Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-30 00:32:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,098 Commits 38 Branches 345 Tags
Commit Graph

18098 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
5abbcecccc
Update to 7.0.0-SNAPSHOT 
Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
 2025-05-06 13:26:14 -05:00
Rob Winch
c385a59b68
Improve SchemaZipPlugin Error Message 
Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
 2025-05-06 13:26:14 -05:00
Josh Cummings
184cd96ee6
Don't Update Minor Versions During RC Phase 2025-05-06 11:56:41 -06:00
Zhoudong
6624e302ac Favor Spring Framework NonNull over Reactor NonNull 
Signed-off-by: Zhoudong <jearton@users.noreply.github.com>
 2025-05-06 10:52:05 -06:00
dependabot[bot]
0c7e43a462 Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-06 10:15:28 -06:00
Rob Winch
9b79b99150
Merge branch '6.4.x' 
- Correct method name in logout.adoc

Closes gh-17049
 2025-05-06 10:24:14 -05:00
Rob Winch
63d79a97db
Merge branch '6.3.x' into 6.4.x 
- Correct method name in logout.adoc

Closes gh-17048
 2025-05-06 10:23:58 -05:00
Tran Ngoc Nhan
505fe3abed
Correct method name 
Closes gh-17031

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-06 10:17:29 -05:00
Josh Cummings
1a9f62dce4
Merge branch '6.4.x' 2025-05-05 16:00:59 -06:00
Josh Cummings
0220e471bb
Move Serialization Samples 
To make SpringSecurityCoreVersionSerializableTests more manageable,
this commit moves the sample class constructions to a separate file.
In this way, the tests file only changes when serialization tests are
added. When classes are introduced, they can be added to SerializationSamples,
separating the two concerns
 2025-05-05 15:51:10 -06:00
Josh Cummings
12a18c3792
Polish Serialization Tests 
If Instancio fails to instatiate the class sample, it will
now also delete the serialized sample file. Otherwise, it will
leave a zero-byte file on the filesystem, confusing future test runs
 2025-05-05 15:39:33 -06:00
Josh Cummings
d04f7071c2
Add Missing Serialization Samples 
Closes gh-17038
 2025-05-05 15:34:24 -06:00
Josh Cummings
8726e547d5
Add Serialization Samples for 6.5 
Issue gh-16221
 2025-05-05 15:31:51 -06:00
Josh Cummings
2949b5d5a4
Regenerate Incorrect Serialization Files 
Given that these classes each have a consistent serialization UID
across minor versions, but that the 6.5.x serialized version is using a
different UID, these serialized files were likely generated in error.
As such, this commit replaces the serialized files with correct ones.

Issue gh-16432
 2025-05-05 15:30:15 -06:00
Josh Cummings
34a9f57aa6
Merge branch '6.4.x' 2025-05-05 15:29:44 -06:00
Josh Cummings
c3c2bcd6b7
Ignore Serialization in Test Components 
Since we don't need to ensure the serializability of test components
across versions, we can ignore missing version UIDs when those
test components aren't about testing Java serialization.

Issue gh-17038
 2025-05-05 15:09:50 -06:00
Josh Cummings
39fdceab59
Add Missing Serializable Samples 
Issue gh-17038
 2025-05-05 15:09:50 -06:00
Josh Cummings
65d53beff8
Polish Serialization Tests 
- Error when public, non-ignored, serializable file is missing a sample
- Provide mechanism for creating an InstancioApi from scratch

Issue gh-17038
 2025-05-05 15:09:49 -06:00
Josh Cummings
34afa64c0c
Add Current-Version Deserialization Test 
We should test that serialized files from the current minor version
can be deserialized. This ensures that serializations remain
deserializable in patch releases.

Issue gh-3737
 2025-05-05 15:09:43 -06:00
Rob Winch
74e6bf2d11
Merge branch '6.4.x' 
- remove update-dependabot action
 2025-05-05 13:36:15 -05:00
Rob Winch
b5e1c3770b
Merge branch '6.3.x' into 6.4.x 
- remove update-dependabot action
 2025-05-05 13:36:01 -05:00
Rob Winch
9710492619
remove update-dependabot action 2025-05-05 13:34:16 -05:00
Rob Winch
d4a0f8bbe8
Merge branch '6.4.x' 
- Use pull-request: write for gradlew updates
 2025-05-05 13:24:32 -05:00
Rob Winch
6dc8cd1f60
Merge branch '6.3.x' into 6.4.x 
- Use pull-request: write for gradlew updates
 2025-05-05 13:23:35 -05:00
Rob Winch
9436796973
Use pull-request: write for gradlew updates 
Explicitly provide the permissions required for updating the Gradle
wrapper
 2025-05-05 11:49:08 -05:00
Josh Cummings
df640f22dc
Merge branch '6.4.x' 2025-05-02 15:59:13 -06:00
Josh Cummings
92160fa26f
Merge branch '6.3.x' into 6.4.x 
Closes gh-17034
 2025-05-02 15:58:58 -06:00
Josh Cummings
51239359ed
Fix ClearSiteData Code Snippet 
Closes gh-16948
 2025-05-02 15:57:31 -06:00
Rob Winch
5c92d90e36
Align Dependabot PRs with CONTRIBUTING 
Previously Dependabot was setup to submit PRs to every branch.
However, this does not align with the contributing guidelines which
state to only submit a PR on the oldest branch so that merge forward
strategy can be used.

This changes the dependabot configuration to better align with our
contributing guidelines:

- PRs for github actions are submitted against the oldest branch since
  all branches will need updated using a merge forward stategy. Merging a
  github action will require us to merge forward manually and preserve
  the changes in the oldest branch to pickup the github actions update.
- Java dependencieds are submitted against each branch since they will
  need to merge -s ours to preserve the correct major.minor semantics.
  Merging a java dependency will now require us to do the merging manually.
 2025-05-02 15:04:20 -05:00
Josh Cummings
aa338e9b0d
Merge branch '6.4.x' 2025-05-02 10:58:22 -06:00
Josh Cummings
57fc29e614
Merge branch '6.3.x' into 6.4.x 
Closes gh-17032
 2025-05-02 10:57:55 -06:00
Josh Cummings
e48f26e51e
Propagate StrictFirewallRequest Wrapper 
Closes gh-16978
 2025-05-02 10:57:07 -06:00
Rob Winch
084408c22c
Merge branch '6.4.x' 
- codeql uses ubuntu-latest
 2025-05-02 11:50:08 -05:00
Rob Winch
a26a64d213
Merge branch '6.3.x' into 6.4.x 
- codeql uses ubuntu-latest
 2025-05-02 11:49:50 -05:00
Rob Winch
3b7e3a6c5c
codeql uses ubuntu-latest 2025-05-02 11:49:41 -05:00
Rob Winch
9bf1212420
Merge branch '6.4.x' 
- rm mark-duplicate-dependabot-prs.yml
 2025-05-02 11:26:59 -05:00
Rob Winch
fa533ea5e2
Merge branch '6.3.x' into 6.4.x 
- rm mark-duplicate-dependabot-prs.yml
 2025-05-02 11:26:47 -05:00
Rob Winch
a04025c114
rm mark-duplicate-dependabot-prs.yml 2025-05-02 11:26:41 -05:00
Rob Winch
771fe108b3
Merge branch '6.4.x' 
- Remove automerge forward
 2025-05-02 11:24:28 -05:00
Rob Winch
99cede5e08
Merge branch '6.3.x' into 6.4.x 
- Remove automerge forward
 2025-05-02 11:23:14 -05:00
Rob Winch
1564076276
Remove automerge forward 2025-05-02 11:23:01 -05:00
Rob Winch
e062be6c99
Merge branch '6.4.x' 
- Add .github/workflows/codeql.yml
 2025-05-02 11:17:40 -05:00
Rob Winch
389ba794fa
Merge branch '6.3.x' into 6.4.x 
- Add .github/workflows/codeql.yml
 2025-05-02 11:17:07 -05:00
Rob Winch
ae09f36291
Add .github/workflows/codeql.yml 2025-05-02 11:15:37 -05:00
Josh Cummings
28091c8563 Merge branch '6.4.x' 2025-05-01 12:03:19 -06:00
Josh Cummings
c4a0dfe838 Merge remote-tracking branch 'origin/6.3.x' into 6.4.x 2025-05-01 12:03:05 -06:00
Soumik Sarker
bcef6ed74f Reformatted lines in x509 overview documentation 
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2025-05-01 12:02:45 -06:00
dependabot[bot]
742265375d Bump io.mockk:mockk from 1.14.0 to 1.14.2 
Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.14.0 to 1.14.2.
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](https://github.com/mockk/mockk/compare/1.14.0...1.14.2)

---
updated-dependencies:
- dependency-name: io.mockk:mockk
  dependency-version: 1.14.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-01 07:32:16 -06:00
dependabot[bot]
71421c68ba Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.0.RELEASE to 0.29.1.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.0.RELEASE...0.29.1.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.1.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-01 07:31:50 -06:00
hammadirshad
1a4602c8c3 Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter 
Closes gh-16806

Signed-off-by: muha <muha@kreftregisteret.no>
 2025-04-30 10:09:41 -04:00