Spring Improve diagnostics in SpEL for large array creation

Backport of gh-28145

Comment From: Maarten-Damen

Hi @jhoeller,

Am I correctly assuming that this is the fix for CVE-2022-22950? And if so, would it be possible to update the documentation that the fix is also applied to 5.2.20? Since the CVE reports now only mention 5.3.17 as fix version for this CVE.

Some of the documentation mentions: - https://tanzu.vmware.com/security/cve-2022-22950 - https://spring.io/blog/2022/03/28/cve-report-published-for-spring-framework
- https://nvd.nist.gov/vuln/detail/CVE-2022-22950

Comment From: sbrannen

@Maarten-Damen, we have updated the published documentation.