Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-12-28 02:54:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,924 Commits 54 Branches 369 Tags
Commit Graph

19924 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Winch
8a3e6a8fda
Merge branch '6.5.x' 2025-12-19 16:53:27 -06:00
Robert Winch
811be0a927
Bump org.springframework.data:spring-data-bom from 2024.1.12 to 2024.1.13 2025-12-19 16:52:57 -06:00
Robert Winch
40e11752e0
Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 2025-12-19 16:51:50 -06:00
Robert Winch
bc8d630bbc
Bump org.springframework.ldap:spring-ldap-core from 3.2.15 to 3.2.16 2025-12-19 16:51:46 -06:00
Robert Winch
861c60a28f
Bump org.springframework:spring-framework-bom from 6.2.14 to 6.2.15 2025-12-19 16:51:39 -06:00
dependabot[bot]
0514ee4cc5
Bump org-aspectj from 1.9.25 to 1.9.25.1 
Bumps `org-aspectj` from 1.9.25 to 1.9.25.1.

Updates `org.aspectj:aspectjrt` from 1.9.25 to 1.9.25.1
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

Updates `org.aspectj:aspectjweaver` from 1.9.25 to 1.9.25.1
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

---
updated-dependencies:
- dependency-name: org.aspectj:aspectjrt
  dependency-version: 1.9.25.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.aspectj:aspectjweaver
  dependency-version: 1.9.25.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-17 03:15:05 +00:00
dependabot[bot]
9fd6d54268
Bump org.springframework:spring-framework-bom from 6.2.14 to 6.2.15 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.14 to 6.2.15.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.14...v6.2.15)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-16 03:16:05 +00:00
dependabot[bot]
3f04f42abb
Bump org.springframework.ldap:spring-ldap-core from 3.2.15 to 3.2.16 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.15 to 3.2.16.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.15...3.2.16)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-16 03:15:51 +00:00
dependabot[bot]
f585461427
Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.21 to 1.5.22.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.22)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-16 03:15:45 +00:00
dependabot[bot]
a155c035e1
Bump org.springframework.data:spring-data-bom 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.12 to 2024.1.13.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.12...2024.1.13)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-16 03:15:13 +00:00
github-actions[bot]
9095a1bffd Next development version 2025-12-15 20:58:49 +00:00
github-actions[bot]
9d08114c58 Release 7.0.2 7.0.2 2025-12-15 20:23:38 +00:00
Josh Cummings
0155d4a345 Restore Check for DispatcherServlet on Classpath 
Closes gh-18315
 2025-12-15 12:18:22 -07:00
github-actions[bot]
29ad1e6b07 Next development version 2025-12-15 18:22:29 +00:00
github-actions[bot]
8651868708 Release 7.0.1 7.0.1 2025-12-15 17:52:40 +00:00
dependabot[bot]
5732f39da7 Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.21 to 1.5.22.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.22)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 11:46:42 -06:00
dependabot[bot]
8bfa849a9d Bump org.springframework.data:spring-data-bom from 2025.1.0 to 2025.1.1 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2025.1.0 to 2025.1.1.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2025.1.0...2025.1.1)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2025.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 11:32:40 -06:00
dependabot[bot]
e033086ab0 Bump org.springframework:spring-framework-bom from 7.0.1 to 7.0.2 
Includes fixes for Breaking Changes in Spring Framework 7.0.2:

- spring-projects/spring-framework#35916
- spring-projects/spring-framework#35947

Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.1 to 7.0.2.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.1...v7.0.2)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 7.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 11:25:19 -06:00
Josh Cummings
964fcac086 Polish Tests 
Issue gh-18269

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2025-12-15 09:43:07 -07:00
Ziqin Wang
1d1b3ff797 Fix "typ" header value in NimbusJwtEncoder-encoded JWT 
Closes gh-18269

Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2025-12-15 09:43:07 -07:00
Ziqin Wang
c8898f91fc Test NimbusJwtEncoder & NimbusJwtDecoder symmetrically 
This test encodes an JWT with NimbusJwtEncoder, and then decodes it with
NimbusJwtDecoder.

This test will fail when NimbusJwtEncoder emits a JWT with a wrong `typ'
parameter in the header, as NimbusJwtDecoder validates the JWT with
JwtTypeValidator by default.  It may be beneficial for finding out other
similiar bugs too.

Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2025-12-15 09:43:07 -07:00
Josh Cummings
dbf93acb05 Check for spring-security-web on Classpath 
This commit refines the check for adding AuthorizationWebProxyConfiguration
to the application context. The web-based authorization proxy support is intended
for applying Spring Security Method Security primitives to Spring Web components;
as such, this implies a dependency on Spring Security Web.

Closes gh-18307
 2025-12-15 09:18:47 -07:00
Josh Cummings
ae5673b7a8 Merge branch '6.5.x' 2025-12-15 09:05:50 -07:00
Josh Cummings
765abe534e Add Missing Migration Pages to Side Navigation 
Closes gh-18313
 2025-12-15 09:05:06 -07:00
Josh Cummings
afb0c59875 Add request-matcher XML Migration Steps 
Closes gh-18211
 2025-12-15 09:05:06 -07:00
dependabot[bot]
d5beb513cd Bump com.unboundid:unboundid-ldapsdk from 7.0.3 to 7.0.4 
Bumps [com.unboundid:unboundid-ldapsdk](https://github.com/pingidentity/ldapsdk) from 7.0.3 to 7.0.4.
- [Release notes](https://github.com/pingidentity/ldapsdk/releases)
- [Changelog](https://github.com/pingidentity/ldapsdk/blob/master/docs/release-notes.html)
- [Commits](https://github.com/pingidentity/ldapsdk/commits)

---
updated-dependencies:
- dependency-name: com.unboundid:unboundid-ldapsdk
  dependency-version: 7.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 09:58:07 -06:00
Rob Winch
d6a2603e85
Bump io.mockk:mockk from 1.14.6 to 1.14.7 2025-12-15 09:56:57 -06:00
Rob Winch
a4810b7e15
Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 2025-12-15 09:55:21 -06:00
Rob Winch
054f2e9a87
Bump io.projectreactor:reactor-bom from 2025.0.0 to 2025.0.1 2025-12-15 09:55:18 -06:00
Rob Winch
00c7a5b201
Merge branch '6.5.x' 2025-12-15 09:53:06 -06:00
Rob Winch
310f82170f
Bump io.mockk:mockk from 1.14.6 to 1.14.7 2025-12-15 09:52:37 -06:00
Rob Winch
be2f2ec600
Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 2025-12-15 09:50:28 -06:00
Rob Winch
1bc90b5fd0
Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 2025-12-15 09:50:25 -06:00
Rob Winch
d2dd0fe5f6
Bump io.projectreactor:reactor-bom from 2024.0.12 to 2024.0.13 2025-12-15 09:50:23 -06:00
Rob Winch
7a85bf481a
Bump org.hibernate.orm:hibernate-core from 6.6.38.Final to 6.6.39.Final 2025-12-15 09:50:21 -06:00
Rob Winch
af960abe2d
Merge branch '6.4.x' into 6.5.x 2025-12-15 09:49:52 -06:00
Rob Winch
b7b859cd9a
Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 2025-12-15 09:46:59 -06:00
Rob Winch
b83f682154
Bump io.projectreactor:reactor-bom from 2024.0.12 to 2024.0.13 2025-12-15 09:46:56 -06:00
Rob Winch
aca1643284
Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 2025-12-15 09:46:54 -06:00
dependabot[bot]
0c9c152a31
Bump org.hibernate.orm:hibernate-core from 6.6.38.Final to 6.6.39.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.38.Final to 6.6.39.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.39/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.38...6.6.39)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.39.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 03:16:38 +00:00
dependabot[bot]
cf2114e36e
Bump org.springframework:spring-framework-bom from 6.2.14 to 6.2.15 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.14 to 6.2.15.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.14...v6.2.15)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-12 03:15:32 +00:00
dependabot[bot]
ecd17a9ee0
Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.21 to 1.5.22.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.22)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-12 03:15:25 +00:00
dependabot[bot]
2a763578f5
Bump io.projectreactor:reactor-bom from 2024.0.12 to 2024.0.13 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2024.0.12 to 2024.0.13.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2024.0.12...2024.0.13)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2024.0.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-10 03:19:03 +00:00
dependabot[bot]
e978d4bf3d
Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 
Bumps `org-apache-maven-resolver` from 1.9.24 to 1.9.25.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.24 to 1.9.25
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.24...maven-resolver-1.9.25)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.24 to 1.9.25
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.24...maven-resolver-1.9.25)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.24 to 1.9.25

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-10 03:18:11 +00:00
dependabot[bot]
ef5cdb50cc
Bump io.projectreactor:reactor-bom from 2024.0.12 to 2024.0.13 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2024.0.12 to 2024.0.13.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2024.0.12...2024.0.13)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2024.0.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-10 03:14:23 +00:00
dependabot[bot]
b2e2d74cab
Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 
Bumps `org-apache-maven-resolver` from 1.9.24 to 1.9.25.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.24 to 1.9.25
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.24...maven-resolver-1.9.25)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.24 to 1.9.25
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.24...maven-resolver-1.9.25)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.24 to 1.9.25

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-10 03:14:06 +00:00
dependabot[bot]
c3a03a4834
Bump io.projectreactor:reactor-bom from 2025.0.0 to 2025.0.1 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.0 to 2025.0.1.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.0...2025.0.1)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-10 03:08:36 +00:00
Andrey Litvitski
0d5f42f852 Remove requireProofKey warning for non-auth-code flows 
The warning is unnecessary since PKCE only applies to authorization_code
flow and the code already corrects this silently.

Closes: gh-18221

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-12-09 15:29:00 -05:00
Josh Cummings
4d9d40ead8 Update validateType JavaDoc 
Closes gh-18227

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2025-12-09 09:07:30 -07:00
dependabot[bot]
568378268e
Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.13 to 1.14.14.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.13...v1.14.14)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-09 03:14:47 +00:00