Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency org.springframework.security:spring-security-core to v5.8.16 #886

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 22, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.springframework.security:spring-security-core (source) 5.7.11 -> 5.8.16 age adoption passing confidence

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-core)

v5.8.16

Compare Source

⭐ New Features
  • Support ServerExchangeRejectedHandler @Bean #​15976
🪲 Bug Fixes
  • Catch base64 decode exception #​15914
  • Support ServerWebExchangeFirewall @Bean #​15977
🔨 Dependency Upgrades
  • Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #​16030
  • Bump org.springframework.ldap:spring-ldap-core from 2.4.2 to 2.4.4 #​16094
🔩 Build Updates
  • Bump @antora/collector-extension from 1.0.0-beta.4 to 1.0.0-beta.5 in /docs #​16114
  • Update Antora UI Spring to v0.4.17 #​15933
❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.15

Compare Source

⭐ New Features

  • Address unnecessary method invocation in AbstractRequestMatcherRegistry #​15718
  • The SecuredAuthorizationManager can now find @Secured annotations on … #​15014

🪲 Bug Fixes

  • Disabling credentials erasure on custom AuthenticationManager is not working #​15683
  • Methods annotated with @PostFilter are processed twice by PostFilterAuthorizationMethodInterceptor #​15624
  • SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #​15749
  • The additionalParameters array parameter of OAuth2AuthorizationRequest causes the authorizationRequestUri to be incorrect #​15533

🔨 Dependency Upgrades

  • Bump io.projectreactor.tools:blockhound from 1.0.9.RELEASE to 1.0.10.RELEASE #​15928
  • Bump org-eclipse-jetty from 9.4.55.v20240627 to 9.4.56.v20240826 #​15730
  • Bump org.springframework.ldap:spring-ldap-core from 2.4.1 to 2.4.2 #​15941

🔩 Build Updates

  • Bump @antora/collector-extension from 1.0.0-beta.2 to 1.0.0-beta.3 in /docs #​15908
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.13 to 1.0.0-alpha.14 in /docs #​15837
  • Migrate slack notifications to GChat #​15503
  • Release 5.8.15 #​15963

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.14

Compare Source

⭐ New Features

  • Document the role of CredentialsContainer #​15319

🪲 Bug Fixes

  • Clarify url Parameter Usage in AD Provider Constructor #​15409
  • Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' #​15363

🔨 Dependency Upgrades

  • Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 #​15375
  • Bump io.projectreactor.netty:reactor-netty from 1.0.46 to 1.0.47 #​15391
  • Bump io.projectreactor.netty:reactor-netty from 1.0.47 to 1.0.48 #​15606
  • Bump io.projectreactor:reactor-bom from 2020.0.45 to 2020.0.46 #​15390
  • Bump io.projectreactor:reactor-bom from 2020.0.46 to 2020.0.47 #​15604
  • Bump org-eclipse-jetty from 9.4.54.v20240208 to 9.4.55.v20240627 #​15360
  • Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.2 #​15291
  • Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 #​15335
  • Bump org.springframework:spring-framework-bom from 5.3.37 to 5.3.39 #​15615

🔩 Build Updates

  • Automate check of expected branch version #​15226
  • Bump @antora/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs #​15447
  • Bump @antora/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs #​15484
  • Bump @antora/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs #​15558
  • Bump @antora/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs #​15633
  • Bump @springio/antora-extensions from 1.11.1 to 1.12.0 in /docs #​15417
  • Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs #​15523
  • Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs #​15559
  • Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs #​15632
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs #​15416
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs #​15524
  • Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs #​15330
  • Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs #​15481
  • Bump com.gradle.develocity from 3.17.5 to 3.17.6 #​15463

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.13

Compare Source

⭐ New Features

  • doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #​14779
  • Enhance Logging in RequestMatcherDelegatingAuthorizationManage #​14837
  • Improve PasswordEncoder Error Messaging #​14951
  • InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #​14880
  • Mention all required dependencies in LDAP documentation #​15235
  • Remove useBase64 parameter #​14862

🪲 Bug Fixes

  • AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #​13849
  • Always Use Request-Level ServletContext to Evaluate Request Matcher Paths #​15195
  • Assert WebSession is not null #​14977
  • Conditionally Add Conventions Plugin #​15152
  • DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext #​14418
  • Fix Java example in multitenanci.adoc #​15146
  • LDIF file on official documentation breaks the startup process #​15089
  • Link to article with remember-me-persistent-token strategy is broken #​14358
  • ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #​14931
  • Resolving invalid CSRF token values is not consistent #​15184
  • Restore Build Scan Capability #​15120
  • Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #​14855

🔨 Dependency Upgrades

  • Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 #​15074
  • Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 #​15231
  • Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE #​14923
  • Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 #​15073
  • Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 #​15230
  • Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #​15191
  • Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 #​15085
  • Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 #​15135
  • Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 #​15253
  • Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 #​14938

🔩 Build Updates

  • Attach Antora Docs to Pull Requests #​14992
  • Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #​15160
  • Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #​15140
  • Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #​15001
  • Bump com.gradle.develocity from 3.17.2 to 3.17.4 #​15099
  • Bump com.gradle.develocity from 3.17.4 to 3.17.5 #​15240
  • Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #​14959
  • Consider Adding a Build Updates section to the release changelog #​14485
  • Migrate to com.gradle.develocity plugin #​15021
  • Update Gradle Enterprise plugin to 3.17.2 #​15020

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.12

Compare Source

🪲 Bug Fixes

  • Conditional check for data-source-ref is incorrect #​14742

🔨 Dependency Upgrades

  • Bump io.projectreactor.netty:reactor-netty from 1.0.43 to 1.0.44 #​14878
  • Bump io.projectreactor:reactor-bom from 2020.0.42 to 2020.0.43 #​14877
  • Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 #​14822
  • Bump org.springframework:spring-framework-bom from 5.3.33 to 5.3.34 #​14891

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.11

Compare Source

🪲 Bug Fixes

  • Allow tab in HTTP header values. #​14590
  • Check for null Authentication #​14664
  • PostAuthorize Method Interceptors Should Use Order from AuthorizationInterceptorsOrder #​14720
  • Remove duplicate setSecurityContextHolderStrategy #​14603
  • Spring security's ServerLogoutHandler order problem. #​14379

🔨 Dependency Upgrades

  • Bump io.projectreactor.netty:reactor-netty from 1.0.41 to 1.0.43 #​14730
  • Bump io.projectreactor:reactor-bom from 2020.0.41 to 2020.0.42 #​14729
  • Bump org.springframework:spring-framework-bom from 5.3.32 to 5.3.33 #​14759

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.10

Compare Source

⭐ New Features

  • Updated broken documentation link in javadocs #​14329

🪲 Bug Fixes

  • Fix security filter sort in javadoc #​14552
  • ReactiveMethodSecurityConfiguration is initialized prematurely when the context contains a BeanPostProcessor #​11596
  • Saml2 LogoutFilter Should Come Before Common LogoutFilter #​14549

🔨 Dependency Upgrades

  • Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 #​14584
  • Bump gradle/gradle-build-action from 2 to 3 #​14505
  • Bump io-spring-javaformat from 0.0.40 to 0.0.41 #​14438
  • Bump io.projectreactor.netty:reactor-netty from 1.0.40 to 1.0.41 #​14432
  • Bump io.projectreactor:reactor-bom from 2020.0.39 to 2020.0.40 #​14431
  • Bump io.projectreactor:reactor-bom from 2020.0.40 to 2020.0.41 #​14614
  • Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 #​14464
  • Bump org-aspectj from 1.9.20.1 to 1.9.21.1 #​14607
  • Bump org-eclipse-jetty from 9.4.53.v20231009 to 9.4.54.v20240208 #​14608
  • Bump org.springframework:spring-framework-bom from 5.3.31 to 5.3.32 #​14622
  • Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 #​14506
  • Bump spring-io/spring-github-workflows from eaf17a1 to 1e8b058 #​14585

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.9

Compare Source

⭐ New Features

  • Document that Shibboleth Repository is Required for SAML Support #​14286
  • OAuth2 Resource Server is exposing server information. #​13730
  • Resolve RequestMatcher at request-time #​14078
  • Update Java Config Spring MVC documentation #​14220

🪲 Bug Fixes

  • AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #​13625
  • Authentication not propagated correctly after migrating to SB3 #​12877
  • Authorization does not show up on Features section #​14099
  • Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #​13718
  • Fix caching error state in ReactiveRemoteJWKSource #​13976
  • fix wrong document about "jws-algorithms" #​14252
  • Improve error message when ServletRegistration API is unavailable #​14221
  • References to WebFlux docs do not link to them #​14100
  • relay_state should not be included in signing calculation when it is null #​13913
  • Security configuration is failed to be initialized in a Servlet 6.0 container #​13794
  • Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #​13644
  • X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #​11948
  • XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #​12483

🔨 Dependency Upgrades

  • Bump actions/checkout from 3 to 4 #​14313
  • Bump actions/setup-java from 3 to 4 #​14307
  • Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 #​14240
  • Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #​14301
  • Bump io-spring-javaformat from 0.0.39 to 0.0.40 #​14153
  • Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 #​14143
  • Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 #​14290
  • Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 #​14142
  • Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 #​14291
  • Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 #​14170
  • Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 #​14154
  • Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #​14303
  • Bump spring-io/spring-gradle-build-action from 1 to 2 #​14308

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.8

Compare Source

⭐ New Features

  • Document how to publish an AuthenticationManager @Bean without WebSecurityConfigurerAdapter #​11926
  • Use Gradle's Version Catalog #​13868

🪲 Bug Fixes

  • Fix snapshot_tests on CI workflow #​13876
  • fix corrupted saml2 metadata once special characters are present #​13777
  • Saml-Metadata with special characters is corrupted #​13776
  • Saml2LogoutRequestMixin relayState property should be binding #​12539

🔨 Dependency Upgrades

  • Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 #​13982
  • Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 #​13927
  • Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 #​13890
  • Bump com.gradle.enterprise from 3.11.1 to 3.11.4 #​13928
  • Bump io.projectreactor.netty:reactor-netty from 1.0.35 to 1.0.36 #​13885
  • Bump io.projectreactor.netty:reactor-netty from 1.0.36 to 1.0.38 #​13998
  • Bump io.projectreactor:reactor-bom from 2020.0.35 to 2020.0.36 #​13944
  • Bump io.projectreactor:reactor-bom from 2020.0.36 to 2020.0.37 #​13997
  • Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 #​13925
  • Bump org-aspectj from 1.9.20 to 1.9.20.1 #​13893
  • Bump org-eclipse-jetty from 9.4.51.v20230217 to 9.4.52.v20230823 #​13909
  • Bump org-eclipse-jetty from 9.4.52.v20230823 to 9.4.53.v20231009 #​13996
  • Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.17.2 #​13926
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 #​13954
  • Bump org.springframework.data:spring-data-bom from 2021.2.15 to 2021.2.16 #​13907
  • Bump org.springframework.data:spring-data-bom from 2021.2.16 to 2021.2.17 #​14018
  • Bump org.springframework:spring-framework-bom from 5.3.29 to 5.3.30 #​13908

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.7

Compare Source

⭐ New Features

🪲 Bug Fixes

  • CookieRequestCache ignores user Locale #​13792
  • Default Security Configuration adds WWW-Authenticate Twice #​13737
  • OAuth2AuthenticationExceptionMixin doesn't work in JDK 17 #​11893
  • Saml2AuthenticationExceptionMixin doesn't work in JDK 17 #​13804

v5.8.6

Compare Source

⭐ New Features

  • Closes #​11450 - Add Java beans configuration for Remmember Me Docs #​13570
  • Dependencies are resolved from appropriate repositories #​13582
  • requestMatchers servlet validation error should include information about servlet paths #​13667
  • requestMatchers should not count servlets without mappings #​13666

🪲 Bug Fixes

  • Fix Bearer Token RestTemplate Support example #​13434
  • Referrer Header is set in Reactive Web Applications by default, although doc says it is not. #​13561
  • The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered #​13572

🔨 Dependency Upgrades

  • Update io.projectreactor to 2020.0.35 #​13702
  • Update org.aspectj to 1.9.20 #​13704
  • Update org.springframework.data to 2021.2.15 #​13705
  • Update reactor-netty to 1.0.35 #​13703

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.5

Compare Source

⭐ New Features

  • Improve RequestMatcher Validation #​13551
  • Improve Security Filters Documentation #​8167

🪲 Bug Fixes

  • Optimize Querying of RequestCache -> continue parameter #​13438
  • Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration #​13417
  • Use default PathPatternParser instance #​13462

🔨 Dependency Upgrades

  • Update io.projectreactor to 2020.0.34 #​13513
  • Update org.springframework to 5.3.29 #​13515
  • Update org.springframework.data to 2021.2.14 #​13516
  • Update reactor-netty to 1.0.34 #​13514

v5.8.4

Compare Source

⭐ New Features

  • Convert to Asciidoctor Tabs #​13405
  • Mention that authorizeHttpRequests does not support GrantedAuthorityDefaults #​13227
  • mockOAuth2Login() does not work in collaboration with Spring Cloud Gateway and TokenRelayGatewayFilter #​13252
  • Use Antora name of security #​13329

🪲 Bug Fixes

  • Additional filters registered when using Custom DSL #​13280
  • AffirmativeBased vs. AuthorizationManagers.anyOf(...) documentation #​13069
  • AuthorizationAnnotationUtils.findUniqueAnnotation broken for synthetic methods #​13132
  • Clarify that Kotlin DSL needs an import #​13101
  • Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository #​13191
  • Fix Antora Warnings #​13292
  • Fix code snippets in Authorize HttpServletRequest #​11522
  • Fix constant value in XContentTypeOptionsServerHttpHeadersWriter #​13219
  • Fix Documentation Title #​13316
  • Fix legacy-websocket-configuration cross-reference #​12969
  • Fix typo in authorization.adoc #​13135
  • http://www.springframework.org/schema/security/spring-security.xsd returns 404 #​13207
  • Links between migration docs are out of date #​12675
  • Proxy Server section is not linked in nav #​13322
  • RememberMeAuthenticationFilter does not use SecurityContextRepository configured in HttpSecurity #​13104
  • SAML 2.0 HTTP Redirect Binding query params may appear in any order #​12963
  • SAML login fails in Internet Explorer 11 #​13106
  • Spring Security 6 combined with AspectJ weaving of spring-security-aspects executes PreAuthorize twice #​13160

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.3

Compare Source

⭐ New Features

  • Clarify documentation code snippet(s) (unclear where static imported methods come from) #​12991
  • Document 5.8 Migration for DefaultMethodSecurityExpressionHandler #​12356
  • Documentation should mention that an empty SecurityContext should also be saved #​12906
  • Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist #​12928
  • Fixed test in DefaultLoginPageGeneratingFilterTests #​12694

🪲 Bug Fixes

  • Bug in documentation of Storing the Authentication manually #​12850
  • DaoAuthenticationProvider is not usable on RHEL 8.7 with enforced FIPS mode #​12873
  • EntityId ignored in xml relying-party-registration #​12776
  • Fix .access(...) parameter #​12676
  • Fix a javadoc typo in ReactiveAuthorizationManager #​12999
  • Fix a javadoc typo in ReactiveAuthorizationManager #​12982
  • Fix ID of WebSocket Authorization section #​12872
  • HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support #​12314
  • JdkSerializationRedisSerializer is not able to serialize Saml2LogoutRequest because of a lambda encoder #​12472
  • Missing spring-security-oauth2 xsds after release #​12805
  • NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed #​13004
  • RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present #​13054
  • Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver #​12935
  • SecurityWebApplicationInitializer.getSecurityDispatcherTypes example is wrong in migration guide #​12939
  • SwitchUserFilter should use HttpSessionSecurityContextRepository by default #​12835

🔨 Dependency Upgrades

  • Update blockhound to 1.0.8.RELEASE #​13024
  • Update io.projectreactor to 2020.0.31 #​13022
  • Update io.spring.javaformat to 0.0.38 #​13025
  • Update logback-classic to 1.2.12 #​13021
  • Update org.eclipse.jetty to 9.4.51.v20230217 #​13026
  • Update org.springframework to 5.3.27 #​13027
  • Update org.springframework.data to 2021.2.10 #​13028
  • Update org.springframework.data to 2021.2.11 #​13029
  • Update reactor-netty to 1.0.31 #​13023

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.2

Compare Source

⭐ New Features

  • Add XorCsrfChannelInterceptor #​12562
  • Document @EnableWebFluxSecurity requiring @Configuration in 6.0.0 #​12434
  • fix unclosed block in docs #​12553
  • Improve documentation on what changed in the default behaviour in version 6 vs 5.7 #​12462
  • Spring Security 6.0 Migration Guide Should Mention @Configuration Meta-Annotation Removal From Configuration Annotations #​12486

🪲 Bug Fixes

  • AuthorizationManager method security documentation should use AnnotationMatchingPointcut #​12516
  • DefaultSavedRequest.doesRequestMatch does not work, when matchingRequestParameterName is set #​12665
  • Document XMLObject retreival for Asserting Party metadata #​12693
  • Jackson serialization of DefaultSaml2AuthenticatedPrincipal: LinkedMultiValueMap is not in the allowlist #​12458
  • NimbusJwtDecoder unknown KID scenario is not correctly tested #​12494
  • NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard #​12686
  • SwitchUserFilter not working in Spring Security 6 #​12510
  • Wrong name of the filter in the SecurityContextHolderFilter diagram #​12526

🔨 Dependency Upgrades

  • Update blockhound to 1.0.7.RELEASE #​12719
  • Update hibernate-entitymanager to 5.6.15.Final #​12722
  • Update io.projectreactor to 2020.0.28 #​12717
  • Update io.spring.nohttp to 0.0.11 #​12720
  • Update jackson-bom to 2.13.5 #​12714
  • Update jackson-databind to 2.13.5 #​12715
  • Update jackson-datatype-jsr310 to 2.13.5 #​12716
  • Update junit-bom to 5.9.2 #​12723
  • Update org.aspectj to 1.9.19 #​12721
  • Update org.junit.jupiter to 5.9.2 #​12724
  • Update org.springframework to 5.3.25 #​12725
  • Update org.springframework.data to 2021.2.8 #​12739
  • Update org.springframework.data to 2021.2.8 #​12726
  • Update reactor-netty to 1.0.28 #​12718

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.1

Compare Source

⭐ New Features

  • Add EnableWebSecurity migration steps to 5.8 guide #​12334
  • Replace deprecated set-state set-output GitHub Action's commands #​12298

🪲 Bug Fixes

  • codes in spring security docs fail to work #​11396
  • DefaultLdapAuthoritiesPopulator throws NullPointerException #​12408
  • Fix AuthorizationFilter diagram in docs #​12286
  • Fix password encoder migration guide #​12318
  • Fix typo #​12316
  • Incorrect Javadoc for class ExpressionAuthorizationDecision #​12411
  • Incorrect sample code in securityMatcher migration docs #​12296
  • SecurityContextHolderFilter does not apply to async dispatch #​11962

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.8.0

Compare Source

⭐ New Features

  • Add Kotlin example showing integration with WebTestClient #​11611
  • Add MethodExpressionAuthorizationManager #​11502
  • Add Polish localization to error messages from ExceptionTranslationFi… #​12201
  • Add support AuthorizationManager + #​11503
  • AnonymousAuthenticationFilter should cache its Supplier #​11900
  • CookieServerCsrfTokenRepository doesn't support setting MaxAge #​11441
  • DefaultFilterChainValidator should check AuthorizationFilter #​11473
  • Deprecate Resource Owner Password Credentials grant #​11591
  • Document Configure Default CsrfToken BREACH Protection #​12107
  • Document Defer load CsrfToken #​12105
  • Document DelegatingSecurityContextRepository #​12069
  • Document deprecations in oauth2-client #​12193
  • Document how to opt-in for SHA256 in RememberMe #​12097
  • Document how to use the new requestMatchers and securityMatchers #​12100
  • Document Migration to SecurityContextHolderFilter #​12098
  • Document new oauth2Login() authority defaults #​12188
  • Document reactive CSRF migration steps #​12226
  • Document Saved Requests Spring Security 6 Migration #​12089
  • Document Update to 5.8 for Migration Guide #​12196
  • Fix Javadoc in EnableWebSocketSecurity #​12211
  • Improve deprecation notice in WebSecurityConfigurerAdapter #​12261
  • InterceptMethodsBeanDefinitionDecorator should allow using AuthorizationManager #​11469
  • Migration guide for CAS support removal #​12240
  • Preparation and Migration Guides should point to each other [#​12093](http

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jul 22, 2024
@renovate renovate bot force-pushed the renovate/spring-security branch 6 times, most recently from 2245a42 to 6d095b4 Compare July 26, 2024 08:58
@renovate renovate bot enabled auto-merge (squash) August 19, 2024 23:07
@renovate renovate bot force-pushed the renovate/spring-security branch from 6d095b4 to 1daa7be Compare August 19, 2024 23:07
@renovate renovate bot changed the title Update dependency org.springframework.security:spring-security-core to v5.8.13 Update dependency org.springframework.security:spring-security-core to v5.8.14 Aug 19, 2024
@renovate renovate bot force-pushed the renovate/spring-security branch 2 times, most recently from d5cac16 to b24f33a Compare August 20, 2024 13:05
@renovate renovate bot force-pushed the renovate/spring-security branch 2 times, most recently from eef2c4f to 31982b0 Compare October 9, 2024 11:13
@renovate renovate bot force-pushed the renovate/spring-security branch 8 times, most recently from 978fe00 to 6403b6b Compare October 21, 2024 10:01
@renovate renovate bot force-pushed the renovate/spring-security branch 2 times, most recently from ffe7587 to 5cbb0b1 Compare October 21, 2024 19:57
@renovate renovate bot changed the title Update dependency org.springframework.security:spring-security-core to v5.8.14 Update dependency org.springframework.security:spring-security-core to v5.8.15 Oct 21, 2024
@renovate renovate bot force-pushed the renovate/spring-security branch from 5cbb0b1 to 413b732 Compare October 28, 2024 16:47
@renovate renovate bot force-pushed the renovate/spring-security branch from 413b732 to d33532b Compare November 19, 2024 07:12
@renovate renovate bot changed the title Update dependency org.springframework.security:spring-security-core to v5.8.15 Update dependency org.springframework.security:spring-security-core to v5.8.16 Nov 19, 2024
@renovate renovate bot force-pushed the renovate/spring-security branch from d33532b to ecbdd00 Compare November 29, 2024 15:54
@renovate renovate bot force-pushed the renovate/spring-security branch from ecbdd00 to d9f717a Compare December 11, 2024 07:32
@renovate renovate bot force-pushed the renovate/spring-security branch 17 times, most recently from 5e9d367 to 65a935d Compare December 17, 2024 13:51
@renovate renovate bot force-pushed the renovate/spring-security branch 3 times, most recently from fd0a43b to 3dff444 Compare December 20, 2024 10:58
@renovate renovate bot force-pushed the renovate/spring-security branch from 3dff444 to aeeadb8 Compare December 20, 2024 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants