From f37a706d62d460b948f00db9b28198ac2617d020 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Feb 2026 03:07:26 +0000 Subject: [PATCH 1/2] Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.27 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.27 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.27 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 08bdd69796..882ca8e366 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -5,7 +5,7 @@ io-spring-javaformat = "0.0.47" io-spring-nohttp = "0.0.11" jakarta-websocket = "2.2.0" org-apache-directory-server = "1.5.5" -org-apache-maven-resolver = "1.9.26" +org-apache-maven-resolver = "1.9.27" org-aspectj = "1.9.25.1" org-bouncycastle = "1.80" org-eclipse-jetty = "11.0.26" From 68a02ff176a18c2644f3d47d1810f5bc22887e75 Mon Sep 17 00:00:00 2001 From: Guillaume Husta Date: Thu, 29 Jan 2026 17:58:27 +0100 Subject: [PATCH 2/2] Update Link to CRSF Docs in FAQ Signed-off-by: Guillaume Husta --- docs/modules/ROOT/pages/servlet/appendix/faq.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/modules/ROOT/pages/servlet/appendix/faq.adoc b/docs/modules/ROOT/pages/servlet/appendix/faq.adoc index d987b67642..82241cfa37 100644 --- a/docs/modules/ROOT/pages/servlet/appendix/faq.adoc +++ b/docs/modules/ROOT/pages/servlet/appendix/faq.adoc @@ -319,7 +319,7 @@ If you have trouble working out where a session is being created, you can add so [[appendix-faq-forbidden-csrf]] === I get a 403 Forbidden when performing a POST. What is wrong? -If an HTTP 403 Forbidden error is returned for HTTP POST, but it works for HTTP GET, the issue is most likely related to https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/#csrf[CSRF]. Either provide the CSRF Token or disable CSRF protection (the latter is not recommended). +If an HTTP 403 Forbidden error is returned for HTTP POST, but it works for HTTP GET, the issue is most likely related to xref:features/exploits/csrf.adoc#csrf[CSRF]. Either provide the CSRF Token or disable CSRF protection (the latter is not recommended). [[appendix-faq-no-security-on-forward]] === I am forwarding a request to another URL by using the RequestDispatcher, but my security constraints are not being applied.