Upgrade Spring to 4.1.9

Spring 4.1.9 fixes the Serialization Vulnerability (https://jira.spring.io/browse/SPR-13656). 

It would be great to update the project to use this version.

CVE: https://support.sonatype.com/hc/en-us/articles/213733638-Spring-core-unintended-code-execution-in-deserialization
