When upgrading to spring webmvc from version 4.2.9 to version 4.3.9, we have detected an issue when adding cookies to the response entity from a controller.
In the HttpEntityMethodProcessor class, when handling the return value, if the ServletServerHttpResponse contains already the header that is added to the entityHeaders object, it won't be added to the outputHeaders.
This scenario happens when for example the JSESSIONID cookie is added to the response header before calling a controller and then when the controller tries to add an extra cookie it is ignored due to the described behaviour.
By comparing versions 4.2.x and 4.3.x:
I set the bug level to critical as is blocking us to upgrade from 4.2 to 4.3, but you can decide which level suits you better.