Add End-of-Life Notice

Closes gh-1831

.github/workflows/pr-build-workflow.yml

@@ -0,0 +1,28 @@
+name: 2.3.x PR Build
+
+on:
+  pull_request:
+    branches:
+      - 2.3.x
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        jdk: [8, 11]
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up JDK ${{ matrix.jdk }}
+        uses: actions/setup-java@v1
+        with:
+          java-version: ${{ matrix.jdk }}
+      - name: Cache Gradle packages
+        uses: actions/cache@v2
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+      - name: Build with Gradle
+        run: ./gradlew clean build --no-daemon --stacktrace

.travis.yml

@@ -1,16 +0,0 @@
-sudo: required
-language: java
-jdk:
-  - openjdk8
-  - openjdk11
-services:
-  - docker
-before_cache:
-  - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
-  - rm -fr $HOME/.gradle/caches/*/plugin-resolution/
-cache:
-  directories:
-    - $HOME/.gradle/caches/
-    - $HOME/.gradle/wrapper/
-install: true
-script: ./gradlew clean check --no-daemon --stacktrace

Jenkinsfile

@@ -1,192 +0,0 @@
-properties([
-		buildDiscarder(logRotator(numToKeepStr: '10')),
-		pipelineTriggers([
-				cron('@daily')
-		]),
-])
-
-def SUCCESS = hudson.model.Result.SUCCESS.toString()
-currentBuild.result = SUCCESS
-
-def GRADLE_ENTERPRISE_CACHE_USER = usernamePassword(credentialsId: 'gradle_enterprise_cache_user',
-		passwordVariable: 'GRADLE_ENTERPRISE_CACHE_PASSWORD',
-		usernameVariable: 'GRADLE_ENTERPRISE_CACHE_USERNAME')
-def GRADLE_ENTERPRISE_SECRET_ACCESS_KEY = string(credentialsId: 'gradle_enterprise_secret_access_key',
-		variable: 'GRADLE_ENTERPRISE_ACCESS_KEY')
-def SPRING_SIGNING_SECRING = file(credentialsId: 'spring-signing-secring.gpg', variable: 'SIGNING_KEYRING_FILE')
-def SPRING_GPG_PASSPHRASE = string(credentialsId: 'spring-gpg-passphrase', variable: 'SIGNING_PASSWORD')
-def OSSRH_CREDENTIALS = usernamePassword(credentialsId: 'oss-token', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USERNAME')
-def ARTIFACTORY_CREDENTIALS = usernamePassword(credentialsId: '02bd1690-b54f-4c9f-819d-a77cb7a9822c', usernameVariable: 'ARTIFACTORY_USERNAME', passwordVariable: 'ARTIFACTORY_PASSWORD')
-def JENKINS_PRIVATE_SSH_KEY = file(credentialsId: 'docs.spring.io-jenkins_private_ssh_key', variable: 'DEPLOY_SSH_KEY')
-def SONAR_LOGIN_CREDENTIALS = string(credentialsId: 'spring-sonar.login', variable: 'SONAR_LOGIN')
-
-def jdkEnv(String jdk = 'jdk8') {
-	def jdkTool = tool(jdk)
-	return "JAVA_HOME=${ jdkTool }"
-}
-
-try {
-	parallel check: {
-		stage('Check') {
-			timeout(time: 45, unit: 'MINUTES') {
-				node('linux') {
-					label 'spring-session'
-					checkout scm
-					sh "git clean -dfx"
-					try {
-                        withCredentials([GRADLE_ENTERPRISE_CACHE_USER,
-                             GRADLE_ENTERPRISE_SECRET_ACCESS_KEY,
-                             ARTIFACTORY_CREDENTIALS]) {
-                            withEnv([jdkEnv(),
-                                 "GRADLE_ENTERPRISE_CACHE_USERNAME=${GRADLE_ENTERPRISE_CACHE_USERNAME}",
-                                 "GRADLE_ENTERPRISE_CACHE_PASSWORD=${GRADLE_ENTERPRISE_CACHE_PASSWORD}",
-                                 "GRADLE_ENTERPRISE_ACCESS_KEY=${GRADLE_ENTERPRISE_ACCESS_KEY}"]) {
-                                sh "./gradlew check -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --stacktrace"
-                            }
-                        }
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: check'
-						throw e
-					}
-					finally {
-						junit '**/build/test-results/*/*.xml'
-					}
-				}
-			}
-		}
-	},
-	jdk11: {
-		stage('JDK 11') {
-			timeout(time: 45, unit: 'MINUTES') {
-				node('linux') {
-					checkout scm
-					sh "git clean -dfx"
-					try {
-                        withCredentials([GRADLE_ENTERPRISE_CACHE_USER,
-                             GRADLE_ENTERPRISE_SECRET_ACCESS_KEY,
-                             ARTIFACTORY_CREDENTIALS]) {
-                            withEnv([jdkEnv("jdk11"),
-                             "GRADLE_ENTERPRISE_CACHE_USERNAME=${GRADLE_ENTERPRISE_CACHE_USERNAME}",
-                             "GRADLE_ENTERPRISE_CACHE_PASSWORD=${GRADLE_ENTERPRISE_CACHE_PASSWORD}",
-                             "GRADLE_ENTERPRISE_ACCESS_KEY=${GRADLE_ENTERPRISE_ACCESS_KEY}"]) {
-                                sh "./gradlew test integrationTest -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --stacktrace"
-                            }
-                        }
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: jdk11'
-						throw e
-					}
-				}
-			}
-		}
-	},
-	jdk12: {
-		stage('JDK 12') {
-			timeout(time: 45, unit: 'MINUTES') {
-				node('linux') {
-					checkout scm
-					sh "git clean -dfx"
-					try {
-                        withCredentials([GRADLE_ENTERPRISE_CACHE_USER,
-                             GRADLE_ENTERPRISE_SECRET_ACCESS_KEY,
-                             ARTIFACTORY_CREDENTIALS]) {
-                            withEnv([jdkEnv("openjdk12"),
-                             "GRADLE_ENTERPRISE_CACHE_USERNAME=${GRADLE_ENTERPRISE_CACHE_USERNAME}",
-                             "GRADLE_ENTERPRISE_CACHE_PASSWORD=${GRADLE_ENTERPRISE_CACHE_PASSWORD}",
-                             "GRADLE_ENTERPRISE_ACCESS_KEY=${GRADLE_ENTERPRISE_ACCESS_KEY}"]) {
-                                sh "./gradlew test integrationTest -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --stacktrace"
-                            }
-                        }
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: jdk12'
-						throw e
-					}
-				}
-			}
-		}
-	}
-
-	if (currentBuild.result == 'SUCCESS') {
-		parallel artifacts: {
-			stage('Deploy Artifacts') {
-				node('linux') {
-					checkout scm
-					sh "git clean -dfx"
-					try {
-                        withCredentials([SPRING_SIGNING_SECRING,
-                             SPRING_GPG_PASSPHRASE,
-                             OSSRH_CREDENTIALS,
-                             ARTIFACTORY_CREDENTIALS,
-                             GRADLE_ENTERPRISE_CACHE_USER,
-                             GRADLE_ENTERPRISE_SECRET_ACCESS_KEY]) {
-                            withEnv([jdkEnv(),
-                                 "GRADLE_ENTERPRISE_CACHE_USERNAME=${GRADLE_ENTERPRISE_CACHE_USERNAME}",
-                                 "GRADLE_ENTERPRISE_CACHE_PASSWORD=${GRADLE_ENTERPRISE_CACHE_PASSWORD}",
-                                 "GRADLE_ENTERPRISE_ACCESS_KEY=${GRADLE_ENTERPRISE_ACCESS_KEY}"]) {
-                                sh './gradlew deployArtifacts --stacktrace --no-parallel -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password=$SIGNING_PASSWORD -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD'
-                                sh './gradlew finalizeDeployArtifacts --stacktrace --no-parallel -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password=$SIGNING_PASSWORD -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD'
-                            }
-                        }
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: artifacts'
-						throw e
-					}
-				}
-			}
-		},
-		docs: {
-			stage('Deploy Docs') {
-				node('linux') {
-					checkout scm
-					sh "git clean -dfx"
-					try {
-                        withCredentials([JENKINS_PRIVATE_SSH_KEY,
-                             SPRING_GPG_PASSPHRASE,
-                             OSSRH_CREDENTIALS,
-                             ARTIFACTORY_CREDENTIALS,
-                             GRADLE_ENTERPRISE_CACHE_USER,
-                             GRADLE_ENTERPRISE_SECRET_ACCESS_KEY]) {
-                                withEnv([jdkEnv(),
-                                     "GRADLE_ENTERPRISE_CACHE_USERNAME=${GRADLE_ENTERPRISE_CACHE_USERNAME}",
-                                     "GRADLE_ENTERPRISE_CACHE_PASSWORD=${GRADLE_ENTERPRISE_CACHE_PASSWORD}",
-                                     "GRADLE_ENTERPRISE_ACCESS_KEY=${GRADLE_ENTERPRISE_ACCESS_KEY}"]) {
-                                    sh './gradlew deployDocs --stacktrace -PdeployDocsSshKeyPath=$DEPLOY_SSH_KEY -PdeployDocsSshUsername=$SPRING_DOCS_USERNAME'
-                             }
-						}
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: docs'
-						throw e
-					}
-				}
-			}
-		}
-	}
-}
-finally {
-	def buildStatus = currentBuild.result
-	def buildNotSuccess = !SUCCESS.equals(buildStatus)
-	def lastBuildNotSuccess = !SUCCESS.equals(currentBuild.previousBuild?.result)
-
-	if (buildNotSuccess || lastBuildNotSuccess) {
-		stage('Notify') {
-			node {
-				final def RECIPIENTS = [[$class: 'DevelopersRecipientProvider'], [$class: 'RequesterRecipientProvider']]
-
-				def subject = "${buildStatus}: Build ${env.JOB_NAME} ${env.BUILD_NUMBER} status is now ${buildStatus}"
-				def details = "The build status changed to ${buildStatus}. For details see ${env.BUILD_URL}"
-
-				emailext(
-						subject: subject,
-						body: details,
-						recipientProviders: RECIPIENTS,
-						to: "$SPRING_SESSION_TEAM_EMAILS"
-				)
-			}
-		}
-	}
-}

README.adoc

@@ -1,6 +1,14 @@
+[NOTE]
+======
+This branch of Spring Session has reached its https://github.com/spring-projects/spring-boot/wiki/Supported-Versions[End of Life], meaning that there are no further maintenance releases or security patches planned.
+Please migrate to a supported branch as soon as possible.
+======
+
 = Spring Session
 
-image:https://travis-ci.org/spring-projects/spring-session.svg?branch=master["Build Status", link="https://travis-ci.org/spring-projects/spring-session"] image:https://badges.gitter.im/spring-projects/spring-session.svg[link="https://gitter.im/spring-projects/spring-session?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge"]
+image:https://badges.gitter.im/spring-projects/spring-session.svg[link="https://gitter.im/spring-projects/spring-session?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge"]
+
+image:https://github.com/spring-projects/spring-session/workflows/CI/badge.svg?branch=master["Build Status", link="https://github.com/spring-projects/spring-session/actions?query=workflow%3ACI"]
 
 Spring Session provides an API and implementations for managing a user's session information, while also making it trivial to support clustered sessions without being tied to an application container specific solution.
 It also provides transparent integration with:

build.gradle

@@ -4,7 +4,7 @@ buildscript {
 		snapshotBuild = version.endsWith('SNAPSHOT')
 		milestoneBuild = !(releaseBuild || snapshotBuild)
 
-		springBootVersion = '2.2.9.RELEASE'
+		springBootVersion = '2.2.13.RELEASE'
 	}
 
 	repositories {
@@ -13,7 +13,7 @@ buildscript {
 	}
 
 	dependencies {
-		classpath 'io.spring.gradle:spring-build-conventions:0.0.35.RELEASE'
+		classpath 'io.spring.gradle:spring-build-conventions:0.0.37'
 		classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
 	}
 }

gradle.properties

@@ -1,3 +1,3 @@
 org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
 org.gradle.parallel=true
-version=2.3.2.RELEASE
+version=2.3.4.BUILD-SNAPSHOT

gradle/dependency-management.gradle

@@ -1,15 +1,15 @@
 dependencyManagement {
 	imports {
-		mavenBom 'io.projectreactor:reactor-bom:Dysprosium-SR16'
+		mavenBom 'io.projectreactor:reactor-bom:Dysprosium-SR19'
 		mavenBom 'org.junit:junit-bom:5.6.3'
-		mavenBom 'org.springframework:spring-framework-bom:5.2.12.RELEASE'
-		mavenBom 'org.springframework.data:spring-data-releasetrain:Neumann-SR6'
-		mavenBom 'org.springframework.security:spring-security-bom:5.3.6.RELEASE'
-		mavenBom 'org.testcontainers:testcontainers-bom:1.15.1'
+		mavenBom 'org.springframework:spring-framework-bom:5.2.14.RELEASE'
+		mavenBom 'org.springframework.data:spring-data-releasetrain:Neumann-SR8'
+		mavenBom 'org.springframework.security:spring-security-bom:5.3.9.RELEASE'
+		mavenBom 'org.testcontainers:testcontainers-bom:1.15.2'
 	}
 
 	dependencies {
-		dependencySet(group: 'com.hazelcast', version: '3.12.11') {
+		dependencySet(group: 'com.hazelcast', version: '3.12.12') {
 			entry 'hazelcast'
 			entry 'hazelcast-client'
 		}
@@ -27,7 +27,7 @@ dependencyManagement {
 		dependency 'mysql:mysql-connector-java:8.0.21'
 		dependency 'org.apache.derby:derby:10.14.2.0'
 		dependency 'org.assertj:assertj-core:3.15.0'
-		dependency 'org.hsqldb:hsqldb:2.5.0'
+		dependency 'org.hsqldb:hsqldb:2.5.1'
 		dependency 'org.mariadb.jdbc:mariadb-java-client:2.4.4'
 		dependency 'org.mockito:mockito-core:3.3.3'
 		dependency 'org.postgresql:postgresql:42.2.16'

spring-session-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java

@@ -309,6 +309,10 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 			if (!create) {
 				return null;
 			}
+			if (SessionRepositoryFilter.this.httpSessionIdResolver instanceof CookieHttpSessionIdResolver
+					&& this.response.isCommitted()) {
+				throw new IllegalStateException("Cannot create a session after the response has been committed");
+			}
 			if (SESSION_LOGGER.isDebugEnabled()) {
 				SESSION_LOGGER.debug(
 						"A new session was created. To help you troubleshoot where the session was created we provided a StackTrace (this is not an error). You can prevent this from appearing by disabling DEBUG logging for "

spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java

@@ -62,6 +62,7 @@ import org.springframework.test.util.ReflectionTestUtils;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -423,6 +424,18 @@ class SessionRepositoryFilterTests {
 		assertThat(this.response.getCookie("SESSION")).isNotNull();
 	}
 
+	@Test
+	void doFilterGetSessionNewWhenResponseCommittedThenException() {
+		assertThatIllegalStateException().isThrownBy(() -> doFilter(new DoInFilter() {
+			@Override
+			public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse)
+					throws IOException {
+				wrappedResponse.getWriter().flush();
+				wrappedRequest.getSession();
+			}
+		}));
+	}
+
 	@Test
 	void doFilterGetSessionNew() throws Exception {
 		doFilter(new DoInFilter() {

spring-session-hazelcast/src/integration-test/java/org/springframework/session/hazelcast/ClientServerHazelcastIndexedSessionRepositoryITests.java

@@ -46,7 +46,7 @@ import org.springframework.test.context.web.WebAppConfiguration;
 @WebAppConfiguration
 class ClientServerHazelcastIndexedSessionRepositoryITests extends AbstractHazelcastIndexedSessionRepositoryITests {
 
-	private static GenericContainer container = new GenericContainer<>("hazelcast/hazelcast:3.12.11")
+	private static GenericContainer container = new GenericContainer<>("hazelcast/hazelcast:3.12.12")
 			.withExposedPorts(5701).withCopyFileToContainer(MountableFile.forClasspathResource("/hazelcast-server.xml"),
 					"/opt/hazelcast/hazelcast.xml");
 

spring-session-samples/gradle/dependency-management.gradle

@@ -1,6 +1,6 @@
 dependencyManagement {
 	imports {
-		mavenBom 'com.fasterxml.jackson:jackson-bom:2.10.5'
+		mavenBom 'com.fasterxml.jackson:jackson-bom:2.10.5.20201202'
 	}
 
 	dependencies {
@@ -17,7 +17,7 @@ dependencyManagement {
 		dependency 'org.webjars:jquery:1.12.4'
 		dependency 'org.webjars:knockout:2.3.0'
 		dependency 'org.webjars:sockjs-client:0.3.4'
-		dependency 'org.webjars:stomp-websocket:2.3.3'
+		dependency 'org.webjars:stomp-websocket:2.3.4'
 		dependency 'org.webjars:webjars-taglib:0.3'
 	}
 }