Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-22 03:52:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,237 Commits 50 Branches 348 Tags
Commit Graph

18237 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
f9aa88acb3
Merge branch '6.4.x' into 6.5.x 
- Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final

Closes gh-17105
 2025-05-14 11:12:42 -05:00
Rob Winch
b38cf1fc16
Merge branch 'gradle/6.4.x/org.hibernate.orm-hibernate-core-6.6.15.Final' into 6.4.x 2025-05-14 11:12:24 -05:00
Rob Winch
e79de2f63e
Merge branch '6.4.x' into 6.5.x 
- Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18

Closes gh-17111
 2025-05-14 11:01:53 -05:00
Rob Winch
5a2bd2b825
Merge branch '6.3.x' into 6.4.x 
- Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18

Closes gh-17110
 2025-05-14 11:00:22 -05:00
Joe Grandja
5f7155bfc7 Implement internal cache in JtiClaimValidator 
Closes gh-17107
 2025-05-14 05:21:00 -04:00
dependabot[bot]
91afd49faf
Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.14.Final to 6.6.15.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.15/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.14...6.6.15)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.15.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-14 03:33:33 +00:00
dependabot[bot]
78a60d0d84
Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.17 to 2023.0.18.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.17...2023.0.18)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2023.0.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-14 03:23:25 +00:00
Joe Grandja
a265ac6ae7 Polish gh-17080 2025-05-13 14:35:23 -04:00
David Kowis
2090f44f74 Fix DPoP jkt claim to be JWK SHA-256 thumbprint 
Just used the nimbus JOSE library to do it, because it already has a
compliant implementation.

Closes gh-17080

Signed-off-by: David Kowis <david@kow.is>
 2025-05-13 14:35:23 -04:00
dependabot[bot]
eee7e5edaa Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.1.RELEASE to 0.29.2.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.1.RELEASE...0.29.2.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.2.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:34:22 -06:00
dependabot[bot]
b9a92e35b9 Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.6 to 1.14.7.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.6...v1.14.7)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:32:42 -06:00
Josh Cummings
349377a13b
Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-05-13 12:31:27 -06:00
dependabot[bot]
d34fd236f6 Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.6 to 1.14.7.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.6...v1.14.7)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:30:10 -06:00
dependabot[bot]
c326e394e1 Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.13.Final to 6.6.14.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.14/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.13...6.6.14)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.14.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:28:03 -06:00
Josh Cummings
e0e9a7e76d
Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-05-13 12:26:25 -06:00
dependabot[bot]
ad934efc24 Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.13.Final to 6.6.14.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.14/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.13...6.6.14)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.14.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:24:36 -06:00
dependabot[bot]
7a62f4eec8 Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 
Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:22:42 -06:00
Josh Cummings
518918e197
Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-05-13 12:21:31 -06:00
dependabot[bot]
11eac05dfd Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 
Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:20:38 -06:00
Josh Cummings
26650b20fb
Merge branch '6.4.x' into 6.5.x 2025-05-13 12:18:51 -06:00
Josh Cummings
3a36197d7a
Merge branch '6.3.x' into 6.4.x 2025-05-13 12:17:29 -06:00
dependabot[bot]
a001f27690 Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 
Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:15:42 -06:00
Josh Cummings
26f359a4db
Merge branch '6.4.x' into 6.5.x 2025-05-13 11:18:31 -06:00
Josh Cummings
5ba4ab5e11
Merge branch '6.3.x' into 6.4.x 2025-05-13 11:18:02 -06:00
Danilo Piazzalunga
27319e3f9b Add missing registration property in YAML listing 
Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
 2025-05-13 11:17:35 -06:00
Danilo Piazzalunga
ec462e8bc5 Update assertingparty property usage in YAML snippets 
Spring Boot 2.7 renamed spring.security.saml2.relyingparty.registration.*.identityprovider.*
to spring.security.saml2.relyingparty.registration.*.assertingparty.*.

Closes gh-12810.

Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
 2025-05-13 11:17:35 -06:00
yybmion
d48c463c03
Add logging to CsrfTokenRequestHandler implementations 
Add trace-level logging to show the logical path of CSRF token processing
- Log token source (header or parameter) in resolveCsrfTokenValue
- Log request attribute names in handle methods
- Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding)
- Add similar logging to XorServerCsrfTokenRequestAttributeHandler

Improves debugging capabilities without changing functionality.

Closes gh-13626

Signed-off-by: yybmion <yunyubin54@gmail.com>
 2025-05-12 18:49:40 -06:00
Joe Grandja
e3c39f02bc Add documentation for DPoP support 
Closes gh-17072
 2025-05-09 16:02:14 -04:00
Rob Winch
3110f3679a
Merge branch '6.4.x' into 6.5.x 
- Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4

Closes gh-17069
 2025-05-07 10:01:39 -05:00
dependabot[bot]
8fcf181ff0
Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.3 to 2.18.4.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.3...jackson-bom-2.18.4)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-07 03:30:49 +00:00
Josh Cummings
1ec084886a
Revert "Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0" 
This reverts commit 226e81d7f55d38603f3f179d3e32caf3e7ed6a20.

Given that we are in the RC phase, we do not want to do minor version
upgrades
 2025-05-06 16:55:22 -06:00
Josh Cummings
211b1b7285
Update Method Security Migration Steps 2025-05-06 16:44:20 -06:00
Josh Cummings
84db5bb312
Add Cookie Customizer Migration Steps 2025-05-06 16:43:04 -06:00
Josh Cummings
74a25c3fc1
Add shouldFilterAllDispatcherTypes Migration Steps 2025-05-06 16:40:10 -06:00
Josh Cummings
084990736e
Move Opaque Token Migration Steps 2025-05-06 16:39:16 -06:00
Josh Cummings
c6bba38458
Update SAML 2.0 Migration Steps 2025-05-06 16:38:32 -06:00
Josh Cummings
45b453f59b
Add ACL Migration Steps 2025-05-06 16:38:19 -06:00
Max Batischev
66e614cb0b WebAuthnConfigurer Code Cleanup 
Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-05-06 15:20:08 -05:00
Max Batischev
421fcaee12 Add Assertions To WebAuthnConfigurer 
Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-05-06 15:20:08 -05:00
Josh Cummings
184cd96ee6
Don't Update Minor Versions During RC Phase 2025-05-06 11:56:41 -06:00
Zhoudong
6624e302ac Favor Spring Framework NonNull over Reactor NonNull 
Signed-off-by: Zhoudong <jearton@users.noreply.github.com>
 2025-05-06 10:52:05 -06:00
dependabot[bot]
dd0b26a992 Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-06 10:15:39 -06:00
dependabot[bot]
0c7e43a462 Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-06 10:15:28 -06:00
dependabot[bot]
a4111a606b Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-06 10:15:11 -06:00
Rob Winch
9b79b99150
Merge branch '6.4.x' 
- Correct method name in logout.adoc

Closes gh-17049
 2025-05-06 10:24:14 -05:00
Rob Winch
63d79a97db
Merge branch '6.3.x' into 6.4.x 
- Correct method name in logout.adoc

Closes gh-17048
 2025-05-06 10:23:58 -05:00
Tran Ngoc Nhan
505fe3abed
Correct method name 
Closes gh-17031

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-06 10:17:29 -05:00
Josh Cummings
1a9f62dce4
Merge branch '6.4.x' 2025-05-05 16:00:59 -06:00
Josh Cummings
0220e471bb
Move Serialization Samples 
To make SpringSecurityCoreVersionSerializableTests more manageable,
this commit moves the sample class constructions to a separate file.
In this way, the tests file only changes when serialization tests are
added. When classes are introduced, they can be added to SerializationSamples,
separating the two concerns
 2025-05-05 15:51:10 -06:00
Josh Cummings
12a18c3792
Polish Serialization Tests 
If Instancio fails to instatiate the class sample, it will
now also delete the serialized sample file. Otherwise, it will
leave a zero-byte file on the filesystem, confusing future test runs
 2025-05-05 15:39:33 -06:00