What I don't understand about this setup is why a double slash could ever be a directory traversal attack in Spring Boot.

If you're proxying to another server that just assumes relative paths and doesn't do any kind of validation, I guess an extra / might cause reading files outside of the expected area? That'd be an extremely weird and awful setup that I don't think makes any sense in the context of Spring Boot.