53a3ff8932
Refresh remote JWK when unknown KID error occurs
...
Closes gh-11621
2022-08-18 16:53:45 -05:00
77d11a3f9f
Add tests for unknown KID error
...
Issue gh-11621
2022-08-18 16:53:44 -05:00
13feb87171
Modify words
...
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
2022-08-16 14:51:36 -06:00
d93bde7465
Modify words
...
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
2022-08-16 14:51:06 -06:00
faf9fb7337
NamespaceLdapAuthenticationProviderTests use Dynamic Port
...
Closes gh-11710
2022-08-15 15:26:46 -05:00
9f00045638
NamespaceLdapAuthenticationProviderTests use Dynamic Port
...
Closes gh-11710
2022-08-15 15:26:30 -05:00
f33d7253b6
GitHubMilestoneApiTests due_on Uses LocalDate
...
`GitHubMilestoneApiTests` uses `Instant.now()` for `due_on`. Since
`Instant.now()` is UTC time based,
`isMilestoneDueTodayWhenDueTodayThenTrue` fails when the computer that runs
the test is not the same day as it is in UTC time.
To fix it, `due_on` should be set to an `Instant` based upon the timezone
of the current computer.
Closes gh-11706
2022-08-15 13:04:29 -05:00
d8ae2c8763
GitHubMilestoneApiTests due_on Uses LocalDate
...
`GitHubMilestoneApiTests` uses `Instant.now()` for `due_on`. Since
`Instant.now()` is UTC time based,
`isMilestoneDueTodayWhenDueTodayThenTrue` fails when the computer that runs
the test is not the same day as it is in UTC time.
To fix it, `due_on` should be set to an `Instant` based upon the timezone
of the current computer.
Closes gh-11706
2022-08-15 13:03:10 -05:00
db74e9d128
Next development version
2022-08-15 16:07:33 +00:00
c188b70c88
Next development version
2022-08-15 16:06:45 +00:00
4559d269e0
Release 5.6.7
2022-08-15 15:25:05 +00:00
173d74d693
Release 5.7.3
2022-08-15 15:24:54 +00:00
66cb3e02d0
Update org.springframework.data to 2021.2.2
...
Closes gh-11698
2022-08-11 14:20:52 -06:00
74675ef793
Update org.springframework to 5.3.22
...
Closes gh-11697
2022-08-11 14:20:48 -06:00
a92ac82c4b
Update jsonassert to 1.5.1
...
Closes gh-11696
2022-08-11 14:20:45 -06:00
db638c2a77
Update org.jetbrains.kotlinx to 1.6.4
...
Closes gh-11695
2022-08-11 14:20:41 -06:00
f884527c1b
Update hibernate-entitymanager to 5.6.10.Final
...
Closes gh-11694
2022-08-11 14:20:38 -06:00
dbd174418f
Update org.eclipse.jetty to 9.4.48.v20220622
...
Closes gh-11693
2022-08-11 14:20:35 -06:00
2eeee99d2e
Update io.projectreactor to 2020.0.22
...
Closes gh-11691
2022-08-11 14:20:28 -06:00
e8c56420bf
Update mockk to 1.12.5
...
Closes gh-11690
2022-08-11 14:20:24 -06:00
627809d2dc
Update org.springframework.data to 2021.1.6
...
Closes gh-11686
2022-08-10 14:52:51 -03:00
4b1d7e9479
Update org.springframework to 5.3.22
...
Closes gh-11685
2022-08-10 14:52:51 -03:00
d9980a4dfe
Update jsonassert to 1.5.1
...
Closes gh-11684
2022-08-10 14:52:51 -03:00
8eb7e589eb
Update hibernate-entitymanager to 5.6.10.Final
...
Closes gh-11683
2022-08-10 14:52:51 -03:00
0d7dce9d71
Update org.eclipse.jetty to 9.4.48.v20220622
...
Closes gh-11682
2022-08-10 14:52:51 -03:00
da09788be9
Update io.projectreactor to 2020.0.22
...
Closes gh-11680
2022-08-10 14:52:51 -03:00
ead587c597
Consistently handle RequestRejectedException if it is wrapped
...
Closes gh-11645
2022-08-09 08:32:42 -03:00
6a2ca52aae
Consistently handle RequestRejectedException if it is wrapped
...
Closes gh-11645
2022-08-09 08:32:10 -03:00
269c711a64
RequestAttributeSecurityContextRepository never null SecurityContext
...
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext
This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.
Closes gh-11606
2022-08-08 13:52:56 -05:00
99f768bab9
Polish HttpSecurity
2022-07-29 17:43:00 -05:00
984355e637
Remove references to WebSecurityConfigurerAdapter
...
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer
Closes gh-11288
2022-07-29 17:43:00 -05:00
09173c95d6
Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity
...
Closes gh-11277
2022-07-29 17:43:00 -05:00
02459919cc
Skip workflows on forks of spring-security
2022-07-28 15:13:56 -05:00
57d212ddca
Use cache and user.name system property on Windows
2022-07-28 15:13:55 -05:00
539b17f6da
Only run prerequisites job if on upstream repo
2022-07-28 15:13:54 -05:00
37e1ad27fe
Simplify dependency graph
2022-07-28 15:13:53 -05:00
043fdd6f03
Use Spring Gradle Build Action
...
Closes gh-11630
2022-07-28 15:13:52 -05:00
3234e05085
Polish gh-11367
2022-07-28 15:13:51 -05:00
f957e3c051
Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.
- Included permissions for the action.
https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
Closes gh-11367
2022-07-28 15:13:51 -05:00
24033be046
Skip workflows on forks of spring-security
2022-07-28 15:11:09 -05:00
47a5665767
Use cache and user.name system property on Windows
2022-07-28 15:11:08 -05:00
aad60cc6af
Only run prerequisites job if on upstream repo
2022-07-28 15:11:07 -05:00
13e94935ae
Simplify dependency graph
2022-07-28 15:11:06 -05:00
6c29007fac
Use Spring Gradle Build Action
...
Closes gh-11630
2022-07-28 15:11:05 -05:00
6ad567f0fa
Polish gh-11367
2022-07-28 15:11:05 -05:00
8c634f8a9d
Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.
- Included permissions for the action.
https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
Closes gh-11367
2022-07-28 15:11:04 -05:00
a996dfc55b
Add Deprecated annotation to WebSecurity#securityInterceptor
...
Closes gh-11634
2022-07-27 14:38:50 -03:00
d66ad22652
Add Deprecated annotation to WebSecurity#securityInterceptor
...
Closes gh-11634
2022-07-27 14:32:44 -03:00
7a860e1568
Fix Snapshot Sources/Javadoc
...
This commit merges a workaround to an issue in JFrog's Gradle plugin
which causes SNAPSHOT javadoc and sources to become out of sync and thus
prevents users from being able to download either.
Closes gh-10602
2022-07-26 16:26:31 -05:00
ad9e737bf2
Fix Snapshot Sources/Javadoc
...
This commit merges a workaround to an issue in JFrog's Gradle plugin
which causes SNAPSHOT javadoc and sources to become out of sync and thus
prevents users from being able to download either.
Closes gh-10602
2022-07-26 16:25:52 -05:00
Steve Riesenberg
tinolazreg
jujunChen
Rob Winch
github-actions[bot]
Josh Cummings
Marcus Da Coregio
naveen