Bump in Spring version to address CVE and fixed null checks in query string

Author: sapessi

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsProxyHttpServletRequest.java

@@ -812,11 +812,11 @@ public static String decodeValueIfEncoded(String value) {
 
 
     private String getQueryParamValue(String key, boolean isCaseSensitive) {
-        if (isCaseSensitive) {
-            return request.getQueryStringParameters().get(key);
-        }
-
         if (request.getQueryStringParameters() != null) {
+            if (isCaseSensitive) {
+                return request.getQueryStringParameters().get(key);
+            }
+            
             for (String k : request.getQueryStringParameters().keySet()) {
                 if (k.toLowerCase(Locale.getDefault()).equals(key.toLowerCase(Locale.getDefault()))) {
                     return request.getQueryStringParameters().get(k);

aws-serverless-java-container-spring/pom.xml

@@ -15,7 +15,7 @@
     </parent>
 
     <properties>
-        <spring.version>5.0.3.RELEASE</spring.version>
+        <spring.version>5.0.7.RELEASE</spring.version>
         <spring-security.version>5.0.1.RELEASE</spring-security.version>
         <jackson.version>2.9.5</jackson.version>
     </properties>