4.1.9 Release

⭐ New Features

• Allow setting custom ClassPathBeanDefinitionScanner on AnnotationConfigWebApplicationContext [SPR-9324] #13962
• Skip Content-Disposition header when status != 2xx [SPR-13588] #18165
• Avoid NPE for anonymous SqlParameter in CallMetaDataContext [SPR-13628] #18206
• Content-Disposition with fixed file name "f.txt" causes confusion [SPR-13643] #18220
• Revisit BeansException warn logging after startup failure [SPR-13663] #18238
• Implement containsKey for HttpHeaders returned from ServletServerHttpResponse [SPR-13668] #18243
• BeanFactoryAnnotationUtils.qualifiedBeanOfType should not instantiate all beans of given type before checking qualifier [SPR-13741] #18314
• Configure view controllers with the ApplicationContext [SPR-13762] #18335
• AbstractRequestLoggingFilter with startAsync: unwrap request to find ContentCachingRequestWrapper [SPR-13764] #18338
• Support for Microsoft SQL Server driver version 4 and above [SPR-13772] #18346
• Allow for setting TTL on a response sent by @JmsListener [SPR-13774] #18348
• Defensive error reporting when ConfigurationClassParser introspects declared methods via StandardAnnotationMetadata [SPR-13791] #18364

🪲 Bug Fixes

• SpEL compiler creating bad byte code for some values that are added together via OpPlus [SPR-12426] #17032
• mvc:view-resolvers does not reliably find declared ContentNegotiationManager [SPR-13559] #18135
• Content-Disposition header causes download in browser for Spring Boot Actuator endpoints [SPR-13587] #18164
• AbstractJdbcCall's compiled variable should be declared as volatile [SPR-13617] #18195
• webjars resource handling may run into NPE in JarURLInputStream [SPR-13620] #18198
• Content-Disposition added for @ResponseBody methods explicitly mapped to ".html" or other extensions [SPR-13629] #18207
• SerializableTypeWrapper.MethodInvokeTypeProvider can be exploited for unsafe deserialization [SPR-13656] #18232
• CommonsMultipartFile.getOriginalFilename() does not strip file path properly [SPR-13662] #18237
• AbstractApplicationContext.isRunning throws IllegalStateException when called too early [SPR-13667] #18242
• SimpAnnotationMethodMessageHandler fails when no applicationDestinationPrefixes configured or Rabbit endpoint present [SPR-13704] #18279
• CssLinkResourceTransformer is incompatible with FixedVersionStrategy VersionResourceResolver [SPR-13727] #18300
• SubProtocolWebSocketHandler does not update lastSessionCheckTime [SPR-13745] #18318
• The URL content negotiation "format" parameter values are case sensitive and only lowercase values are accepted [SPR-13747] #18320
• MockHttpServletResponse.setIntHeader throws exception for 'Content-Length' header [SPR-13752] #18325
• Second call to MVC handler method with Optional parameter fails with argument type mismatch [SPR-13755] #18328
• ResourceUrlEncodingFilter improperly encodes URLs on root page [SPR-13757] #18330
• ControllerAdviceBean javadoc is inconsistent with its implementation [SPR-13759] #18332
• allowed-origins are not resolved from properties variables [SPR-13760] #18333
• Inefficient and inconsistent setAllowedOrigins collection types in AbstractSockJsService/OriginHandshakeInterceptor [SPR-13761] #18334
• MessagingMessageListenerAdapter provides a BytesMessage that has already been read [SPR-13769] #18343
• VerifyError when trying to compile constructor invocation with SpEL [SPR-13781] #18355
• Jdbc4SqlXmlHandler should return null as documented (instead of throwing NPE) [SPR-13782] #18356
• VersionResourceResolver's versionStrategyMap should keep insertion order [SPR-13798] #18371

📔 Documentation

• Fix cron trigger example in reference documentation [SPR-10474] #15107
• Revisit remaining XmlBeanFactory usage in reference documentation [SPR-13485] #18064
• Error in RequestEntity's javadoc [SPR-13666] #18241
• Cacheable#key should define the available arguments [SPR-13746] #18319
• Documentation is missing for sendTimeLimit bufferSizeLimit for ConcurrentWebSocketSessionDecorator [SPR-13753] #18326