Previously, waitsForQuietPeriod would iterate 10 times, touching a new
file and then sleeping for 100ms at it did so. With a quiet period of
200ms, this was intended to result in a single change set containing
10 files. However, the test would fail occasionally as multiple change
sets were detected. The test is multi-threaded and is, therefore, at
the mercy of the scheduler. If the thread that is iterating and
touching the files takes over 200ms to be scheduled – exceeding the
watcher's quiet period – the watcher may detect a change set while the
changes are still being made. Eliminating this possibilty would require
the test to participate in the watcher's synchronization, which would
require some changes to its implementation. Instead, this commit
aims to avoid the problem by sleeping for 1/10 of the time (10ms) and
expecting a single change set of 100 files. The hope is that the much
shorter sleep time will result in the file touching thread being
scheduled well within the 200ms quiet period.
Closes gh-22732
Prior to this commit, there was a property server.error.include-details
that allowed configuration of the message and errors attributes in a
server error response.
This commit separates the control of the message and errors attributes
into two separate properties named server.error.include-message and
server.error.include-binding-errors. When the message attribute is
excluded from a servlet response, the value is changed from a
hard-coded text value to an empty value.
Fixes gh-20505
Previously, DefaultResourceLoader instances were created using the
default constructor. This causes the resource loader to capture the
TCCL that was in place at that time. This can lead to a class loader
leak if the resource loader is referenced directly or indirectly from
a static field of a class loaded by a different class loader.
This commit updates the creation of DefaultResourceLoader instances
in main code so that the resource load will use the class loader of
the creating class. In almost all cases this will be the same class
loader as was the thread context class loader that was being captured
so the change in behavior is minimal. Crucially, it will still address
the situation where the TCCL was different.
Note the DevTools' ApplicationContextResourceLoader has been updated
to explicitly use the TCCL. This ensures that it uses the restart
class loader which is required for DevTools to function correctly.
Fixes gh-20900
Prior to this commit, default error responses included the message
from a handled exception. When the exception was a BindException, the
error responses could also include an errors attribute containing the
details of the binding failure. These details could leak information
about the application.
This commit removes the exception message and binding errors detail
from error responses by default, and introduces a
`server.error.include-details` property that can be used to cause
these details to be included in the response.
Fixes gh-20505
Previously, DevToolsDataSourceCondition called
getBeanNamesForType(Class) which could trigger unwanted initialization
of lazy init singletons and objects created by FactoryBeans.
This commit updates DevToolsDataSourceCondition to prohibit eager
init when getting the names of the beans of a particular type.
Fixes gh-20430
This commit changes uses of ClassLoader.loadClass to Class.forName for
consistency with what was initiated in #19342 and better compatibility
with GraalVM.
Closes gh-19824
Andy Wilkinson
Tomek Szmytka
Scott Frederick
Phillip Webb
Stephane Nicoll
Johnny Lim
dreis2211
wycm
Madhura Bhave
Kant Leung