Ensure that gzip compression is applied when the `Content-Length` header
is not specified. Prior to this commit Tomcat and Jetty would compress a
response that didn't contain the header, but Undertow would not.
Fixes gh-4769
Add a `server.server-header` property which can be used to override the
`server` header usually sent back automatically by Tomcat/Jetty or
Undertow.
See https://www.owasp.org/index.php/Securing_tomcat for background.
Fixes gh-4461
Closes gh-4504
Update RandomValuePropertySource to protect against the random source
returning Long.MIN_VALUE. In such cases the sign bit can't be unset and
prior to this commit the random value stayed negative.
Closes gh-4672
Replace all new-line characters in multi-line pom descriptions before
inserting into the launcher script. Prior to this commit the shell would
attempt to execut the extra lines, for example:
<description>
A multi-line pom description that could do something terrible:
rm -r foo
</description>
Closes gh-4703
In bedf2edf, the return type of the auto-configuration method that
creates batch's ExitCodeGenerator was changed from ExitCodeGenerator
to JobExecutionExitCodeGenerator but the on missing bean condition
was left unchanged. This means that the auto-configured bean can
only be switched off by a JobExecutionExitCodeGenerator bean, rather
than any bean that implements ExitCodeGenerator.
This commit corrects the use of @ConditionalOnMissingBean to allow any
ExitCodeGenerator bean to switch off the auto-configured one.
Closes gh-4752
Refine the validator memory optimization so that only directly created
validators are nulled out. Also update the logic to ensure that
`destroy` is also called.
See gh-4734
Commit 8c14009 removed the endpoints.metrics.filter.enabled property so
that endpoints.metrics.enabled is used for both disabling the endpoint
and the servlet filter that records interactions.
This was an unfortunate decision as it was no longer possible to only
disable the servlet filter. The endpoints.metrics.filter.enabled property
has therefore been restored.
Closes gh-4365
Previously, BasicErrorController would return the response status
set in the javax.servlet.error.status_code request attribute when
serving JSON but would also return a 200 OK response when serving
HTML. This didn’t cause much trouble when a person was browsing, but
proved problematic for machine clients that request text/html and care
about the response status. For example, the success handler would be
driven for an XHR request even though the response was really an error.
This commit updates BasicErrorController to set the response status for
text/html responses to match the status that it would use in an
application/json response.
Closes gh-4694
This reverts commit bb9e1be72c.
4.1.7.RELEASE is incompatible with Spring IO Platform 1.1.x due to a
new dependency on kryo-shaded. kryo-shaded was introduced in Kryo
3.0.x but IO Platform 1.1.x uses Kryo 2.
See gh-4719
Infinispan 8.0.2 has moved to Log4J2 for all logging, but still has a
transitive dependency on commons-logging. This resulted in
commons-logging 1.1 being on the classpath of spring-boot-docs which
breaks its javadoc generation.
Closes gh-4727
Phillip Webb
Eddú Meléndez
Stephane Nicoll
Johnny Lim
Vedran Pavic
Ruben Dijkstra
mnhock
Robert Thornton
kozazz
Andy Wilkinson
Dave Syer
Gary Russell