9893048ec9
Merge branch '6.5.x' into 7.0.x
2026-03-03 18:51:53 -07:00
e17d85e460
Add IDE Setup Documentation
...
Issue gh-17833
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-03-03 18:51:32 -07:00
4f97217f68
Refine upgradeEncoding condition in DaoAuthenticationProvider
...
After adding jspecify support in the module that contains the
DaoAuthenticationProvider class, we actually changed the contract logic,
which is a good thing, and this commit fixes it.
Closes: gh-18781
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com >
2026-03-03 18:18:13 -07:00
fdaa883fb7
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x
2026-03-03 18:17:08 -07:00
f12036db05
Bump actions/upload-artifact from 6.0.0 to 7.0.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: 7.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 18:16:39 -07:00
fbd9880a33
Bump actions/upload-artifact from 6.0.0 to 7.0.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: 7.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 17:48:29 -07:00
5e38c2aa88
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x
2026-03-03 17:47:40 -07:00
7b5c502a97
Bump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final
...
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm ) from 6.6.43.Final to 6.6.44.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases )
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.44/changelog.txt )
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.43...6.6.44 )
---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
dependency-version: 6.6.44.Final
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 17:47:07 -07:00
57434fc597
Update RestTemplateBuilder usage in opaque-token.adoc
...
We just now use a new form instead of the deprecate one.
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com >
2026-03-03 16:48:22 -07:00
20a7f96062
Merge branch '6.5.x' into 7.0.x
2026-03-03 16:44:12 -07:00
706b059ea8
Update logout.adoc
...
Directives should be Directive
Signed-off-by: HaiYan <haiyan_qi@hotmail.com >
2026-03-03 16:43:18 -07:00
7c49e0b457
Bump com.webauthn4j:webauthn4j-core
...
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j ) from 0.31.0.RELEASE to 0.31.1.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases )
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.31.0.RELEASE...0.31.1.RELEASE )
---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
dependency-version: 0.31.1.RELEASE
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 15:52:30 -07:00
04b270a0a3
Merge Fix Flaky Crypto Tests
...
Forward merge gh-18841
2026-03-03 16:02:33 -06:00
ea3b112bea
Fix Flaky Crypto Tests
2026-03-03 15:58:17 -06:00
17776e4738
Merge Fix Flaky Crypto Tests
2026-03-03 15:26:53 -06:00
1261c229a3
Fix Flaky Crypto Tests
...
Previously the RsaSecretEncryptorTests were flaky because the assumed that a BadPaddigException would be thrown
when using things like different salt. However, given that the tests had random inputs (e.g. keys) there is the
possibility that, despite the fact that it can never be properly decrypted, the final bytes look like a valid
encrypted value.
This updates the tests to ensure that decrypt either throws an Exception or is not equal to the original
plaintext.
2026-03-03 14:52:28 -06:00
9ce2d76508
Merge HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3
2026-03-02 11:48:14 -06:00
fb84e24893
HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3
...
Closes gh-18804
2026-03-02 11:31:52 -06:00
1575610d49
Add Tests
...
Issue gh-18486
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-02-26 17:10:55 -07:00
3a14745d92
Delegate calls of hasAuthority to AuthorizationManager#hasAuthority
...
Closes gh-18486
Signed-off-by: Michael Lück <michael@lueckonline.net >
2026-02-26 17:10:55 -07:00
c29af014f4
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x
2026-02-26 17:10:16 -07:00
4501ae7d1c
Update Reactive Resource Server startup exceptations
...
Issue gh-16708
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-02-26 16:56:22 -07:00
48112d3d74
Polish Resource Server startup expectations
...
Issue gh-16708
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-02-26 16:56:22 -07:00
b8735abb63
Clarify Resource Server startup expectations
...
Clarify that Spring Boot defers OIDC discovery by default.
Closes gh-16708
Signed-off-by: [CLOUD4] 한현 <gusgus1467@naver.com >
2026-02-26 16:56:22 -07:00
7c3c8bbdcb
Update Remember-Me example
...
Closes gh-18639
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com >
2026-02-26 15:28:32 -07:00
731848d5d3
Merge branch '6.5.x' into 7.0.x
2026-02-26 15:09:45 -07:00
68a02ff176
Update Link to CRSF Docs in FAQ
...
Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com >
2026-02-26 14:47:21 -07:00
ee97c83042
Update request-matcher schema and XML tests to use path
...
Closes gh-18641
Signed-off-by: Menashe Eliezer <menashe.eliezer@gmail.com >
2026-02-26 14:42:09 -07:00
ba12f5e6d0
Bump org-apache-maven-resolver from 1.9.26 to 1.9.27
...
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.
Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases )
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27 )
Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases )
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27 )
Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27
---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
dependency-version: 1.9.27
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
dependency-version: 1.9.27
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
dependency-version: 1.9.27
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-02-26 14:38:51 -07:00
f37a706d62
Bump org-apache-maven-resolver from 1.9.26 to 1.9.27
...
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.
Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases )
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27 )
Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases )
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27 )
Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27
---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
dependency-version: 1.9.27
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
dependency-version: 1.9.27
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
dependency-version: 1.9.27
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-02-26 14:38:30 -07:00
b48967eebc
Merge Add Missing OnCommitedResponseWrapper Header Overrides
...
Add Missing OnCommitedResponseWrapper Header Overrides
2026-02-24 20:16:39 -06:00
522c48b3b5
Merge Add Missing OnCommitedResponseWrapper Header Overrides
...
Add Missing OnCommitedResponseWrapper Header Overrides
2026-02-24 20:16:24 -06:00
6898de8003
Merge Add Missing OnCommitedResponseWrapper Header Overrides
2026-02-24 19:49:38 -06:00
1dae9aa459
Add Missing OnCommitedResponseWrapper Header Overrides
...
Spring Security's `OnCommitedResponseWrapper` does not override the `setHeader`, `setIntHeader`, `addIntHeader`
methods. This means that if the `Content-Length` response header is specified using any of those methods then
the response body length is not tracked and can be committed before the response headers are written.
Spring Security should override the missing methods and track `Content-Length` as is already done for `addHeader`.
This issue is the underlying problem for spring-projects/spring-framework#36381
Closes gh-18797
2026-02-24 19:46:29 -06:00
73ee893d98
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x
2026-02-24 17:10:14 -07:00
bec25edeb0
Merge pull request #18566 from Hann244/docs/gh-16530-jsp-method-attribute
...
Clarify need for method attribute in JSP authorize tag
2026-02-24 17:08:14 -07:00
4d43edfb20
Polish Documentation
...
- Combined explanation of method attribute with usage recommendations
- Used one sentence per line format
Issue gh-16530
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-02-24 14:24:11 -07:00
9f9699f8a5
Clarify need for method attribute in JSP authorize tag
...
Closes gh-16530
This aligns the JSP documentation with the changes made in gh-16529.
Added a NOTE to clarify that the method attribute is required when the underlying RequestMatcher is method-specific.
Signed-off-by: onhann <gusgus1467@naver.com >
2026-02-24 14:24:11 -07:00
311235f39e
Document Keberose Dependency Coordinates
...
Closes gh-18773
2026-02-23 11:32:37 -06:00
fec988c82d
Add Kerberos Migration Section
...
This links to the updated dependency coordinates
Issue gh-18773
Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com >
2026-02-23 11:29:50 -06:00
17b434c1c1
Document the change in dependency coordinates with Spring Security 7
...
Signed-off-by: busoco-sjb <169069865+busoco-sjb@users.noreply.github.com >
2026-02-23 11:21:59 -06:00
0bb65411be
Merge pull request Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager
...
Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager
2026-02-23 11:17:06 -06:00
d29c984881
Merge pull request #18544 from Khyojae/gh-18543
...
Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager
2026-02-23 11:16:42 -06:00
151bcf3b0b
Merge Fix: Handle null authority string in AuthoritiesAuthorizationManager into 7.0.x
2026-02-23 10:53:40 -06:00
1116241ee3
Fix Checks for NullPointerException in AuthoritiesAuthorizationManager
...
- Fix checkstyle
- Fix the test to use Collection that throws NullPointerException on .contains(null) to replicate the reported issue
Closes gh-18544
Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com >
2026-02-23 10:47:11 -06:00
d87dc9ae57
Fix: Handle null authority string in AuthoritiesAuthorizationManager
...
This prevents NPE when GrantedAuthority.getAuthority() returns null. Closes gh-18543
Signed-off-by: Khyojae <khjae201@gmail.com >
2026-02-23 09:30:28 -06:00
2eb948d9b5
Ensure tests clear AuthorizationServerContextHolder
...
Closes gh-18768
2026-02-23 08:17:02 -06:00
f2aef5168c
Merge branch '6.5.x' into 7.0.x
2026-02-23 08:13:38 -06:00
ac556a45f9
Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final
...
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm ) from 6.6.42.Final to 6.6.43.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases )
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.43/changelog.txt )
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.42...6.6.43 )
---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
dependency-version: 6.6.43.Final
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-02-23 08:12:23 -06:00
c8731a8dc0
Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6
...
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom ) from 2.18.5 to 2.18.6.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.5...jackson-bom-2.18.6 )
---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
dependency-version: 2.18.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-02-23 08:12:09 -06:00
Josh Cummings