Since SerializationUtils#deserialize is based on Java's serialization
mechanism, it can be the source of Remote Code Execution (RCE)
vulnerabilities.
Closes gh-28075
This commit adds default methods to CachingConfigurer and
JCacheConfigurer and removes the reference to their respective support
classes as they are now irrelevant.
Closes gh-27811
Prior to this commit, Spring's SchedulerFactoryBean always set the
"org.quartz.jobStore.class" property to LocalDataSourceJobStore even if
the user had already specified a custom JobStore implementation via the
Quartz properties file or Properties object, thereby effectively
ignoring the user configuration.
This commit addresses this by configuring Quartz to use Spring's
LocalDataSourceJobStore only if a JobStore has not already been
specified via user configuration.
Closes gh-27560
In order to catch Javadoc errors in the build, we now enable the
`Xwerror` flag for the `javadoc` tool. In addition, we now use
`Xdoclint:syntax` instead of `Xdoclint:none` in order to validate
syntax within our Javadoc.
This commit fixes all resulting Javadoc errors and warnings.
This commit also upgrades to Undertow 2.2.12.Final and fixes the
artifact names for exclusions for the Servlet and annotations APIs.
The incorrect exclusion of the Servlet API resulted in the Servlet API
being on the classpath twice for the javadoc task, which resulted in the
following warnings in previous builds.
javadoc: warning - Multiple sources of package comments found for package "javax.servlet"
javadoc: warning - Multiple sources of package comments found for package "javax.servlet.http"
javadoc: warning - Multiple sources of package comments found for package "javax.servlet.descriptor"
javadoc: warning - Multiple sources of package comments found for package "javax.servlet.annotation"
Closes gh-27480
To slightly improve performance, this commit switches to
StringBuilder.append(char) instead of StringBuilder.append(String)
whenever we append a single character to a StringBuilder.
Closes gh-27098
Prior to this commit, some tests would belong to the PERFORMANCE
`TestGroup`, while they were not testing for performance but rather
performing functional tests that involve long running operations or
timeouts.
This commit moves those tests to the LONG_RUNNING `TestGroup`.
See gh-24830
Includes deprecation of JdbcUtils.extractDatabaseMetaData(DataSource, String) in favor of the now generified version of extractDatabaseMetaData(DataSource, DatabaseMetaDataCallback).
Closes gh-25681
Closes gh-25686
This commit renames the Runnable variant to executeWithoutResult
and uses a Consumer<TransactionStatus> parameter for better
consistency with TransactionCallbackWithoutResult.
Closes gh-23724
Prior to this commit, the Spring Framework build would partially use the
dependency management plugin to import and enforce BOMs.
This commit applies the dependency management plugin to all Java
projects and regroups all version management declaration in the root
`build.gradle` file (versions and exclusions).
Some versions are overridden in specific modules for
backwards-compatibility reasons or extended support.
This commit also adds the Gradle versions plugin that checks for
dependency upgrades in artifact repositories and produces a report; you
can use the following:
./gradlew dependencyUpdates
@CacheEvict.beforeInvocation suggests immediate execution even in case of transactional caches. The cache interceptor delegates to the new evictIfPresent/invalidate operations now which imply immediate execution semantics (and also provide an indication for whether any corresponding entries where present when programmatically called).
Closes gh-23192
This commit improves FreeMarkerConfigurerTests in spring-webmvc by
testing against FreeMarkerConfigurer instead of
FreeMarkerConfigurationFactoryBean and moves the original
FreeMarkerConfigurationFactoryBeanTests to spring-context-support in
the org.springframework.ui.freemarker package.
Closes gh-23073
Organize test imports to expand all '.*' static imports into
fully qualified imports.
This update will allow us to use additional checkstyle rules in
the future, and will also help if we migrate fully to AssertJ.
* Add limited checkstyles to test code
Add a limited set of checkstyle rules to the test codebase to improve
code consistency.
* Fix checksyle violations in test code
* Organize imports to fix checkstyle for test code
* Migrate to assertThatExceptionOfType
Migrate aware from ExpectedException rules to AssertJ exception
assertions. Also include a checkstyle rules to ensure that the
the ExpectedException is not accidentally used in the future.
See gh-22894
Such a static unmodifiable TransactionDefinition with defaults can be used for getTransaction(null) calls, now also possible for getReactiveTransaction. Furthermore, it can be used for a simple TransactionalOperator.create(ReactiveTransactionManager) method without an internal dependency on the transaction.support package.
See gh-22646
Loïc Ledoyen
Sam Brannen
a.yazychyan
Juergen Hoeller
izeye
Stephane Nicoll
Daniil Pozdeev
Brian Clozel
Сергей Цыпанов
Stephane Nicoll
XenoAmess
Juergen Hoeller
Sam Brannen
Qimiao Chen
Sam Brannen
Sebastien Deleuze
douddle
Phillip Webb
Brian Clozel
Issam El-atif