Update dependency org.springframework:spring-web to v5.3.38

[dev-mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
org.springframework:spring-web	compile	patch	5.3.31 → 5.3.38

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability	Reachability
High	8.1	CVE-2024-22243
High	8.1	CVE-2024-22259
Medium	5.3	CVE-2024-38809
Low	3.1	CVE-2024-38820

---

Release Notes

spring-projects/spring-framework (org.springframework:spring-web)

v5.3.38

Compare Source

⭐ New Features

• Efficient handling of conditional HTTP requests #​33378

🐞 Bug Fixes

• Fix incorrect weak ETag validation #​33377
• SimpleEvaluationContext does not enforce read-only semantics #​33320
• ConversionService cannot convert primitive array to Object[] #​33314
• SpEL Indexer silently ignores failure to set property as index #​33312
• Mockito mock falsely initialized as CGLIB proxy with AspectJ aspect #​33142
• "file:." cannot be resolved to java.nio.file.Path (and plain "." value resolves to classpath root) #​33140

📔 Documentation

• Typo in Annotation-driven Listener Endpoints section of Spring Framework documentation #​33052
• Container Extension Points section of Spring Framework documentation refers to the wrong property name #​33039
• Incorrect constructor details in the javadoc for ApplicationContextEvent #​33034

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.47 #​33322

v5.3.37

Compare Source

⭐ New Features

• AnnotationUtils performance degrades with deep stacks #​32923

🐞 Bug Fixes

• AspectJ CTW aspects executed twice #​32974
• SpEL compilation fails when indexing into a Map with a primitive #​32911
• SpEL compilation fails when indexing into an array or list with an Integer #​32909
• Application not starting with @EnableTransactionManagement(mode = AdviceMode.ASPECTJ) #​32885

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.45 #​33010

v5.3.36

Compare Source

🐞 Bug Fixes

• Overridden aspect method runs twice #​32868
• @DateTimeFormat(iso = DateTimeFormat.ISO.DATE\_TIME) cannot convert UTC without milliseconds to java.util.Date #​32860
• Spring AOP fails against registered @Configurable aspect #​32840

v5.3.35

Compare Source

⭐ New Features

• Accept ajc-compiled @Aspect classes for Spring AOP proxy usage #​32818

🐞 Bug Fixes

• DeferredQueryInvocationHandler fails to unwrap QuerySqmImpl class outside of transaction #​32770
• MergedAnnotations search does not find container for repeatable annotation #​32751
• AnnotationConfigWebApplicationContext should propagate ApplicationStartup to BeanFactory #​32749
• Ignore non-String keys in PropertiesPropertySource.getPropertyNames() #​32744
• "multiple subscribers not supported" when using WebClient exchange #​32728
• Deadlock/Stall in ConcurrentWebSocketSessionDecorator with Undertow 2.3.10 #​32698

📔 Documentation

• Correct documentation on streaming with MockMvcWebTestClient #​32723
• Update links to HttpOnly documentation at OWASP in ResponseCookie #​32668

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.44 #​32788

v5.3.34

Compare Source

⭐ New Features

• Log column type for limited support message in JdbcUtils.getResultSetValue #​32603
• Avoid additional unnecessary Annotation array cloning in TypeDescriptor #​32477
• Avoid cloning empty Annotation array in TypeDescriptor #​32466

🐞 Bug Fixes

• Refine scheme, userinfo, host and port parsing in UriComponentsBuilder #​32618
• MethodIntrospector.selectMethods() fails to detect bridge methods across ApplicationContexts #​32588
• JmsUtils.commitIfNecessary catches and ignores JMS IllegalStateException, losing message with ActiveMQ Artemis #​32480
• Consistently apply TaskDecorator to ManagedExecutorService as well #​32457

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.43 #​32594

v5.3.33

Compare Source

⭐ New Features

• Extract reusable method for URI validations #​32442
• Allow UriTemplate to be built with an empty template #​32438
• Refine *HttpMessageConverter#getContentLength return value null safety #​32332

🐞 Bug Fixes

• AopUtils.getMostSpecificMethod does not return original method for proxy-derived method anymore #​32369
• Better protect against concurrent error handling for async requests #​32342
• Restore Jetty 10 compatibility in JettyClientHttpResponse #​32337
• ContentCachingResponseWrapper no longer honors Content-Type and Content-Length #​32322

📔 Documentation

• Build KDoc against 5.3.x Spring Framework Javadoc #​32414

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.42 #​32422

v5.3.32

Compare Source

⭐ New Features

• Add CORS support for Private Network Access #​31974
• Avoid early getMostSpecificMethod resolution in CommonAnnotationBeanPostProcessor #​31969

🐞 Bug Fixes

• Consistent parsing of user information in UriComponentsBuilder #​32247
• QualifierAnnotationAutowireCandidateResolver.checkQualifier does identity checks when comparing arrays used as qualifier fields #​32108
• Guard against multiple body subscriptions in Jetty and JDK reactive responses #​32101
• Static resources caching issues with ShallowEtagHeaderFilter and Jetty caching directives #​32051
• ChannelSendOperator.WriteBarrier race condition in request(long) method leads to response being dropped #​32021
• Spring AOP does not propagate arguments for dynamic prototype-scoped advice #​31964
• MergedAnnotation swallows IllegalAccessException for attribute method #​31961
• CronTrigger hard-codes default ZoneId instead of participating in scheduler-wide Clock setup #​31950
• MergedAnnotations finds duplicate annotations on method in multi-level interface hierarchy #​31825
• PathEditor cannot handle absolute Windows paths with forward slashes #​31728
• Include Hibernate's Query.scroll() in SharedEntityManagerCreator's queryTerminatingMethods set #​31684
• TypeDescriptor does not check generics in equals method (for ConversionService caching) #​31674
• Slow SpEL performance due to method sorting in ReflectiveMethodResolver #​31665
• Jackson encoder releases resources in wrong order #​31657
• WebSocketMessageBrokerStats has null stats for stompSubProtocolHandler since 5.3.2 #​31642

📔 Documentation

• Document cron-vs-quartz parsing convention for dayOfWeek part in CronExpression #​32131

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.41 #​32276

---

• If you want to rebase/retry this PR, check this box