Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-08 22:44:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,098 Commits 50 Branches 370 Tags
Commit Graph

20098 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Winch
6e30cd5417
Merge branch '7.0.x' 2026-01-26 22:06:54 -06:00
Robert Winch
74b93a19f6
Externalize java-toolchain configuration 
We should not use subprojects to perform configuration becaause it
does not allow for lazy loading and it can cause ordering problems.
In this case, the toolchain was not being used but instead it was
using the JAVA_HOME.

By splitting the configuration into a plugin and applying it to each
project it fixes the toolchain configuration
 2026-01-26 22:06:36 -06:00
Robert Winch
ea8bd1a01d
Merge branch '7.0.x' 
Closes gh-18595
 2026-01-26 12:17:24 -06:00
Robert Winch
6dd6e8ebb1
Merge branch '6.5.x' into 7.0.x 
Closes gh-18235
 2026-01-26 12:06:19 -06:00
Garvit Joshi
edd82ba82c gh-18234: Create SHA-1 MessageDigest for every new check request 
Signed-off-by: Garvit Joshi <garvitjoshi9@gmail.com>
 2026-01-26 11:06:25 -06:00
Andrey Litvitski
0a182f1f20 Add @Nullable to changePassword parameters in UserDetailsManager 
Closes: gh-18257

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-01-23 15:06:10 -06:00
Jay Choi
5e56877487 Remove compiler warnings for spring-security-acl 
Closes gh-18415

Signed-off-by: Jay Choi <jayyoungchoi22@gmail.com>
 2026-01-23 14:19:23 -06:00
Jay Choi
38356fda10 Remove compiler warnings for spring-security-webauthn 
Closes gh-18442

Signed-off-by: Jay Choi <jayyoungchoi22@gmail.com>
 2026-01-23 14:17:20 -06:00
Jay Choi
442d72ec12 Remove compiler warnings for spring-security-access 
Closes gh-18414

Signed-off-by: Jay Choi <jayyoungchoi22@gmail.com>
 2026-01-23 14:16:08 -06:00
Michael Lück
7513c859bd Fix javadoc warnings and apply plugin javadoc-warnings-error 
Closes to gh-18448

Signed-off-by: Michael Lück <michael@lueckonline.net>
 2026-01-23 14:13:54 -06:00
Robert Winch
1b3cf72fc9
Add Nullaway Checkstyle 
- Require package-info.java with @NullMarked in every package
- Suppress package checks for tests and modules that haven't been worked on
- Prevent non org.jspecify Nullability imports on enabled modules
- Validate Nullable is before modifiers

Closes gh-18564
 2026-01-23 10:42:53 -06:00
Robert Winch
d7fbf3673a
Fix consistency with Nullability Usage 
Issue gh-18564
 2026-01-23 10:42:53 -06:00
dependabot[bot]
ab3298e917 Bump io.spring.nullability:io.spring.nullability.gradle.plugin 
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin) from 0.0.9 to 0.0.10.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases)
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.9...v0.0.10)

---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
  dependency-version: 0.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-23 09:26:24 -06:00
dependabot[bot]
37b0813b26 Bump tools.jackson:jackson-bom from 3.0.3 to 3.0.4 
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 3.0.3 to 3.0.4.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.0.3...jackson-bom-3.0.4)

---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-23 09:26:04 -06:00
dependabot[bot]
0340e0e918 Bump lodash from 4.17.21 to 4.17.23 in /javascript 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-23 09:25:40 -06:00
Joe Grandja
fc5194d78b Merge branch '7.0.x' 2026-01-23 06:43:14 -05:00
Daniel Garnier-Moiroux
7cfcfaefae BearerTokenAuthenticationEntryPoint uses context path 
Closes gh-18528

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2026-01-23 06:27:26 -05:00
Robert Winch
e7203bf838
Null safety via JSpecify spring-security-acl 
Closes gh-18401
 2026-01-22 14:26:26 -06:00
Robert Winch
42e1e9fb67
Null safety via JSpecify spring-security-kerberos-test 
Closes gh-18551
 2026-01-21 17:53:12 -06:00
Robert Winch
91aee30906
Null safety via JSpecify spring-security-kerberos-client 
Closes gh-18552
 2026-01-21 17:46:40 -06:00
Robert Winch
8247d18122
Null safety via JSpecify spring-security-kerberos-web 
Closes gh-18550
 2026-01-21 17:39:38 -06:00
Robert Winch
f942ead2eb
Null safety via JSpecify spring-security-kerberos-core 
Closes gh-18549
 2026-01-21 17:29:59 -06:00
Michael Lück
b970746a03 Apply plugin javadoc-warnings-error - no javadoc issues found 
Relates to gh-18457

Signed-off-by: Michael Lück <git@lueckonline.net>
 2026-01-21 16:56:36 -06:00
Michael Lück
131d3741b2 Apply plugin javadoc-warnings-error - no javadoc issues found 
Relates to gh-18458

Signed-off-by: Michael Lück <git@lueckonline.net>
 2026-01-21 16:54:53 -06:00
Junmo
e7aa15cb81 Remove javadoc warnings for spring-security-data 
- Add javadoc-warnings-error plugin to spring-security-data.gradle
- Add missing @param tag in setSecurityContextHolderStrategy method

Closes gh-18451

Signed-off-by: Junmo <hongjm1022@gmail.com>
 2026-01-21 16:45:45 -06:00
dev.paramjot
af73f85f66 Fix formatting in HttpSecurity.java documentation 
Signed-off-by: dev.paramjot <50148441+ParamjotSingh5@users.noreply.github.com>
 2026-01-21 16:43:03 -06:00
Jeongwon Been
39544e1b9e Fail build on Javadoc warnings in crypto module 
Apply the javadoc-warnings-error plugin to spring-security-crypto to
ensure that new Javadoc warnings fail the build and prevent regressions.

Closes gh-18450
Signed-off-by: Jeongwon Been <congcoding@gmail.com>
 2026-01-21 16:41:34 -06:00
Jeongwon Been
d07d3a13d1 Fix Javadoc warnings in Argon2PasswordEncoder 
Wrap bit-shift expressions in {@code ...} so that Javadoc does not parse
'<' as HTML and emit invalid input warnings.

Signed-off-by: Jeongwon Been <congcoding@gmail.com>
 2026-01-21 16:41:34 -06:00
Michael Lück
bf6bed01af fail build on javadoc warnings. 
Found no existing warnings by running ./gradlew --no-build-cache clean :spring-security-cas:javadoc

Closes gh-18447

Signed-off-by: Michael Lück <git@lueckonline.net>
 2026-01-21 16:39:08 -06:00
Jay Choi
74c454a5c7 Remove javadoc warnings for spring-security-kerberos-web 
Closes gh-18456

Signed-off-by: Jay Choi <jayyoungchoi22@gmail.com>
 2026-01-21 16:38:49 -06:00
Joe Kuhel
2206815ad9 Fix javadoc warning in spring-security-access 
Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
 2026-01-21 16:34:58 -06:00
Jay Choi
6695505676 Remove javadoc warnings for spring-security-kerberos-test 
Closes gh-18455

Signed-off-by: Jay Choi <jayyoungchoi22@gmail.com>
 2026-01-21 16:19:41 -06:00
Jay Choi
6b4649ad3e Remove javadoc warnings for spring-security-kerberos-core 
Closes gh-18454

Signed-off-by: Jay Choi <jayyoungchoi22@gmail.com>
 2026-01-21 16:18:48 -06:00
Jay Choi
7ace59c411 Remove javadoc warnings for spring-security-kerberos-client 
Closes gh-18453

Signed-off-by: Jay Choi <jayyoungchoi22@gmail.com>
 2026-01-21 16:17:08 -06:00
Robert Winch
1cfb3033e9 Run ./gradlew foramt 
Fixes formatting for gh-18516
 2026-01-21 16:08:04 -06:00
chanjin-lee
021f84b2df Core: Fix Javadoc invalid references and improve clarity 
- Update package-info to reference AuthorizationManager instead of AccessDecisionManager
- Improve RoleHierarchyUtils documentation with fromHierarchy() and builder-based alternatives
- Refine AuthenticationTrustResolver return description by removing redundant comma and symbol

Signed-off-by: chanjin-lee <chanjin23@naver.com>
 2026-01-21 16:08:04 -06:00
chanjin-lee
e5b934d1a5 Core: Remove javadoc warnings 
Closes gh-18449

Signed-off-by: chanjin-lee <chanjin23@naver.com>
 2026-01-21 16:08:04 -06:00
alpin87
e3f1690396 feat: Javadoc warnings as errors in spring-security-acl 
Signed-off-by: alpin87 <qortmdals94@naver.com>
 2026-01-21 16:00:01 -06:00
alpin87
1fb335c3b1 Fix: Javadoc warning in AclPermissionEvaluator 
Signed-off-by: alpin87 <qortmdals94@naver.com>
 2026-01-21 16:00:01 -06:00
zoo-code
cd2be2fc1c Enable javadoc-warnings-error for oauth2-resource-server 
Closes gh-18463

Signed-off-by: zoo-code <kyj20908@naver.com>
 2026-01-21 15:49:55 -06:00
Robert Winch
feb3e9c3cc
Bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.20.2 2026-01-21 15:34:02 -06:00
Robert Winch
95d31a3754
Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 2026-01-21 15:33:58 -06:00
Robert Winch
ef7bb7d334
Merge branch '7.0.x' 2026-01-21 15:33:42 -06:00
Robert Winch
f7f5165321
Merge branch '6.5.x' into 7.0.x 2026-01-21 15:33:03 -06:00
Robert Winch
27f91e03f9
Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final 2026-01-21 15:32:25 -06:00
Robert Winch
b7230c367e
Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25 2026-01-21 15:32:20 -06:00
Robert Winch
cd72cb1f2e
Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 2026-01-21 15:32:16 -06:00
Robert Winch
a865671526
Merge branch '6.4.x' into 6.5.x 2026-01-21 15:31:53 -06:00
Robert Winch
4f52b71be8
Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final 2026-01-21 15:31:04 -06:00
Robert Winch
398430f672
Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25 2026-01-21 15:30:50 -06:00