spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-26 13:53:14 +00:00

Author	SHA1	Message	Date
dependabot[bot]	7a62f4eec8	Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:22:42 -06:00
Josh Cummings	518918e197	Merge remote-tracking branch 'origin/6.4.x' into 6.5.x	2025-05-13 12:21:31 -06:00
dependabot[bot]	11eac05dfd	Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:20:38 -06:00
Josh Cummings	26650b20fb	Merge branch '6.4.x' into 6.5.x	2025-05-13 12:18:51 -06:00
Josh Cummings	3a36197d7a	Merge branch '6.3.x' into 6.4.x	2025-05-13 12:17:29 -06:00
dependabot[bot]	a001f27690	Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:15:42 -06:00
Josh Cummings	26f359a4db	Merge branch '6.4.x' into 6.5.x	2025-05-13 11:18:31 -06:00
Josh Cummings	5ba4ab5e11	Merge branch '6.3.x' into 6.4.x	2025-05-13 11:18:02 -06:00
Danilo Piazzalunga	27319e3f9b	Add missing registration property in YAML listing Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>	2025-05-13 11:17:35 -06:00
Danilo Piazzalunga	ec462e8bc5	Update assertingparty property usage in YAML snippets Spring Boot 2.7 renamed spring.security.saml2.relyingparty.registration..identityprovider. to spring.security.saml2.relyingparty.registration..assertingparty.. Closes gh-12810. Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>	2025-05-13 11:17:35 -06:00
yybmion	d48c463c03	Add logging to CsrfTokenRequestHandler implementations Add trace-level logging to show the logical path of CSRF token processing - Log token source (header or parameter) in resolveCsrfTokenValue - Log request attribute names in handle methods - Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding) - Add similar logging to XorServerCsrfTokenRequestAttributeHandler Improves debugging capabilities without changing functionality. Closes gh-13626 Signed-off-by: yybmion <yunyubin54@gmail.com>	2025-05-12 18:49:40 -06:00
Joe Grandja	e3c39f02bc	Add documentation for DPoP support Closes gh-17072	2025-05-09 16:02:14 -04:00
Rob Winch	3110f3679a	Merge branch '6.4.x' into 6.5.x - Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 Closes gh-17069	2025-05-07 10:01:39 -05:00
dependabot[bot]	8fcf181ff0	Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.3 to 2.18.4. - [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.3...jackson-bom-2.18.4) --- updated-dependencies: - dependency-name: com.fasterxml.jackson:jackson-bom dependency-version: 2.18.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-07 03:30:49 +00:00
Josh Cummings	1ec084886a	Revert "Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0" This reverts commit 226e81d7f55d38603f3f179d3e32caf3e7ed6a20. Given that we are in the RC phase, we do not want to do minor version upgrades	2025-05-06 16:55:22 -06:00
Josh Cummings	211b1b7285	Update Method Security Migration Steps	2025-05-06 16:44:20 -06:00
Josh Cummings	84db5bb312	Add Cookie Customizer Migration Steps	2025-05-06 16:43:04 -06:00
Josh Cummings	74a25c3fc1	Add shouldFilterAllDispatcherTypes Migration Steps	2025-05-06 16:40:10 -06:00
Josh Cummings	084990736e	Move Opaque Token Migration Steps	2025-05-06 16:39:16 -06:00
Josh Cummings	c6bba38458	Update SAML 2.0 Migration Steps	2025-05-06 16:38:32 -06:00
Josh Cummings	45b453f59b	Add ACL Migration Steps	2025-05-06 16:38:19 -06:00
Max Batischev	66e614cb0b	WebAuthnConfigurer Code Cleanup Signed-off-by: Max Batischev <mblancer@mail.ru>	2025-05-06 15:20:08 -05:00
Max Batischev	421fcaee12	Add Assertions To WebAuthnConfigurer Signed-off-by: Max Batischev <mblancer@mail.ru>	2025-05-06 15:20:08 -05:00
Josh Cummings	184cd96ee6	Don't Update Minor Versions During RC Phase	2025-05-06 11:56:41 -06:00
Zhoudong	6624e302ac	Favor Spring Framework NonNull over Reactor NonNull Signed-off-by: Zhoudong <jearton@users.noreply.github.com>	2025-05-06 10:52:05 -06:00
dependabot[bot]	dd0b26a992	Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6. - [Release notes](https://github.com/spring-io/spring-security-release-tools/releases) - [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6) --- updated-dependencies: - dependency-name: io.spring.gradle:spring-security-release-plugin dependency-version: 1.0.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-06 10:15:39 -06:00
dependabot[bot]	0c7e43a462	Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6. - [Release notes](https://github.com/spring-io/spring-security-release-tools/releases) - [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6) --- updated-dependencies: - dependency-name: io.spring.gradle:spring-security-release-plugin dependency-version: 1.0.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-06 10:15:28 -06:00
dependabot[bot]	a4111a606b	Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6. - [Release notes](https://github.com/spring-io/spring-security-release-tools/releases) - [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6) --- updated-dependencies: - dependency-name: io.spring.gradle:spring-security-release-plugin dependency-version: 1.0.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-06 10:15:11 -06:00
Rob Winch	9b79b99150	Merge branch '6.4.x' - Correct method name in logout.adoc Closes gh-17049	2025-05-06 10:24:14 -05:00
Rob Winch	63d79a97db	Merge branch '6.3.x' into 6.4.x - Correct method name in logout.adoc Closes gh-17048	2025-05-06 10:23:58 -05:00
Tran Ngoc Nhan	505fe3abed	Correct method name Closes gh-17031 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-05-06 10:17:29 -05:00
Josh Cummings	1a9f62dce4	Merge branch '6.4.x'	2025-05-05 16:00:59 -06:00
Josh Cummings	0220e471bb	Move Serialization Samples To make SpringSecurityCoreVersionSerializableTests more manageable, this commit moves the sample class constructions to a separate file. In this way, the tests file only changes when serialization tests are added. When classes are introduced, they can be added to SerializationSamples, separating the two concerns	2025-05-05 15:51:10 -06:00
Josh Cummings	12a18c3792	Polish Serialization Tests If Instancio fails to instatiate the class sample, it will now also delete the serialized sample file. Otherwise, it will leave a zero-byte file on the filesystem, confusing future test runs	2025-05-05 15:39:33 -06:00
Josh Cummings	d04f7071c2	Add Missing Serialization Samples Closes gh-17038	2025-05-05 15:34:24 -06:00
Josh Cummings	8726e547d5	Add Serialization Samples for 6.5 Issue gh-16221	2025-05-05 15:31:51 -06:00
Josh Cummings	2949b5d5a4	Regenerate Incorrect Serialization Files Given that these classes each have a consistent serialization UID across minor versions, but that the 6.5.x serialized version is using a different UID, these serialized files were likely generated in error. As such, this commit replaces the serialized files with correct ones. Issue gh-16432	2025-05-05 15:30:15 -06:00
Josh Cummings	34a9f57aa6	Merge branch '6.4.x'	2025-05-05 15:29:44 -06:00
Josh Cummings	c3c2bcd6b7	Ignore Serialization in Test Components Since we don't need to ensure the serializability of test components across versions, we can ignore missing version UIDs when those test components aren't about testing Java serialization. Issue gh-17038	2025-05-05 15:09:50 -06:00
Josh Cummings	39fdceab59	Add Missing Serializable Samples Issue gh-17038	2025-05-05 15:09:50 -06:00
Josh Cummings	65d53beff8	Polish Serialization Tests - Error when public, non-ignored, serializable file is missing a sample - Provide mechanism for creating an InstancioApi from scratch Issue gh-17038	2025-05-05 15:09:49 -06:00
Josh Cummings	34afa64c0c	Add Current-Version Deserialization Test We should test that serialized files from the current minor version can be deserialized. This ensures that serializations remain deserializable in patch releases. Issue gh-3737	2025-05-05 15:09:43 -06:00
Rob Winch	74e6bf2d11	Merge branch '6.4.x' - remove update-dependabot action	2025-05-05 13:36:15 -05:00
Rob Winch	b5e1c3770b	Merge branch '6.3.x' into 6.4.x - remove update-dependabot action	2025-05-05 13:36:01 -05:00
Rob Winch	9710492619	remove update-dependabot action	2025-05-05 13:34:16 -05:00
Rob Winch	d4a0f8bbe8	Merge branch '6.4.x' - Use pull-request: write for gradlew updates	2025-05-05 13:24:32 -05:00
Rob Winch	6dc8cd1f60	Merge branch '6.3.x' into 6.4.x - Use pull-request: write for gradlew updates	2025-05-05 13:23:35 -05:00
Rob Winch	9436796973	Use pull-request: write for gradlew updates Explicitly provide the permissions required for updating the Gradle wrapper	2025-05-05 11:49:08 -05:00
Josh Cummings	df640f22dc	Merge branch '6.4.x'	2025-05-02 15:59:13 -06:00
Josh Cummings	92160fa26f	Merge branch '6.3.x' into 6.4.x Closes gh-17034	2025-05-02 15:58:58 -06:00

1 2 3 4 5 ...

18121 Commits