Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,977 Commits 54 Branches 379 Tags
63c99b94380b02ef6bd563fde835bca8ed06d201
Commit Graph

19977 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Winch 97342f83fd Bump org.springframework.ldap:spring-ldap-core from 3.2.15 to 3.2.16 2025-12-19 16:47:19 -06:00
Robert Winch dfe062b390 Bump org.hibernate.orm:hibernate-core from 6.6.38.Final to 6.6.39.Final 2025-12-19 16:45:18 -06:00
Robert Winch 703a81390e Bump org.springframework.data:spring-data-bom from 2024.1.12 to 2024.1.13 2025-12-19 16:45:10 -06:00
dependabot[bot] 0514ee4cc5 Bump org-aspectj from 1.9.25 to 1.9.25.1 
Bumps `org-aspectj` from 1.9.25 to 1.9.25.1.

Updates `org.aspectj:aspectjrt` from 1.9.25 to 1.9.25.1
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

Updates `org.aspectj:aspectjweaver` from 1.9.25 to 1.9.25.1
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

---
updated-dependencies:
- dependency-name: org.aspectj:aspectjrt
  dependency-version: 1.9.25.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.aspectj:aspectjweaver
  dependency-version: 1.9.25.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-17 03:15:05 +00:00
dependabot[bot] 18c4c4c528 Bump org-aspectj from 1.9.25 to 1.9.25.1 
Bumps `org-aspectj` from 1.9.25 to 1.9.25.1.

Updates `org.aspectj:aspectjrt` from 1.9.25 to 1.9.25.1
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

Updates `org.aspectj:aspectjweaver` from 1.9.25 to 1.9.25.1
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

---
updated-dependencies:
- dependency-name: org.aspectj:aspectjrt
  dependency-version: 1.9.25.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.aspectj:aspectjweaver
  dependency-version: 1.9.25.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-17 03:12:14 +00:00
dependabot[bot] 9fd6d54268 Bump org.springframework:spring-framework-bom from 6.2.14 to 6.2.15 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.14 to 6.2.15.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.14...v6.2.15)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-16 03:16:05 +00:00
dependabot[bot] 3f04f42abb Bump org.springframework.ldap:spring-ldap-core from 3.2.15 to 3.2.16 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.15 to 3.2.16.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.15...3.2.16)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-16 03:15:51 +00:00
dependabot[bot] f585461427 Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.21 to 1.5.22.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.22)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-16 03:15:45 +00:00
dependabot[bot] a155c035e1 Bump org.springframework.data:spring-data-bom 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.12 to 2024.1.13.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.12...2024.1.13)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-16 03:15:13 +00:00
dependabot[bot] 6d722edab1 Bump org.springframework.data:spring-data-bom 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.12 to 2024.1.13.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.12...2024.1.13)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-16 03:13:17 +00:00
dependabot[bot] e712531555 Bump org.hibernate.orm:hibernate-core from 6.6.38.Final to 6.6.39.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.38.Final to 6.6.39.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.39/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.38...6.6.39)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.39.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-16 03:13:08 +00:00
dependabot[bot] 100c07de98 Bump org.springframework.ldap:spring-ldap-core from 3.2.15 to 3.2.16 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.15 to 3.2.16.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.15...3.2.16)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-16 03:12:14 +00:00
github-actions[bot] 9095a1bffd Next development version 2025-12-15 20:58:49 +00:00
github-actions[bot] 9d08114c58 Release 7.0.2 7.0.2 2025-12-15 20:23:38 +00:00
Josh Cummings 0155d4a345 Restore Check for DispatcherServlet on Classpath 
Closes gh-18315
 2025-12-15 12:18:22 -07:00
github-actions[bot] 29ad1e6b07 Next development version 2025-12-15 18:22:29 +00:00
github-actions[bot] 8651868708 Release 7.0.1 7.0.1 2025-12-15 17:52:40 +00:00
dependabot[bot] 5732f39da7 Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.21 to 1.5.22.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.22)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 11:46:42 -06:00
dependabot[bot] 8bfa849a9d Bump org.springframework.data:spring-data-bom from 2025.1.0 to 2025.1.1 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2025.1.0 to 2025.1.1.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2025.1.0...2025.1.1)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2025.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 11:32:40 -06:00
dependabot[bot] e033086ab0 Bump org.springframework:spring-framework-bom from 7.0.1 to 7.0.2 
Includes fixes for Breaking Changes in Spring Framework 7.0.2:

- spring-projects/spring-framework#35916
- spring-projects/spring-framework#35947

Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.1 to 7.0.2.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.1...v7.0.2)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 7.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 11:25:19 -06:00
Josh Cummings 964fcac086 Polish Tests 
Issue gh-18269

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2025-12-15 09:43:07 -07:00
Ziqin Wang 1d1b3ff797 Fix "typ" header value in NimbusJwtEncoder-encoded JWT 
Closes gh-18269

Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2025-12-15 09:43:07 -07:00
Ziqin Wang c8898f91fc Test NimbusJwtEncoder & NimbusJwtDecoder symmetrically 
This test encodes an JWT with NimbusJwtEncoder, and then decodes it with
NimbusJwtDecoder.

This test will fail when NimbusJwtEncoder emits a JWT with a wrong `typ'
parameter in the header, as NimbusJwtDecoder validates the JWT with
JwtTypeValidator by default.  It may be beneficial for finding out other
similiar bugs too.

Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2025-12-15 09:43:07 -07:00
Josh Cummings dbf93acb05 Check for spring-security-web on Classpath 
This commit refines the check for adding AuthorizationWebProxyConfiguration
to the application context. The web-based authorization proxy support is intended
for applying Spring Security Method Security primitives to Spring Web components;
as such, this implies a dependency on Spring Security Web.

Closes gh-18307
 2025-12-15 09:18:47 -07:00
Josh Cummings ae5673b7a8 Merge branch '6.5.x' 2025-12-15 09:05:50 -07:00
Josh Cummings 765abe534e Add Missing Migration Pages to Side Navigation 
Closes gh-18313
 2025-12-15 09:05:06 -07:00
Josh Cummings afb0c59875 Add request-matcher XML Migration Steps 
Closes gh-18211
 2025-12-15 09:05:06 -07:00
dependabot[bot] d5beb513cd Bump com.unboundid:unboundid-ldapsdk from 7.0.3 to 7.0.4 
Bumps [com.unboundid:unboundid-ldapsdk](https://github.com/pingidentity/ldapsdk) from 7.0.3 to 7.0.4.
- [Release notes](https://github.com/pingidentity/ldapsdk/releases)
- [Changelog](https://github.com/pingidentity/ldapsdk/blob/master/docs/release-notes.html)
- [Commits](https://github.com/pingidentity/ldapsdk/commits)

---
updated-dependencies:
- dependency-name: com.unboundid:unboundid-ldapsdk
  dependency-version: 7.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 09:58:07 -06:00
Rob Winch d6a2603e85 Bump io.mockk:mockk from 1.14.6 to 1.14.7 2025-12-15 09:56:57 -06:00
Rob Winch a4810b7e15 Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 2025-12-15 09:55:21 -06:00
Rob Winch 054f2e9a87 Bump io.projectreactor:reactor-bom from 2025.0.0 to 2025.0.1 2025-12-15 09:55:18 -06:00
dependabot[bot] 279afe3e28 Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.13 to 1.14.14.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.13...v1.14.14)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 15:54:23 +00:00
Rob Winch 00c7a5b201 Merge branch '6.5.x' 2025-12-15 09:53:06 -06:00
Rob Winch 310f82170f Bump io.mockk:mockk from 1.14.6 to 1.14.7 2025-12-15 09:52:37 -06:00
Rob Winch be2f2ec600 Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 2025-12-15 09:50:28 -06:00
Rob Winch 1bc90b5fd0 Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 2025-12-15 09:50:25 -06:00
Rob Winch d2dd0fe5f6 Bump io.projectreactor:reactor-bom from 2024.0.12 to 2024.0.13 2025-12-15 09:50:23 -06:00
Rob Winch 7a85bf481a Bump org.hibernate.orm:hibernate-core from 6.6.38.Final to 6.6.39.Final 2025-12-15 09:50:21 -06:00
Rob Winch af960abe2d Merge branch '6.4.x' into 6.5.x 2025-12-15 09:49:52 -06:00
Rob Winch b7b859cd9a Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 2025-12-15 09:46:59 -06:00
Rob Winch b83f682154 Bump io.projectreactor:reactor-bom from 2024.0.12 to 2024.0.13 2025-12-15 09:46:56 -06:00
Rob Winch aca1643284 Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 2025-12-15 09:46:54 -06:00
dependabot[bot] 0c9c152a31 Bump org.hibernate.orm:hibernate-core from 6.6.38.Final to 6.6.39.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.38.Final to 6.6.39.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.39/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.38...6.6.39)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.39.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 03:16:38 +00:00
dependabot[bot] cf2114e36e Bump org.springframework:spring-framework-bom from 6.2.14 to 6.2.15 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.14 to 6.2.15.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.14...v6.2.15)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-12 03:15:32 +00:00
dependabot[bot] ecd17a9ee0 Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.21 to 1.5.22.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.22)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-12 03:15:25 +00:00
dependabot[bot] 2a763578f5 Bump io.projectreactor:reactor-bom from 2024.0.12 to 2024.0.13 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2024.0.12 to 2024.0.13.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2024.0.12...2024.0.13)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2024.0.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-10 03:19:03 +00:00
dependabot[bot] e978d4bf3d Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 
Bumps `org-apache-maven-resolver` from 1.9.24 to 1.9.25.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.24 to 1.9.25
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.24...maven-resolver-1.9.25)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.24 to 1.9.25
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.24...maven-resolver-1.9.25)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.24 to 1.9.25

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-10 03:18:11 +00:00
dependabot[bot] ef5cdb50cc Bump io.projectreactor:reactor-bom from 2024.0.12 to 2024.0.13 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2024.0.12 to 2024.0.13.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2024.0.12...2024.0.13)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2024.0.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-10 03:14:23 +00:00
dependabot[bot] b2e2d74cab Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 
Bumps `org-apache-maven-resolver` from 1.9.24 to 1.9.25.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.24 to 1.9.25
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.24...maven-resolver-1.9.25)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.24 to 1.9.25
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.24...maven-resolver-1.9.25)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.24 to 1.9.25

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-10 03:14:06 +00:00
dependabot[bot] c3a03a4834 Bump io.projectreactor:reactor-bom from 2025.0.0 to 2025.0.1 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.0 to 2025.0.1.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.0...2025.0.1)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-10 03:08:36 +00:00