Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-22 00:41:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,815 Commits 49 Branches 379 Tags
Commit Graph

20815 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
63d4dcb83e
Use SHA Hashes 
This commit updates workflows to use SHA hashes to
reference other actions and workflows

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-17 14:37:14 -06:00
Josh Cummings
8c9e6609a5
Merge branch '7.0.x' 2026-04-17 14:27:24 -06:00
Josh Cummings
a2358bbc83
Use SHA Hashes 
This commit updates workflows to use SHA hashes to
reference other actions and workflows

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-17 14:27:09 -06:00
Josh Cummings
22b848024f
Merge branch '7.0.x' 2026-04-17 14:16:22 -06:00
Josh Cummings
fbe09c26ae
Merge branch '6.5.x' into 7.0.x 2026-04-17 14:16:09 -06:00
Josh Cummings
5b638a54a4
Use SHA Hashes 
This commit updates workflows that were using tags to instead
use SHA hashes to reference actions and workflows

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-17 14:15:50 -06:00
Josh Cummings
ce8b8ecc8c Merge branch '7.0.x' 2026-04-17 11:58:43 -06:00
Josh Cummings
d0d2ac545b Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-04-17 11:58:35 -06:00
dependabot[bot]
51eef2b980 Bump io.projectreactor:reactor-bom from 2024.0.16 to 2024.0.17 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2024.0.16 to 2024.0.17.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2024.0.16...2024.0.17)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2024.0.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:57:33 -06:00
Josh Cummings
f966e10b04 Merge remote-tracking branch 'origin/7.0.x' 2026-04-17 11:54:57 -06:00
Josh Cummings
63cd037188 Fix Unit Test 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-17 11:54:31 -06:00
dependabot[bot]
d3e349c290 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.31.1.RELEASE to 0.31.2.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.31.1.RELEASE...0.31.2.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.31.2.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:54:31 -06:00
dependabot[bot]
bc16a6f723 Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.4 to 2025.0.5.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.4...2025.0.5)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:54:13 -06:00
Josh Cummings
7d2f2cb130 Merge branch '7.0.x' 2026-04-17 11:13:50 -06:00
dependabot[bot]
e480da69e9 Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.10 to 1.14.11.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.10...v1.14.11)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:12:01 -06:00
dependabot[bot]
1d466f86a0 Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 
Bumps [spring-io/spring-release-actions](https://github.com/spring-io/spring-release-actions) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/spring-io/spring-release-actions/releases)
- [Commits](https://github.com/spring-io/spring-release-actions/compare/0.0.3...0.0.4)

---
updated-dependencies:
- dependency-name: spring-io/spring-release-actions
  dependency-version: 0.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:11:39 -06:00
dependabot[bot]
9dfa5cf713 Bump actions/upload-artifact from 7.0.0 to 7.0.1 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](bbbca2ddaa...043fb46d1a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:11:17 -06:00
dependabot[bot]
bd8bdb8a98 Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/4.0.2...4.0.3)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 4.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:10:57 -06:00
dependabot[bot]
302cfb116e Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.10 to 1.14.11.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.10...v1.14.11)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:08:19 -06:00
dependabot[bot]
695ea1717f Bump org.hibernate.orm:hibernate-core from 6.6.47.Final to 6.6.48.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.47.Final to 6.6.48.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.48/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.47...6.6.48)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.48.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:07:58 -06:00
dependabot[bot]
1206c2b141 Bump actions/upload-artifact from 7.0.0 to 7.0.1 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](bbbca2ddaa...043fb46d1a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:07:36 -06:00
dependabot[bot]
3539f06146 Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 
Bumps [spring-io/spring-release-actions](https://github.com/spring-io/spring-release-actions) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/spring-io/spring-release-actions/releases)
- [Commits](https://github.com/spring-io/spring-release-actions/compare/0.0.3...0.0.4)

---
updated-dependencies:
- dependency-name: spring-io/spring-release-actions
  dependency-version: 0.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:07:08 -06:00
Josh Cummings
5aa605b45a Fix Unit Test 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-17 17:06:32 +00:00
dependabot[bot]
67e1d42b76 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.31.1.RELEASE to 0.31.2.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.31.1.RELEASE...0.31.2.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.31.2.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 17:06:32 +00:00
dependabot[bot]
668ef4b179 Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/4.0.2...4.0.3)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 4.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 03:18:09 +00:00
dependabot[bot]
0435444be6 Bump actions/upload-artifact from 7.0.0 to 7.0.1 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](bbbca2ddaa...043fb46d1a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 00:46:12 +00:00
dependabot[bot]
decd912be0 Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 
Bumps [spring-io/spring-release-actions](https://github.com/spring-io/spring-release-actions) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/spring-io/spring-release-actions/releases)
- [Commits](https://github.com/spring-io/spring-release-actions/compare/0.0.3...0.0.4)

---
updated-dependencies:
- dependency-name: spring-io/spring-release-actions
  dependency-version: 0.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 00:45:56 +00:00
Josh Cummings
83ba30d138
Merge branch '7.0.x' 2026-04-15 15:05:04 -06:00
Josh Cummings
4ec000a07c
Merge branch '6.5.x' into 7.0.x 2026-04-15 15:04:51 -06:00
Josh Cummings
3cf9397a7d
Polish HtmlTemplates 
This commit changes HtmlTemplates to use replace
instead of replaceAll since supporting regex in template
keys is not needed.

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-15 14:59:29 -06:00
dependabot[bot]
6e894fd6b7 Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.4 to 2025.0.5.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.4...2025.0.5)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-15 03:23:14 +00:00
dependabot[bot]
5fcde78384 Bump io.micrometer:micrometer-observation from 1.16.4 to 1.16.5 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.16.4 to 1.16.5.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.16.4...v1.16.5)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.16.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-14 03:18:32 +00:00
dependabot[bot]
077d300487 Bump org-bouncycastle from 1.83 to 1.84 
Bumps `org-bouncycastle` from 1.83 to 1.84.

Updates `org.bouncycastle:bcpkix-jdk18on` from 1.83 to 1.84
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

Updates `org.bouncycastle:bcprov-jdk18on` from 1.83 to 1.84
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

---
updated-dependencies:
- dependency-name: org.bouncycastle:bcpkix-jdk18on
  dependency-version: '1.84'
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.bouncycastle:bcprov-jdk18on
  dependency-version: '1.84'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-14 03:18:13 +00:00
dependabot[bot]
6731e340ce Bump io.spring.nullability:io.spring.nullability.gradle.plugin 
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin) from 0.0.12 to 0.0.13.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases)
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.12...v0.0.13)

---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
  dependency-version: 0.0.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-14 03:17:48 +00:00
dependabot[bot]
4e34f79670 Bump org.hibernate.orm:hibernate-core from 7.3.0.Final to 7.3.1.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.3.0.Final to 7.3.1.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/7.3.1/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/7.3.0...7.3.1)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 7.3.1.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-13 03:22:40 +00:00
dependabot[bot]
623ff756f1 Bump org.seleniumhq.selenium:htmlunit3-driver from 4.41.0 to 4.43.0 
Bumps [org.seleniumhq.selenium:htmlunit3-driver](https://github.com/SeleniumHQ/htmlunit-driver) from 4.41.0 to 4.43.0.
- [Release notes](https://github.com/SeleniumHQ/htmlunit-driver/releases)
- [Commits](https://github.com/SeleniumHQ/htmlunit-driver/compare/4.41.0...4.43.0)

---
updated-dependencies:
- dependency-name: org.seleniumhq.selenium:htmlunit3-driver
  dependency-version: 4.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-13 03:22:15 +00:00
dependabot[bot]
be666d71c5 Bump tools.jackson:jackson-bom from 3.1.1 to 3.1.2 
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 3.1.1 to 3.1.2.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.1.1...jackson-bom-3.1.2)

---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-13 03:21:45 +00:00
Joe Grandja
f8359ef619 Polish gh-17202 2026-04-10 07:40:34 -04:00
Max Batischev
fc6a4c8220 Add Support DPoP Customization 
Closes gh-16940

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2026-04-10 07:09:24 -04:00
dependabot[bot]
d6b97c7919 Bump @springio/antora-extensions from 1.14.9 to 1.14.11 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.9 to 1.14.11.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.9...v1.14.11)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-10 00:45:55 +00:00
Josh Cummings
036ccff1f5 Move Focus to OTT Button When Username is Read-Only 
Closes gh-18817

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-07 18:32:15 -06:00
Anantha Krishnan
245733a631 fix: restore native form submission for OTT login 
Signed-off-by: Anantha Krishnan <ananthakrishnanj2001@gmail.com>
 2026-04-07 18:32:15 -06:00
Josh Cummings
229eb3ea46 Defer SecureRandom Construction Until Usage 
Issue gh-17824

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-07 18:20:24 -06:00
Josh Cummings
c21fc6c433 Use Static Holder 
By using a static holder, we can leave method contracts
as-is and still maintain the performance benefit.

Issue gh-17824

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-07 18:20:24 -06:00
Yerin Lee
7c31eb58ac Also deprecate BCrypt.gensalt(int) without SecureRandom parameter 
- Deprecates BCrypt.gensalt(int) method

Closes gh-17824

Signed-off-by: Yerin Lee <rt8632@naver.com>
 2026-04-07 18:20:24 -06:00
Yerin Lee
d4f49a5b43 Deprecate BCrypt.gensalt() without SecureRandom parameter 
Creating a new SecureRandom instance on every call causes
unnecessary performance overhead. This change:

- Deprecates BCrypt.gensalt(String, int) method
- Modifies BCryptPasswordEncoder constructors to create
  and reuse SecureRandom instances
- Maintains backward compatibility

All existing tests pass.

Closes gh-17824

Signed-off-by: Yerin Lee <rt8632@naver.com>
 2026-04-07 18:20:24 -06:00
Josh Cummings
6d20e02173 Update whats-new 
Issue gh-18113

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-07 16:21:15 -06:00
Josh Cummings
0c6b73d123 WebAuthn Publishes Authentication Events 
Closes gh-18113

Signed-off-by: suuuuuuminnnnnn <sumin45402214@gmail.com>
 2026-04-07 16:21:15 -06:00
Joe Grandja
f66fb0814b Fix merge 2026-04-07 16:12:34 -04:00
Joe Grandja
3008848158 Merge branch '7.0.x' 2026-04-07 15:47:01 -04:00