Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,173 Commits 54 Branches 379 Tags
f511d0a345fd77d15124dc795d1ae03c3e07aae1
Commit Graph

18173 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings f511d0a345 Merge remote-tracking branch 'origin/6.5.x' 2025-05-13 12:28:17 -06:00
dependabot[bot] c326e394e1 Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.13.Final to 6.6.14.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.14/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.13...6.6.14)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.14.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:28:03 -06:00
Josh Cummings 64b26cbd1f Merge branch '6.5.x' 2025-05-13 12:26:56 -06:00
Josh Cummings e0e9a7e76d Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-05-13 12:26:25 -06:00
dependabot[bot] ad934efc24 Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.13.Final to 6.6.14.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.14/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.13...6.6.14)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.14.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:24:36 -06:00
dependabot[bot] 99330bfc60 Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 
Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:23:56 -06:00
Josh Cummings 21c56554c9 Merge remote-tracking branch 'origin/6.5.x' 2025-05-13 12:23:07 -06:00
dependabot[bot] 7a62f4eec8 Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 
Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:22:42 -06:00
Josh Cummings c8339184a9 Merge branch '6.5.x' 2025-05-13 12:21:51 -06:00
Josh Cummings 518918e197 Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-05-13 12:21:31 -06:00
dependabot[bot] 11eac05dfd Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 
Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:20:38 -06:00
Josh Cummings 40a18fe63c Merge branch '6.5.x' 2025-05-13 12:19:14 -06:00
Josh Cummings 26650b20fb Merge branch '6.4.x' into 6.5.x 2025-05-13 12:18:51 -06:00
Josh Cummings 3a36197d7a Merge branch '6.3.x' into 6.4.x 2025-05-13 12:17:29 -06:00
dependabot[bot] a001f27690 Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 
Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:15:42 -06:00
Josh Cummings 0698d3527d Merge branch '6.5.x' 2025-05-13 11:18:43 -06:00
Josh Cummings 26f359a4db Merge branch '6.4.x' into 6.5.x 2025-05-13 11:18:31 -06:00
Josh Cummings 5ba4ab5e11 Merge branch '6.3.x' into 6.4.x 2025-05-13 11:18:02 -06:00
Danilo Piazzalunga 27319e3f9b Add missing registration property in YAML listing 
Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
 2025-05-13 11:17:35 -06:00
Danilo Piazzalunga ec462e8bc5 Update assertingparty property usage in YAML snippets 
Spring Boot 2.7 renamed spring.security.saml2.relyingparty.registration.*.identityprovider.*
to spring.security.saml2.relyingparty.registration.*.assertingparty.*.

Closes gh-12810.

Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
 2025-05-13 11:17:35 -06:00
Josh Cummings 93a7583aa4 Merge branch '6.5.x' 2025-05-12 18:52:47 -06:00
yybmion d48c463c03 Add logging to CsrfTokenRequestHandler implementations 
Add trace-level logging to show the logical path of CSRF token processing
- Log token source (header or parameter) in resolveCsrfTokenValue
- Log request attribute names in handle methods
- Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding)
- Add similar logging to XorServerCsrfTokenRequestAttributeHandler

Improves debugging capabilities without changing functionality.

Closes gh-13626

Signed-off-by: yybmion <yunyubin54@gmail.com>
 2025-05-12 18:49:40 -06:00
yybmion a90ce5142c Add logging to CsrfTokenRequestHandler implementations 
Add trace-level logging to show the logical path of CSRF token processing
- Log token source (header or parameter) in resolveCsrfTokenValue
- Log request attribute names in handle methods
- Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding)
- Add similar logging to XorServerCsrfTokenRequestAttributeHandler

Improves debugging capabilities without changing functionality.

Closes gh-13626

Signed-off-by: yybmion <yunyubin54@gmail.com>
 2025-05-12 18:48:45 -06:00
Joe Grandja ba7be9c8b9 Merge branch '6.5.x' 2025-05-09 16:14:34 -04:00
Joe Grandja e3c39f02bc Add documentation for DPoP support 
Closes gh-17072
 2025-05-09 16:02:14 -04:00
Rob Winch ff8b77df29 Add Twitter/X to CommonOAuth2Provider 
Add Twitter/X to CommonOAuth2Provider
 2025-05-07 15:08:23 -05:00
Tran Ngoc Nhan 48eb243012 Update javadoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-07 14:59:14 -05:00
Tran Ngoc Nhan 1e4dd713c5 Remove APPLICATION_JSON_UTF8 usage 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-07 14:59:14 -05:00
Rob Winch 6118587ff8 SavedCookieMixinTests uses readValue(String,Object.class) 
The test should not provide SavedCookie.class to the ObjectMapper
since this is not done in production. In particular, it provides the
type that it should be deserialized, but this must be provided in the
JSON since the type is unknown at the time of deserialization.

Issue gh-17006
 2025-05-07 14:55:54 -05:00
M-Faheem-Khan 241c3cd35a Remove deprecated Cookie usage 
Remove usage of comment and verison usage

Signed-off-by: M-Faheem-Khan <faheem5948@gmail.com>
 2025-05-07 14:55:54 -05:00
Rob Winch 693a5beb24 Format CommonOAuth2Provider 2025-05-07 14:55:04 -05:00
Rob Winch f13836c9c8 Add X to CommonOAuth2Provider Reference 
Issue gh-16510

Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
 2025-05-07 11:31:28 -05:00
kiruthiga1793 23e7c9eeaa Add Twitter/X to CommonOAuth2Provider 
Signed-off-by: kiruthiga1793 <pkiruthiga93@gmail.com>
 2025-05-07 11:24:29 -05:00
Rob Winch d52289bd7a Remove Unnecessary Backwards Compatability 
Since this is going to be merged into Spring Security 7 (a major release) and AESFastEngine is deprecated,
we should no longer support it (as it will likely be removed from Bouncy Castle)
 2025-05-07 11:19:27 -05:00
Steve Riesenberg 5eb232cd3d Polish gh-16164 2025-05-07 11:19:27 -05:00
Ferdinand Jacobs 2b22cf2877 Replace BouncyCastle's deprecated AESFastEngine with the default AESEngine 
- Update AESEngine to use the default AES engine, following BouncyCastle's recommendations
  (see release-1-56 of changelog: https://www.bouncycastle.org/download/bouncy-castle-java/?filter=java%3Drelease-1-56).
- Migrate to the latest API 'newInstance()' method to allow removal of @SuppressWarnings("deprecation")
- Remove @SuppressWarnings("deprecation")
 2025-05-07 11:19:27 -05:00
Rob Winch 5f833fa236 Fix Checkstyle Errors 2025-05-07 10:50:41 -05:00
milaneuh 7fda87aecd Remove deprecated methods from CookieServerCsrfTokenRepository 2025-05-07 10:50:41 -05:00
Shenker93 de622d1082 Improve JdbcUserDetailsManager.userExists method 2025-05-07 10:50:03 -05:00
Rob Winch 47f7d83ee4 Merge branch '6.5.x' 2025-05-07 10:10:35 -05:00
Rob Winch 69c52cc4f7 Merge branch 'remotes/origin/main' 
- Ignore Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 in favor of 2.19.0
 2025-05-07 10:05:39 -05:00
Rob Winch 3110f3679a Merge branch '6.4.x' into 6.5.x 
- Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4

Closes gh-17069
 2025-05-07 10:01:39 -05:00
dependabot[bot] 8fcf181ff0 Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.3 to 2.18.4.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.3...jackson-bom-2.18.4)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-07 03:30:49 +00:00
Josh Cummings 46ee6eda76 Merge branch '6.5.x' 2025-05-06 16:56:10 -06:00
Josh Cummings 1ec084886a Revert "Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0" 
This reverts commit 226e81d7f5.

Given that we are in the RC phase, we do not want to do minor version
upgrades
 2025-05-06 16:55:22 -06:00
Josh Cummings 9c357984d7 Merge branch '6.5.x' 2025-05-06 16:45:14 -06:00
Josh Cummings 211b1b7285 Update Method Security Migration Steps 2025-05-06 16:44:20 -06:00
Josh Cummings 84db5bb312 Add Cookie Customizer Migration Steps 2025-05-06 16:43:04 -06:00
Josh Cummings 74a25c3fc1 Add shouldFilterAllDispatcherTypes Migration Steps 2025-05-06 16:40:10 -06:00
Josh Cummings 084990736e Move Opaque Token Migration Steps 2025-05-06 16:39:16 -06:00