Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 05:22:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,447 Commits 55 Branches 348 Tags
Commit Graph

16447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
7dbd69fee1 Next development version 2025-03-17 21:31:02 +00:00
github-actions[bot]
147081f771 Release 6.3.8 6.3.8 2025-03-17 20:59:34 +00:00
dependabot[bot]
709d9bc039 Bump org.springframework:spring-framework-bom from 6.1.17 to 6.1.18 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.17 to 6.1.18.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.17...v6.1.18)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-17 13:01:51 -07:00
dependabot[bot]
d9bb16e913 Bump io.projectreactor:reactor-bom from 2023.0.15 to 2023.0.16 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.15 to 2023.0.16.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.15...2023.0.16)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-17 12:49:50 -07:00
dependabot[bot]
11114919ec Bump org.springframework.data:spring-data-bom from 2024.0.9 to 2024.0.10 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.0.9 to 2024.0.10.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.9...2024.0.10)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-17 12:49:20 -07:00
Rob Winch
adb303e152
Add testRuntimeOnly junit-platform-launcher 
Closes gh-16755
 2025-03-17 14:16:44 -05:00
Joe Grandja
46f0dc6dfc Enforce BCrypt password length 2025-03-17 13:23:27 -04:00
Josh Cummings
36ea1b11a7
Fix Compilation Error 
Issue gh-16697
 2025-03-17 09:43:21 -06:00
Josh Cummings
e793a962c5
Remove s101 From Builds 
Issue gh-16752
 2025-03-17 09:42:49 -06:00
Josh Cummings
46cd94b5f4
SpEL Propagates Authorization Exceptions 
Closes gh-16697
 2025-03-04 09:51:55 -07:00
dependabot[bot]
acd2de4553 Bump io.mockk:mockk from 1.13.16 to 1.13.17 
Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.13.16 to 1.13.17.
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](https://github.com/mockk/mockk/commits)

---
updated-dependencies:
- dependency-name: io.mockk:mockk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-27 19:37:43 -08:00
dependabot[bot]
31f593cca2 Bump org.jfrog.buildinfo:build-info-extractor-gradle 
Bumps [org.jfrog.buildinfo:build-info-extractor-gradle](https://github.com/jfrog/build-info) from 4.33.23 to 4.33.24.
- [Release notes](https://github.com/jfrog/build-info/releases)
- [Changelog](https://github.com/jfrog/build-info/blob/master/RELEASE.md)
- [Commits](https://github.com/jfrog/build-info/compare/build-info-gradle-extractor-4.33.23...build-info-gradle-extractor-4.33.24)

---
updated-dependencies:
- dependency-name: org.jfrog.buildinfo:build-info-extractor-gradle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-26 19:34:57 -08:00
dependabot[bot]
64bdcecdcd Bump org.slf4j:slf4j-api from 2.0.16 to 2.0.17 
Bumps org.slf4j:slf4j-api from 2.0.16 to 2.0.17.

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-25 19:57:42 -08:00
dependabot[bot]
bc0fd60e1a Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.17 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.16 to 1.5.17.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.16...v_1.5.17)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-25 19:55:25 -08:00
Tran Ngoc Nhan
a0cfb2777c Fix typo 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-02-24 12:49:18 -07:00
dependabot[bot]
e8206b42d2 Bump @springio/antora-extensions from 1.14.2 to 1.14.4 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.2 to 1.14.4.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.2...v1.14.4)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-23 17:49:04 -08:00
github-actions[bot]
0737957f94 Next development version 2025-02-18 17:17:05 +00:00
github-actions[bot]
77892d571f Release 6.3.7 6.3.7 2025-02-18 16:52:08 +00:00
dependabot[bot]
06026684e5 Bump org.springframework.data:spring-data-bom from 2024.0.8 to 2024.0.9 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.0.8 to 2024.0.9.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.8...2024.0.9)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-16 19:29:53 -08:00
dependabot[bot]
c3d45ae529 Bump org.springframework:spring-framework-bom from 6.1.16 to 6.1.17 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.16 to 6.1.17.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.16...v6.1.17)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-13 20:28:09 -08:00
dependabot[bot]
acf19c1f1f Bump org.springframework.ldap:spring-ldap-core from 3.2.10 to 3.2.11 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.10 to 3.2.11.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.10...3.2.11)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-13 20:16:07 -08:00
dependabot[bot]
b3c880cc24 Bump com.nimbusds:oauth2-oidc-sdk from 9.43.5 to 9.43.6 
Bumps [com.nimbusds:oauth2-oidc-sdk](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions) from 9.43.5 to 9.43.6.
- [Changelog](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/branches/compare/9.43.6..9.43.5)

---
updated-dependencies:
- dependency-name: com.nimbusds:oauth2-oidc-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-13 20:15:46 -08:00
Joe Grandja
33d96d574f Update to oauth2-oidc-sdk 9.43.5 
Closes gh-16582
 2025-02-12 05:47:03 -05:00
dependabot[bot]
b64d5af9c4 Bump io.projectreactor:reactor-bom from 2023.0.14 to 2023.0.15 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.14 to 2023.0.15.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.14...2023.0.15)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-11 19:27:11 -08:00
dependabot[bot]
002dbf355a Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 
Bumps [io.rsocket:rsocket-bom](https://github.com/rsocket/rsocket-java) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/rsocket/rsocket-java/releases)
- [Commits](https://github.com/rsocket/rsocket-java/compare/1.1.4...1.1.5)

---
updated-dependencies:
- dependency-name: io.rsocket:rsocket-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-03 19:59:36 -08:00
dependabot[bot]
7d5414b349 Bump @springio/asciidoctor-extensions in /docs 
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.14 to 1.0.0-alpha.16.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.14...v1.0.0-alpha.16)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 16:52:21 -08:00
Josh Cummings
2de2e3803a
Update to Gradle 8.12.1 
Closes gh-16485
 2025-01-27 16:35:13 -07:00
Josh Cummings
43a2fbf5ad
Ensure s101 Runs After Assemble 
Issue gh-16482
 2025-01-24 11:31:22 -07:00
Josh Cummings
d6b295ba2c
S101 Depends On Assemble 
Closes gh-16482
 2025-01-24 11:25:26 -07:00
Steve Riesenberg
211fa52649
Favor provided instances over shared objects 
Prior to this commit, providing oauth2Login() and oauth2Client() with
clientRegistrationRepository() and authorizedClientRepository() caused
objects to be shared across both configurers.

These configurers will now prefer explicitly provided instances of
those objects when they are available.

Closes gh-16105
 2025-01-22 17:07:44 -06:00
dependabot[bot]
7f410ce5b4 Bump org.springframework.data:spring-data-bom from 2024.0.7 to 2024.0.8 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.0.7 to 2024.0.8.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.7...2024.0.8)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 19:52:35 -08:00
Steve Riesenberg
a3f6825f9c
Fix missing GChat notifications with workaround 
This fix was suggested by GitHub Support as a workaround for a bug where
`failure()` is not working for reusable workflows that will be fixed in
a few months.

Closes gh-16423
 2025-01-15 11:42:10 -06:00
dependabot[bot]
ea0ec9e662 Bump io.projectreactor:reactor-bom from 2023.0.13 to 2023.0.14 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.13 to 2023.0.14.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.13...2023.0.14)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-14 19:59:03 -08:00
dependabot[bot]
2e9e5d0555 Bump io.mockk:mockk from 1.13.14 to 1.13.16 
Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.13.14 to 1.13.16.
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](https://github.com/mockk/mockk/compare/1.13.14...1.13.16)

---
updated-dependencies:
- dependency-name: io.mockk:mockk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-12 20:08:32 -08:00
dependabot[bot]
92161aae2e Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.15 to 1.5.16.
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.15...v_1.5.16)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-05 19:55:07 -08:00
dependabot[bot]
3ffda83ba1 Bump ch.qos.logback:logback-classic from 1.5.14 to 1.5.15 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.14 to 1.5.15.
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.14...v_1.5.15)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-22 20:01:45 -08:00
dependabot[bot]
d44923f64e Bump io.mockk:mockk from 1.13.13 to 1.13.14 
Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.13.13 to 1.13.14.
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](https://github.com/mockk/mockk/compare/1.13.13...1.13.14)

---
updated-dependencies:
- dependency-name: io.mockk:mockk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-22 20:01:22 -08:00
dependabot[bot]
15faf0f621 Bump ch.qos.logback:logback-classic from 1.5.13 to 1.5.14 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.13 to 1.5.14.
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.13...v_1.5.14)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-19 19:42:17 -08:00
Josh Cummings
a9f8a23e50
Merge branch '6.2.x' into 6.3.x 2024-12-19 08:55:25 -07:00
Josh Cummings
643a3f1206
Test Setting logoutRequestRepository 
Issue gh-16093
 2024-12-19 08:55:18 -07:00
Steven Williams
7aafe2ed5a
Set Saml2RelyingPartyInitiatedLogoutSuccessHandler#logoutRequestRepository 
Closes gh-16093
 2024-12-19 08:53:02 -07:00
dependabot[bot]
ce90b85945 Bump ch.qos.logback:logback-classic from 1.5.12 to 1.5.13 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.12 to 1.5.13.
- [Commits](https://github.com/qos-ch/logback/commits)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-18 19:36:46 -08:00
github-actions[bot]
87888d42fc Next development version 2024-12-16 15:50:41 +00:00
github-actions[bot]
85ca9e9a57 Release 6.3.6 6.3.6 2024-12-16 15:23:29 +00:00
dependabot[bot]
d9e9e3cdeb Bump org.springframework.data:spring-data-bom from 2024.0.6 to 2024.0.7 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.0.6 to 2024.0.7.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.6...2024.0.7)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-15 19:26:03 -08:00
dependabot[bot]
3e43eda42b Bump org.springframework:spring-framework-bom from 6.1.15 to 6.1.16 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.15 to 6.1.16.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.15...v6.1.16)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-12 13:24:18 -08:00
dependabot[bot]
e7d6dc22b2 Bump org.springframework.ldap:spring-ldap-core from 3.2.8 to 3.2.10 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.8 to 3.2.10.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.8...3.2.10)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-12 13:11:47 -08:00
Steve Riesenberg
da06f6a9e6
Replace GRADLE_ENTERPRISE_SECRET_ACCESS_KEY with DEVELOCITY_ACCESS_KEY 
Closes gh-16262
 2024-12-11 18:00:31 -06:00
Rob Winch
6a0b683e60 StrictFirewallHttpRequest.buid returns StrictFirewallHttpRequest 
Closes gh-16069
 2024-12-11 15:46:31 -06:00
dependabot[bot]
2b6d586987 Bump io.projectreactor:reactor-bom from 2023.0.12 to 2023.0.13 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.12 to 2023.0.13.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.12...2023.0.13)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-10 19:26:18 -08:00