Commit Graph

11260 Commits

Author SHA1 Message Date
Madhura Bhave
4e61136948 Enable CSRF protection by default
See gh-11758
2018-02-16 14:43:50 -08:00
Andy Wilkinson
85f45adb9a Upgrade to Plexus Utils 3.0.24
Closes gh-12065
2018-02-15 16:21:25 +00:00
Andy Wilkinson
145d8d2673 Defer removal of Connectors until after ServletContext initialization
Previously, we removed the Connectors from Tomcat's Service before
the Context was started. The removal of the Connectors is required as
it prevents Tomcat from accepting requests before we're ready to
handle them.

Part of starting the Context is creating and initializing the
ServletContext. ServerProperties uses a ServletContextInitializer to
set the session tracking modes and Tomcat rejects the SSL tracking
mode if there is no SSL-enabled connector available. With the previous
arrangement this led to a failure as the Connectors had been removed
so the SSL-enabled connector could not be found.

This commit updates the embedded Tomcat container to defer the
removal of the Connectors until after the context has been started
but still at a point that is before the Connectors themselves would
have been started.

Closes gh-12058
2018-02-14 17:04:55 +00:00
Andy Wilkinson
f3989b1b95 Upgrade to Spring Session 1.3.2.RELEASE
Closes gh-12038
2018-02-14 08:08:54 +00:00
Andy Wilkinson
f8b4b10cdc Upgrade to Liquibase 3.5.4
Closes gh-12037
2018-02-14 08:08:54 +00:00
Andy Wilkinson
1fa45b2890 Upgrade to Tomcat 8.5.28
Closes gh-12036
2018-02-14 08:08:53 +00:00
Andy Wilkinson
d59000ceb1 Change ownership when log file is created by launch script
Closes gh-11951
2018-02-13 14:54:35 +00:00
Stephane Nicoll
2f6d05dc51 Fix parsing of String value in json
Closes gh-11992
2018-02-12 17:05:32 +01:00
Stephane Nicoll
da01744e4c Merge pull request #11981 from eiselems:1.5.xMysqlValidationQuery
* pr/11981:
  Update MySQL validation query to use lightweight ping
  Polish
  Reinject mocks when context is dirtied before each method
  Polish “Prevent reverse name lookup when configuring Jetty's address”
  Prevent reverse name lookup when configuring Jetty's address
  Fixup version numbers following release
  Next Development Version
  Protect against symlink attacks
  All CLI support for Windows MINGW environments
  Polish
2018-02-10 15:05:58 +01:00
Marcus Eisele
37ce1784ab Update MySQL validation query to use lightweight ping
Closes gh-11981
2018-02-10 15:04:29 +01:00
Andy Wilkinson
c4395afa79 Polish 2018-02-10 15:03:54 +01:00
Andy Wilkinson
6c305e09c3 Reinject mocks when context is dirtied before each method
Closes gh-11903
2018-02-10 15:03:54 +01:00
Andy Wilkinson
dc1e1e8280 Polish “Prevent reverse name lookup when configuring Jetty's address”
Closes gh-11889
2018-02-10 15:03:53 +01:00
Henrich Kraemer
dc48a90184 Prevent reverse name lookup when configuring Jetty's address
Previously, the host on Jetty's connector was configured using the
host address of the InetSocketAddress. This could result in reverse
name resolution that could cause Jetty to bind to a different IP
address than was configured.

This commit updates the configuration code to use the host string
when specifically does not perform reverse name resolution.

See gh-11889
2018-02-10 15:03:53 +01:00
Phillip Webb
21eb8d89bb Fixup version numbers following release 2018-02-10 15:03:53 +01:00
Spring Buildmaster
aa6cb9744b Next Development Version 2018-02-10 15:03:53 +01:00
Phillip Webb
6ae960d295 Protect against symlink attacks
Update embedded launch script to no longer change ownership of files
or folders that already exist.

Fixes gh-11397
2018-02-10 15:03:53 +01:00
Jacques Stadler
2b9f1101e8 All CLI support for Windows MINGW environments
Closes gh-11848
2018-02-10 15:03:53 +01:00
Phillip Webb
af8e155c6d Polish 2018-02-10 15:03:53 +01:00
Phillip Webb
798522d890 Format with Eclipse Oxygen SR2 2018-02-08 15:46:49 -08:00
Phillip Webb
1f8bc391ce Upgrade formatter settings
Closes gh-8513
2018-02-08 15:23:42 -08:00
Phillip Webb
716726aa50 Update Eclipse Oomph setup for Oxygen
See gh-8513
2018-02-08 15:23:28 -08:00
Andy Wilkinson
debe15b284 Polish 2018-02-05 19:16:45 +00:00
Andy Wilkinson
aac88502c8 Reinject mocks when context is dirtied before each method
Closes gh-11903
2018-02-05 10:53:34 +00:00
Andy Wilkinson
61cba6402d Merge pull request #11889 from Henrich Kraemer
* gh-11889:
  Polish “Prevent reverse name lookup when configuring Jetty's address”
  Prevent reverse name lookup when configuring Jetty's address
2018-02-02 14:56:12 +00:00
Andy Wilkinson
a1b823fc43 Polish “Prevent reverse name lookup when configuring Jetty's address”
Closes gh-11889
2018-02-02 14:55:57 +00:00
Henrich Kraemer
2066fa7d0b Prevent reverse name lookup when configuring Jetty's address
Previously, the host on Jetty's connector was configured using the
host address of the InetSocketAddress. This could result in reverse
name resolution that could cause Jetty to bind to a different IP
address than was configured.

This commit updates the configuration code to use the host string
when specifically does not perform reverse name resolution.

See gh-11889
2018-02-02 14:44:17 +00:00
Phillip Webb
09a64bc841 Fixup version numbers following release 2018-01-30 17:16:04 -08:00
Spring Buildmaster
6414b42335 Next Development Version 2018-01-30 23:29:33 +00:00
Phillip Webb
9b8cb9a463 Protect against symlink attacks
Update embedded launch script to no longer change ownership of files
or folders that already exist.

Fixes gh-11397
2018-01-30 12:42:31 -08:00
Phillip Webb
604ec075eb Merge pull request #11848 from stadler
* pr/11848:
  All CLI support for Windows MINGW environments
2018-01-30 12:41:16 -08:00
Jacques Stadler
38a5466a19 All CLI support for Windows MINGW environments
Closes gh-11848
2018-01-30 12:40:31 -08:00
Phillip Webb
61f7bd8576 Polish 2018-01-30 12:37:40 -08:00
Stephane Nicoll
f86b44f2ec Reduce StringBuilder creation in TypeExtractor.visitDeclared()
Closes gh-11845
2018-01-30 16:40:32 +01:00
Stephane Nicoll
11f700aa9d Fix handling of redis password containing a colon
Closes gh-11371
2018-01-30 10:27:26 +01:00
Andy Wilkinson
4ecc7b9211 Polish 2018-01-29 20:10:29 +00:00
Andy Wilkinson
f8b4018f44 Upgrade to Spring Integration 4.3.14.RELEASE
Closes gh-11836
2018-01-29 20:01:32 +00:00
Andy Wilkinson
7c269a6dc7 Merge pull request #11790 from Alex Panchenko
* gh-11790:
  Polish "Configure ErrorReportValve not to report stack traces"
  Configure ErrorReportValve not to report stack traces
2018-01-29 19:50:20 +00:00
Andy Wilkinson
5a74f63f7c Polish "Configure ErrorReportValve not to report stack traces"
Closes gh-11790
2018-01-29 19:50:07 +00:00
Alex Panchenko
29736e340e Configure ErrorReportValve not to report stack traces
See gh-11790
2018-01-29 17:23:49 +00:00
Andy Wilkinson
4c001e8d56 Merge pull request #11835 from Gary Russell
* gh-11835:
  Upgrade to Spring AMQP 1.7.6
2018-01-29 17:10:05 +00:00
Gary Russell
4ad5045aab Upgrade to Spring AMQP 1.7.6
Closes gh-11835
2018-01-29 17:09:40 +00:00
Andy Wilkinson
2ba2bddc76 Add note to docs about configuration of Log4j 2's JDK logging adapter
Closes gh-11660
2018-01-29 16:04:16 +00:00
Andy Wilkinson
9da6ddb253 Trace IDs of sessions created downstream of trace filter
Closes gh-11717
2018-01-29 15:24:24 +00:00
Andy Wilkinson
7ae39eaebf Upgrade to Spring Security 4.2.4.RELEASE
Closes gh-11829
2018-01-29 14:46:18 +00:00
Stephane Nicoll
474a391763 Upgrade to Spring Data Ingalls SR10
Closes gh-11673
2018-01-24 15:29:10 +01:00
Andy Wilkinson
1d58e7a7c2 Upgrade to GemFire 8.2.8
Closes gh-11746
2018-01-23 10:09:00 +00:00
Stephane Nicoll
64b0633a41 Upgrade to Spring Framework 4.3.14.RELEASE
Closes gh-11520
2018-01-23 10:53:33 +01:00
Andy Wilkinson
b6576fbe9c Test compression defaults against 8.5.24 as they changed in 8.5.27
See gh-11727
2018-01-22 21:00:13 +00:00
Andy Wilkinson
de6c406260 Upgrade to Tomcat 8.5.27
Closes gh-11727
2018-01-22 20:32:34 +00:00