From 381047e3867c37ffcf2cda200f15619da20917e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Mar 2026 20:57:31 +0000 Subject: [PATCH 1/5] Bump spring-io/spring-security-release-tools from 1.0.14 to 1.0.15 Bumps [spring-io/spring-security-release-tools](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15. - [Release notes](https://github.com/spring-io/spring-security-release-tools/releases) - [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-io/spring-security-release-tools/compare/729fed56d42122f88583aff1be35c0800b7d77e9...b92832ecbc7cbe969201e6beafbde0ee400cf095) --- updated-dependencies: - dependency-name: spring-io/spring-security-release-tools dependency-version: 1.0.15 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/continuous-integration-workflow.yml | 2 +- .github/workflows/milestone-spring-releasetrain.yml | 2 +- .github/workflows/pr-build-workflow.yml | 2 +- .github/workflows/update-scheduled-release-version.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/continuous-integration-workflow.yml b/.github/workflows/continuous-integration-workflow.yml index 83e709718a..e9b04d82bf 100644 --- a/.github/workflows/continuous-integration-workflow.yml +++ b/.github/workflows/continuous-integration-workflow.yml @@ -97,6 +97,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Send Notification - uses: spring-io/spring-security-release-tools/.github/actions/send-notification@729fed56d42122f88583aff1be35c0800b7d77e9 # v1.0.14 + uses: spring-io/spring-security-release-tools/.github/actions/send-notification@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15 with: webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }} diff --git a/.github/workflows/milestone-spring-releasetrain.yml b/.github/workflows/milestone-spring-releasetrain.yml index c6c704b530..8a2cd191c2 100644 --- a/.github/workflows/milestone-spring-releasetrain.yml +++ b/.github/workflows/milestone-spring-releasetrain.yml @@ -30,6 +30,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Send Notification - uses: spring-io/spring-security-release-tools/.github/actions/send-notification@729fed56d42122f88583aff1be35c0800b7d77e9 # v1.0.14 + uses: spring-io/spring-security-release-tools/.github/actions/send-notification@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15 with: webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }} diff --git a/.github/workflows/pr-build-workflow.yml b/.github/workflows/pr-build-workflow.yml index 2bfb674d25..2af862e89d 100644 --- a/.github/workflows/pr-build-workflow.yml +++ b/.github/workflows/pr-build-workflow.yml @@ -46,6 +46,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Send Notification - uses: spring-io/spring-security-release-tools/.github/actions/send-notification@729fed56d42122f88583aff1be35c0800b7d77e9 # v1.0.14 + uses: spring-io/spring-security-release-tools/.github/actions/send-notification@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15 with: webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }} diff --git a/.github/workflows/update-scheduled-release-version.yml b/.github/workflows/update-scheduled-release-version.yml index 4aa76b5df7..58eb46db92 100644 --- a/.github/workflows/update-scheduled-release-version.yml +++ b/.github/workflows/update-scheduled-release-version.yml @@ -18,6 +18,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Send Notification - uses: spring-io/spring-security-release-tools/.github/actions/send-notification@729fed56d42122f88583aff1be35c0800b7d77e9 # v1.0.14 + uses: spring-io/spring-security-release-tools/.github/actions/send-notification@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15 with: webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }} \ No newline at end of file From b8b1278e1f625202507e36e777bde66eba425bd2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Mar 2026 20:59:08 +0000 Subject: [PATCH 2/5] Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.7 to 1.14.9. - [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc) - [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.7...v1.14.9) --- updated-dependencies: - dependency-name: "@springio/antora-extensions" dependency-version: 1.14.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docs/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/package.json b/docs/package.json index 11f7c66fed..935cfe1900 100644 --- a/docs/package.json +++ b/docs/package.json @@ -4,7 +4,7 @@ "@antora/atlas-extension": "1.0.0-alpha.5", "@antora/collector-extension": "1.0.3", "@asciidoctor/tabs": "1.0.0-beta.6", - "@springio/antora-extensions": "1.14.7", + "@springio/antora-extensions": "1.14.9", "@springio/asciidoctor-extensions": "1.0.0-alpha.18" } } From d547ae0181edd657bc4e48bd843a420cd709384f Mon Sep 17 00:00:00 2001 From: sankranti Date: Sat, 20 Dec 2025 18:56:25 +0300 Subject: [PATCH 3/5] Fix defaults description in Session Management doc Corrected that starting from Spring Security 6 security context is not automatically saved by default. Signed-off-by: sankranti --- .../ROOT/pages/servlet/authentication/session-management.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc b/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc index 0eb0f05f0d..b45879fa79 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc @@ -3,7 +3,7 @@ Once you have got an application that is xref:servlet/authentication/index.adoc[authenticating requests], it is important to consider how that resulting authentication will be persisted and restored on future requests. -This is done automatically by default, so no additional code is necessary, though it is important to know what `requireExplicitSave` means in `HttpSecurity`. +Starting from Spring Security 6 security context is not persisted automatically by default, thus it is important to know what `requireExplicitSave` means in `HttpSecurity`. If you like, <> or <>. Otherwise, in most cases you are done with this section. From 9dbe3bdcc03bebb84a895bf5e79deba26c58da03 Mon Sep 17 00:00:00 2001 From: Josh Cummings <3627351+jzheaux@users.noreply.github.com> Date: Tue, 3 Mar 2026 16:20:16 -0700 Subject: [PATCH 4/5] Polish Session Management Persistence Docs Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com> --- .../ROOT/pages/servlet/authentication/session-management.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc b/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc index b45879fa79..2d6aac85af 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc @@ -3,7 +3,9 @@ Once you have got an application that is xref:servlet/authentication/index.adoc[authenticating requests], it is important to consider how that resulting authentication will be persisted and restored on future requests. -Starting from Spring Security 6 security context is not persisted automatically by default, thus it is important to know what `requireExplicitSave` means in `HttpSecurity`. +This is done automatically by default. If you have a custom filter or controller that is setting the security context, you will need to use a `SecurityContextRepository` to persist it across requests. + +If you are upgrading from an older version, you may be interested in the `requireExplicitSave` setting that preserves Spring Security 5's default, though note that this is primarily for migration purposes. If you like, <> or <>. Otherwise, in most cases you are done with this section. From 9fed1ac8c32d7200fe8b13039b4b1633a114c20d Mon Sep 17 00:00:00 2001 From: Rob Winch <362503+rwinch@users.noreply.github.com> Date: Mon, 9 Mar 2026 13:59:35 -0500 Subject: [PATCH 5/5] New line per sentence Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com> --- .../ROOT/pages/servlet/authentication/session-management.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc b/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc index 2d6aac85af..fe19b63ddf 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc @@ -3,7 +3,8 @@ Once you have got an application that is xref:servlet/authentication/index.adoc[authenticating requests], it is important to consider how that resulting authentication will be persisted and restored on future requests. -This is done automatically by default. If you have a custom filter or controller that is setting the security context, you will need to use a `SecurityContextRepository` to persist it across requests. +This is done automatically by default. +If you have a custom filter or controller that is setting the security context, you will need to use a `SecurityContextRepository` to persist it across requests. If you are upgrading from an older version, you may be interested in the `requireExplicitSave` setting that preserves Spring Security 5's default, though note that this is primarily for migration purposes.