root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
31,152 Commits 17 Branches 354 Tags 372 MiB
Java 97.7%
Kotlin 2.1%
Go to file
Brian Clozel 8cd2c40860 Improve random source in SockJS server support 
Prior to this commit, the SockJs server support would use
`java.util.Random` to send a random value to clients when they request
the `/info` endpoint. Per protocol, clients can use this value as a
source of entropy for generating a random session id.

In practice, this is not used by clients. For example, the SockJS
javascript client is using a cryptographically safe API to generate
session ids.

While this has no concrete effect on known clients, this commit improves
the random source in the server support by switching to
`java.security.SecureRandom`.

Closes gh-33632
 		2024-10-01 21:29:19 +02:00
.github Merge branch '6.1.x' 2024-08-09 15:52:35 +02:00
buildSrc Upgrade to SLF4J 2.0.16, Tomcat 10.1.29, Jetty 12.0.13, Netty 4.1.113, Undertow 2.3.17, AssertJ 3.26.3, Checkstyle 10.18.1 2024-09-11 17:16:14 +02:00
framework-api Fix warning in doc generation 2024-07-23 15:06:59 +02:00
framework-bom
framework-docs Introduce enforceOverride flag in @⁠TestBean and @⁠MockitoBean 2024-09-30 14:32:53 +02:00
framework-platform Upgrade to Jackson 2.18 2024-09-30 13:53:22 +02:00
gradle Merge branch '6.1.x' 2024-09-24 10:47:14 +02:00
integration-tests Merge branch '6.1.x' 2024-07-15 11:49:47 +02:00
spring-aop Merge branch '6.1.x' 2024-09-27 19:17:32 +02:00
spring-aspects Harmonize NoUniqueBeanDefinitionException message 2024-08-02 16:24:43 +02:00
spring-beans Replace 'e.g.' with 'for example' in documentation and comments 2024-09-26 14:11:17 +02:00
spring-context Avoid usage of deprecated AssertJ feature 2024-09-30 12:41:35 +02:00
spring-context-indexer Polish 2024-01-17 18:41:15 +01:00
spring-context-support Replace 'e.g.' with 'for example' in documentation and comments 2024-09-26 14:11:17 +02:00
spring-core Update copyright header 2024-10-01 12:35:01 +02:00
spring-core-test Merge branch '6.1.x' 2024-04-23 15:34:49 +02:00
spring-expression Replace 'e.g.' with 'for example' in documentation and comments 2024-09-26 14:11:17 +02:00
spring-instrument Ensure all packages declare package-info.java with null-safety annotations 2023-03-10 17:33:52 +01:00
spring-jcl Replace 'e.g.' with 'for example' in documentation and comments 2024-09-26 14:11:17 +02:00
spring-jdbc Replace 'e.g.' with 'for example' in documentation and comments 2024-09-26 14:11:17 +02:00
spring-jms Replace 'e.g.' with 'for example' in documentation and comments 2024-09-26 14:11:17 +02:00
spring-messaging Upgrade to Jackson 2.18 2024-09-30 13:53:22 +02:00
spring-orm Replace transaction isolation synchronization with ReentrantLock 2024-09-27 11:36:21 +02:00
spring-oxm Merge branch '6.1.x' 2024-07-26 16:41:13 +03:00
spring-r2dbc Replace 'e.g.' with 'for example' in documentation and comments 2024-09-26 14:11:17 +02:00
spring-test Do not replace existing Bean Override definition with pseudo-definition 2024-10-01 12:20:27 +02:00
spring-tx Reuse NoTransactionInContextException instances 2024-09-27 17:45:02 +02:00
spring-web Upgrade to Jackson 2.18 2024-09-30 13:53:22 +02:00
spring-webflux Merge branch '6.1.x' 2024-09-30 11:17:55 +02:00
spring-webmvc remove unused keyword 2024-09-26 21:49:22 +02:00
spring-websocket Improve random source in SockJS server support 2024-10-01 21:29:19 +02:00
src Merge branch '6.1.x' 2024-08-18 13:04:21 +02:00
.editorconfig
.gitattributes
.gitignore Modernize Antora Build 2024-05-22 10:20:20 +02:00
.sdkmanrc Upgrade to Java 17.0.12 2024-08-04 09:34:13 +02:00
CONTRIBUTING.md Replace 'e.g.' with 'for example' in documentation and comments 2024-09-26 14:11:17 +02:00
LICENSE.txt
README.md Merge branch '6.1.x' 2024-06-10 10:48:49 +01:00
SECURITY.md Mention JAR signing key in SECURITY.md 2023-03-17 22:32:33 +01:00
build.gradle Upgrade to JUnit 5.11.1 2024-09-25 11:33:29 +02:00
gradle.properties Merge branch '6.1.x' 2024-09-03 15:35:03 +02:00
gradlew Upgrade to Gradle 8.9 2024-07-14 11:21:52 +02:00
gradlew.bat Upgrade to Gradle 8.9 2024-07-14 11:21:52 +02:00
import-into-eclipse.md
import-into-idea.md
settings.gradle Fix build warnings 2024-04-30 19:10:31 +02:00
update_copyright_headers.sh Use correct Kotlin file extension in update_copyright_headers.sh 2023-02-19 13:41:36 +01:00

README.md

Spring Framework Build Status Revved up by Develocity

This is the home of the Spring Framework: the foundation for all Spring projects. Collectively the Spring Framework and the family of Spring projects are often referred to simply as "Spring".

Spring provides everything required beyond the Java programming language for creating enterprise applications for a wide range of scenarios and architectures. Please read the Overview section of the reference documentation for a more complete introduction.

Code of Conduct

This project is governed by the Spring Code of Conduct. By participating, you are expected to uphold this code of conduct. Please report unacceptable behavior to spring-code-of-conduct@spring.io.

Access to Binaries

For access to artifacts or a distribution zip, see the Spring Framework Artifacts wiki page.

Documentation

The Spring Framework maintains reference documentation (published and source), GitHub wiki pages, and an API reference. There are also guides and tutorials across Spring projects.

Micro-Benchmarks

See the Micro-Benchmarks wiki page.

Build from Source

See the Build from Source wiki page and the CONTRIBUTING.md file.

Continuous Integration Builds

Information regarding CI builds can be found in the Spring Framework Concourse pipeline documentation.

Stay in Touch

Follow @SpringCentral, @SpringFramework, and its team members on 𝕏. In-depth articles can be found at The Spring Blog, and releases are announced via our releases feed.

License

The Spring Framework is released under version 2.0 of the Apache License.