Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,585 Commits 54 Branches 379 Tags
ab4092dce13a74db688a5d96c8439f65d2d40a59
Commit Graph

20585 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot] ab4092dce1 Release 7.1.0-M3 7.1.0-M3 2026-03-16 18:15:54 +00:00
Josh Cummings 82e5b88947 Merge branch '7.0.x' 2026-03-16 11:43:35 -06:00
Josh Cummings a2c0ac112b Update to spring-security-release-tools 1.0.15 
Closes gh-18909

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-16 11:43:19 -06:00
dependabot[bot] 34bc1e166e Bump io.projectreactor:reactor-bom from 2025.0.3 to 2025.0.4 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.3 to 2025.0.4.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.3...2025.0.4)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-16 16:50:29 +00:00
Josh Cummings 732afc3e17 Merge branch '7.0.x' 2026-03-16 10:49:35 -06:00
Josh Cummings ea6e7ab78f Merge branch '6.5.x' into 7.0.x 2026-03-16 10:49:23 -06:00
Josh Cummings 01ff3b086a Add Workflow for Deferring Issues 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-16 10:49:07 -06:00
Rob Winch d174b10f2a Merge Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs 2026-03-16 12:07:49 -04:00
Rob Winch e8cb0ef541 Merge Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs 2026-03-16 11:57:23 -04:00
Rob Winch 33e6f4bd3f Merge Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs 2026-03-16 11:57:07 -04:00
Robert Winch 3950d5d9c5 Merge Fix Jackson deserializer for AuthenticationExtensionsClientOutputs 2026-03-16 10:53:23 -05:00
Rob Winch 81d07c5d68 Merge Add Jackson Mixin for WebAuthnAuthentication 2026-03-16 11:50:38 -04:00
Rob Winch 524ae92f6b Merge Add Jackson Mixin for WebAuthnAuthentication 
Add Jackson Mixin for WebAuthnAuthentication
 2026-03-16 11:50:23 -04:00
Robert Winch 8b2ac9c99f Merge Add Jackson Mixin for WebAuthnAuthentication 2026-03-16 10:33:52 -05:00
Toshiaki Maki 47146f375b Add Jackson Mixin for WebAuthnAuthentication 
Closes gh-18034

Signed-off-by: Toshiaki Maki <makingx@gmail.com>
 2026-03-16 10:33:00 -05:00
github-actions[bot] 63d31d0566 Update Antora Spring UI to v0.4.26 2026-03-16 09:51:18 -04:00
Robert Winch c23fda603f Merge branch '7.0.x' 2026-03-16 08:50:37 -05:00
Robert Winch e7080e8c7c Update Antora UI Spring to v0.4.26 2026-03-16 08:50:29 -05:00
Robert Winch 29ebc1e6c3 Merge branch '7.0.x' 2026-03-16 08:48:36 -05:00
Robert Winch c348a7aa46 Bump io.projectreactor:reactor-bom from 2025.0.3 to 2025.0.4 2026-03-16 08:44:25 -05:00
Robert Winch f227934749 Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 2026-03-16 08:44:19 -05:00
Robert Winch e645aef3be Bump org.springframework.data:spring-data-bom from 2025.1.3 to 2025.1.4 2026-03-16 08:44:13 -05:00
Robert Winch b238632fdc Bump org.springframework:spring-framework-bom from 7.0.5 to 7.0.6 2026-03-16 08:44:07 -05:00
Robert Winch e1c30e088d Merge branch '7.0.x' 2026-03-16 08:43:14 -05:00
Robert Winch 3f05f4d30c Merge branch '6.5.x' into 7.0.x 2026-03-16 08:42:55 -05:00
Robert Winch cdd4b36d37 Update Antora UI Spring to v0.4.26 2026-03-16 08:26:19 -05:00
Robert Winch 7672f76fde Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 2026-03-16 08:26:12 -05:00
Robert Winch 3db4999da4 Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 2026-03-16 08:26:04 -05:00
dependabot[bot] 59ef1c490f Bump org.springframework:spring-framework-bom from 7.0.5 to 7.0.6 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.5 to 7.0.6.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.5...v7.0.6)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 7.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-16 03:17:36 +00:00
dependabot[bot] 5339565cbf Bump org.springframework.data:spring-data-bom from 2025.1.3 to 2025.1.4 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2025.1.3 to 2025.1.4.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2025.1.3...2025.1.4)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2025.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-16 03:17:23 +00:00
dependabot[bot] 21593ab39f Bump org.hibernate.orm:hibernate-core from 7.2.6.Final to 7.2.7.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.2.6.Final to 7.2.7.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/7.2.7/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/7.2.6...7.2.7)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 7.2.7.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-16 03:16:53 +00:00
dependabot[bot] 3813627a15 Bump org.springframework:spring-framework-bom from 7.0.5 to 7.0.6 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.5 to 7.0.6.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.5...v7.0.6)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 7.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-16 03:13:40 +00:00
dependabot[bot] 9616e6b640 Bump org.springframework.data:spring-data-bom from 2025.1.3 to 2025.1.4 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2025.1.3 to 2025.1.4.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2025.1.3...2025.1.4)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2025.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-16 03:13:21 +00:00
dependabot[bot] a708d2f61b Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.16 to 6.2.17.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.16...v6.2.17)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-16 03:07:46 +00:00
Ziqin Wang ae827b6e1b Fix Jackson 3 deserializer for AuthenticationExtensionsClientOutputs 
The deserializer is updated to properly ignore unknown extensions.

This fix addresses the WebAuthn authentication failure appeared when
using FIDO2 security keys on Safari.

Closes gh-18643

Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:34:34 +08:00
Ziqin Wang 65bf54d842 Test Jackson 3 deserializer with unknown primitive WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:34:24 +08:00
Ziqin Wang 7f75fd611e Test Jackson 3 deserializer with unknown obj/arr WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:34:13 +08:00
Ziqin Wang a013bfaaec Merge branch 'gh-18643-6.5.x' into gh-18643-7.0.x 2026-03-15 15:25:04 +08:00
Ziqin Wang e726c05e76 Fix Jackson 2 deserializer for AuthenticationExtensionsClientOutputs 
The deserializer is updated to properly ignore unknown extensions.

Closes gh-18643

Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:04:14 +08:00
Ziqin Wang a7039fb3e6 Test Jackson 2 deserializer with unknown primitive WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:03:28 +08:00
Ziqin Wang 88ea668f47 Test Jackson 2 deserializer with unknown obj/arr WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:03:17 +08:00
github-actions[bot] 2c1c50ddca Update Antora Spring UI to v0.4.26 2026-03-13 17:45:06 +00:00
github-actions[bot] 03a5de1955 Update Antora Spring UI to v0.4.26 2026-03-13 17:45:05 +00:00
Joe Grandja 22a98583f1 Enable null-safety in spring-security-oauth2-jose 
Closes gh-17821
 2026-03-13 11:58:29 -04:00
Joe Grandja 78f762fab8 Remove checkstyle suppressions for spring-security-oauth2-jose 
Issue gh-17821
 2026-03-13 11:38:08 -04:00
dependabot[bot] a29422950a Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 
Bumps org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 03:16:31 +00:00
dependabot[bot] 91167adaa8 Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 
Bumps org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 03:09:24 +00:00
dependabot[bot] 06cbea383e Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 
Bumps org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 03:07:50 +00:00
Andrey Litvitski e250236279 Read relayState from authenticationRequest 
Closes gh-18243

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-12 10:30:11 -06:00
dependabot[bot] eae1a0a55c Bump org.mockito:mockito-bom from 5.22.0 to 5.23.0 
Bumps [org.mockito:mockito-bom](https://github.com/mockito/mockito) from 5.22.0 to 5.23.0.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v5.22.0...v5.23.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-bom
  dependency-version: 5.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-12 03:18:20 +00:00