Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,889 Commits 54 Branches 379 Tags
5cc2f2e216df34b39275c58a3ed5cde2305d9ae4
Commit Graph

20889 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings 438c783c7d securityMatchers uses PathPatternRequestMatcher.Builder Bean 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-15 16:54:51 -06:00
Josh Cummings 83ba30d138 Merge branch '7.0.x' 2026-04-15 15:05:04 -06:00
Josh Cummings 4ec000a07c Merge branch '6.5.x' into 7.0.x 2026-04-15 15:04:51 -06:00
Josh Cummings 3cf9397a7d Polish HtmlTemplates 
This commit changes HtmlTemplates to use replace
instead of replaceAll since supporting regex in template
keys is not needed.

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-15 14:59:29 -06:00
dependabot[bot] 6e894fd6b7 Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.4 to 2025.0.5.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.4...2025.0.5)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-15 03:23:14 +00:00
dependabot[bot] 5fcde78384 Bump io.micrometer:micrometer-observation from 1.16.4 to 1.16.5 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.16.4 to 1.16.5.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.16.4...v1.16.5)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.16.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-14 03:18:32 +00:00
dependabot[bot] 077d300487 Bump org-bouncycastle from 1.83 to 1.84 
Bumps `org-bouncycastle` from 1.83 to 1.84.

Updates `org.bouncycastle:bcpkix-jdk18on` from 1.83 to 1.84
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

Updates `org.bouncycastle:bcprov-jdk18on` from 1.83 to 1.84
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

---
updated-dependencies:
- dependency-name: org.bouncycastle:bcpkix-jdk18on
  dependency-version: '1.84'
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.bouncycastle:bcprov-jdk18on
  dependency-version: '1.84'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-14 03:18:13 +00:00
dependabot[bot] 6731e340ce Bump io.spring.nullability:io.spring.nullability.gradle.plugin 
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin) from 0.0.12 to 0.0.13.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases)
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.12...v0.0.13)

---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
  dependency-version: 0.0.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-14 03:17:48 +00:00
dependabot[bot] 4e34f79670 Bump org.hibernate.orm:hibernate-core from 7.3.0.Final to 7.3.1.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.3.0.Final to 7.3.1.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/7.3.1/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/7.3.0...7.3.1)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 7.3.1.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-13 03:22:40 +00:00
dependabot[bot] 623ff756f1 Bump org.seleniumhq.selenium:htmlunit3-driver from 4.41.0 to 4.43.0 
Bumps [org.seleniumhq.selenium:htmlunit3-driver](https://github.com/SeleniumHQ/htmlunit-driver) from 4.41.0 to 4.43.0.
- [Release notes](https://github.com/SeleniumHQ/htmlunit-driver/releases)
- [Commits](https://github.com/SeleniumHQ/htmlunit-driver/compare/4.41.0...4.43.0)

---
updated-dependencies:
- dependency-name: org.seleniumhq.selenium:htmlunit3-driver
  dependency-version: 4.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-13 03:22:15 +00:00
dependabot[bot] be666d71c5 Bump tools.jackson:jackson-bom from 3.1.1 to 3.1.2 
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 3.1.1 to 3.1.2.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.1.1...jackson-bom-3.1.2)

---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-13 03:21:45 +00:00
Joe Grandja f8359ef619 Polish gh-17202 2026-04-10 07:40:34 -04:00
Max Batischev fc6a4c8220 Add Support DPoP Customization 
Closes gh-16940

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2026-04-10 07:09:24 -04:00
dependabot[bot] d6b97c7919 Bump @springio/antora-extensions from 1.14.9 to 1.14.11 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.9 to 1.14.11.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.9...v1.14.11)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-10 00:45:55 +00:00
Josh Cummings 036ccff1f5 Move Focus to OTT Button When Username is Read-Only 
Closes gh-18817

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-07 18:32:15 -06:00
Anantha Krishnan 245733a631 fix: restore native form submission for OTT login 
Signed-off-by: Anantha Krishnan <ananthakrishnanj2001@gmail.com>
 2026-04-07 18:32:15 -06:00
Josh Cummings 229eb3ea46 Defer SecureRandom Construction Until Usage 
Issue gh-17824

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-07 18:20:24 -06:00
Josh Cummings c21fc6c433 Use Static Holder 
By using a static holder, we can leave method contracts
as-is and still maintain the performance benefit.

Issue gh-17824

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-07 18:20:24 -06:00
Yerin Lee 7c31eb58ac Also deprecate BCrypt.gensalt(int) without SecureRandom parameter 
- Deprecates BCrypt.gensalt(int) method

Closes gh-17824

Signed-off-by: Yerin Lee <rt8632@naver.com>
 2026-04-07 18:20:24 -06:00
Yerin Lee d4f49a5b43 Deprecate BCrypt.gensalt() without SecureRandom parameter 
Creating a new SecureRandom instance on every call causes
unnecessary performance overhead. This change:

- Deprecates BCrypt.gensalt(String, int) method
- Modifies BCryptPasswordEncoder constructors to create
  and reuse SecureRandom instances
- Maintains backward compatibility

All existing tests pass.

Closes gh-17824

Signed-off-by: Yerin Lee <rt8632@naver.com>
 2026-04-07 18:20:24 -06:00
Josh Cummings 6d20e02173 Update whats-new 
Issue gh-18113

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-07 16:21:15 -06:00
Josh Cummings 0c6b73d123 WebAuthn Publishes Authentication Events 
Closes gh-18113

Signed-off-by: suuuuuuminnnnnn <sumin45402214@gmail.com>
 2026-04-07 16:21:15 -06:00
Joe Grandja f66fb0814b Fix merge 2026-04-07 16:12:34 -04:00
Joe Grandja 3008848158 Merge branch '7.0.x' 2026-04-07 15:47:01 -04:00
Joe Grandja 41524880c6 Fix auth_time claim should represent authentication time 
Closes gh-18282
 2026-04-07 15:44:57 -04:00
Josh Cummings 1e979d6f52 Merge branch '7.0.x' 2026-04-07 10:31:14 -06:00
Josh Cummings 2361dc131e Merge branch '6.5.x' into 7.0.x 2026-04-07 10:31:01 -06:00
dependabot[bot] 44d32815b1 Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.9 to 1.14.10.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.9...v1.14.10)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-07 10:29:49 -06:00
dependabot[bot] 87c3335e01 Bump org.hibernate.orm:hibernate-core from 6.6.45.Final to 6.6.47.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.45.Final to 6.6.47.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.47/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.45...6.6.47)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.47.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-07 10:07:57 -06:00
dependabot[bot] 76e9d91f24 Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.9 to 1.14.10.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.9...v1.14.10)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-07 10:06:09 -06:00
dependabot[bot] 145579896f Bump lodash from 4.17.23 to 4.18.1 in /javascript 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.23...4.18.1)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-02 20:05:04 +00:00
Joe Grandja 073fc9874b Revert snapshots to Spring Framework 7.0.+ 
Closes gh-19024
 2026-04-02 15:52:23 -04:00
Rob Winch ce247bdd16 Merge Add XML Based shouldWriteHeadersEagerly tests 
Add XML Based shouldWriteHeadersEagerly tests
 2026-04-02 12:51:07 -04:00
Robert Winch ad5a9fd0ba Merge Add XML Based shouldWriteHeadersEagerly tests 2026-04-02 11:39:15 -05:00
Joe Grandja 4ce3fade21 Add @Nullable to DefaultOidcUser.equals() 
Issue gh-18622
 2026-04-02 11:02:22 -04:00
Joe Grandja 9527a4b281 Merge branch '7.0.x' 2026-04-02 10:58:06 -04:00
Joe Grandja 77fe9e892a Merge branch '6.5.x' into 7.0.x 
Closes gh-19022
 2026-04-02 10:52:15 -04:00
Joe Grandja eefbb4da64 Fix DefaultOidcUser.equals() 
Closes gh-18622
 2026-04-02 10:41:32 -04:00
Joe Grandja 2ada3f00fa Polish gh-18888 2026-04-02 06:29:02 -04:00
Evgeniy Cheban 8f2a5a7b6e Add PrincipalResolver to ExchangeFilterFunctions 
Closes gh-16284

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2026-04-02 06:28:42 -04:00
Joe Grandja aa35db5aad Fix merge conflict 2026-04-02 05:45:17 -04:00
Rob Winch 8f65f88dc0 Merge Add XML Based shouldWriteHeadersEagerly tests 
Add XML Based shouldWriteHeadersEagerly tests
 2026-04-01 12:58:09 -04:00
Rob Winch a2793f31b4 Merge Add XML Based shouldWriteHeadersEagerly tests 
Add XML Based shouldWriteHeadersEagerly tests
 2026-04-01 12:53:29 -04:00
Robert Winch 64d8e6cc9b Merge Add XML Based shouldWriteHeadersEagerly tests 2026-04-01 11:41:58 -05:00
Robert Winch 679a47a51d Add XML Based shouldWriteHeadersEagerly tests 2026-04-01 11:37:39 -05:00
Josh Cummings 5b8d81828a Add serialVersionUID 
This commit gives a serialVersionUID to the private adapter class for the Jwt
authentication principal. It also adds a SuppressWarnings annotation so that
it doesn't get picked up by config's serialization tests. This is needed since
the test cannot construct a serialization sample for a private class

Issue gh-6237

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-31 16:19:41 -06:00
Josh Cummings 16b5df40de Exclude Anonymous Classes in Serializable Scan 
Issue gh-17729

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-31 16:17:12 -06:00
Josh Cummings 8472599067 Add Missing 7.1 Serialization Artifacts 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-31 16:16:27 -06:00
Josh Cummings cb129d6b2d Merge branch '7.0.x' 2026-03-31 15:56:49 -06:00
Josh Cummings d4678c8e04 Add Missing Serialization Support 
Closes gh-19013

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-31 15:55:09 -06:00