Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-26 13:53:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,159 Commits 55 Branches 348 Tags
Commit Graph

18159 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
3110f3679a
Merge branch '6.4.x' into 6.5.x 
- Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4

Closes gh-17069
 2025-05-07 10:01:39 -05:00
dependabot[bot]
8fcf181ff0
Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.3 to 2.18.4.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.3...jackson-bom-2.18.4)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-07 03:30:49 +00:00
Josh Cummings
1ec084886a
Revert "Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0" 
This reverts commit 226e81d7f55d38603f3f179d3e32caf3e7ed6a20.

Given that we are in the RC phase, we do not want to do minor version
upgrades
 2025-05-06 16:55:22 -06:00
Josh Cummings
211b1b7285
Update Method Security Migration Steps 2025-05-06 16:44:20 -06:00
Josh Cummings
84db5bb312
Add Cookie Customizer Migration Steps 2025-05-06 16:43:04 -06:00
Josh Cummings
74a25c3fc1
Add shouldFilterAllDispatcherTypes Migration Steps 2025-05-06 16:40:10 -06:00
Josh Cummings
084990736e
Move Opaque Token Migration Steps 2025-05-06 16:39:16 -06:00
Josh Cummings
c6bba38458
Update SAML 2.0 Migration Steps 2025-05-06 16:38:32 -06:00
Josh Cummings
45b453f59b
Add ACL Migration Steps 2025-05-06 16:38:19 -06:00
Max Batischev
66e614cb0b WebAuthnConfigurer Code Cleanup 
Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-05-06 15:20:08 -05:00
Max Batischev
421fcaee12 Add Assertions To WebAuthnConfigurer 
Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-05-06 15:20:08 -05:00
Josh Cummings
184cd96ee6
Don't Update Minor Versions During RC Phase 2025-05-06 11:56:41 -06:00
Zhoudong
6624e302ac Favor Spring Framework NonNull over Reactor NonNull 
Signed-off-by: Zhoudong <jearton@users.noreply.github.com>
 2025-05-06 10:52:05 -06:00
dependabot[bot]
dd0b26a992 Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-06 10:15:39 -06:00
dependabot[bot]
0c7e43a462 Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-06 10:15:28 -06:00
dependabot[bot]
a4111a606b Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-06 10:15:11 -06:00
Rob Winch
9b79b99150
Merge branch '6.4.x' 
- Correct method name in logout.adoc

Closes gh-17049
 2025-05-06 10:24:14 -05:00
Rob Winch
63d79a97db
Merge branch '6.3.x' into 6.4.x 
- Correct method name in logout.adoc

Closes gh-17048
 2025-05-06 10:23:58 -05:00
Tran Ngoc Nhan
505fe3abed
Correct method name 
Closes gh-17031

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-06 10:17:29 -05:00
Josh Cummings
1a9f62dce4
Merge branch '6.4.x' 2025-05-05 16:00:59 -06:00
Josh Cummings
0220e471bb
Move Serialization Samples 
To make SpringSecurityCoreVersionSerializableTests more manageable,
this commit moves the sample class constructions to a separate file.
In this way, the tests file only changes when serialization tests are
added. When classes are introduced, they can be added to SerializationSamples,
separating the two concerns
 2025-05-05 15:51:10 -06:00
Josh Cummings
12a18c3792
Polish Serialization Tests 
If Instancio fails to instatiate the class sample, it will
now also delete the serialized sample file. Otherwise, it will
leave a zero-byte file on the filesystem, confusing future test runs
 2025-05-05 15:39:33 -06:00
Josh Cummings
d04f7071c2
Add Missing Serialization Samples 
Closes gh-17038
 2025-05-05 15:34:24 -06:00
Josh Cummings
8726e547d5
Add Serialization Samples for 6.5 
Issue gh-16221
 2025-05-05 15:31:51 -06:00
Josh Cummings
2949b5d5a4
Regenerate Incorrect Serialization Files 
Given that these classes each have a consistent serialization UID
across minor versions, but that the 6.5.x serialized version is using a
different UID, these serialized files were likely generated in error.
As such, this commit replaces the serialized files with correct ones.

Issue gh-16432
 2025-05-05 15:30:15 -06:00
Josh Cummings
34a9f57aa6
Merge branch '6.4.x' 2025-05-05 15:29:44 -06:00
Josh Cummings
c3c2bcd6b7
Ignore Serialization in Test Components 
Since we don't need to ensure the serializability of test components
across versions, we can ignore missing version UIDs when those
test components aren't about testing Java serialization.

Issue gh-17038
 2025-05-05 15:09:50 -06:00
Josh Cummings
39fdceab59
Add Missing Serializable Samples 
Issue gh-17038
 2025-05-05 15:09:50 -06:00
Josh Cummings
65d53beff8
Polish Serialization Tests 
- Error when public, non-ignored, serializable file is missing a sample
- Provide mechanism for creating an InstancioApi from scratch

Issue gh-17038
 2025-05-05 15:09:49 -06:00
Josh Cummings
34afa64c0c
Add Current-Version Deserialization Test 
We should test that serialized files from the current minor version
can be deserialized. This ensures that serializations remain
deserializable in patch releases.

Issue gh-3737
 2025-05-05 15:09:43 -06:00
Rob Winch
74e6bf2d11
Merge branch '6.4.x' 
- remove update-dependabot action
 2025-05-05 13:36:15 -05:00
Rob Winch
b5e1c3770b
Merge branch '6.3.x' into 6.4.x 
- remove update-dependabot action
 2025-05-05 13:36:01 -05:00
Rob Winch
9710492619
remove update-dependabot action 2025-05-05 13:34:16 -05:00
Rob Winch
d4a0f8bbe8
Merge branch '6.4.x' 
- Use pull-request: write for gradlew updates
 2025-05-05 13:24:32 -05:00
Rob Winch
6dc8cd1f60
Merge branch '6.3.x' into 6.4.x 
- Use pull-request: write for gradlew updates
 2025-05-05 13:23:35 -05:00
Rob Winch
9436796973
Use pull-request: write for gradlew updates 
Explicitly provide the permissions required for updating the Gradle
wrapper
 2025-05-05 11:49:08 -05:00
Josh Cummings
df640f22dc
Merge branch '6.4.x' 2025-05-02 15:59:13 -06:00
Josh Cummings
92160fa26f
Merge branch '6.3.x' into 6.4.x 
Closes gh-17034
 2025-05-02 15:58:58 -06:00
Josh Cummings
51239359ed
Fix ClearSiteData Code Snippet 
Closes gh-16948
 2025-05-02 15:57:31 -06:00
Rob Winch
5c92d90e36
Align Dependabot PRs with CONTRIBUTING 
Previously Dependabot was setup to submit PRs to every branch.
However, this does not align with the contributing guidelines which
state to only submit a PR on the oldest branch so that merge forward
strategy can be used.

This changes the dependabot configuration to better align with our
contributing guidelines:

- PRs for github actions are submitted against the oldest branch since
  all branches will need updated using a merge forward stategy. Merging a
  github action will require us to merge forward manually and preserve
  the changes in the oldest branch to pickup the github actions update.
- Java dependencieds are submitted against each branch since they will
  need to merge -s ours to preserve the correct major.minor semantics.
  Merging a java dependency will now require us to do the merging manually.
 2025-05-02 15:04:20 -05:00
Josh Cummings
aa338e9b0d
Merge branch '6.4.x' 2025-05-02 10:58:22 -06:00
Josh Cummings
57fc29e614
Merge branch '6.3.x' into 6.4.x 
Closes gh-17032
 2025-05-02 10:57:55 -06:00
Josh Cummings
e48f26e51e
Propagate StrictFirewallRequest Wrapper 
Closes gh-16978
 2025-05-02 10:57:07 -06:00
Rob Winch
084408c22c
Merge branch '6.4.x' 
- codeql uses ubuntu-latest
 2025-05-02 11:50:08 -05:00
Rob Winch
a26a64d213
Merge branch '6.3.x' into 6.4.x 
- codeql uses ubuntu-latest
 2025-05-02 11:49:50 -05:00
Rob Winch
3b7e3a6c5c
codeql uses ubuntu-latest 2025-05-02 11:49:41 -05:00
Rob Winch
9bf1212420
Merge branch '6.4.x' 
- rm mark-duplicate-dependabot-prs.yml
 2025-05-02 11:26:59 -05:00
Rob Winch
fa533ea5e2
Merge branch '6.3.x' into 6.4.x 
- rm mark-duplicate-dependabot-prs.yml
 2025-05-02 11:26:47 -05:00
Rob Winch
a04025c114
rm mark-duplicate-dependabot-prs.yml 2025-05-02 11:26:41 -05:00
Rob Winch
771fe108b3
Merge branch '6.4.x' 
- Remove automerge forward
 2025-05-02 11:24:28 -05:00