Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,134 Commits 54 Branches 379 Tags
d244bcf76e4dc5effeab4ac56028339b97e534c3
Commit Graph

20134 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Park JuHyeong d244bcf76e Suppress AspectJ compiler warnings in spring-security-aspects 
- Added -Xlint:ignore to compileAspectj task
- Added -Xlint:ignore to compileTestAspectj task

Fixes the following AspectJ warnings:
- AnnotationSecurityAspect.aj:72 [warning] advice defined
- AbstractMethodInterceptorAspect.aj:36 [warning] advice defined

These warnings occur because the AspectJ compiler detects that
advice in deprecated aspect classes may not match any join points,
which is expected behavior for deprecated code maintained for
backward compatibility.

Contributes to gh-18405

Signed-off-by: Park JuHyeong <wngud5957@naver.com>
 2026-02-02 11:30:51 -06:00
jieun de23ade14b Remove compiler warnings for spring-security-cas:check 
Signed-off-by: jieun <jkdev1324@gmail.com>
 2026-02-02 11:27:42 -06:00
Robert Winch afa3e2311c Merge branch '7.0.x' 2026-02-02 11:13:10 -06:00
Robert Winch 9273f411c1 Merge branch '6.5.x' into 7.0.x 2026-02-02 11:12:53 -06:00
Robert Winch d6e3ec78cd Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 2026-02-02 11:12:18 -06:00
Joe Grandja 2a2f13fbd3 Polish Nullability for oauth2-core 
Issue gh-17820
 2026-02-02 09:00:46 -06:00
Joe Grandja db5310bee8 Enable null-safety in spring-security-oauth2-core 
Closes gh-17820
 2026-02-02 09:00:40 -06:00
Joe Grandja dfed528851 Remove checkstyle suppressions for spring-security-oauth2-core 
Issue gh-17820
 2026-02-02 09:00:40 -06:00
dependabot[bot] 48c1023fd6 Bump org.hibernate.orm:hibernate-core from 6.6.41.Final to 6.6.42.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.41.Final to 6.6.42.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.42/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.41...6.6.42)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.42.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-02 03:11:29 +00:00
dependabot[bot] 04dbdc8588 Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.26 to 1.5.27.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.26...v_1.5.27)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-02 03:11:13 +00:00
Robert Winch 6a6c7a7a78 Add missing @Nullable to setters of Nullable Fields 
There are setters and builder methods that initialize members that are
`@Nullable` but do not accept `@Nullable` parameters.

For example:

```
private @Nullable Object foo;

public void setFoo(Object foo) {
    this.foo = foo;
}
```

It is an unnecessary restriction that the parameter is unable to be null
since the field can be null.

This commit fixes these inconsistencies.

Closes gh-18618
 2026-01-29 13:58:42 -06:00
Robert Winch b591a0a757 TestingAuthenticationToken.credentials should be @Nullable 
Closes gh-18615
 2026-01-29 10:17:22 -06:00
Josh Cummings c5632ccd83 Add security-nullability to ldap 
Closes gh-17818

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-01-28 15:30:54 -07:00
Robert Winch a8b5c8fe02 Bump io.mockk:mockk from 1.14.7 to 1.14.9 2026-01-27 11:17:24 -06:00
Robert Winch 054ff7421b Merge branch '7.0.x' 2026-01-27 11:17:10 -06:00
Robert Winch 6ca04d9b77 Merge branch '6.5.x' into 7.0.x 2026-01-27 11:16:43 -06:00
Robert Winch 3960bf950d Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 2026-01-27 10:00:00 -06:00
Robert Winch bc6ac7c8c6 Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 2026-01-27 09:59:50 -06:00
Robert Winch 6e30cd5417 Merge branch '7.0.x' 2026-01-26 22:06:54 -06:00
Robert Winch 74b93a19f6 Externalize java-toolchain configuration 
We should not use subprojects to perform configuration becaause it
does not allow for lazy loading and it can cause ordering problems.
In this case, the toolchain was not being used but instead it was
using the JAVA_HOME.

By splitting the configuration into a plugin and applying it to each
project it fixes the toolchain configuration
 2026-01-26 22:06:36 -06:00
dependabot[bot] c7d52242fb Bump io.mockk:mockk from 1.14.7 to 1.14.9 
Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.14.7 to 1.14.9.
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](https://github.com/mockk/mockk/compare/1.14.7...1.14.9)

---
updated-dependencies:
- dependency-name: io.mockk:mockk
  dependency-version: 1.14.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-27 03:03:22 +00:00
dependabot[bot] 6f6dbd5728 Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.25 to 1.5.26.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.25...v_1.5.26)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-26 15:27:46 -06:00
dependabot[bot] 99eb7b1e5c Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.6 to 3.27.7.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.6...assertj-build-3.27.7)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-26 15:27:19 -06:00
LeeJiWon 89467605ca Deprecate single-arg PasswordComparisonAuthenticator ctor 
Add new constructor accepting PasswordEncoder to eventually
remove deprecated LdapShaPasswordEncoder usage.

Closes gh-18430

Signed-off-by: LeeJiWon <dlwldnjs1009@gmail.com>
 2026-01-26 14:54:52 -06:00
LeeJiWon 9fa0a34b4c Remove compiler warnings in spring-security-ldap 
- Add
  compile-warnings-error plugin to ldap module

- Replace
  org.springframework.lang.NonNull with org.jspecify.annotations.NonNull

-
  Add @SuppressWarnings for unchecked/rawtypes/deprecation warnings

Closes
  gh-18405

Signed-off-by: LeeJiWon <dlwldnjs1009@gmail.com>
 2026-01-26 14:54:52 -06:00
Tran Ngoc Nhan a23be5e625 Add compile-warnings-error 
Closes gh-18439

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:44:31 -06:00
jihunparkkk c3240c4d2b Remove compiler warnings for spring-security-rsocket 
Closes gh-18437

Signed-off-by: jihunparkkk <pjh2996@naver.com>
 2026-01-26 14:43:21 -06:00
Tran Ngoc Nhan 3c0fd6d7ca Add compile-warnings-error 
Closes gh-18417

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:36:10 -06:00
Tran Ngoc Nhan d526bb460f Add compile-warnings-error 
Closes gh-18438

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:35:14 -06:00
Tran Ngoc Nhan 30975df0a7 Add compile-warnings-error 
Closes gh-18431

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:34:34 -06:00
Tran Ngoc Nhan bd49ceb0ef Add compile-warnings-error 
Closes gh-18429

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:31:35 -06:00
Tran Ngoc Nhan 1c8bbda7af Add compile-warnings-error 
Closes gh-18428

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:31:13 -06:00
Tran Ngoc Nhan fb19143c91 Add compile-warnings-error 
Closes gh-18427

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:30:30 -06:00
Tran Ngoc Nhan f906539fe4 Add compile-warnings-error 
Closes gh-18426

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:28:15 -06:00
Tran Ngoc Nhan 18ab4dc2c8 Add compile-warnings-error 
Closes gh-18425

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:26:05 -06:00
Tran Ngoc Nhan b07cd701c7 Add compile-warnings-error 
Closes gh-18423

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:25:26 -06:00
Robert Winch ea8bd1a01d Merge branch '7.0.x' 
Closes gh-18595
 2026-01-26 12:17:24 -06:00
Robert Winch 6dd6e8ebb1 Merge branch '6.5.x' into 7.0.x 
Closes gh-18235
 2026-01-26 12:06:19 -06:00
Garvit Joshi edd82ba82c gh-18234: Create SHA-1 MessageDigest for every new check request 
Signed-off-by: Garvit Joshi <garvitjoshi9@gmail.com>
 2026-01-26 11:06:25 -06:00
dependabot[bot] cf656ce6e1 Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.25 to 1.5.26.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.25...v_1.5.26)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-26 03:11:50 +00:00
dependabot[bot] f75e9c7138 Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.6 to 3.27.7.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.6...assertj-build-3.27.7)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-26 03:11:34 +00:00
Andrey Litvitski 0a182f1f20 Add @Nullable to changePassword parameters in UserDetailsManager 
Closes: gh-18257

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-01-23 15:06:10 -06:00
Jay Choi 5e56877487 Remove compiler warnings for spring-security-acl 
Closes gh-18415

Signed-off-by: Jay Choi <jayyoungchoi22@gmail.com>
 2026-01-23 14:19:23 -06:00
Jay Choi 38356fda10 Remove compiler warnings for spring-security-webauthn 
Closes gh-18442

Signed-off-by: Jay Choi <jayyoungchoi22@gmail.com>
 2026-01-23 14:17:20 -06:00
Jay Choi 442d72ec12 Remove compiler warnings for spring-security-access 
Closes gh-18414

Signed-off-by: Jay Choi <jayyoungchoi22@gmail.com>
 2026-01-23 14:16:08 -06:00
Michael Lück 7513c859bd Fix javadoc warnings and apply plugin javadoc-warnings-error 
Closes to gh-18448

Signed-off-by: Michael Lück <michael@lueckonline.net>
 2026-01-23 14:13:54 -06:00
Robert Winch 1b3cf72fc9 Add Nullaway Checkstyle 
- Require package-info.java with @NullMarked in every package
- Suppress package checks for tests and modules that haven't been worked on
- Prevent non org.jspecify Nullability imports on enabled modules
- Validate Nullable is before modifiers

Closes gh-18564
 2026-01-23 10:42:53 -06:00
Robert Winch d7fbf3673a Fix consistency with Nullability Usage 
Issue gh-18564
 2026-01-23 10:42:53 -06:00
dependabot[bot] ab3298e917 Bump io.spring.nullability:io.spring.nullability.gradle.plugin 
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin) from 0.0.9 to 0.0.10.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases)
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.9...v0.0.10)

---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
  dependency-version: 0.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-23 09:26:24 -06:00
dependabot[bot] 37b0813b26 Bump tools.jackson:jackson-bom from 3.0.3 to 3.0.4 
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 3.0.3 to 3.0.4.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.0.3...jackson-bom-3.0.4)

---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-23 09:26:04 -06:00