dependabot[bot]
f83edf423e
Bump actions/setup-java from 5.2.0 to 5.4.0
...
Bumps [actions/setup-java](https://github.com/actions/setup-java ) from 5.2.0 to 5.4.0.
- [Release notes](https://github.com/actions/setup-java/releases )
- [Commits](https://github.com/actions/setup-java/compare/be666c2fcd27ec809703dec50e508c2fdc7f6654...1bcf9fb12cf4aa7d266a90ae39939e61372fe520 )
---
updated-dependencies:
- dependency-name: actions/setup-java
dependency-version: 5.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-26 00:43:12 +00:00
github-actions[bot]
8f69721f24
Next development version
2026-06-09 16:02:59 +00:00
github-actions[bot]
73b077790f
Release 6.5.11
6.5.11
2026-06-09 15:25:02 +00:00
Joe Grandja
fd5dae5e4d
Sync branch '6.5.x'
2026-06-09 09:57:02 -04:00
dependabot[bot]
700a4533aa
Bump ch.qos.logback:logback-classic from 1.5.32 to 1.5.34
...
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback ) from 1.5.32 to 1.5.34.
- [Release notes](https://github.com/qos-ch/logback/releases )
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.32...v_1.5.34 )
---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
dependency-version: 1.5.34
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-09 08:27:37 -04:00
Joe Grandja
3a394c633f
Update micrometer-bom to 1.15.12
...
Closes gh-19302
2026-06-09 08:18:31 -04:00
Joe Grandja
79f9bec818
Update to reactor-bom 2024.0.18
...
Closes gh-19301
2026-06-09 08:18:30 -04:00
dependabot[bot]
5b019365b7
Bump org.hibernate.orm:hibernate-core from 6.6.51.Final to 6.6.53.Final
...
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm ) from 6.6.51.Final to 6.6.53.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases )
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.53/changelog.txt )
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.51...6.6.53 )
---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
dependency-version: 6.6.53.Final
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-09 07:37:50 -04:00
dependabot[bot]
f9b4afdfc5
Bump com.fasterxml.jackson:jackson-bom from 2.18.7 to 2.18.8
...
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom ) from 2.18.7 to 2.18.8.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.7...jackson-bom-2.18.8 )
---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
dependency-version: 2.18.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-09 07:36:02 -04:00
dependabot[bot]
f325ddbdaa
Bump org.springframework:spring-framework-bom from 6.2.18 to 6.2.19
...
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework ) from 6.2.18 to 6.2.19.
- [Release notes](https://github.com/spring-projects/spring-framework/releases )
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.18...v6.2.19 )
---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
dependency-version: 6.2.19
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-09 07:32:45 -04:00
dependabot[bot]
4adfdf66b9
Bump org.apache.maven:maven-resolver-provider from 3.9.15 to 3.9.16
...
Bumps org.apache.maven:maven-resolver-provider from 3.9.15 to 3.9.16.
---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
dependency-version: 3.9.16
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-09 05:50:28 -04:00
dependabot[bot]
e91b81a5aa
Bump org-bouncycastle from 1.80 to 1.80.2
...
Bumps `org-bouncycastle` from 1.80 to 1.80.2.
Updates `org.bouncycastle:bcpkix-jdk18on` from 1.80 to 1.80.2
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html )
- [Commits](https://github.com/bcgit/bc-java/commits )
Updates `org.bouncycastle:bcprov-jdk18on` from 1.80 to 1.80.2
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html )
- [Commits](https://github.com/bcgit/bc-java/commits )
---
updated-dependencies:
- dependency-name: org.bouncycastle:bcpkix-jdk18on
dependency-version: 1.80.2
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.bouncycastle:bcprov-jdk18on
dependency-version: 1.80.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-09 05:49:36 -04:00
dependabot[bot]
0949d3b3ea
Bump org.slf4j:slf4j-api from 2.0.17 to 2.0.18
...
Bumps org.slf4j:slf4j-api from 2.0.17 to 2.0.18.
---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
dependency-version: 2.0.18
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-09 05:33:00 -04:00
dependabot[bot]
d44efc899d
Bump org.hibernate.orm:hibernate-core from 6.6.50.Final to 6.6.51.Final
...
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm ) from 6.6.50.Final to 6.6.51.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases )
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.51/changelog.txt )
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.50...6.6.51 )
---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
dependency-version: 6.6.51.Final
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-09 05:29:40 -04:00
dependabot[bot]
c5870a746a
Bump @springio/antora-extensions from 1.14.11 to 1.14.12 in /docs
...
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions ) from 1.14.11 to 1.14.12.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc )
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.11...v1.14.12 )
---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
dependency-version: 1.14.12
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-09 05:28:18 -04:00
dependabot[bot]
5eb41b8a06
Bump actions/checkout from 6.0.2 to 6.0.3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-09 05:21:32 -04:00
Josh Cummings
e3ad551ab3
Backport SubjectX500PrincipalExtractor
...
This commit backports SubjectX500PrincipalExtractor so as to provide
folks moving from 6.x to 7.x a migration path from
SubjectDnX509PrincipalExtractor.
Issue gh-16980
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-06-01 14:30:33 -06:00
Josh Cummings
cf06871200
Rework Logout Validation Logic
...
This commit simplifies the code, favoring the construction
of a list of error codes over composing a set of consumers.
This will simplify future analysis by making the code more
readable.
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-05-29 14:45:44 -06:00
Josh Cummings
e50c2a6a74
Rework Login Validation Logic
...
This commit simplifies the validation code, favoring the
construction of a list of error codes over using an
accumulating Saml2ResponseValidationResult. This will
simplify future analysis by making the code more readable.
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-05-29 14:45:36 -06:00
Josh Cummings
356131b1ea
Use FormPostRedirectStrategy
...
Closes gh-16673
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-05-29 11:56:50 -06:00
Josh Cummings
a14c9d66b1
Favor Relative URIs in CookieRequestCache
...
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-05-28 06:54:59 -04:00
Josh Cummings
9d4d9065b4
Cap Deflate Size
...
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-05-28 06:39:29 -04:00
Josh Cummings
fe2e52f646
Add Micrometer Version Override
...
Closes gh-19187
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-05-26 15:18:01 -06:00
Josh Cummings
0ea87ca3bf
Upgrade Micrometer to 1.15.11
...
Closes gh-19224
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-05-26 15:17:57 -06:00
Josh Cummings
85514a9b34
Update NodeJS to 24.15
...
This commit declares a NodeJS value whereas previously,
Antora would use the latest LTS version. When it updated to
Node 24.16, site production stopped, possibly due to
https://github.com/nodejs/node/commit/e95570c054 .
Either way, it is helpful to have a pinned version in order
to stabilize builds, allowing us to update it in an orderly
fashion like other dependencies.
Issue gh-19206
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-05-22 22:27:00 -06:00
dependabot[bot]
86e0f1341e
Bump com.fasterxml.jackson:jackson-bom from 2.18.6 to 2.18.7
...
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom ) from 2.18.6 to 2.18.7.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.6...jackson-bom-2.18.7 )
---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
dependency-version: 2.18.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-05-21 12:38:00 -06:00
dependabot[bot]
cea6618265
Bump org.hibernate.orm:hibernate-core from 6.6.49.Final to 6.6.50.Final
...
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm ) from 6.6.49.Final to 6.6.50.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases )
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.50/changelog.txt )
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.49...6.6.50 )
---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
dependency-version: 6.6.50.Final
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-05-21 12:36:57 -06:00
dependabot[bot]
5bf8f641f1
Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6
...
Bumps [spring-io/spring-gradle-build-action](https://github.com/spring-io/spring-gradle-build-action ) from 2.0.5 to 2.0.6.
- [Release notes](https://github.com/spring-io/spring-gradle-build-action/releases )
- [Commits](https://github.com/spring-io/spring-gradle-build-action/compare/efc55f07f4dfa22f2afd97f9ea1be4212eeed737...c8668747d7c264864c8c7f7026d0d277d14a78dc )
---
updated-dependencies:
- dependency-name: spring-io/spring-gradle-build-action
dependency-version: 2.0.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-05-21 12:36:52 -06:00
dependabot[bot]
8b9f556d8f
Bump gradle-wrapper from 8.14.4 to 8.14.5
...
Bumps [gradle-wrapper](https://github.com/gradle/gradle ) from 8.14.4 to 8.14.5.
- [Release notes](https://github.com/gradle/gradle/releases )
- [Commits](https://github.com/gradle/gradle/compare/v8.14.4...v8.14.5 )
---
updated-dependencies:
- dependency-name: gradle-wrapper
dependency-version: 8.14.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-05-21 12:36:46 -06:00
dependabot[bot]
d9b8a8ec54
Bump spring-io/spring-release-actions from 0.0.4 to 0.0.5
...
Bumps [spring-io/spring-release-actions](https://github.com/spring-io/spring-release-actions ) from 0.0.4 to 0.0.5.
- [Release notes](https://github.com/spring-io/spring-release-actions/releases )
- [Commits](https://github.com/spring-io/spring-release-actions/compare/2420148725bebe44bd59a575a9b1961ca4459b0b...a1f321783a0769dd2aea4fad6c2ae2f95a52b885 )
---
updated-dependencies:
- dependency-name: spring-io/spring-release-actions
dependency-version: 0.0.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-05-21 12:36:42 -06:00
dependabot[bot]
4e04c266be
Bump antora from 3.2.0-alpha.11 to 3.2.0-alpha.12 in /docs
...
---
updated-dependencies:
- dependency-name: antora
dependency-version: 3.2.0-alpha.12
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-05-21 12:36:37 -06:00
Josh Cummings
9b14465243
Align Assertions in Builder with Deprecated Constructor
...
The deprecated (introspectionUri, clientId, clientSecret) constructors
that the builders replaced explicitly asserted non-null clientId and
clientSecret. Bring the builder's build() in line with that contract by
asserting at the API boundary rather than relying on downstream classes
to enforce it.
Closes gh-19201
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-05-21 10:36:10 -06:00
Josh Cummings
b075f0df02
Decode percent-encoded values
...
Closes gh-19136
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-04-29 08:57:16 -06:00
github-actions[bot]
6343002b32
Next development version
2026-04-20 18:55:26 +00:00
github-actions[bot]
0a9d4dc8fc
Release 6.5.10
6.5.10
2026-04-20 17:54:21 +00:00
Josh Cummings
3d4e20597a
Merge remote-tracking branch 'oss/6.5.x' into 6.5.x
2026-04-20 11:49:17 -06:00
dependabot[bot]
81bd52ae48
Bump org.hibernate.orm:hibernate-core from 6.6.48.Final to 6.6.49.Final
...
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm ) from 6.6.48.Final to 6.6.49.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases )
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.49/changelog.txt )
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.48...6.6.49 )
---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
dependency-version: 6.6.49.Final
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-20 11:27:51 -06:00
dependabot[bot]
25b6af2738
Bump org.springframework:spring-framework-bom from 6.2.17 to 6.2.18
...
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework ) from 6.2.17 to 6.2.18.
- [Release notes](https://github.com/spring-projects/spring-framework/releases )
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.17...v6.2.18 )
---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
dependency-version: 6.2.18
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-20 11:27:29 -06:00
dependabot[bot]
95987bffc1
Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
...
Bumps org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15.
---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
dependency-version: 3.9.15
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-20 11:27:07 -06:00
Josh Cummings
6e5f8f2a1d
Merge remote-tracking branch 'origin/6.5.x' into 6.5.x
2026-04-20 09:51:26 -06:00
Seol-JY
4187af38b2
Verify token deletion in JdbcOneTimeTokenService
2026-04-18 12:30:30 -04:00
Josh Cummings
5b638a54a4
Use SHA Hashes
...
This commit updates workflows that were using tags to instead
use SHA hashes to reference actions and workflows
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-04-17 14:15:50 -06:00
dependabot[bot]
51eef2b980
Bump io.projectreactor:reactor-bom from 2024.0.16 to 2024.0.17
...
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor ) from 2024.0.16 to 2024.0.17.
- [Release notes](https://github.com/reactor/reactor/releases )
- [Commits](https://github.com/reactor/reactor/compare/2024.0.16...2024.0.17 )
---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
dependency-version: 2024.0.17
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-17 11:57:33 -06:00
dependabot[bot]
302cfb116e
Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs
...
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions ) from 1.14.10 to 1.14.11.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc )
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.10...v1.14.11 )
---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
dependency-version: 1.14.11
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-17 11:08:19 -06:00
dependabot[bot]
695ea1717f
Bump org.hibernate.orm:hibernate-core from 6.6.47.Final to 6.6.48.Final
...
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm ) from 6.6.47.Final to 6.6.48.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases )
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.48/changelog.txt )
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.47...6.6.48 )
---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
dependency-version: 6.6.48.Final
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-17 11:07:58 -06:00
dependabot[bot]
1206c2b141
Bump actions/upload-artifact from 7.0.0 to 7.0.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: 7.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-17 11:07:36 -06:00
dependabot[bot]
3539f06146
Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4
...
Bumps [spring-io/spring-release-actions](https://github.com/spring-io/spring-release-actions ) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/spring-io/spring-release-actions/releases )
- [Commits](https://github.com/spring-io/spring-release-actions/compare/0.0.3...0.0.4 )
---
updated-dependencies:
- dependency-name: spring-io/spring-release-actions
dependency-version: 0.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-17 11:07:08 -06:00
Josh Cummings
a317a3d866
Add Support for Always Running Additional Authentication Checks
...
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-04-15 21:07:39 -06:00
Josh Cummings
68b820ed09
Check Issuer with Issuer Provided
...
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-04-15 18:23:22 -06:00
dependabot[bot]
44d32815b1
Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs
...
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions ) from 1.14.9 to 1.14.10.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc )
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.9...v1.14.10 )
---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
dependency-version: 1.14.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-07 10:29:49 -06:00