This commit qualifies examples of configuring the CNB builder to clarify
that the examples apply to use of the default Paketo builder, and adds links
to the official Paketo docs for more details.
Fixes gh-19967
Previously, JettyEmbeddedErrorHandler would change the method of every
request that is handles to GET. This was being done to work around
Jetty's error handling only dealing with GET, POST, and HEAD requests
by default. It had the unwanted side-effect of causing an error
response to a HEAD request having a body as, from the error handling's
perspective, it was a GET request.
This commit updates JettyEmbeddedErrorHandler to only set the method
on a request for which error handling is being performed if the method
isn't already one that will be handled, leaving the method of GET,
POST, and HEAD requests unchanged.
Unfortunately, short of implementing an HTTP client, this change cannot
be tested as the Apache HttpClient, OkHttp, and the JDK's
HttpURLConnection all silently drop the body of a response to a HEAD
request, preventing a test from asserting that a body hasn't been sent.
Closes gh-23551
Previously the artifact's version was used. In an artifact's version,
SNAPSHOT is replaced with the timestamped version number of a specific
snapshot. As a result, it no longer matches the *:*:*SNAPSHOT pattern.
This commit replaces switches to using the artifact's base version.
This preserves the SNAPSHOT in the version number. For non-snapshot
artifacts, the version and base version are identical.
Fixes gh-23533
Previously, we configured embedded Tomcat in such a way that no TLD
scan patterns were configured. This differed from a standalone
Tomcat installation where 4 patterns are configured that take
precedence over some of the skip patterns. The missing scan patterns
resulted in the skip patterns preventing the discovery of Log4j2's
TLDs.
This commit updates TomcatServletWebServerFactory to configure the
same four scan patterns as standalone Tomcat configures by default.
Fixes gh-23302
Previously, the web environment configured on `@SpringBootTest` was not
part of the context cache key. As a result, two test classes that has
identical configuration other than one using a MOCK web environment and
the other using a DEFINED_PORT web environment would share a context
when they should not do so. Classes that use MOCK and RANDOM_PORT were
not affected as the use of RANDOM_PORT results in a property for the
port being added to the environment.
This commit adds a new ContextCustomizer, SpringBootTestWebEnvironment,
that is used to capture the `webEnvironment` from `@SpringBootTest`
and use it in its hashCode and equals implementations. This fixes the
problem as all context customizers are evaluated when determing the
equality of two context cache keys.
Fixes gh-23085
This commit rework the tip on locating templates when running the app
in the IDE. Using classpath* should not change anything as this won't
make a difference without a pattern in the path.
Closes gh-23068
Previously LOG_LEVEL_PATTERN and LOG_DATEFORMAT_PATTERN were not
consumed as system properties in log4j2.xml and log4j2-file.xml. As a
result, the logging.pattern.level and logging.pattern.dateformat
configuration properties, which are translated into the
LOG_LEVEL_PATTERN and LOG_DATEFORMAT_PATTERN system properties
respectively had no effect.
This commit updates the log4j2.xml and log4j2-file.xml config files to
consume LOG_LEVEL_PATTERN and LOG_DATEFORMAT_PATTERN as system
properties. When the system property is not set, the configuation falls
back to the default values specified in the config files. Tests for
both log4j2.xml and log4j2-file.xml to verify the behaviour have also
bean added.
Fixes gh-22983
Previously, spring.flyway.init-sqls was only applied to Flyway's
configuration if Flyway was being configured to create the DataSource.
If Flyway was being configured to use an existing DataSource, init-sqls
was not applied. This is a hangover from when the init SQLs support was
introduced. At that time, Flyway only supported SQL to initialize the
connection when it was creating the DataSource. Flyway 5.2 added init
SQL support no matter how Flyway's DataSource was configured.
This commit updates FlywayAutoConfiguration to always apply the
init-sqls property to Flyway's configuration. The property's
documentation does not describe the current limitation so this change
should align the behaviour with what the documentation leads people to
expect.
Fixes gh-23392
Update `JarFileEntries` so that the interface is obtained rather than
the concrete implementation. This allows `JarEntry` values to be used
without causing a ClassCastException.
Closes gh-19041
Update the performance improvements to push certificate loading
and storage into the `JarFileEntries` class. This allows us to
keep certificates without needing to cache all entry data. We
now also keep certificates and code signers in a dedicated class
which is set whenever the full jar stream as been read, even if
the contained values are `null`. The logic that assumes META-INF
entries are not signed has been removed in favor of delegating to
the streamed entry results.
See gh-19041
Update Spring Boot nested JarFile support to improve the performance of
signed jars. Prior to this commit, `certificates` and `codeSigners`
were read by streaming the entire jar whenever the existing values
were `null`. Unfortunately, the contract for `getCertificates` and
get `getCodeSigners` states that `null` is a valid return value. This
meant that full jar streaming would occur whenever either method was
called on an entry that had no result. The problem was further
exacerbated by the fact that entries might not be cached.
See gh-19041
Update `ValidationBindHandler` so that pushed fields that reference
map keys can be used. This fixes a regression that was introduced in
commit 4483f417 when we switched to a `AbstractBindingResult` that no
longer required public getters/setters.
Closes gh-20350
Remove casting "timestamp" to `java.util.Date` in
`ErrorMvcAutoConfiguration` as the cast is not necessary and it
prevents other types (e.g. `java.time`) from being used.
See gh-23256
Prior to this commit, Actuator would sanitize properties values when
serializing them on the dedicated endpoint. Keys like "password" or
"secret" are entirely sanitized, but other keys like "uri" or "address"
are considered as URI types and only the password part of the user info
is sanitized.
This commit fixes the sanitization process where lists of such URI types
would not match the first entries of the list since they're starting
with `'['`. This commit improves the regexp matching process to sanitize
all URIs within a collection.
The documentation is also updated to better underline the processing
difference between complete sanitization and selective sanitization for
URIs.
Fixes gh-23037
Previous to this commit the connection idle timeout and heartbeat
interval were mapped to seconds whereas Cassandra expects ms for all
duration types.
This commit fixes the mapping and removes the default duration unit
since it should be considered ms like every other duration properties.
Closes gh-23249
Previously, PropertiesLauncher would close each archive that it
iterated over when creating its ClassLoader. This was not aligned
with JarLauncher's behaviour and left the ClassLoader with closed
archives. The close was introduced in [1] and became more apparent
following the change to fail operations on closed archives [2].
This commit updates Launcher to remove the close() that was added in
[1]. This aligns the behavior of PropertiesLauncher with JarLauncher
and ensures that the ClassLoader does not have entries backed by
closed archives on its classpath.
Fixes gh-23165
[1] ad72f86bdb
[2] ed7a5db174
Update `OriginTrackedYamlLoader` to remove node limits and recursive
parsing restrictions. SnakeYAML 1.26 introduced these options in order
to protect against the "billion laugh attacks" but since we consider
`application.yml` files to be trusted, we don't need these restrictions.
Fixes gh-23096