A previous change intended to prevent temporary directories created as
an implementation detail of mounting volumes on kubernetes pods from
being used as a source for property files had a side-effect of also
preventing other types of hidden directories from being recognized. This
commit narrows the criteria for considering a directory as hidden,
using the kubernetes `..` prefix convention instead of the Unix `.`
prefix.
Fixes gh-23983
When running on Java 11 (where `@PostConstruct` is no longer part of
the JRE) and without a dependency on jakarta-annotation-api,
`@PostContruct` annotions are silently dropped. This leads to obscure and
hard-to-track down changes in the behaviour of our auto-configuration
as the `@PostConstruct`-annotated methods are not invoked.
To allow users to run on Java 11 without having jakarta-annotation-api
on the classpath, this commit removes use of `@PostConstruct` from main
code. A Checkstyle rule has also been added to prevent its usage in
main code from being reintroduced.
Closes gh-23723
This commit modifies the logic for finding properties files using
wildcard paths to ignore files if any part of the file path contains
a hidden directory. Hidden directories are common when Kubernetes
mounts config maps onto volumes in a pod, which was causing the same
properties files to be loaded multiple times.
Fixes gh-23160
Previously, the shutdown hook was only registered once refresh has
completed. If the JVM was shut down during refresh (or after refresh
and before the hook was registered) the hook wouldn't run and the
partially refreshed context would not be cleaned up.
This commit moves the registration of the shutdown hook to before
refresh processing begins. This ensures that the hook is available
to clean up the context if the JVM is shutdown while refresh is in
progress.
Fixes gh-23625
Previously, JettyEmbeddedErrorHandler would change the method of every
request that is handles to GET. This was being done to work around
Jetty's error handling only dealing with GET, POST, and HEAD requests
by default. It had the unwanted side-effect of causing an error
response to a HEAD request having a body as, from the error handling's
perspective, it was a GET request.
This commit updates JettyEmbeddedErrorHandler to only set the method
on a request for which error handling is being performed if the method
isn't already one that will be handled, leaving the method of GET,
POST, and HEAD requests unchanged.
Unfortunately, short of implementing an HTTP client, this change cannot
be tested as the Apache HttpClient, OkHttp, and the JDK's
HttpURLConnection all silently drop the body of a response to a HEAD
request, preventing a test from asserting that a body hasn't been sent.
Closes gh-23551
Previously, we configured embedded Tomcat in such a way that no TLD
scan patterns were configured. This differed from a standalone
Tomcat installation where 4 patterns are configured that take
precedence over some of the skip patterns. The missing scan patterns
resulted in the skip patterns preventing the discovery of Log4j2's
TLDs.
This commit updates TomcatServletWebServerFactory to configure the
same four scan patterns as standalone Tomcat configures by default.
Fixes gh-23302
Previously LOG_LEVEL_PATTERN and LOG_DATEFORMAT_PATTERN were not
consumed as system properties in log4j2.xml and log4j2-file.xml. As a
result, the logging.pattern.level and logging.pattern.dateformat
configuration properties, which are translated into the
LOG_LEVEL_PATTERN and LOG_DATEFORMAT_PATTERN system properties
respectively had no effect.
This commit updates the log4j2.xml and log4j2-file.xml config files to
consume LOG_LEVEL_PATTERN and LOG_DATEFORMAT_PATTERN as system
properties. When the system property is not set, the configuation falls
back to the default values specified in the config files. Tests for
both log4j2.xml and log4j2-file.xml to verify the behaviour have also
bean added.
Fixes gh-22983
Update `ValidationBindHandler` so that pushed fields that reference
map keys can be used. This fixes a regression that was introduced in
commit 4483f417 when we switched to a `AbstractBindingResult` that no
longer required public getters/setters.
Closes gh-20350
Update `OriginTrackedYamlLoader` to remove node limits and recursive
parsing restrictions. SnakeYAML 1.26 introduced these options in order
to protect against the "billion laugh attacks" but since we consider
`application.yml` files to be trusted, we don't need these restrictions.
Fixes gh-23096
Extend `initializeSystem` to search the exception stack for a
FileNotFoundException before reporting the error. This allows
us to provide a similar stack trace to the one that used to be
thrown when we had the `ResourceUtils.getURL` check.
See gh-22946
Remove `ResourceUtils.getURL` checking from `LoggingApplicationListener`
so that logging systems can implement custom location support.
Prior to this commit, we checked in the listener if the specified config
location could be opened as a URL. This unfortunately prevents Log4J
extensions such as `log4j-spring-cloud-config-client` from implementing
configurable SSL and credentials support.
See gh-22946
