots.
 	 * <p>The result is convenient for path comparison. For other uses,
 	 * notice that Windows separators ("\") are replaced by simple slashes.
+	 * <p><strong>NOTE</strong> that {@code cleanPath} should not be depended
+	 * upon in a security context. Other mechanisms should be used to prevent
+	 * path-traversal issues.
 	 * @param path the original path
 	 * @return the normalized path
 	 */