Sam Brannen 5bc80fc094 Disable SpEL selector support in WebSocket messaging by default
This commit disables support for evaluating SpEL expressions from
untrusted sources by default. Specifically, this applies to the
SpEL-based 'selector' header support in WebSocket messaging, which
includes the DefaultSubscriptionRegistry and the classes used to
configure the 'selector' header name (SimpleBrokerMessageHandler and
SimpleBrokerRegistration).

The selector header support remains in place but will have to be
explicitly enabled beginning with Spring Framework 6.1.

For example, a custom implementation of WebSocketMessageBrokerConfigurer
can override the configureMessageBroker() method and configure the
selector header name as follows.

  registry.enableSimpleBroker().setSelectorHeaderName("selector");

Closes gh-30550
2023-06-04 17:02:02 +02:00
2023-05-04 15:35:05 +01:00
2023-05-08 14:52:26 +02:00
2023-05-30 11:51:39 +02:00
2023-06-01 15:02:42 +02:00
2023-05-23 11:36:40 +02:00
2023-06-02 23:30:04 +02:00
2023-06-04 16:40:23 +02:00
2023-06-02 23:30:04 +02:00
2023-06-04 16:40:23 +02:00
2023-05-23 20:01:28 +02:00
2023-06-03 17:19:06 +02:00
2023-06-04 16:36:20 +02:00
2023-06-04 16:40:23 +02:00
2023-06-04 16:40:23 +02:00
2023-05-23 15:11:19 +02:00
2017-06-12 08:07:54 +02:00
2023-01-11 15:26:31 +01:00
2023-04-24 12:30:02 +02:00
2023-05-30 10:37:50 +02:00
2019-03-21 15:08:55 -05:00
2022-11-02 10:59:12 +01:00
2023-05-22 15:43:37 +02:00
2023-04-25 19:51:54 +02:00
2022-11-25 23:12:08 +01:00
2019-08-20 22:01:12 +02:00
2023-04-17 18:02:01 +02:00
2023-04-02 19:20:49 +02:00

Spring Framework Build Status Revved up by Gradle Enterprise

This is the home of the Spring Framework: the foundation for all Spring projects. Collectively the Spring Framework and the family of Spring projects are often referred to simply as "Spring".

Spring provides everything required beyond the Java programming language for creating enterprise applications for a wide range of scenarios and architectures. Please read the Overview section as reference for a more complete introduction.

Code of Conduct

This project is governed by the Spring Code of Conduct. By participating, you are expected to uphold this code of conduct. Please report unacceptable behavior to spring-code-of-conduct@pivotal.io.

Access to Binaries

For access to artifacts or a distribution zip, see the Spring Framework Artifacts wiki page.

Documentation

The Spring Framework maintains reference documentation (published and source), GitHub wiki pages, and an API reference. There are also guides and tutorials across Spring projects.

Micro-Benchmarks

See the Micro-Benchmarks wiki page.

Build from Source

See the Build from Source wiki page and the CONTRIBUTING.md file.

Continuous Integration Builds

Information regarding CI builds can be found in the Spring Framework Concourse pipeline documentation.

Stay in Touch

Follow @SpringCentral, @SpringFramework, and its team members on Twitter. In-depth articles can be found at The Spring Blog, and releases are announced via our releases feed.

License

The Spring Framework is released under version 2.0 of the Apache License.

Description
No description provided
Readme 248 MiB
Languages
Java 99.4%
XSLT 0.2%
AspectJ 0.2%