Skip to content

fix(deps): update spring security to v6.5.11#379

Open
renovate[bot] wants to merge 1 commit into
developfrom
renovate/spring-security
Open

fix(deps): update spring security to v6.5.11#379
renovate[bot] wants to merge 1 commit into
developfrom
renovate/spring-security

Conversation

@renovate

@renovate renovate Bot commented Feb 17, 2024
edited
Loading

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
org.springframework.security:spring-security-test (source) 6.2.16.5.11 age confidence

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-test)

v6.5.11

Compare Source

🪲 Bug Fixes

  • FormPostRedirectStrategy should not emit percent-encoded values into hidden form inputs #​19136

🔨 Dependency Upgrades

  • Bump antora from 3.2.0-alpha.11 to 3.2.0-alpha.12 in /docs #​19185
  • Bump ch.qos.logback:logback-classic from 1.5.32 to 1.5.34 #​19299
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.6 to 2.18.7 #​19129
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.7 to 2.18.8 #​19297
  • Bump gradle-wrapper from 8.14.4 to 8.14.5 #​19159
  • Bump org-bouncycastle from 1.80 to 1.80.2 #​19204
  • Bump org.apache.maven:maven-resolver-provider from 3.9.15 to 3.9.16 #​19205
  • Bump org.hibernate.orm:hibernate-core from 6.6.49.Final to 6.6.50.Final #​19150
  • Bump org.hibernate.orm:hibernate-core from 6.6.50.Final to 6.6.51.Final #​19213
  • Bump org.hibernate.orm:hibernate-core from 6.6.51.Final to 6.6.53.Final #​19300
  • Bump org.slf4j:slf4j-api from 2.0.17 to 2.0.18 #​19173
  • Bump org.springframework:spring-framework-bom from 6.2.18 to 6.2.19 #​19293
  • Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #​19124
  • Bump spring-io/spring-release-actions from 0.0.4 to 0.0.5 #​19183
  • Update micrometer-bom to 1.15.12 #​19302
  • Update to Micrometer 1.15.11 #​19224
  • Update to reactor-bom 2024.0.18 #​19301

🔩 Build Updates

v6.5.10

Compare Source

⭐ New Features

  • Add CredentialRecordOwnerAuthorizationManager #​19004
  • Add XML Based shouldWriteHeadersEagerly tests #​19017
  • Clarify Session Management Persistence Documentation #​18345
  • Update FilterChainProxy#getFilters(String) javadoc #​18258

🪲 Bug Fixes

  • Add equals and hashcode to HttpMethodRequestMatcher #​18914
  • auth_time validation fails when SSO session is renewed #​18839
  • Fallback defaultTargetUrl if refererHeader is empty #​18806
  • Fix HttpSessionRequestCache#getMatchingRequest query string parsing #​16914
  • Fix documentation for Custom Authorization Manager #​18362
  • Improve serialVersionUID check in tests #​18474
  • Merge Handle null value in OnCommittedResponseWrapper header methods #​18989
  • OAuth2 client sessionManagement ineffective with DefaultOidcUser #​18622

🔨 Dependency Upgrades

  • Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #​19055
  • Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #​18956
  • Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #​19031
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #​18952
  • Bump actions/upload-artifact from 7.0.0 to 7.0.1 #​19094
  • Bump io.projectreactor:reactor-bom from 2024.0.16 to 2024.0.17 #​19078
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.14 to 1.0.15 #​18916
  • Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #​19108
  • Bump org.hibernate.orm:hibernate-core from 6.6.44.Final to 6.6.45.Final #​18966
  • Bump org.hibernate.orm:hibernate-core from 6.6.45.Final to 6.6.47.Final #​19046
  • Bump org.hibernate.orm:hibernate-core from 6.6.47.Final to 6.6.48.Final #​19064
  • Bump org.hibernate.orm:hibernate-core from 6.6.48.Final to 6.6.49.Final #​19110
  • Bump org.springframework:spring-framework-bom from 6.2.17 to 6.2.18 #​19109
  • Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #​19093
  • Bump spring-io/spring-security-release-tools from 1.0.14 to 1.0.15 #​18954
  • Bump spring-io/spring-security-release-tools/.github/workflows/build.yml from 1.0.14 to 1.0.15 #​18955
  • Bump spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml from 1.0.14 to 1.0.15 #​18949
  • Bump spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml from 1.0.14 to 1.0.15 #​18950
  • Bump spring-io/spring-security-release-tools/.github/workflows/perform-release.yml from 1.0.14 to 1.0.15 #​18995
  • Bump spring-io/spring-security-release-tools/.github/workflows/test.yml from 1.0.14 to 1.0.15 #​18951
  • Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #​18994
  • Update to spring-security-release-tools 1.0.15 #​18910

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kehrlann, @​as1605, @​johnycho, @​ngocnhan-tran1996, @​rwinch, and @​sankranty

v6.5.9

Compare Source

⭐ New Features

🪲 Bug Fixes

  • Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #​18544
  • saveAuthenticationRequest should read relayState from authenticationRequest #​18872
  • Add Missing OnCommitedResponseWrapper Header Overrides #​18798
  • Clarify Resource Server startup expectations #​18518
  • Correct Reference to Clear-Site-Data Directive enum #​18273
  • Fix CookieRequestCache parameters #​18857
  • Fix Flaky Crypto Tests #​18841
  • Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs #​18896

🔨 Dependency Upgrades

  • Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs #​18854
  • Bump actions/upload-artifact from 6.0.0 to 7.0.0 #​18809
  • Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 #​18749
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 #​18779
  • Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 #​18876
  • Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 #​18750
  • Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 #​18791
  • Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 #​18860
  • Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 #​18886
  • Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final #​18780
  • Bump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final #​18829
  • Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 #​18903

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Hann244, @​Khyojae, @​ghusta, @​itsmevichu, @​qihaiyan, @​rwinch, @​therepanic, and @​ziqin

v6.5.8

Compare Source

⭐ New Features

  • Add @FunctionalInterface to RequestMatcher #​18337
  • Spring Security 7 should provide migration path from request-matcher="ant" #​18211
  • Stop deploying JavaDoc outside of Antora #​18199

🪲 Bug Fixes

  • Add Missing Migration Pages to Navigation #​18313
  • Create SHA-1 MessageDigest for every new check request in Compromised Password Checker #​18235
  • Fix typo in "Preparing for 7.0" in reference to PathPatternRequestMatcher #​18336
  • Fix typo in AnnotationTemplateExpressionDefaults documentation #​18176
  • Fix typos in documentation depenendencies->dependencies #​18208

🔨 Dependency Upgrades

  • Bump @antora/atlas-extension from 1.0.0-alpha.2 to 1.0.0-alpha.5 in /docs #​18675
  • Bump @antora/collector-extension from 1.0.1 to 1.0.2 in /docs #​18677
  • Bump @springio/antora-extensions from 1.14.4 to 1.14.7 in /docs #​18676
  • Bump antora from 3.2.0-alpha.8 to 3.2.0-alpha.11 in /docs #​18679
  • Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 #​18192
  • Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 #​18321
  • Bump ch.qos.logback:logback-classic from 1.5.22 to 1.5.24 #​18387
  • Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25 #​18525
  • Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 #​18591
  • Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 #​18631
  • Bump ch.qos.logback:logback-classic from 1.5.27 to 1.5.28 #​18678
  • Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 #​18710
  • Bump gradle-wrapper from 8.14 to 8.14.4 #​18704
  • Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 #​18703
  • Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 #​18279
  • Bump io.mockk:mockk from 1.14.6 to 1.14.7 #​18275
  • Bump io.projectreactor:reactor-bom from 2024.0.12 to 2024.0.13 #​18293
  • Bump io.projectreactor:reactor-bom from 2024.0.13 to 2024.0.14 #​18495
  • Bump io.projectreactor:reactor-bom from 2024.0.14 to 2024.0.15 #​18716
  • Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 #​18535
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.13 to 1.0.14 #​18724
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 #​18670
  • Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 #​18292
  • Bump org-aspectj from 1.9.25 to 1.9.25.1 #​18329
  • Bump org.apache.maven:maven-resolver-provider from 3.9.11 to 3.9.12 #​18352
  • Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 #​18590
  • Bump org.hibernate.orm:hibernate-core from 6.6.34.Final to 6.6.36.Final #​18193
  • Bump org.hibernate.orm:hibernate-core from 6.6.36.Final to 6.6.38.Final #​18241
  • Bump org.hibernate.orm:hibernate-core from 6.6.38.Final to 6.6.39.Final #​18308
  • Bump org.hibernate.orm:hibernate-core from 6.6.39.Final to 6.6.40.Final #​18351
  • Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final #​18524
  • Bump org.hibernate.orm:hibernate-core from 6.6.41.Final to 6.6.42.Final #​18632
  • Bump org.springframework.data:spring-data-bom from 2024.1.12 to 2024.1.13 #​18320
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.15 to 3.2.16 #​18322
  • Bump org.springframework:spring-framework-bom from 6.2.13 to 6.2.14 #​18206
  • Bump org.springframework:spring-framework-bom from 6.2.14 to 6.2.15 #​18323
  • Bump org.springframework:spring-framework-bom from 6.2.15 to 6.2.16 #​18731
  • Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22 #​18649
  • Update Antora UI Spring to v0.4.25 #​18402

🔩 Build Updates

  • Remove unnecessary Gradle wrapper from buildSrc #​18692

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​garvit-joshi, @​ghusta, @​kucoll, and @​rwinch

v6.5.7

Compare Source

⭐ New Features

  • Add Include-Code for the Password Storage page #​18054
  • Default WebAuthnConfigurer#rpName to rpId #​18131
  • Document effects of disabling CORS #​18129

🪲 Bug Fixes

  • typ values should not be case-sensitive in JwtTypeValidator #​18101
  • BCryptPasswordEncoderTests should password limit of 72 bytes #​18136
  • Fix GenerateOneTimeTokenRequestResolver ignored if username param not present #​18074
  • GenerateOneTimeTokenFilter should not attempt to generate a token with a null token request #​18088

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #​18110
  • Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #​18149
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #​18141
  • Bump org-aspectj from 1.9.24 to 1.9.25 #​18142
  • Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #​18111
  • Update to Reactor 2024.0.12 #​18181
  • Update to Spring Data 2024.1.12 #​18182
  • Update to Spring Framework 6.2.13 #​18180

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​himanshu-pareek, @​marcusdacoregio, and @​namest504

v6.5.6

Compare Source

🔨 Dependency Upgrades

  • Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 #​18082
  • Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17930
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17929
  • Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 #​18045
  • Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 #​17950
  • Bump org.gretty:gretty from 4.1.7 to 4.1.10 #​17945
  • Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final #​18039
  • Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 #​18083
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 #​18067
  • Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #​18068

v6.5.5

Compare Source

🔨 Dependency Upgrades

  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17922
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17911
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17923
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17910
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17924
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17913
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17925
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17912
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17926
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17914

v6.5.4

Compare Source

⭐ New Features

  • Update servlet test method docs to use include-code #​17749

🪲 Bug Fixes

  • Annonation Scanning Should Fallback to Object when Parameter Matching #​17899
  • Fix double-slash when basePath is root #​17841
  • Fix traceId discrepancy in case error in servlet web #​17796
  • Reference should advise avoiding post-authorization on writes #​17798

🔨 Dependency Upgrades

  • Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17893
  • Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17874
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17895
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17854
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17836
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17894
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17858
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17767
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17766
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17759
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #​17853
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #​17837
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17896
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17897
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17855
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17791
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17771
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17758
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #​17773

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​jkuhel and @​therepanic

v6.5.3

Compare Source

⭐ New Features

  • Add META-INF/LICENSE.txt to published jars #​17639
  • Update Angular documentation links in csrf.adoc #​17653
  • Update Shibboleth Repository URL #​17637
  • Use 2004-present Copyright #​17634

🪲 Bug Fixes

  • Add Missing Navigation in Preparing for 7.0 Guide #​17731
  • DPoP authentication throws JwtDecoderFactory ClassNotFoundException #​17249
  • OpenSamlAssertingPartyDetails Should Be Serializable #​17727
  • Use final values in equals and hashCode #​17621

🔨 Dependency Upgrades

  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17739
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17690
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17684
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17661
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #​17615
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #​17599
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17737
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17701
  • Bump io.mockk:mockk from 1.14.4 to 1.14.5 #​17614
  • Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #​17647
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #​17733
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #​17711
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #​17612
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #​17598
  • Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #​17742
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17613
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17595
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17760
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17692
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17683
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17671
  • Bump org.gretty:gretty from 4.1.6 to 4.1.7 #​17616
  • Bump org.gretty:gretty from 4.1.6 to 4.1.7 #​17597
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final #​17646
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final #​17660
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #​17694
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #​17685
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2 #​17650
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #​17645
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #​17757
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #​17651
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #​17596
  • Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #​17735

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​codingtim

v6.5.2

Compare Source

🪲 Bug Fixes

  • <websocket-message-broker> should pick up a bean named csrfChannelInterceptor #​17495
  • Add 7.0 Migration Steps for Messaging PathPattern Usage #​17509
  • EnableReactiveMethodSecurity should not import Servlet configuration #​17545
  • Fix equals and hashCode in PathPatternRequestMatcher to include HTTP method #​17337
  • Fix securityContextRepository() initialization in oauth2Login() DSL #​17557
  • OAuth2Login DSL should support post-processing AuthenticationProvider implementations #​17176
  • Websocket XML config should pick up PathPatternMessageMatcher.Builder #​17508

🔨 Dependency Upgrades

  • Bump com.webauthn4j:webauthn4j-core from 0.29.3.RELEASE to 0.29.4.RELEASE #​17444
  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 [#​17470](#​17470
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 [#​17570](#​17570
  • Bump io.mockk:mockk from 1.14.2 to 1.14.4 #​17467
  • Bump io.mockk:mockk from 1.14.4 to 1.14.5 #​17572
  • Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #​17469
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17555
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.20.Final #​17491
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final #​17571
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #​17466
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #​17569
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #​17468
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #​17481
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #​17568

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​fkowal and @​therepanic

v6.5.1

Compare Source

⭐ New Features

  • Create demonstration of include-code usage #​17161
  • Setup include-code extension for docs #​17160

🪲 Bug Fixes

  • ClearSiteDataHeaderWriter log is misleading #​17166
  • Fix to allow multiple AuthenticationFilter instances to process each request #​17216
  • Inconsistent constructor declaration on bean with name '_reactiveMethodSecurityConfiguration' #​17210
  • OAuth2ResourceServer using authenticationManagerResolver results in tokenAuthenticationManager cannot be null while startup #​17172
  • Publishing a default TargetVisitor should not override Spring MVC support #​17189
  • Use HttpStatus in back-channel logout filters #​17157

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #​17233
  • Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE #​17192
  • Bump io-spring-javaformat from 0.0.43 to 0.0.45 #​17152
  • Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #​17220
  • Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #​17232
  • Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #​17204
  • Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #​17214
  • Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #​17184
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #​17256
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #​17257
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #​17239
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #​17238

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​evgeniycheban

v6.5.0

Compare Source

⭐ New Features

  • Add documentation for DPoP support #​17072
  • Add logging to CsrfTokenRequestHandler implementations #​16994
  • Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter #​16806
  • Bump Gradle Wrapper from 8.13 to 8.14 #​17018
  • ClientRegistrations.fromIssuerLocation does not include failure information #​17015
  • Fix Typo In SubjectDnX509PrincipalExtractorTests #​16997
  • Implement internal cache in JtiClaimValidator #​17107
  • Polish javadoc #​16924
  • Remove unused classes #​16935
  • Replace NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in Documentation #​16962
  • RequestHeaderAuthenticationFilter creates a session even if not configured to do so #​17147

🪲 Bug Fixes

  • Add FunctionalInterface To X509PrincipalExtractor #​16952
  • Change NonNull import from reactor to spring #​16571
  • Fix DPoP jkt claim to be JWK SHA-256 thumbprint #​17080
  • Minor error in the Handling Logouts documentation #​17049
  • SecurityAnnotationScanner's method comparison should use .equals #​17145
  • Use proper configuration key in Opaque Token documentation #​17014

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #​17069
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 #​16995
  • Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 #​16990
  • Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to 0.29.1.RELEASE #​17024
  • Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to 0.29.2.RELEASE #​17095
  • Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #​17096
  • Bump io.mockk:mockk from 1.14.0 to 1.14.2 #​17019
  • Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #​17111
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #​17040
  • Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #​17088
  • Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #​16761
  • Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #​17089
  • Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #​17105
  • Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 #​17037
  • Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #​16981
  • Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 #​17137
  • Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #​17124

🔩 Build Updates

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dkowis, @​franticticktick, @​hammadirshad, @​jearton, @​ngocnhan-tran1996, @​quaff, and @​yybmion

v6.4.13

Compare Source

⭐ New Features

  • Default WebAuthnConfigurer#rpName to rpId #​18115
  • Document effects of disabling CORS #​18117

🪲 Bug Fixes

  • BCryptPasswordEncoderTests should password limit of 72 bytes #​18133

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #​18108
  • Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #​18148
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #​18140
  • Bump org-aspectj from 1.9.24 to 1.9.25 #​18139
  • Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #​18109
  • Update Spring Data 2024.1.12 #​18179
  • Update to Reactor 2024.0.12 #​18178
  • Update to Spring Framework 6.2.13 #​18177

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kehrlann

v6.4.12

Compare Source

🔨 Dependency Upgrades

  • Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 #​18080
  • Bump com.webauthn4j:webauthn4j-core from 0.29.6.RELEASE to 0.29.7.RELEASE #​17985
  • Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 #​18044
  • Bump io.mockk:mockk from 1.14.5 to 1.14.6 #​17984
  • Bump org.gretty:gretty from 4.1.7 to 4.1.10 #​17944
  • Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final #​18038
  • Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 #​18081
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 #​18065
  • Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #​18066

v6.4.11

Compare Source

🔨 Dependency Upgrades

Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/spring-security branch from b8224fa to afb3a2f Compare March 18, 2024 17:53
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.2.2 fix(deps): update dependency org.springframework.security:spring-security-test to v6.2.3 Mar 18, 2024
@renovate renovate Bot force-pushed the renovate/spring-security branch from afb3a2f to f94ff4d Compare April 15, 2024 20:39
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.2.3 fix(deps): update dependency org.springframework.security:spring-security-test to v6.2.4 Apr 15, 2024
@renovate renovate Bot force-pushed the renovate/spring-security branch from f94ff4d to 1202916 Compare May 20, 2024 22:36
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.2.4 fix(deps): update dependency org.springframework.security:spring-security-test to v6.3.0 May 20, 2024
@renovate renovate Bot force-pushed the renovate/spring-security branch from 1202916 to 630188b Compare June 17, 2024 20:05
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.3.0 fix(deps): update dependency org.springframework.security:spring-security-test to v6.3.1 Jun 17, 2024
@renovate renovate Bot force-pushed the renovate/spring-security branch from 630188b to 48ec4e0 Compare August 19, 2024 21:42
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.3.1 fix(deps): update dependency org.springframework.security:spring-security-test to v6.3.2 Aug 19, 2024
@renovate renovate Bot force-pushed the renovate/spring-security branch from 48ec4e0 to a2dec56 Compare August 21, 2024 17:56
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.3.2 fix(deps): update dependency org.springframework.security:spring-security-test to v6.3.3 Aug 21, 2024
@renovate renovate Bot force-pushed the renovate/spring-security branch from a2dec56 to 60d9d5c Compare October 21, 2024 19:03
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.3.3 fix(deps): update dependency org.springframework.security:spring-security-test to v6.3.4 Oct 21, 2024
@renovate renovate Bot force-pushed the renovate/spring-security branch from 60d9d5c to ff11eca Compare November 19, 2024 17:48
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.3.4 fix(deps): update dependency org.springframework.security:spring-security-test to v6.4.0 Nov 19, 2024
@renovate renovate Bot force-pushed the renovate/spring-security branch from ff11eca to d740433 Compare November 21, 2024 17:45
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.4.0 fix(deps): update dependency org.springframework.security:spring-security-test to v6.4.1 Nov 21, 2024
@renovate renovate Bot force-pushed the renovate/spring-security branch from d740433 to 88681e8 Compare December 16, 2024 19:21
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.4.1 fix(deps): update dependency org.springframework.security:spring-security-test to v6.4.2 Dec 16, 2024
@renovate renovate Bot force-pushed the renovate/spring-security branch from 88681e8 to 617d867 Compare February 18, 2025 18:32
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.4.2 fix(deps): update dependency org.springframework.security:spring-security-test to v6.4.3 Feb 18, 2025
@renovate renovate Bot force-pushed the renovate/spring-security branch from 617d867 to 71d2094 Compare March 17, 2025 22:23
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.4.3 fix(deps): update dependency org.springframework.security:spring-security-test to v6.4.4 Mar 17, 2025
@renovate renovate Bot force-pushed the renovate/spring-security branch from 71d2094 to f73ee64 Compare April 21, 2025 17:54
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.4.4 fix(deps): update dependency org.springframework.security:spring-security-test to v6.4.5 Apr 21, 2025
@renovate renovate Bot force-pushed the renovate/spring-security branch from f73ee64 to 0ccf3b9 Compare May 19, 2025 17:31
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.4.5 fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.0 May 19, 2025
@renovate renovate Bot force-pushed the renovate/spring-security branch from 0ccf3b9 to 0b6bcde Compare June 16, 2025 19:49
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.0 fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.1 Jun 16, 2025
@renovate renovate Bot force-pushed the renovate/spring-security branch from 0b6bcde to def340e Compare July 21, 2025 20:02
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.1 fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.2 Jul 21, 2025
@renovate renovate Bot force-pushed the renovate/spring-security branch from def340e to ef95d73 Compare August 18, 2025 21:31
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.2 fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.3 Aug 18, 2025
@renovate renovate Bot force-pushed the renovate/spring-security branch from ef95d73 to a948272 Compare September 15, 2025 19:46
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.3 fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.4 Sep 15, 2025
@renovate renovate Bot force-pushed the renovate/spring-security branch from a948272 to 47c4998 Compare September 17, 2025 15:29
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.4 fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.5 Sep 17, 2025
@renovate renovate Bot force-pushed the renovate/spring-security branch from 47c4998 to 0b53e55 Compare October 20, 2025 21:11
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.5 fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.6 Oct 20, 2025
@renovate renovate Bot force-pushed the renovate/spring-security branch from 0b53e55 to 6c6c41e Compare November 18, 2025 03:57
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.6 fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.7 Nov 18, 2025
@renovate renovate Bot force-pushed the renovate/spring-security branch from 6c6c41e to cf054e3 Compare February 13, 2026 22:13
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.7 fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.8 Feb 13, 2026
@renovate renovate Bot force-pushed the renovate/spring-security branch from cf054e3 to ce99db4 Compare March 16, 2026 21:47
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.8 fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.9 Mar 16, 2026
@renovate renovate Bot force-pushed the renovate/spring-security branch from ce99db4 to 34c3ff6 Compare April 20, 2026 20:04
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.9 fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.10 Apr 20, 2026
@renovate renovate Bot changed the title fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.10 fix(deps): update spring security to v6.5.10 Jun 2, 2026
@renovate renovate Bot force-pushed the renovate/spring-security branch from 34c3ff6 to 2fb2390 Compare June 9, 2026 20:51
@renovate renovate Bot changed the title fix(deps): update spring security to v6.5.10 fix(deps): update spring security to v6.5.11 Jun 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants