Sourced from mysql-connector-java's changelog.

Changelog

https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/

Version 8.0.28

• Fix for Bug#99260 (31189960), statement.setQueryTimeout,creates a database connection and does not close.

• Fix for Bug#103324 (32770013), X DevAPI Collection.replaceOne() missing matching _id check.

• Fix for Bug#105197 (33461744), Statement.executeQuery() may return non-navigable ResultSet.

• Fix for Bug#105323 (33507321), README.md contains broken links.

• Fix for Bug#96900 (30355150), STATEMENT.CANCEL()CREATE A DATABASE CONNECTION BUT DOES NOT CLOSE THE CONNECTION.

• Fix for Bug#104067 (33054827), No reset autoCommit after unknown issue occurs. Thanks to Tingyu Wei for his contribution.

• Fix for Bug#85223 (25656020), MYSQLSQLXML SETSTRING CRASH.

• Fix for Bug#84365 (33425867), INSERT..VALUE with VALUES function lead to a StringIndexOutOfBoundsException.

• Fix for Bug#105211 (33468860), class java.time.LocalDate cannot be cast to class java.sql.Date.

• Fix for Bug#101389 (32089018), GETWARNINGS SHOULD CHECK WARNING COUNT BEFORE SENDING SHOW.

• Fix for Bug#33488091, Remove all references to xdevapi.useAsyncProtocol from properties and code.

• WL#14805, Remove support for TLS 1.0 and 1.1.

• WL#14650, Support for MFA (multi factor authentication) authentication.

Version 8.0.27

• Fix for Bug#103612 (32902019), Incorrectly identified WITH...SELECT as unsafe for read-only connections.

• Fix for Bug#71929 (18346501), Prefixing query with double comments cancels query DML validation.

• Fix for Bug#23204652, CURSOR POSITIONING API'S DOESNOT CHECK THE VALIDITY OF RESULTSET.

• Fix for Bug#28725534, MULTI HOST CONNECTION WOULD BLOCK IN CONNECTION POOLING.

• Fix for Bug#95139 (29807572), CACHESERVERCONFIGURATION APPEARS TO THWART CHARSET DETECTION.

• Fix for Bug#104641 (33237255), DatabaseMetaData.getImportedKeys can return duplicated foreign keys.

• Fix for Bug#33185116, Have method ResultSet.getBoolean() supporting conversion of 'T' and 'F' in a VARCHAR to True/False (boolean).

• Fix for Bug#31117686, PROTOCOL ALLOWLIST NOT COMPATIBLE WITH IBM JAVA.

... (truncated)

• 34cbc6b License book updated.
• 793bd55 Minor fix for tests failing with URL without parameters.
• 58600cc WL#12825, Remove third-party libraries from sources and bundles.
• 5aa15d5 Fix for Bug#93590 (29054329), javax.net.ssl.SSLException: closing inbound bef...
• 1fecc2b Fix for Bug#94414 (29384853), Connector/J RPM package have version number in ...
• f5d24e3 Fix for Bug#27786499, REDUNDANT FILES IN DEBIAN PACKAGE FOR DEBIAN9(COMMUNITY...
• c49db58 WL#12246, DevAPI: Prepared statement support.
• a5c3d29 Added definition file for msi building tools.
• 13045c2 WL#10839, Adjust c/J tests to the new "ON" default for
• 2e350a5 Fix for Bug#29329326, PLEASE AVOID SHOW PROCESSLIST IF POSSIBLE.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from spring-core's releases.

v5.3.19

:star: New Features

• Remove DNS lookups during websocket connection initiation #28280
• Add application/graphql+json Media type and MIME type constants #28271
• Fix debug log for no matching acceptableTypes #28116
• Provide support for post-processing a LocalValidatorFactoryBean's validator Configuration without requiring sub-classing #27956

:lady_beetle: Bug Fixes

• Improve documentation and matching algorithm in data binders #28333
• NotWritablePropertyException when attempting to declaratively configure ClassLoader properties #28269
• BeanPropertyRowMapper's support for direct column name matches is missing in DataClassRowMapper #28243
• AbstractListenerReadPublisher does not call ServletOutputStream::isReady() when reading chunked data across network packets #28241
• ResponseEntity objects are accumulated in ConcurrentReferenceHashMap #28232
• Lambda proxy generation fix causes BeanNotOfRequiredTypeException #28209
• CodeGenerationException thrown when using AnnotationMBeanExporter on JDK 17 #28138

:hammer: Dependency Upgrades

• Upgrade to Reactor 2020.0.18 #28329

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

• @​GatinMI

v5.3.18

:star: New Features

• Restrict access to property paths on Class references #28261
• Introduce cancel(boolean mayInterruptIfRunning) in ScheduledTask #28233

:lady_beetle: Bug Fixes

• Move off deprecated API in SessionTransactionData #28234

:notebook_with_decorative_cover: Documentation

• Introduce warnings in documentation of SerializationUtils #28246
• Update copyright date in reference manual #28237
• @Transactional test does not execute all JPA lifecycle callback methods #28228

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​quaff

... (truncated)

• cedb587 Release v5.3.19
• a7cf19c Improve documentation and matching algorithm in data binders
• 0cf7f7b Polishing
• 949c3d4 Align plain accessor check
• 3b4ae7b TomcatHttpHandlerAdapter continues after 0 bytes
• 8b39698 Upgrade to Reactor 2020.0.18
• 6fad00e Ensure dynamic proxy with AOP introduction includes lambda interfaces
• 5f6d8df Introduce isLambdaClass() as a public utility in ClassUtils
• 35de7e1 Introduce initializer callback for Bean Validation Configuration
• 10e979e Polishing
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from spring-core's releases.

v5.3.18

:star: New Features

• Restrict access to property paths on Class references #28261
• Introduce cancel(boolean mayInterruptIfRunning) in ScheduledTask #28233

:lady_beetle: Bug Fixes

• Move off deprecated API in SessionTransactionData #28234

:notebook_with_decorative_cover: Documentation

• Introduce warnings in documentation of SerializationUtils #28246
• Update copyright date in reference manual #28237
• @Transactional test does not execute all JPA lifecycle callback methods #28228

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​quaff

v5.3.17

:star: New Features

• Using DataClassRowMapper causes "No property found for column" debug messages in logs #28179
• Improve diagnostics in SpEL for large array creation #28145
• Support custom HTTP status in client-side REST testing support #28105
• AsyncRestTemplate logging too verbose #28049

:lady_beetle: Bug Fixes

• java.lang.NoClassDefFoundError: org/springframework/cglib/beans/BeanMapEmitter #28110
• CronExpression fails to calculate properly next execution when running on the day of winter daylight saving time #28095
• Private init/destroy method may be invoked twice #28083
• MappingJacksonValue and Jackson2CodecSupport#registerObjectMappersForType do not work together #28045
• SpEL fails to recover from error during MIXED mode compilation #28043
• When returning a ResponseEntity with a Flux while the function is suspended, it fails to encode the body #27809

:notebook_with_decorative_cover: Documentation

• Improve documentation for @EnabledIf and @DisabledIf test support #28157
• Links to Spring Security are broken in the reference guide #28135
• Document that transaction rollback rules may result in unintentional matches #28125
• Improve documentation for TestContext events #27757
• Clarify behavior for generics support in BeanUtils.copyProperties #27259

:hammer: Dependency Upgrades

... (truncated)

• 707a24c Release v5.3.18
• 002546b Refine PropertyDescriptor filtering
• 1627f57 Disable flaky integration tests for now
• 3811cd4 Introduce warnings in documentation of SerializationUtils
• d927e37 Add "Testing ORM entity lifecycle callbacks" note to Testing chapter
• 1d302bf Introduce tests for gh-28228
• 4b150fd Update copyright date in reference manual
• 3a6016d Merge pull request #28238 from izeye
• 135506f Update copyright year of EvaluationTests
• cb36ca3 Upgrade to ASM master
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from spring-beans's releases.

v5.3.18

:star: New Features

• Restrict access to property paths on Class references #28261
• Introduce cancel(boolean mayInterruptIfRunning) in ScheduledTask #28233

:lady_beetle: Bug Fixes

• Move off deprecated API in SessionTransactionData #28234

:notebook_with_decorative_cover: Documentation

• Introduce warnings in documentation of SerializationUtils #28246
• Update copyright date in reference manual #28237
• @Transactional test does not execute all JPA lifecycle callback methods #28228

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​quaff

v5.3.17

:star: New Features

• Using DataClassRowMapper causes "No property found for column" debug messages in logs #28179
• Improve diagnostics in SpEL for large array creation #28145
• Support custom HTTP status in client-side REST testing support #28105
• AsyncRestTemplate logging too verbose #28049

:lady_beetle: Bug Fixes

• java.lang.NoClassDefFoundError: org/springframework/cglib/beans/BeanMapEmitter #28110
• CronExpression fails to calculate properly next execution when running on the day of winter daylight saving time #28095
• Private init/destroy method may be invoked twice #28083
• MappingJacksonValue and Jackson2CodecSupport#registerObjectMappersForType do not work together #28045
• SpEL fails to recover from error during MIXED mode compilation #28043
• When returning a ResponseEntity with a Flux while the function is suspended, it fails to encode the body #27809

:notebook_with_decorative_cover: Documentation

• Improve documentation for @EnabledIf and @DisabledIf test support #28157
• Links to Spring Security are broken in the reference guide #28135
• Document that transaction rollback rules may result in unintentional matches #28125
• Improve documentation for TestContext events #27757
• Clarify behavior for generics support in BeanUtils.copyProperties #27259

:hammer: Dependency Upgrades

... (truncated)

• 707a24c Release v5.3.18
• 002546b Refine PropertyDescriptor filtering
• 1627f57 Disable flaky integration tests for now
• 3811cd4 Introduce warnings in documentation of SerializationUtils
• d927e37 Add "Testing ORM entity lifecycle callbacks" note to Testing chapter
• 1d302bf Introduce tests for gh-28228
• 4b150fd Update copyright date in reference manual
• 3a6016d Merge pull request #28238 from izeye
• 135506f Update copyright year of EvaluationTests
• cb36ca3 Upgrade to ASM master
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• bd907c3 [maven-release-plugin] prepare release netty-4.1.42.Final
• 2791f0f Avoid use of global AtomicLong for ScheduledFutureTask ids (#9599)
• 86ff76a Fix incorrect comment (#9598)
• 5e69a13 Cleanup JNI code to always correctly free memory when loading fails and also ...
• eb3c4bd ChunkedNioFile can use absolute FileChannel::read to read chunks (#9592)
• 76592db Close eventfd shutdown/wakeup race by closely tracking epoll edges (#9586)
• 0a2d85f Fix GraalVM native image build error (#9593)
• dc4de7f We need to use NewGloblRef when caching jclass instances (#9595)
• 4499384 Update to netty-tcnative 2.0.26.Final (#9589)
• 8648171 Fix *SslEngineTest to not throw ClassCastException and pass in all cases (#9588)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from junit's releases.

JUnit 4.13.1

Please refer to the release notes for details.

JUnit 4.13

Please refer to the release notes for details.

JUnit 4.13 RC 2

Please refer to the release notes for details.

JUnit 4.13 RC 1

Please refer to the release notes for details.

JUnit 4.13 Beta 3

Please refer to the release notes for details.

JUnit 4.13 Beta 2

Please refer to the release notes for details.

JUnit 4.13 Beta 1

Please refer to the release notes for details.

• 1b683f4 [maven-release-plugin] prepare release r4.13.1
• ce6ce3a Draft 4.13.1 release notes
• c29dd82 Change version to 4.13.1-SNAPSHOT
• 1d17486 Add a link to assertThrows in exception testing
• 543905d Use separate line for annotation in Javadoc
• 510e906 Add sub headlines to class Javadoc
• 610155b Merge pull request from GHSA-269g-pwp5-87pp
• b6cfd1e Explicitly wrap float parameter for consistency (#1671)
• a5d205c Fix GitHub link in FAQ (#1672)
• 3a5c6b4 Deprecated since jdk9 replacing constructor instance of Double and Float (#1660)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from mysql-connector-java's changelog.

Changelog

https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/

Version 8.0.28

• Fix for Bug#99260 (31189960), statement.setQueryTimeout,creates a database connection and does not close.

• Fix for Bug#103324 (32770013), X DevAPI Collection.replaceOne() missing matching _id check.

• Fix for Bug#105197 (33461744), Statement.executeQuery() may return non-navigable ResultSet.

• Fix for Bug#105323 (33507321), README.md contains broken links.

• Fix for Bug#96900 (30355150), STATEMENT.CANCEL()CREATE A DATABASE CONNECTION BUT DOES NOT CLOSE THE CONNECTION.

• Fix for Bug#104067 (33054827), No reset autoCommit after unknown issue occurs. Thanks to Tingyu Wei for his contribution.

• Fix for Bug#85223 (25656020), MYSQLSQLXML SETSTRING CRASH.

• Fix for Bug#84365 (33425867), INSERT..VALUE with VALUES function lead to a StringIndexOutOfBoundsException.

• Fix for Bug#105211 (33468860), class java.time.LocalDate cannot be cast to class java.sql.Date.

• Fix for Bug#101389 (32089018), GETWARNINGS SHOULD CHECK WARNING COUNT BEFORE SENDING SHOW.

• Fix for Bug#33488091, Remove all references to xdevapi.useAsyncProtocol from properties and code.

• WL#14805, Remove support for TLS 1.0 and 1.1.

• WL#14650, Support for MFA (multi factor authentication) authentication.

Version 8.0.27

• Fix for Bug#103612 (32902019), Incorrectly identified WITH...SELECT as unsafe for read-only connections.

• Fix for Bug#71929 (18346501), Prefixing query with double comments cancels query DML validation.

• Fix for Bug#23204652, CURSOR POSITIONING API'S DOESNOT CHECK THE VALIDITY OF RESULTSET.

• Fix for Bug#28725534, MULTI HOST CONNECTION WOULD BLOCK IN CONNECTION POOLING.

• Fix for Bug#95139 (29807572), CACHESERVERCONFIGURATION APPEARS TO THWART CHARSET DETECTION.

• Fix for Bug#104641 (33237255), DatabaseMetaData.getImportedKeys can return duplicated foreign keys.

• Fix for Bug#33185116, Have method ResultSet.getBoolean() supporting conversion of 'T' and 'F' in a VARCHAR to True/False (boolean).

• Fix for Bug#31117686, PROTOCOL ALLOWLIST NOT COMPATIBLE WITH IBM JAVA.

... (truncated)

• 34cbc6b License book updated.
• 793bd55 Minor fix for tests failing with URL without parameters.
• 58600cc WL#12825, Remove third-party libraries from sources and bundles.
• 5aa15d5 Fix for Bug#93590 (29054329), javax.net.ssl.SSLException: closing inbound bef...
• 1fecc2b Fix for Bug#94414 (29384853), Connector/J RPM package have version number in ...
• f5d24e3 Fix for Bug#27786499, REDUNDANT FILES IN DEBIAN PACKAGE FOR DEBIAN9(COMMUNITY...
• c49db58 WL#12246, DevAPI: Prepared statement support.
• a5c3d29 Added definition file for msi building tools.
• 13045c2 WL#10839, Adjust c/J tests to the new "ON" default for
• 2e350a5 Fix for Bug#29329326, PLEASE AVOID SHOW PROCESSLIST IF POSSIBLE.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• ca50a47 Release version 4.3.21.RELEASE
• 9600e01 Revised alias definition example in reference documentation
• e9f7c35 ResolvableType-based matching consistently respects generic factory method re...
• cf8479c Upgrade to Tomcat 8.5.35, Netty 4.1.31, Gson 2.8.5, Jackson 2.8.11.3
• 1c1b942 DefaultResponseErrorHandler detects non-standard error code as well
• 85b5c5a Polishing
• ed9afa3 FastByteArrayOutputStream.read byte-to-int conversion
• 22f4b1c SerializedBeanFactoryReference falls back to dummy with specific id
• abacc6d BEST_MATCHING_HANDLER_ATTRIBUTE for spring-webmvc
• 8d668ac Up-to-date version and link in ASM/CGLIB/Objenesis package javadoc
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from spring-beans's releases.

v5.2.20.RELEASE

:star: New Features

• Restrict access to property paths on Class references #28262
• Improve diagnostics in SpEL for large array creation #28257

v5.2.19.RELEASE

:star: New Features

• Declare serialVersionUID on DefaultAopProxyFactory #27785
• Use ByteArrayDecoder in DefaultClientResponse::createException #27667

:lady_beetle: Bug Fixes

• ProxyFactoryBean getObject called before setInterceptorNames, silently creating an invalid proxy [SPR-7582] #27817
• Possible NPE in Spring MVC LogFormatUtils #27783
• UndertowHeadersAdapter's remove() method violates Map contract #27593
• Fix assertion failure messages in DefaultDataBuffer.checkIndex() #27577

:notebook_with_decorative_cover: Documentation

• Lazy annotation throws exception if non-required bean does not exist #27660
• Incorrect Javadoc in [NamedParameter]JdbcOperations.queryForObject methods regarding exceptions #27581
• DefaultResponseErrorHandler update javadoc comment #27571

:hammer: Dependency Upgrades

• Upgrade to Reactor Dysprosium-SR25 #27635
• Upgrade to Log4j2 2.16.0 #27825

v5.2.18.RELEASE

:star: New Features

• Enhance DefaultResponseErrorHandler to allow logging complete error response body #27558
• DefaultMessageListenerContainer does not log an error/warning when consumer tasks have been rejected #27457

:lady_beetle: Bug Fixes

• Performance impact of con.getContentLengthLong() in AbstractFileResolvingResource.isReadable() downloading huge jars to check component length #27549
• Performance impact of ResourceUrlEncodingFilter on HttpServletResponse#encodeURL #27548
• Avoid duplicate JCacheOperationSource bean registration in #27547
• Non-escaped closing curly brace in RegEx results in initialization error on Android #27502
• Proxy generation with Java 17 fails with "Cannot invoke "Object.getClass()" because "cause" is null" #27498
• ConcurrentReferenceHashMap's entrySet violates the Map contract #27455

:hammer: Dependency Upgrades

• Upgrade to Reactor Dysprosium-SR24 #27526

v5.2.17.RELEASE

... (truncated)

• cfa701b Release v5.2.20.RELEASE
• 996f701 Refine PropertyDescriptor filtering
• 90cfde9 Improve diagnostics in SpEL for large array creation
• 94f52bc Upgrade to Artifactory Resource 0.0.17
• d4478ba Upgrade Java versions in CI image
• 136e6db Upgrade Ubuntu version in CI images
• 8f1f683 Upgrade Java versions in CI image
• ce2367a Upgrade to Log4j2 2.17.1
• acf7823 Next development version (v5.2.20.BUILD-SNAPSHOT)
• 1a03ffe Upgrade to Log4j2 2.16.0
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from fastjson's releases.

FASTJSON 1.2.83版本发布（安全修复）

这是一个安全修复版本，修复最近收到在特定场景下可以绕过autoType关闭限制的漏洞，建议fastjson用户尽快采取安全措施保障系统安全。

安全修复方案 ：https://github.com/alibaba/fastjson/wiki/security_update_20220523

Issues

1. 安全加固
2. 修复JDK17下setAccessible报错的问题 #4077

• 下载 https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.83/
• 文档 https://github.com/alibaba/fastjson/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98
• 源码 https://github.com/alibaba/fastjson/tree/1.2.83

• 26f13f8 1.2.83
• 8f3410f bug fix for autotype
• cd3c2de improved jdk8 java.time support
• c63866e remove unused import
• 35db4ad bug fix for autoType
• 3f009e1 Merge pull request #4085 from hengyunabc/fix_setAccessible
• dd3de5f fix InaccessibleObjectException in jdk17. #4077
• a234f9a Merge pull request #4084 from alibaba/revert-4078-master
• 0814909 Revert "fix InaccessibleObjectException in jdk17. #4077"
• ab82d0b Merge pull request #4078 from hengyunabc/master
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from spring-core's releases.

v5.2.22.RELEASE

:star: New Features

• Refine CachedIntrospectionResults property introspection #28446

:lady_beetle: Bug Fixes

• Ignore invalid STOMP frame #28444

v5.2.21.RELEASE

:star: New Features

• Remove DNS lookups during websocket connection initiation #28281

:lady_beetle: Bug Fixes

• Improve documentation and matching algorithm in data binders #28334
• CodeGenerationException thrown when using AnnotationMBeanExporter on JDK 17 #28279
• ResponseEntity objects are accumulated in ConcurrentReferenceHashMap #28273
• NotWritablePropertyException when attempting to declaratively configure ClassLoader properties #28272

v5.2.20.RELEASE

:star: New Features

• Restrict access to property paths on Class references #28262
• Improve diagnostics in SpEL for large array creation #28257

v5.2.19.RELEASE

:star: New Features

• Declare serialVersionUID on DefaultAopProxyFactory #27785
• Use ByteArrayDecoder in DefaultClientResponse::createException #27667

:lady_beetle: Bug Fixes

• ProxyFactoryBean getObject called before setInterceptorNames, silently creating an invalid proxy [SPR-7582] #27817
• Possible NPE in Spring MVC LogFormatUtils #27783
• UndertowHeadersAdapter's remove() method violates Map contract #27593
• Fix assertion failure messages in DefaultDataBuffer.checkIndex() #27577

:notebook_with_decorative_cover: Documentation

• Lazy annotation throws exception if non-required bean does not exist #27660
• Incorrect Javadoc in [NamedParameter]JdbcOperations.queryForObject methods regarding exceptions #27581
• DefaultResponseErrorHandler update javadoc comment #27571

:hammer: Dependency Upgrades

• Upgrade to Reactor Dysprosium-SR25 #27635
• Upgrade to Log4j2 2.16.0 #27825

... (truncated)

• 8f4c172 Release v5.2.22.RELEASE
• 9f238c9 Polishing
• 50177b1 Refine CachedIntrospectionResults property introspection
• 159a99b Ignore invalid STOMP frame
• 41e158c Next development version (v5.2.22.BUILD-SNAPSHOT)
• 833e750 Improve documentation and matching algorithm in data binders
• d70054d Upgrade to Log4j2 2.17.2
• 36e4951 Polishing
• 87b5080 Consistent use of getLocalAddr() without DNS lookups in request adapters
• 5cbf85a Avoid return value reference in potentially cached MethodParameter instance
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.