⭐ New Features
- Improve error reporting for issues related to
@Controllertypes requiring AOP proxing [SPR-11281] #15905 - Consistently avoid close() call on Servlet OutputStream [SPR-11413] #16040
- MarshallingView should explicitly skip BindingResult when searching for a model object [SPR-11417] #16044
- Minor CompositeCacheManager revision [SPR-11427] #16053
🪲 Bug Fixes
- Method injection causes memory leak [SPR-10785] #15411
- Velocity springFormCheckboxes macro does not check preselected items correctly [SPR-10837] #15463
- URLs containing %2F (forward slash) are not mapped correctly to
@RequestMappingmethods [SPR-11101] #15727 - LiveBeansView generates invalid JSON on specific case [SPR-11366] #15992
- StringIndexOutOfBoundsException in AbstractErrors for class-level JSR-303 validator [SPR-11374] #16001
- Jaxb2RootElementHttpMessageConverter is susceptible to XXE vulnerability [SPR-11376] #16003
- Potential ClassCastException in RequestContextListener when destroying the request object [SPR-11378] #16005
- Fix off-by-one regression in AbstractMethodMockingControl [SPR-11385] #16012
- PreparedStatement#getParameterMetaData() calls may trigger unwanted side effects [SPR-11386] #16013
- aop:scoped-proxy may fail with LinkageError: loader attempted duplicate class definition for name [SPR-11398] #16025
- EhCacheCacheManager does not wrap runtime-registered caches with TransactionAwareCacheDecorator [SPR-11407] #16034
- MarshallingView should not close response output stream [SPR-11411] #16038
- Inclusion of 'overloaded' in equals() and hashCode() for MethodOverride breaks equals() in AbstractBeanDefinition [SPR-11420] #16047
- resolveFactoryMethodIfPossible should consider nonPublicAccessAllowed flag and SecurityManager scenario [SPR-11422] #16049
- Objects with multi-threaded access should not lazily populate a hash field [SPR-11428] #16054
- Memory leak in ConcurrentReferenceHashMap [SPR-11440] #16066
📔 Documentation
- Broken link into documentation section 21.5.3 [SPR-11404] #16031