Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,212 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

10212 Commits

Author SHA1 Message Date
naveen 8c634f8a9d
Set permissions for GitHub actions 
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.

- Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Closes gh-11367
 2022-07-28 15:11:04 -05:00
Marcus Da Coregio a996dfc55b Add Deprecated annotation to WebSecurity#securityInterceptor 
Closes gh-11634
 2022-07-27 14:38:50 -03:00
Rob Winch ad9e737bf2 Fix Snapshot Sources/Javadoc 
This commit merges a workaround to an issue in JFrog's Gradle plugin
which causes SNAPSHOT javadoc and sources to become out of sync and thus
prevents users from being able to download either.

Closes gh-10602
 2022-07-26 16:25:52 -05:00
Desmond Silveira 06aa3362dd
"Well-Know" should be "Well-Known" 2022-07-26 15:44:41 -05:00
Yuriy Savchenko 7c7751635d Add Kotlin example for WebTestClient setup docs 
Closes gh-9998
 2022-07-22 13:56:41 -03:00
Josh Cummings bced37f6a7
Merge Same-named Attribute Elements 
Closes gh-11042
 2022-07-20 18:41:55 -06:00
Steve Riesenberg fbc5839890
Build only on branches 
Issue gh-11480
 2022-07-18 11:46:47 -05:00
Steve Riesenberg d76c321f8c
Backport release automation and github actions 
Closes gh-11500
 2022-07-13 15:17:03 -05:00
Josh Cummings 37d856dca4
Correct input validation for 31 rounds 
Closes gh-11470
 2022-07-11 14:38:04 -06:00
Rob Winch c57853e5fa Document sagan Release tasks require read:org scope 
Closes gh-11423
 2022-06-21 14:49:06 -05:00
Joe Grandja 6f275deb55 Next Development Version 2022-06-20 12:37:13 -04:00
Joe Grandja c40f65f5a2 Release 5.7.2 2022-06-20 12:17:25 -04:00
Joe Grandja bca43af9bb Update org.opensaml:opensaml-core4 to 4.1.1 
Closes gh-11410
 2022-06-20 12:08:07 -04:00
Joe Grandja d9b8882fa8 Update spring-ldap-core to 2.4.1 
Closes gh-11409
 2022-06-20 11:52:48 -04:00
Joe Grandja 7358c65a8c Update org.springframework.data to 2021.2.1 
Closes gh-11408
 2022-06-20 11:52:44 -04:00
Joe Grandja e02d5f2dd7 Update org.springframework to 5.3.21 
Closes gh-11407
 2022-06-20 11:52:41 -04:00
Joe Grandja 91a965c6db Update org.jetbrains.kotlinx to 1.6.3 
Closes gh-11406
 2022-06-20 11:52:37 -04:00
Joe Grandja 0e88064942 Update hibernate-entitymanager to 5.6.9.Final 
Closes gh-11405
 2022-06-20 11:52:35 -04:00
Joe Grandja 641b9ef83b Update io.projectreactor to 2020.0.20 
Closes gh-11403
 2022-06-20 11:52:30 -04:00
Joe Grandja 6f43d234dc Update aspectj-plugin to 6.4.3.1 
Closes gh-11402
 2022-06-20 11:52:27 -04:00
Joe Grandja d7819ea4da Update jackson-bom to 2.13.3 
Closes gh-11399
 2022-06-20 11:52:17 -04:00
Joe Grandja 37ee70ae86 Add dependency update exclusion for spring-javaformat-checkstyle 2022-06-20 11:16:37 -04:00
Joe Grandja 8ea37360ac Add dependency exclusion rules 2022-06-20 10:03:29 -04:00
Rob Winch 29db051f7a Cache SecurityContextRepository.loadContext(HttpServletRequest) Result 
Closes gh-11390
 2022-06-17 14:52:35 -05:00
Josh Cummings f035c30edb
Encode postLogoutRedirectUri query params 
Closes gh-11379
 2022-06-16 16:12:13 -06:00
Josh Cummings d22277ce36
Add missing KeyInfo 
Closes gh-11354
 2022-06-09 13:16:50 -06:00
Josh Cummings bd60a0f8c9
Add OpenSamlSigningUtilsTests 
Issue gh-11354
 2022-06-09 13:16:49 -06:00
Zhivko Delchev d882bfcf2b Reverse content type check 
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
Closes gh-11205
 2022-06-06 15:47:14 -05:00
Rob Winch 6c3f53ac0a Fix typo in BasicLookupStrategy Javadoc 
Issue gh-11336
 2022-06-06 14:09:24 -05:00
shirohoo b274431c07 Fix typo in BasicLookupStrategy Javadoc 
Closes gh-11336
 2022-06-06 13:55:43 -05:00
Rob Winch 3d5e5ff556 Enable BackportBot on 5.7.x 2022-06-06 13:54:36 -05:00
sKai.fun a3e996a66b Fix title render issue of Digest Authentication document 
Closes gh-11272
 2022-06-01 17:33:41 -05:00
André Luis Gomes 0c31cb21dc Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:50:56 -03:00
Claudio Consolmagno c39d39b35f
Use 'md:' prefix in EntityDescriptor XML 
Create the EntityDescriptor object with
EntityDescriptor.DEFAULT_ELEMENT_NAME instead of
EntityDescriptor.ELEMENT_QNAME. That ensures the EntityDescriptor tag
is marshalled to xml with the 'md:' prefix, consistent with all other
metadata tags.

Closes #11283
 2022-05-31 17:08:51 -06:00
Josh Cummings 292585080a
Correct access(String) reference 
Closes gh-11280
 2022-05-27 14:59:06 -06:00
Josh Cummings 8690accd57
Improve ContextConfiguration Docs 
Point to updated Spring Reference

Issue gh-10934
 2022-05-27 12:57:57 -06:00
Josh Cummings e3c15260e7
Polish ExtendWith Docs 
Use spring-framework-reference-url placeholder

Issue gh-10934
 2022-05-27 12:57:57 -06:00
nor-ek 9625382b22
Update JUnit 5 annotations in documentation 
- replace Before with BeforeEach
- replace RunWith with ExtendWith

Closes gh-10934
 2022-05-27 12:57:56 -06:00
Evgeniy Cheban 48ef3f4719
Some Security Expressions cause NPE when used within Query annotation 
Added trustResolver, roleHierarchy, permissionEvaluator, defaultRolePrefix
fields to SecurityEvaluationContextExtension.

Closes gh-11196
Closes gh-11289
 2022-05-26 17:43:50 -05:00
Juny Tse d0da160007
Use Base64 encoder with no CRLF in output for SAML 2.0 messages 
Closes gh-11262
 2022-05-25 12:02:13 -06:00
Rob Winch 4caf53e96d Next Development Version 2022-05-18 10:06:25 -05:00
Rob Winch 22a1c99b9e Release 5.7.1 2022-05-18 10:00:11 -05:00
Rob Winch e2eed33eca Add StrictHttpFirewall.allow* new lines and separators 
Issue gh-11264
 2022-05-17 22:24:31 -05:00
Rob Winch 5bf478e72e Fix Formatting 
Issue gh-11264
 2022-05-17 16:16:02 -05:00
Rob Winch e0a6a9efa9 StrictHttpFirewall allows CJKV characters 
Issue gh-11264
 2022-05-17 15:53:18 -05:00
Rob Winch 5155719877 Next Development Version 2022-05-16 11:44:53 -05:00
Rob Winch 3497b0ed68 Release 5.7.0 2022-05-16 11:35:18 -05:00
Josh Cummings 1229b27b87 Improve Upgrading 2022-05-16 11:35:18 -05:00
Rob Winch ee28896f42 AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:17:26 -05:00
Rob Winch 6b823fb27e Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:17:26 -05:00