Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: spring-projects/spring-framework
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v5.2.19.RELEASE
Choose a base ref
...
head repository: spring-projects/spring-framework
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v5.2.20.RELEASE
Choose a head ref
  • 9 commits
  • 9 files changed
  • 4 contributors

Commits on Dec 16, 2021

  1. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    acf7823 View commit details

Commits on Jan 3, 2022

  1. Upgrade to Log4j2 2.17.1

    sbrannen committed Jan 3, 2022
    Copy the full SHA
    ce2367a View commit details

Commits on Jan 27, 2022

  1. Copy the full SHA
    8f1f683 View commit details

Commits on Mar 30, 2022

  1. Copy the full SHA
    136e6db View commit details
  2. Copy the full SHA
    d4478ba View commit details
  3. Copy the full SHA
    94f52bc View commit details

Commits on Mar 31, 2022

  1. Improve diagnostics in SpEL for large array creation

    Attempting to create a large array in a SpEL expression can result in
    an OutOfMemoryError. Although the JVM recovers from that, the error
    message is not very helpful to the user.
    
    This commit improves the diagnostics in SpEL for large array creation
    by throwing a SpelEvaluationException with a meaningful error message
    in order to improve diagnostics for the user.
    
    Closes gh-28257
    sbrannen authored and bclozel committed Mar 31, 2022
    Copy the full SHA
    90cfde9 View commit details
  2. Refine PropertyDescriptor filtering

    Restrict property paths under `Class` and properties of types
    `ClassLoader` or `ProtectionDomain`.
    bclozel committed Mar 31, 2022
    Copy the full SHA
    996f701 View commit details
  3. Release v5.2.20.RELEASE

    spring-builds committed Mar 31, 2022
    Copy the full SHA
    cfa701b View commit details
2 changes: 1 addition & 1 deletion build.gradle
Original file line number Diff line number Diff line change
@@ -36,7 +36,7 @@ configure(allprojects) { project ->
mavenBom "org.junit:junit-bom:5.6.3"
}
dependencies {
dependencySet(group: 'org.apache.logging.log4j', version: '2.16.0') {
dependencySet(group: 'org.apache.logging.log4j', version: '2.17.1') {
entry 'log4j-api'
entry 'log4j-core'
entry 'log4j-jul'
2 changes: 1 addition & 1 deletion ci/images/ci-image-jdk11/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ubuntu:focal-20210119
FROM ubuntu:focal-20220302

ADD setup.sh /setup.sh
ADD get-jdk-url.sh /get-jdk-url.sh
2 changes: 1 addition & 1 deletion ci/images/ci-image/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ubuntu:focal-20210119
FROM ubuntu:focal-20220302

ADD setup.sh /setup.sh
ADD get-jdk-url.sh /get-jdk-url.sh
4 changes: 2 additions & 2 deletions ci/images/get-jdk-url.sh
Original file line number Diff line number Diff line change
@@ -3,10 +3,10 @@ set -e

case "$1" in
java8)
echo "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u282-b08/OpenJDK8U-jdk_x64_linux_hotspot_8u282b08.tar.gz"
echo "https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u322-b06/OpenJDK8U-jdk_x64_linux_hotspot_8u322b06.tar.gz"
;;
java11)
echo "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.10%2B9/OpenJDK11U-jdk_x64_linux_hotspot_11.0.10_9.tar.gz"
echo "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.14.1%2B1/OpenJDK11U-jdk_x64_linux_hotspot_11.0.14.1_1.tar.gz"
;;
*)
echo $"Unknown java version"
2 changes: 1 addition & 1 deletion ci/pipeline.yml
Original file line number Diff line number Diff line change
@@ -48,7 +48,7 @@ resource_types:
type: registry-image
source:
repository: springio/artifactory-resource
tag: 0.0.13
tag: 0.0.17
- name: github-release
type: registry-image
source:
2 changes: 1 addition & 1 deletion gradle.properties
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version=5.2.19.BUILD-SNAPSHOT
version=5.2.20.RELEASE
org.gradle.jvmargs=-Xmx1536M
org.gradle.caching=true
org.gradle.parallel=true
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@
import java.beans.IntrospectionException;
import java.beans.Introspector;
import java.beans.PropertyDescriptor;
import java.security.ProtectionDomain;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
@@ -281,9 +282,13 @@ private CachedIntrospectionResults(Class<?> beanClass) throws BeansException {
// This call is slow so we do it once.
PropertyDescriptor[] pds = this.beanInfo.getPropertyDescriptors();
for (PropertyDescriptor pd : pds) {
if (Class.class == beanClass &&
("classLoader".equals(pd.getName()) || "protectionDomain".equals(pd.getName()))) {
// Ignore Class.getClassLoader() and getProtectionDomain() methods - nobody needs to bind to those
if (Class.class == beanClass && (!"name".equals(pd.getName()) && !pd.getName().endsWith("Name"))) {
// Only allow all name variants of Class properties
continue;
}
if (pd.getPropertyType() != null && (ClassLoader.class.isAssignableFrom(pd.getPropertyType())
|| ProtectionDomain.class.isAssignableFrom(pd.getPropertyType()))) {
// Ignore ClassLoader and ProtectionDomain types - nobody needs to bind to those
continue;
}
if (logger.isTraceEnabled()) {
@@ -321,6 +326,11 @@ private void introspectInterfaces(Class<?> beanClass, Class<?> currClass) throws
// GenericTypeAwarePropertyDescriptor leniently resolves a set* write method
// against a declared read method, so we prefer read method descriptors here.
pd = buildGenericTypeAwarePropertyDescriptor(beanClass, pd);
if (pd.getPropertyType() != null && (ClassLoader.class.isAssignableFrom(pd.getPropertyType())
|| ProtectionDomain.class.isAssignableFrom(pd.getPropertyType()))) {
// Ignore ClassLoader and ProtectionDomain types - nobody needs to bind to those
continue;
}
this.propertyDescriptors.put(pd.getName(), pd);
}
}
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2018 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,6 +31,7 @@
*
* @author Andy Clement
* @author Juergen Hoeller
* @author Sam Brannen
* @since 3.0
*/
public enum SpelMessage {
@@ -255,7 +256,11 @@ public enum SpelMessage {

/** @since 4.3.17 */
FLAWED_PATTERN(Kind.ERROR, 1073,
"Failed to efficiently evaluate pattern ''{0}'': consider redesigning it");
"Failed to efficiently evaluate pattern ''{0}'': consider redesigning it"),

/** @since 5.2.20 */
MAX_ARRAY_ELEMENTS_THRESHOLD_EXCEEDED(Kind.ERROR, 1075,
"Array declares too many elements, exceeding the threshold of ''{0}''");


private final Kind kind;
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -53,10 +53,18 @@
*
* @author Andy Clement
* @author Juergen Hoeller
* @author Sam Brannen
* @since 3.0
*/
public class ConstructorReference extends SpelNodeImpl {

/**
* Maximum number of elements permitted in an array declaration, applying
* to one-dimensional as well as multi-dimensional arrays.
* @since 5.2.20
*/
private static final int MAX_ARRAY_ELEMENTS = 256 * 1024; // 256K

private final boolean isArrayConstructor;

@Nullable
@@ -259,14 +267,19 @@ private TypedValue createArray(ExpressionState state) throws EvaluationException
// Shortcut for 1-dimensional
TypedValue o = this.dimensions[0].getTypedValue(state);
int arraySize = ExpressionUtils.toInt(typeConverter, o);
checkNumElements(arraySize);
newArray = Array.newInstance(componentType, arraySize);
}
else {
// Multi-dimensional - hold onto your hat!
int[] dims = new int[this.dimensions.length];
long numElements = 1;
for (int d = 0; d < this.dimensions.length; d++) {
TypedValue o = this.dimensions[d].getTypedValue(state);
dims[d] = ExpressionUtils.toInt(typeConverter, o);
int arraySize = ExpressionUtils.toInt(typeConverter, o);
dims[d] = arraySize;
numElements *= arraySize;
checkNumElements(numElements);
}
newArray = Array.newInstance(componentType, dims);
}
@@ -327,6 +340,13 @@ else if (arrayTypeCode == TypeCode.SHORT) {
return new TypedValue(newArray);
}

private void checkNumElements(long numElements) {
if (numElements >= MAX_ARRAY_ELEMENTS) {
throw new SpelEvaluationException(getStartPosition(),
SpelMessage.MAX_ARRAY_ELEMENTS_THRESHOLD_EXCEEDED, MAX_ARRAY_ELEMENTS);
}
}

private void populateReferenceTypeArray(ExpressionState state, Object newArray, TypeConverter typeConverter,
InlineList initializer, Class<?> componentType) {