Closes gh-4973

This commit allows to use the `flyway.locations` in an indexed fashion
(i.e. typically in YAML configuration).

See gh-4973

EmbeddedVelocityToolboxView is used with both embedded containers and
when a Spring Boot application is deployed to a servlet container. It
process the ServletContext to intercept calls to getResource so that it
can load Velocity’s toolbox.xml file from within an executable jar.
Previously, when it created the proxy, it didn’t specify the ClassLoader
to use. This resulted in the proxy being created using the ClassLoader
that loaded the Class that is being proxied. This fails when the
application is deployed to a ServletContainer as the ClassLoader that
loaded the ServletContext implementation is the container’s ClassLoader
and it cannot see the classes that are specific to the web application.

This commit updates EmbeddedVelocityToolboxView to specify the
ClassLoader to use when creating the proxy. It specifies its own
ClassLoader thereby ensuring that the proxy creation can load
application-specific classes.

Fixes gh-4967

See gh-4969

Prior to Tomcat 8.0.30, its default behaviour was for the mapper to
redirect a request for context-root to context-root/. This redirection
was switched off by default in 8.0.30 by default. This has proven
to be problematic and Tomcat 8.0.31 will reinstate the old default.

While we are waiting for Tomcat 8.0.31 to be released, this commit
explicitly sets the default back to what it was in 8.0.29 and earlier
and what it will be in 8.0.31.

Closes gh-4937

Previously, the documentation stated that jackson-dataformat-yaml was
the only required dependency. This is incorrect. jackson-databind is
also required.

Closes gh-4924

Previously, MustacheViewResolver would create an InputStreamReader
that wraps the template Resource's InputStream but would fail to close
the Reader. When the InputStream was a FileInputStream, this caused
the resolver to leak file handles.

This commit updates the resolver to close the Reader once the Template
has been compiled, thereby allowing any underlying resources to be
cleaned up immediately, rather than having to wait for the JVM to exit.

Closes gh-4921

PropertiesLauncher creates a ClassLoader that is used by the Launcher
to load an application’s classes. During the creation of this
ClassLoader URLs from its ClassLoader. This resulted resulting in Java
agents that are added to the system class loader via the -javaagent
launch option being available on both the system class loader and the
created class loader. Java agents are intended to always be loaded by
the system class loader. Making them available on another class loader
breaks this model.

This is the same problem that was in ExecutableArchiveLauncher and
that was fixed in ee08667e (see gh-863).

This commit updates PropertiesLauncher so that it skips the URLs of
any Java agents (found by examining the JVM’s input arguments) when
copying URLs over to the new ClassLoader, thereby ensuring that Java
agents are only ever loaded by the system class loader.

Closes gh-4911

Closes gh-4942

Closes gh-4844

Closes gh-4839

Tomcat's websocket support requires Java7 or later. That commit makes
sure to register its support only when such requirement is met.

Closes gh-4846

See gh-4789

Closes gh-4440

This reverts commit acb3fb53.

See gh-4789

Closes gh-4719

Update the documentation to include a section about ServletContext
initialization with embedded servlet containers. This update is to
primarily highlight that `WebApplicationInitializers` and Servlet 3.0+
`ServletContainerInitializers` are not called.

Fixes gh-4643

Closes gh-4789

Prevent potential SpEL injection attacks by ensuring that whitelabel
error view SpEL placeholders are not recursively resolved.

Fixes gh-4763

Previously, ActiveMQ's pooled connection factory was not closed as
part of the application context being closed. This would leave
non-daemon threads running which could cause shutdown to hang unless
the JVM itself was shutting down (in which case a shutdown hook would
stop the pool).

This commit configures each pooled connection factory bean with a
custom destroy method so that the pool is stopped as part of the
application context being closed. To allow the destroy method to only
be declared when the connection factory is pooled, the bean method
has been split into two; one for pooled and one for non-pooled. This
is a partial backport of the changes made in bedf2edf.

Closes gh-4748

Closes gh-4754

Commit 8c140092 removed the endpoints.metrics.filter.enabled property so
that endpoints.metrics.enabled is used for both disabling the endpoint
and the servlet filter that records interactions.

This was an unfortunate decision as it was no longer possible to only
disable the servlet filter. The endpoints.metrics.filter.enabled property
has therefore been restored.

Closes gh-4365

Previously, BasicErrorController would return the response status
set in the javax.servlet.error.status_code request attribute when
serving JSON but would also return a 200 OK response when serving
HTML. This didn’t cause much trouble when a person was browsing, but
proved problematic for machine clients that request text/html and care
about the response status. For example, the success handler would be
driven for an XHR request even though the response was really an error.

This commit updates BasicErrorController to set the response status for
text/html responses to match the status that it would use in an
application/json response.

Closes gh-4694

Closes gh-4510

This reverts commit bb9e1be7.

4.1.7.RELEASE is incompatible with Spring IO Platform 1.1.x due to a
new dependency on kryo-shaded. kryo-shaded was introduced in Kryo
3.0.x but IO Platform 1.1.x uses Kryo 2.

See gh-4719

Closes gh-4738

Tomcat 8.0.30 has changed to using relative URIs in its redirects
by default. To avoid any problems that this behaviour change may
causes we override the default and configure Tomcat to continue to
use absolute URIs.

Closes gh-4715

Closes gh-4721

Closes gh-4720

Closes gh-4719

Closes gh-4718

Closes gh-4717

Closes gh-4716

Closes gh-4714

Closes gh-4713

Previously, LoggingApplicationListener would clean up the logging
system in response to any application context with which it was
registered being closed. This caused problems when a child context was
closed. Specifically, closing the child context would cause any
SLF4J-based logging systems to unregister the JUL bridge handler
preventing an JUL logging being bridged into Logback or Log4J2.

This commit updates LoggingApplicationListener so that the logging
system is only cleaned up when a root application context is
closed.

Closes gh-4651