spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-08 22:44:35 +00:00

Author	SHA1	Message	Date
dependabot[bot]	4f8fcea4de	Bump org.springframework.data:spring-data-bom from 2025.1.1 to 2025.1.2 Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2025.1.1 to 2025.1.2. - [Release notes](https://github.com/spring-projects/spring-data-bom/releases) - [Commits](https://github.com/spring-projects/spring-data-bom/compare/2025.1.1...2025.1.2) --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-bom dependency-version: 2025.1.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-06 09:00:01 -06:00
dependabot[bot]	659aedbe96	Bump org.springframework:spring-framework-bom Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.3-SNAPSHOT to 7.0.4-SNAPSHOT. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/commits) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-version: 7.0.4-SNAPSHOT dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-06 09:00:01 -06:00
dependabot[bot]	d589707385	Bump io.projectreactor:reactor-bom from 2025.0.1 to 2025.0.2 Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.1 to 2025.0.2. - [Release notes](https://github.com/reactor/reactor/releases) - [Commits](https://github.com/reactor/reactor/compare/2025.0.1...2025.0.2) --- updated-dependencies: - dependency-name: io.projectreactor:reactor-bom dependency-version: 2025.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-06 09:00:01 -06:00
dependabot[bot]	4734af6856	Bump tools.jackson:jackson-bom from 3.0.3 to 3.0.4 Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 3.0.3 to 3.0.4. - [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.0.3...jackson-bom-3.0.4) --- updated-dependencies: - dependency-name: tools.jackson:jackson-bom dependency-version: 3.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-06 09:00:01 -06:00
dependabot[bot]	ac09b73725	Bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.20.2 Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.20.1 to 2.20.2. - [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.20.1...jackson-bom-2.20.2) --- updated-dependencies: - dependency-name: com.fasterxml.jackson:jackson-bom dependency-version: 2.20.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-06 09:00:01 -06:00
Vincent Stradiot	075c48c0d8	Fix typo in documentation Signed-off-by: Vincent Stradiot <vincentstradiot@hotmail.com>	2026-02-05 17:22:43 -07:00
Josh Cummings	31090f7a18	Merge branch '6.5.x' into 7.0.x	2026-02-05 16:58:16 -07:00
Josh Cummings	447e76bd06	Update to actions/checkout 6.0.2	2026-02-05 16:57:30 -07:00
Josh Cummings	41e7af70b5	Merge branch '6.5.x' into 7.0.x	2026-02-05 13:46:21 -07:00
Josh Cummings	46a9514420	Update to setup-gradle 5.0.1 note that gradle/gradle-build-action is superceded by setup-gradle. Issue gh-18648 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-02-05 13:44:02 -07:00
Josh Cummings	8432df498e	Update upload-artifact to 6.0.0 Issue gh-18648 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-02-05 13:44:00 -07:00
Josh Cummings	63162eb5f1	Update to setup-java 5.2.0 Issue gh-18648 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-02-05 13:43:56 -07:00
Josh Cummings	5c3b8c513b	Update spring-gradle-build-action to 2.0.5 Issue gh-18648	2026-02-05 13:43:11 -07:00
Josh Cummings	d276c943fc	Update actions/checkout to 6.0.2 Issue gh-18648 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-02-05 13:43:06 -07:00
Josh Cummings	18d9dd77ec	Use SHA Hashes for spring-security-release-tools Workflows Issue gh-18648 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-02-05 13:42:22 -07:00
Joe Grandja	d3c42a7a4f	Polish OAuth2ConfigurerUtils	2026-02-05 04:52:02 -05:00
Joe Grandja	e61c03f7c3	Fix to allow multiple PasswordEncoder beans Closes gh-18645	2026-02-05 04:51:51 -05:00
Elayne Bloom	2c97b3376b	Document Client PKCE settings Updated the documentation to reflect recent changes to enable PKCE by default for `authorization_code` flows in the documentation for the client. Closes gh-18304 Signed-off-by: Elayne Bloom <5840349+bloomsei@users.noreply.github.com>	2026-02-02 16:30:27 -05:00
Robert Winch	9273f411c1	Merge branch '6.5.x' into 7.0.x	2026-02-02 11:12:53 -06:00
Robert Winch	d6e3ec78cd	Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27	2026-02-02 11:12:18 -06:00
dependabot[bot]	48c1023fd6	Bump org.hibernate.orm:hibernate-core from 6.6.41.Final to 6.6.42.Final Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.41.Final to 6.6.42.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.42/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.41...6.6.42) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.42.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-02 03:11:29 +00:00
dependabot[bot]	04dbdc8588	Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.26 to 1.5.27. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.26...v_1.5.27) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.27 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-02 03:11:13 +00:00
Robert Winch	6ca04d9b77	Merge branch '6.5.x' into 7.0.x	2026-01-27 11:16:43 -06:00
Robert Winch	3960bf950d	Bump org.assertj:assertj-core from 3.27.6 to 3.27.7	2026-01-27 10:00:00 -06:00
Robert Winch	bc6ac7c8c6	Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26	2026-01-27 09:59:50 -06:00
Robert Winch	74b93a19f6	Externalize java-toolchain configuration We should not use subprojects to perform configuration becaause it does not allow for lazy loading and it can cause ordering problems. In this case, the toolchain was not being used but instead it was using the JAVA_HOME. By splitting the configuration into a plugin and applying it to each project it fixes the toolchain configuration	2026-01-26 22:06:36 -06:00
Robert Winch	6dd6e8ebb1	Merge branch '6.5.x' into 7.0.x Closes gh-18235	2026-01-26 12:06:19 -06:00
Garvit Joshi	edd82ba82c	gh-18234: Create SHA-1 MessageDigest for every new check request Signed-off-by: Garvit Joshi <garvitjoshi9@gmail.com>	2026-01-26 11:06:25 -06:00
dependabot[bot]	cf656ce6e1	Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.25 to 1.5.26. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.25...v_1.5.26) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.26 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-26 03:11:50 +00:00
dependabot[bot]	f75e9c7138	Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.6 to 3.27.7. - [Release notes](https://github.com/assertj/assertj/releases) - [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.6...assertj-build-3.27.7) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-version: 3.27.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-26 03:11:34 +00:00
Daniel Garnier-Moiroux	7cfcfaefae	BearerTokenAuthenticationEntryPoint uses context path Closes gh-18528 Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>	2026-01-23 06:27:26 -05:00
Robert Winch	f7f5165321	Merge branch '6.5.x' into 7.0.x	2026-01-21 15:33:03 -06:00
Robert Winch	27f91e03f9	Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final	2026-01-21 15:32:25 -06:00
Robert Winch	b7230c367e	Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25	2026-01-21 15:32:20 -06:00
Robert Winch	cd72cb1f2e	Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25	2026-01-21 15:32:16 -06:00
Robert Winch	a865671526	Merge branch '6.4.x' into 6.5.x	2026-01-21 15:31:53 -06:00
Robert Winch	4f52b71be8	Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final	2026-01-21 15:31:04 -06:00
Robert Winch	398430f672	Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25	2026-01-21 15:30:50 -06:00
dependabot[bot]	03b3b852f5	Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 Bumps [io.spring.develocity.conventions](https://github.com/spring-io/develocity-conventions) from 0.0.24 to 0.0.25. - [Release notes](https://github.com/spring-io/develocity-conventions/releases) - [Commits](https://github.com/spring-io/develocity-conventions/compare/v0.0.24...v0.0.25) --- updated-dependencies: - dependency-name: io.spring.develocity.conventions dependency-version: 0.0.25 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-21 03:08:52 +00:00
dependabot[bot]	e54bb9f3f5	Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 Bumps [io.spring.develocity.conventions](https://github.com/spring-io/develocity-conventions) from 0.0.24 to 0.0.25. - [Release notes](https://github.com/spring-io/develocity-conventions/releases) - [Commits](https://github.com/spring-io/develocity-conventions/compare/v0.0.24...v0.0.25) --- updated-dependencies: - dependency-name: io.spring.develocity.conventions dependency-version: 0.0.25 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-21 03:06:52 +00:00
dependabot[bot]	30be114a5e	Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.24 to 1.5.25. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.24...v_1.5.25) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.25 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-19 03:22:36 +00:00
dependabot[bot]	75121bf455	Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.40.Final to 6.6.41.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.41/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.40...6.6.41) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.41.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-19 03:22:23 +00:00
dependabot[bot]	aa21e62fb8	Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.24 to 1.5.25. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.24...v_1.5.25) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.25 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-19 03:21:35 +00:00
dependabot[bot]	b58187082a	Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.40.Final to 6.6.41.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.41/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.40...6.6.41) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.41.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-19 03:21:26 +00:00
Robert Winch	bd3441caac	Merge branch '6.5.x' into 7.0.x	2026-01-16 15:18:39 -06:00
Robert Winch	8879aa83a3	Bump io.projectreactor:reactor-bom from 2024.0.13 to 2024.0.14	2026-01-16 15:17:34 -06:00
Josh Cummings	1f39a3dd3e	Merge branch '6.5.x' into 7.0.x	2026-01-15 12:41:22 -07:00
Josh Cummings	84b124d29d	Merge branch '6.4.x' into 6.5.x	2026-01-15 12:41:16 -07:00
songhee	fee6a9bb0e	docs: add CurrentSecurityContext section and link references Signed-off-by: songhee <songhee9327@gmail.com>	2026-01-15 12:31:58 -07:00
Josh Cummings	d2ed8321b4	Merge branch '6.5.x' into 7.0.x	2026-01-14 14:46:36 -07:00

1 2 3 4 5 ...

20034 Commits