Spring Security NullPointerException in StrictHttpFirewall spring-security-web version 5.4.5

Description When request.getParameter(null) is called with spring-security-web 5.4.5, a NullPointerException is thrown from StrictHttpFirewall.java.

java.lang.NullPointerException: null at java.util.regex.Matcher.getTextLength(Matcher.java:1283) at java.util.regex.Matcher.reset(Matcher.java:309) at java.util.regex.Matcher.<init>(Matcher.java:229) at java.util.regex.Pattern.matcher(Pattern.java:1093) at org.springframework.security.web.firewall.StrictHttpFirewall.lambda$static$1(StrictHttpFirewall.java:122) at org.springframework.security.web.firewall.StrictHttpFirewall$StrictFirewalledRequest.validateAllowedParameterName(StrictHttpFirewall.java:745) at org.springframework.security.web.firewall.StrictHttpFirewall$StrictFirewalledRequest.getParameter(StrictHttpFirewall.java:676) at javax.servlet.ServletRequestWrapper.getParameter(ServletRequestWrapper.java:161) at javax.servlet.ServletRequestWrapper.getParameter(ServletRequestWrapper.java:161)

To Reproduce Call request.getParameter(null)

Expected behavior In earlier version 5.3.8, request.getParameter(null) use to return null, rather than NPE.