Update dependency org.springframework:spring-web to v6

[mend-for-github-com]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
org.springframework:spring-web	dependencies	major	5.3.26 → 6.2.17

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability	Reachability
Critical	9.8	CVE-2016-1000027
High	8.1	CVE-2024-22243
High	8.1	CVE-2024-22259
High	8.1	CVE-2024-22262
Medium	5.3	CVE-2024-38809
Low	3.1	CVE-2024-38820
Low	2.6	CVE-2026-22735

---

Release Notes

spring-projects/spring-framework (org.springframework:spring-web)

v6.2.17

⭐ New Features

• Leverage ResourceHandlerUtils in ScriptTemplateView #​36459
• Restore ScriptTemplateViewTests #​36457
• Fix log message in ConfigurationClassBeanDefinitionReader #​36454
• Resolve context initializers only once in AbstractTestContextBootstrapper #​36431
• Exclude legacy @javax.validation.Constraint from convention-based annotation attribute override check #​36412
• Optimize MediaType(MediaType, Charset) constructor #​36351
• Optimize the addition of a charset to the MediaType in AbstractHttpMessageConverter #​36350
• Consistent adaptation of HTTP headers on Servlet responses #​36345
• Improve performance of validation groups determination in WebFlux #​36337
• Detect all common size exceptions from Tomcat and Commons FileUpload 2.x #​36324

🐞 Bug Fixes

• Guard against invalid id/event values in Server Sent Events #​36442
• Incomplete debug message in ConfigurationClassBeanDefinitionReader #​36411
• Inconsistent ApplicationEventMulticaster state after removing ApplicationListener implemented by FactoryBean #​36405
• Graceful shutdown of SimpleAsyncTaskExecutor #​36384
• HttpMediaTypeException thrown when calculating compatible media types #​36363
• ResolvableType#getGenerics() breaks serialization #​36347
• Multipart upload leak on client abort (ByteBuf.release() not called) #​36327

📔 Documentation

• Document @Fallback alongside Primary in the reference manual and @Bean Javadoc #​36441
• Document registration recommendations for BeanPostProcessor and BeanFactoryPostProcessor #​36436
• Fix links to UriComponentsBuilder and polish examples #​36406
• Emphasize @Configuration classes over XML and Groovy in testing chapter #​36394
• Polish SpEL operator examples in reference docs #​36375

🔨 Dependency Upgrades

• Upgrade to JUnit 5.14.3 #​36388
• Upgrade to Micrometer 1.15.10 #​36446
• Upgrade to Reactor 2024.0.16 #​36445

v6.2.16

⭐ New Features

• Improve performance of hashcode calculations for request mappings #​36297
• Improve performance of HandlerMethod bean lookup #​36296
• Improve performance of validation groups determination #​36295
• Improve performance of single pattern request mappings #​36294
• Optimize NamedParameterUtils#buildValueArray by lazily fetching SqlParameter #​36232
• Consistently close streams through try-with-resources in FileCopyUtils #​36224
• SqlBinaryValue and SqlCharacterValue should support InputStream content with undetermined length #​36220
• DataBufferUtils.write() with NettyDataBuffer on JDK 25 hangs indefinitely #​36189
• WebClient (Reactor) attributes on Netty channel do not clear after connection release #​36163
• Reintroduce WebLogicJtaTransactionManager in Spring Framework 6.2.x #​36152
• DisconnectedClientHelper should detect presence of RestClientException and WebClientException separately #​36150
• Add DataAccessException and MessagingException to the excluded outermost exceptions in DisconnectedClientHelper #​36135
• Improve user check in TransportHandlingSockJsService #​36129

🐞 Bug Fixes

• Avoid lock congestion in ConcurrentReferenceHashMap #​36308
• Resolved HttpEntity Controller argument does not reflect mutated HTTP headers #​36301
• AbstractMessageConverter does not support wildcards in supported MIME types #​36286
• Make LocalEntityManagerFactoryBean#setDataSource work on Hibernate as well as EclipseLink #​36272
• Deadlock might occur when calling System.exit on startup (against multiple shutdown hooks) #​36268
• Netty4HeadersAdapter.remove returns empty list instead of null for non-existing key #​36227
• EclipseLinkConnectionHandle can fail against transaction isolation race condition #​36166
• WiretapConnector leaks data buffers when response body not consumed #​36051
• UriComponentsBuilder loses the fragment when it consists of only a single character #​36035
• SimpleBeanInfoFactory fails to reliably resolve read/write methods in type hierarchies with unresolved generics #​36026

📔 Documentation

• Fix links to JUnit User Guide #​36218
• Fix LocalContainerEntityManagerFactoryBean#setPersistenceUnitName javadoc #​36206
• Update documentation on trailing slash handling where type-level @GetMapping("/base") is combined with method level @GetMapping("/") #​36200
• Update documentation on the MediaType used for ProblemDetail #​36193
• Replace getErrors() with getBindingResult() in examples #​36172
• Upgrade Antora dependencies #​36106
• Fix typos and grammar #​36023

🔨 Dependency Upgrades

• Bump fast-xml-parser from 4.5.2 to 5.3.4 in /framework-docs #​36239
• Upgrade to ASM 9.9.1 and Objenesis 3.5 #​36244
• Upgrade to JUnit 5.14.2 #​36148
• Upgrade to Micrometer 1.15.9 #​36290
• Upgrade to Reactor 2024.0.15 #​36289

v6.2.15

⭐ New Features

• Avoid package cycle caused by use of UriComponentsBuilder in ServletServerHttpRequest #​35954
• DefaultHandshakeHandler should not log client faults on error level #​35948
• Use concurrent set behind reactive TransactionSynchronizationManager#registerSynchronization #​35922
• Expose Collection on FragmentsRendering to facilitate Unit Tests #​35912
• Different ReactorNettyWebSocketSession call getId() may return the same value #​35911
• Enhance handleTypeMismatch error message in ResponseEntityExceptionHandler #​35878

🐞 Bug Fixes

• NullPointerException thrown from JdkClientHttpRequestFactory for null request header value #​35998
• State inconsistency in LazyConnectionDataSourceProxy when connection settings fail #​35981
• SubscriberInputStream#resume misuses parked thread reference #​35979
• PathMatchingResourcePatternResolver fails with URI in JAR manifest Class-Path entries #​35967
• Strong locking in ConcurrentReferenceHashMap#computeIfAbsent may cause context initialisation deadlock #​35945
• BridgeMethodResolver change in 6.2.13 breaks Spring Data entity introspection #​35941
• DefaultMessageListenerContainer does not clear Session and MessageConsumer for paused invokers #​35935
• Tighten cacheable decision behind @Lazy injection point #​35918
• Use provided ReactiveAdapterRegistry in BindingContext constructor #​35914
• Accidental fallback match for Collection-type beans due to @Bean-level qualifier annotation #​35909
• SortedResourcesFactoryBean does not accept non-existent resources anymore #​35896

📔 Documentation

• Document that annotations are ignored if attributes reference types not present in the classpath #​35973
• Fix broken Javadoc links to methods #​35904
• Refer to "Spring Tools" instead of "Spring Tools for Eclipse" in reference manual #​35902
• Clarify JMS sessionTransacted flag for local versus global transaction #​35898
• Reference docs should not use obsolete "junit5" links #​35893
• Testing chapter references nonexistent Dependency Management documentation #​35891

🔨 Dependency Upgrades

• Upgrade to json-path 2.10.0 #​35937
• Upgrade to Micrometer 1.14.14 #​35986
• Upgrade to Reactor 2024.0.13 #​35987

v6.2.14

⭐ New Features

• Add resetCaches() method to Caffeine/ConcurrentMapCacheManager #​35841
• Fix single-check idiom in UnmodifiableMultiValueMap #​35831
• Fix Spliterator characteristics in ConcurrentReferenceHashMap #​35828

🐞 Bug Fixes

• MissingPathVariableException produces wrong status code in ProblemDetail #​35856
• Fix getCacheNames() concurrent access in NoOpCacheManager #​35844
• Annotation discovery regression for interfaces extending BeanNameAware and co. #​35838
• Fix HtmlUtils unescape for supplementary chars #​35832

📔 Documentation

• Fix cross-reference links in HtmlUnit sections #​35857
• Remove @see Javadoc references to deprecated PropertiesBeanDefinitionReader #​35854

v6.2.13

⭐ New Features

• Support response encoding in select and options JSP form tags #​35783
• Preserve Connection readOnly state for DataSource with defaultReadOnly configuration #​35743
• Optimize resource URL resolution in SortedResourcesFactoryBean #​35687
• Relax multiple segment matching constraints in PathPattern #​35686
• Support wildcard path elements at the start of path patterns #​35679
• Validating byte[]s may produce OutOfMemoryError #​35675
• Update in FragmentsRendering to names of static methods #​33974

🐞 Bug Fixes

• ConcurrentReferenceHashMap misses dedicated computeIfAbsent, computeIfPresent, compute, merge implementations #​35794
• Avoid unnecessary bridge method resolution around getMostSpecificMethod #​35780
• Fix multi-release JAR issue with VirtualThreadDelegate #​35773
• ContentNegotiationManager not finding media type when request includes quality parameter #​35754
• Race condition in BufferingClientHttpResponseWrapper.getBody() #​35745
• Deprecate setConnectTimeout on HttpComponentsClientHttpRequestFactory #​35748
• Fix PathMatchingResourcePatternResolver to handle absolute paths in JAR manifests #​35732
• BeanDefinitionBuilder.addAutowiredProperty causes error during AOT processing #​35731
• Improve HttpServiceMethod support for Kotlin suspending functions returning Flow #​35718
• Exception translation does not expose original BatchUpdateException anymore #​35717
• Add hints for entities package-private methods #​35711
• Fix concurrency permit leak causing deadlock in SimpleAsyncTaskExecutor #​35708
• Remove jibx-marshaller element from spring-oxm.xsd #​35699
• NullPointerException When Handling 407 with JdkClientHttpConnector in WebClient #​35692
• Method-based Map injection fails against target Map with incomplete generics despite bean name or qualifier match #​35690
• JUnit Jupiter TEST_METHOD ExtensionContextScope is not fully supported #​35680
• Introduce isAutowirableConstructor(Executable, PropertyProvider) in TestConstructorUtils and deprecate existing variants #​35676
• Reflection on java.sql.Types without runtime hints #​35674
• getPubliclyAccessibleMethodIfPossible() returns hidden static method #​35667
• RestClient hangs during upload with ReactorClientHttpRequestFactory #​34707

📔 Documentation

• Correct formatting for Mono type #​35786
• Improve Java Bean Validation documentation for controller methods #​35759
• Fix typo in @NumberFormat Javadoc #​35742
• Javadoc of AsyncConfigurer does not match runtime behavior #​35736
• Document PathPattern behavior difference between */{name} and **/{*path} #​35727
• Fix minor typo in RestClient documentation #​35723
• Document test-method scoped TestContext semantics #​35716
• Improve docs on AbstractStreamingClientHttpRequest for streaming vs buffering mode #​35700
• Fix minor typo in JDBC Core Classes documentation #​35684
• Fix typos #​35656
• Improve spring-web filter documentation #​30454

🔨 Dependency Upgrades

• Upgrade to ASM 9.9 plus lenient version check patch #​35763
• Upgrade to Jetty 12.0.30 #​35806
• Upgrade to Micrometer 1.14.13 #​35810
• Upgrade to Reactor 2024.0.12 #​35809

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Anxton, @​Artur-, @​HJC96, @​MoadElfatihi, @​NYgomets, @​cbsingh1, @​dmitrysulman, @​ekcom, and @​scordio

v6.2.12

⭐ New Features

• Add "forEachByte" variant to DataBuffer for efficient traversing #​35623
• Nested transaction support via savepoints is broken in HSQLDB database [followup] #​35618
• Improve exception handling in ConfigurationClassBeanDefinitionReader #​35631
• Add MySQL/MariaDB to TableMetaDataProviderFactory for correct generated-keys support #​35593
• Optimize state management in StompSubProtocolHandler #​35591
• ServletServerHttpRequest.getRemoteAddress() may perform DNS lookup #​35589
• Emit log message when multiple primary beans are detected #​35550
• Duplicate key error is mapped to TransientDataAccessException by SQLStateSQLExceptionTranslator for BatchUpdateException #​35547
• Remove redundant object allocation in cglib proxy method calls #​35543
• Remove deprecation on CandidateComponentsIndex and CandidateComponentsIndexLoader #​35472
• Processing response with no Content-Length header and no body raises EOFException #​35361

🐞 Bug Fixes

• DefaultListableBeanFactory::getBeanNamesForType does not always return all bean names #​35634
• Consider defaultCandidate for scoped proxies #​35627
• Release data buffer in AbstractCharSequenceDecoder even when String creation fails #​35625
• PathMatchingResourcePatternResolver is not able to resolve file in SpringBoot Packaged JAR #​35617
• Prevent NoClassDefFoundError when Jetty Reactive HttpClient is not available #​35608
• Performance regression with Property Placeholder Resolution #​35594
• Retain order of produces media types in @ExceptionHandler #​35587
• Nested transaction support via savepoints is broken in HSQLDB database #​35564
• SpEL expression parser uses more CPU after upgrade to 6.2.9 #​35556
• Thread race during FactoryBean instantiations starting with 6.2 due to lenient locks #​35545
• Update parsed path handling in UrlHandlerFilter #​35538
• ResourceHttpMessageWriter.write has unexpected error handling for invalid range requests (offset > content length) #​35536
• AbstractTestNGSpringContextTests is not thread-safe regarding tracked exceptions #​35528
• UrlHandlerFilter breaks RequestDispatcher.forward() on Tomcat #​35509
• AbstractMockHttpServletRequestBuilder#buildRequest is not idempotent #​35493
• Add support for JvmDefault (default in Kotlin 2.2.20+) #​35487
• InstanceSupplierCodeGenerator fails to detect deprecated type on package private factory method #​35486
• Fix synchronization in ResponseBodyEmitter #​35466
• useCaches option in PathMatchingResourcePatternResolver not applied in special case #​35465
• Deadlock during context initialization due to EntityManager lock #​35398

📔 Documentation

• Improve guidance in WebFlux on how to join inbound and outbound streams in WebSocketHandler #​35572
• Fix idref example in reference manual #​35560
• Fix URI Patterns docs in WebMVC and WebFlux Request Mapping #​35551
• Allow event listener method declared with multiple event classes to take a single parameter that is assignable from all of those event classes #​35506
• Improve Task Javadoc about Runnable wrapping #​35394

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.14.12 #​35640
• Upgrade to Reactor 2024.0.11 #​35638

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Entea, @​IMurzich, @​hosea, @​maziyarbahramian, @​mlichtblau, @​nstdio, @​reckart, and @​reda-alaoui

v6.2.11

⭐ New Features

• Missing @Nullable on JsonPathAssertions.isEqualTo #​35445
• Graceful fallback for non-default NIO.2 FileSystems #​35443
• Avoid thread pinning in SseEmitter, ResponseBodyEmitter #​35423
• Detect Informix error codes as DuplicateKeyException #​35400
• Inconsistent nullability for String value arguments in ResponseCookie from*() factory methods #​35377
• Revisit taskTerminationTimeout semantics on SimpleAsyncTaskExecutor/Scheduler #​35372
• StandardEvaluationContext.setBeanResolver should allow @Nullable BeanResolver #​35371

🐞 Bug Fixes

• "mainThreadPrefix = null " Causing multiple background bean locks to be blocked #​35409
• Annotation not found on parameter in overridden method unless method is public #​35349
• Annotations on overridden methods not found in type hierarchy with unresolved generics #​35342
• Performance degradation when using singleton beans with Provider #​35330
• JettyClientHttpConnector buffer leak in Spring Framework 6.2 #​35319
• Spring application hangs on shutdown with @Scheduled(cron=…) when custom ScheduledExecutorService bean is defined (Java 19+) #​35316

📔 Documentation

• Document potential need to use Mockito.doXxx() to stub a @MockitoSpyBean #​35410
• Fix links to Reactive Libraries and RestTemplate #​35392
• Fix broken link in WebDriver docs #​35374
• Document Web DataBinder support for RouterFunction #​35367
• Improve documentation for ApplicationEvents to clarify recommended usage #​35335
• Document terms and units in DataSize.parse() #​35298
• Refine @Contract Javadoc #​35285
• Correct the default value of nestedTransactionAllowed in JpaTransactionManager javadoc #​35212

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.14.11 #​35455
• Upgrade to Reactor 2024.0.10 #​35454

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Dockerel, @​Kehrlann, @​acktsap, @​khj68, @​ngocnhan-tran1996, @​scordio, and @​sgflt

v6.2.10

⭐ New Features

• Optimize NIO path resolution in PathEditor #​35304
• Make type in ProblemDetail nullable #​35294
• Refine UriUtils#decode and StringUtils#uriDecode implementation and documentation #​35253
• Provide configurable useCaches option for URLConnection usage in UrlResource (avoiding jar file leak) #​35218

🐞 Bug Fixes

• @Scheduled tasks running in SimpleAsyncTaskScheduler are interrupted immediately on context close #​35254
• ScriptUtils.executeSqlScript() does not support multiple results per statement #​35248
• Successful Autowiring Dependent on Configuration ordering and Primary Bean flag #​35239
• Locale parameter in MessageSource#getMessage methods should be nullable #​35230
• Allow any @Transactional propagation for @TransactionalEventListener with BEFORE_COMMIT phase #​35150
• Catalog name should be handled with the provided case #​35064
• Accept support for generated keys column name array on HSQLDB and Derby as well #​34790
• Handle direct CanncelationException on timeout in JdkClientHttpRequest #​34721

📔 Documentation

• Add documentation of RequestMapping about SpEL #​35232
• Document SqlBinaryValue behaviour with PostgreSQL #​34786

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.14.10 #​35313
• Upgrade to Reactor 2024.0.9 #​35312

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Allan-QLB, @​carsago, @​cw-dimedis, and @​giampa91

v6.2.9

⭐ New Features

• OncePerRequestFilter cannot be CGLib-proxied #​35198
• Consistently catch InaccessibleObjectException next to IllegalAccessException #​35190
• Introduce Date-to-Instant and Instant-to-Date converters #​35175
• Consistent nullability and exception declarations in AbstractMessagingTemplate hierarchy #​35159
• Register runtime hints for Instant-to-Timestamp conversion #​35156
• Improve handling of ResponseEntity<?> in Spring MVC #​35153
• Support @CacheConfig("myCacheName") declarations for simplified configuration #​35152
• Declare messageSelector parameters in JmsOperations as @Nullable #​35151
• Add getter for OverflowStrategy in ConcurrentWebSocketSessionDecorator #​35132
• Use preset Content-Type for streaming and reactive responses in Spring MVC #​35130
• Leniently tolerate null @Aspect bean #​35074
• DataAccessResourceFailureException thrown when transaction times out on PostgreSQL #​35073
• MethodInvokingFactoryBean fails to invoke publicly exported methods overridden by internal classes when using JPMS #​34028

🐞 Bug Fixes

• Restore preference for interface (most abstract) method in getPubliclyAccessibleMethodIfPossible #​35189
• Make targetBeanName field in AbstractBeanFactoryBasedTargetSource protected to avoid exceptions in logging and toString() #​35172
• Fix inconsistencies in StaticListableBeanFactory #​35119
• Support StreamingHttpOutputMessage in RestClient #​35102
• When building DELETE requests, the request body is not used in JdkClientHttpRequest.buildRequest #​35068
• AOT-generated bean registration file contains "too many constants" when building with many beans #​35044
• Prevent cache pollution by storing only the factories #​34732
• WebFlux decodes wildcard content-types as form-data/multipart #​34660
• AOT-generated CGLib proxies do not contain method overrides #​34642
• 500 response for ResourceHttpRequestHandler when requested range is not satisfied #​34490

📔 Documentation

• Document how to register runtime hints for convention-based conversion #​35178
• Link to @ContextConfiguration Javadoc from reference manual #​35088

🔨 Dependency Upgrades

• Upgrade to JUnit 5.13.3 #​35103
• Upgrade to Micrometer 1.14.9 #​35202
• Upgrade to Reactor 2024.0.8 #​35201

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Meijuh, @​RazorNd, @​chenggwang, @​izeye, @​mjd507, @​ngocnhan-tran1996, and @​philwebb

v6.2.8

⭐ New Features

• Nullability @Contract declaration for CodeFlow.isIntegerForNumericOp() is unnecessary #​34985
• Serializer hint registration is broken for some Kotlin classes #​34979
• Clients created using JdkClientHttpRequestFactory set content-length for GET, DELETE and HEAD requests #​34971
• Support registration of non-public BeanDefinitionReader via @ImportResource #​34928
• Make max size for pattern cache in PathPatternMatchableHandlerMapping configurable #​34918
• Add optimized DataBufferInputStream overrides #​34799

🐞 Bug Fixes

• Encode non-printable character in Content-Disposition parameter #​35034
• Allow update of existing WebSession after max sessions limit is reached #​35013
• Fix support for collections in AbstractKotlinSerializationHttpMessageConverter #​34992
• PathPattern#combine throws StringIndexOutOfBoundsException #​34986
• Fix AOT code generation for autowired inner class constructor #​34974
• AbstractFileResolvingResource.exists closes JAR resource input streams with v6.2.7 #​34955
• Enhanced configuration class fails to call package-visible superclass constructor on WebSphere #​34950
• Fix REPLY_CHANNEL header check in MessageHeaderAccessor #​34949
• MockEnvironment does not accept Object property values #​34947
• PropertySourcesPlaceholderConfigurer no longer uses ConversionService from Environment #​34936
• @Contract for StreamUtils.drain() incorrectly declares null results in an exception #​34933
• Inconsistent behavior injecting null @Bean factory parameter #​34929
• MockHttpServletRequest.addHeader duplicates "Content-Type" header #​34913
• BeanUtils.getParameterNames fails for Kotlin data classes #​34760
• JAXB message converters ignore Content-Type charset #​34745
• Aspect Not Triggered After Restart in Spring Boot 3.4.x (But Works in 3.3.10) #​34735
• Add caching headers to unmodified static resources #​34614

📔 Documentation

• Apply gh-34856 to MockClientHttpRequest in testfixture package #​35031
• Fix ResourceHttpRequestHandler#setHeaders JavaDoc #​35004
• Remove reference to AspectJ Eclipse Javadoc #​35000
• Mention CompletableFuture in Spring MVC "Asynchronous Requests" section of reference manual #​34991
• Fix exception name in ModelAttribute docs #​34980
• Fix syntax in @SqlGroup example #​34972
• Update X-Forwarded-Proto doc to say https / http #​34959
• Update Guidance on Best Practices To Test Code That Uses RestClient and RestTemplate #​34892
• Add a section for WebAsyncTask in mvc-ann-async.adoc #​34885
• Clarify what @RestControllerAdvice vs @ControllerAdvice apply to by default #​34866
• Improve Javadoc for @ExceptionHandler #​34554

🔨 Dependency Upgrades

• Upgrade to HttpComponents HttpClient 5.5 #​34941
• Upgrade to Micrometer 1.14.8 #​35020
• Upgrade to Reactor 2024.0.7 #​35021

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Allan-QLB, @​Aurh1l, @​BowieDu, @​DhruvTheDev1, @​Dongnyoung, @​JimmyAx, @​addoDev, @​dmitrysulman, @​izeye, @​jjank, @​kilink, @​mbazos, @​msnsaeed71, @​ngocnhan-tran1996, @​nosan, @​remeio, @​vpavic, and @​yuzawa-san

v6.2.7

⭐ New Features

• Forward more methods to underlying InputStream in NonClosingInputStream #​34893
• Introduce Spring property for the default property placeholder escape character #​34865
• Close ApplicationContext once AOT processing has completed #​34841
• Fix AbstractJackson2HttpMessageConverter#getObjectMappersForType nullness #​34811
• Add option for case-insensitive match to PatternMatchUtils #​34801
• RestClient @RequestBody parameters lose generic type information when creating HTTP service beans #​34793
• Adds option to set Principal in MockServerWebExchange #​34789

🐞 Bug Fixes

• Beans created by FactoryBean are not considered as autowiring candidates if another thread holds a singletonLock #​34902
• PropertySourcesPlaceholderConfigurer placeholder resolution fails in several scenarios #​34861
• HttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 #​34851
• Fragment.create() requires mutable map - which is unusable when used with Kotlin #​34848
• Duplicate BeanOverrideHandler discovered in @Nested test case with superclass from different class or in interface implemented multiple times #​34844
• Accidental ClassLoader defineClass enforcement after #​34677 #​34824
• HttpEntity.EMPTY headers should not be possible to mutate via HttpHeaders constructor #​34812
• AbstractFileResolvingResource.exists incorrectly reports result for resources inside of spring-boot executable jar #​34796
• Correctly expand query param with same name from URI variables array #​34783
• R2DBC NamedParameterUtils only expands reused collection parameter once #​34768
• PathMatchingResourcePatternResolver wrongly assumes that target/classes always exists #​34764

📔 Documentation

• Clarify CompositePropertySource behavior for EnumerablePropertySource contract #​34886
• Javadoc and @Nullable annotation for servletContext parameter of ConfigurableWebEnvironment.initPropertySources are contradictory #​34845
• Spring MVC: @EnableAsync needs to be redeclared for each ApplicationContext #​34843
• Provide a working example instead of unclear placeholders #​34828

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.14.7 #​34889
• Upgrade to Reactor 2024.0.6 #​34898

❤️ Contri