This change remove the support for Mockito annotations, `MockitoSession`
and opening/closing of mocks that was inherited from Boot's `@MockBean`
support, as well as the switch to `MockitoSession` made in 1c893e6.
Attempting to take responsability for things Mockito's own JUnit
Jupiter extension does better is not ideal, and we found it leads to
several corner cases which make `SpringExtension` and `MockitoExtension`
incompatible in the current approach.
Instead, this change refocuses our Mockito bean overriding support
exclusively on aspects specific to the Framework. `MockitoExtension`
will thus be usable in conjunction with `SpringExtension` if one needs
to use `@Captor`/`@InitMocks`/`@Mock`/`@Spy` or other Mockito utilities.
See gh-33318
Closes gh-33692
Prior to this commit, our XML parser usage would be already haredened
against XXE (XML External Entities) attacks. Still, we recently received
several invalid security reports claiming that our setup should be
hardened.
This commit documents a few usages of XML parsers to add some more
context and hopefully prevent future invalid reports.
Closes gh-33713
Because Spring Framework already has a security policy, this shows up in
the issue template automatically. This commit removes the extra external
link and updates the original security policy.
See gh-33711
Prior to this commit, this repository had a single issue template
markdown file that listed all the information for creating a new issue
in this project. Because there was a lot, people missed warnings against
creating security reports publicly or asking questions in the issue
tracker.
This commit introduces an issue template configuration that provides
developers with a choice before creating the actual issue.
Closes gh-33711
Rather than leaving it to the Resource implementation, and
potentially normalizing twice, we apply it once as part of the
initial processPath checks.
Closes gh-33689
Prior to this commit, the JMS connection factories would proxy various
interfaces. This typically requires runtime hints for GraalVM native
applications and spring-jms is missing those.
This commit adds a new `ConnectionFactoriesRuntimeHints` that
contributes such hints with type conditions.
Fixes gh-33590
When assessing if a request is a CORS request, both mvc and reactive
`DefaultCorsProcessor` now catch `IllegalArgumentException` and turn
this into a 403 rejection rather than letting the exception propagate
into a 500 response.
Closes gh-33688
Prior to this commit, the MockitoResetTestExecutionListener failed to
reset mocks created via @MockitoBean if the @MockitoBean field was
declared in an enclosing class for a @Nested test class. In addition,
the MockitoSession was not properly managed by the
MockitoTestExecutionListener.
This commit addresses those issue as follows.
1) The hasMockitoAnnotations() utility method has been overhauled so
that it finds Mockito annotations not only on the current test class
and on fields of the current test class but also on interfaces,
superclasses, and enclosing classes for @Nested test classes as well
as on fields of superclasses and enclosing classes.
That allows the MockitoResetTestExecutionListener to properly detect
that it needs to reset mocks for fields declared in enclosing classes
for @Nested classes.
2) MockitoTestExecutionListener has been revised so that it only
initializes a MockitoSession before each test method and closes the
MockitoSession after each test method. In addition, it now only manages
the MockitoSession when hasMockitoAnnotations() returns true for the
current test class (which may be a @Nested test class). Furthermore,
it no longer attempts to initialize a MockitoSession during the
prepareTestInstance() callback since that results in an
UnfinishedMockingSessionException for a @Nested test class due to the
fact that a MockitoSession was already created for the current thread
for the enclosing test class.
Closes gh-33676
Juergen Hoeller
rstoyanchev
Simon Baslé
Brian Clozel
Habin Song
Sam Brannen
Rossen Stoyanchev
Stéphane Nicoll
Sébastien Deleuze
Tran Ngoc Nhan
KimJuHyun
海子 Yang
Hosam Aly
Sangmin Park