Commit Graph

10063 Commits

Author SHA1 Message Date
Marcus Da Coregio 45a4a89960 Update hibernate-entitymanager to 5.6.12.Final
Closes gh-12005
2022-10-13 09:24:20 -03:00
Marcus Da Coregio b43c7e927f Update org.eclipse.jetty to 9.4.49.v20220914
Closes gh-12004
2022-10-13 09:24:20 -03:00
Marcus Da Coregio 50d23622d0 Update io.rsocket to 1.1.3
Closes gh-12003
2022-10-13 09:24:20 -03:00
Marcus Da Coregio 2c2603ba0f Update io.projectreactor to 2020.0.24
Closes gh-12001
2022-10-13 09:24:20 -03:00
Marcus Da Coregio f7f53ea2b7 Update jackson-bom to 2.13.4.20221012
Closes gh-11997
2022-10-13 09:22:28 -03:00
Marcus Da Coregio e0f8c711d8 Add default value for cloneOutputDirectory property
Closes gh-11969
2022-10-10 11:00:47 -03:00
Dan Allen e0843aabb1 automatically manage docs version (with collector) 2022-10-05 13:56:22 -05:00
Daniel Garnier-Moiroux 26bb60c567 Add rncToXsd task description to CONTRIBUTING.adoc 2022-10-03 10:09:27 -03:00
Dan Allen c44230ba24
switch to offical Antora plugin for Gradle
- lock version to latest release of Antora 3.1
- rename properties on extension block
- use Node.js version provided by plugin
- remove package.json file
- assign environment variables using environments property on extension block
- use single quotes where possible in build script
- use default setting for log format
2022-09-29 14:05:09 -05:00
Jerome Prinet 8d2fb6858f Update Gradle Enterprise plugin to 3.11.1 2022-09-16 13:14:53 -03:00
Marcus Da Coregio 7756247c3a Simplify checkSamples task
Closes gh-11814
2022-09-16 09:36:12 -03:00
Dan Allen 3387149a0f repurpose 5.6.x branch to provide local docs build
* remove unused workflows, scripts, and configuration (now handled by docs-build branch)
* upgrade Antora to 3.1 (and Node.js to 16)
* tune playbook settings
* reconfigure docs build for local build only
* add patch to support using linked worktree as Antora content source
* remove Antora extensions not needed for local builds
2022-09-12 15:41:12 -05:00
Underground Hill 8b74bf9742 Updated reference to architecture page
In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page
2022-09-01 09:38:10 -03:00
Marcus Da Coregio 40abf87ae6 Add buildScan to checkRemote
Closes gh-11766
2022-08-30 09:11:08 -03:00
Steve Riesenberg 1c014eb512
Use 6.0.x instead of 3.0.x as default branch 2022-08-24 16:38:27 -05:00
Rob Winch 8c69699458 Remove backportbot.yml
Issue gh-11736
2022-08-23 13:46:32 -05:00
Rob Winch fc10d5fc29 repository=spring-projects/spring-security
Previously the repository used spring-project (missing the s)
2022-08-23 13:30:20 -05:00
Rob Winch c79ebf4edf Setup Forward Merge 2022-08-22 16:19:44 -05:00
Marcus Da Coregio a8d6c1d21f Consistently set AuthenticationEventPublisher in AuthenticationManagerBuilder
Prior to this, the HttpSecurity bean was not consistent with WebSecurityConfigurerAdapter's HttpSecurity because it did not setup a default AuthenticationEventPublisher. This also fixes a problem where the AuthenticationEventPublisher bean would only be considered if there was a UserDetailsService

Closes gh-11449
Closes gh-11726
2022-08-19 09:58:22 -03:00
Steve Riesenberg 7c7f9380c7
Refresh remote JWK when unknown KID error occurs
Closes gh-11621
2022-08-18 16:54:45 -05:00
tinolazreg 888715bbb2
Add tests for unknown KID error
Issue gh-11621
2022-08-18 16:54:45 -05:00
jujunChen 13feb87171
Modify words
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
2022-08-16 14:51:36 -06:00
Rob Winch faf9fb7337 NamespaceLdapAuthenticationProviderTests use Dynamic Port
Closes gh-11710
2022-08-15 15:26:46 -05:00
Rob Winch f33d7253b6 GitHubMilestoneApiTests due_on Uses LocalDate
`GitHubMilestoneApiTests` uses `Instant.now()` for `due_on`. Since
`Instant.now()` is UTC time based,
`isMilestoneDueTodayWhenDueTodayThenTrue` fails when the computer that runs
the test is not the same day as it is in UTC time.

To fix it, `due_on` should be set to an `Instant` based upon the timezone
of the current computer.

Closes gh-11706
2022-08-15 13:04:29 -05:00
github-actions[bot] db74e9d128 Next development version 2022-08-15 16:07:33 +00:00
github-actions[bot] 4559d269e0 Release 5.6.7 2022-08-15 15:25:05 +00:00
Marcus Da Coregio 627809d2dc Update org.springframework.data to 2021.1.6
Closes gh-11686
2022-08-10 14:52:51 -03:00
Marcus Da Coregio 4b1d7e9479 Update org.springframework to 5.3.22
Closes gh-11685
2022-08-10 14:52:51 -03:00
Marcus Da Coregio d9980a4dfe Update jsonassert to 1.5.1
Closes gh-11684
2022-08-10 14:52:51 -03:00
Marcus Da Coregio 8eb7e589eb Update hibernate-entitymanager to 5.6.10.Final
Closes gh-11683
2022-08-10 14:52:51 -03:00
Marcus Da Coregio 0d7dce9d71 Update org.eclipse.jetty to 9.4.48.v20220622
Closes gh-11682
2022-08-10 14:52:51 -03:00
Marcus Da Coregio da09788be9 Update io.projectreactor to 2020.0.22
Closes gh-11680
2022-08-10 14:52:51 -03:00
Marcus Da Coregio ead587c597 Consistently handle RequestRejectedException if it is wrapped
Closes gh-11645
2022-08-09 08:32:42 -03:00
Steve Riesenberg 02459919cc
Skip workflows on forks of spring-security 2022-07-28 15:13:56 -05:00
Steve Riesenberg 57d212ddca
Use cache and user.name system property on Windows 2022-07-28 15:13:55 -05:00
Steve Riesenberg 539b17f6da
Only run prerequisites job if on upstream repo 2022-07-28 15:13:54 -05:00
Steve Riesenberg 37e1ad27fe
Simplify dependency graph 2022-07-28 15:13:53 -05:00
Steve Riesenberg 043fdd6f03
Use Spring Gradle Build Action
Closes gh-11630
2022-07-28 15:13:52 -05:00
Steve Riesenberg 3234e05085
Polish gh-11367 2022-07-28 15:13:51 -05:00
naveen f957e3c051
Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.

- Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Closes gh-11367
2022-07-28 15:13:51 -05:00
Marcus Da Coregio d66ad22652 Add Deprecated annotation to WebSecurity#securityInterceptor
Closes gh-11634
2022-07-27 14:32:44 -03:00
Rob Winch 7a860e1568 Fix Snapshot Sources/Javadoc
This commit merges a workaround to an issue in JFrog's Gradle plugin
which causes SNAPSHOT javadoc and sources to become out of sync and thus
prevents users from being able to download either.

Closes gh-10602
2022-07-26 16:26:31 -05:00
Desmond Silveira 0d3c3c676d
"Well-Know" should be "Well-Known" 2022-07-26 15:45:27 -05:00
Yuriy Savchenko 0f64d4c091 Add Kotlin example for WebTestClient setup docs
Closes gh-9998
2022-07-22 14:04:16 -03:00
Josh Cummings 56a6133b20
Merge Same-named Attribute Elements
Closes gh-11042
2022-07-20 18:43:25 -06:00
Steve Riesenberg aaf20e7b61
Build only on branches
Issue gh-11480
2022-07-18 11:47:25 -05:00
Steve Riesenberg 148756076c
Backport release automation and github actions
Closes gh-11501
2022-07-13 15:51:25 -05:00
Steve Riesenberg 6f321a27c4
Fix inconsistency in hasProperty check 2022-07-13 15:51:25 -05:00
Steve Riesenberg 539443b4be
Add GitHubReleasePlugin with createGitHubRelease task
Issue gh-10456
Issue gh-10457
2022-07-13 15:51:24 -05:00
Josh Cummings 28424f8ae5
Correct input validation for 31 rounds
Closes gh-11470
2022-07-11 14:51:51 -06:00