Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-22 00:41:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,299 Commits 49 Branches 379 Tags
Commit Graph

20299 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
a2358bbc83
Use SHA Hashes 
This commit updates workflows to use SHA hashes to
reference other actions and workflows

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-17 14:27:09 -06:00
Josh Cummings
fbe09c26ae
Merge branch '6.5.x' into 7.0.x 2026-04-17 14:16:09 -06:00
Josh Cummings
5b638a54a4
Use SHA Hashes 
This commit updates workflows that were using tags to instead
use SHA hashes to reference actions and workflows

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-17 14:15:50 -06:00
Josh Cummings
d0d2ac545b Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-04-17 11:58:35 -06:00
dependabot[bot]
51eef2b980 Bump io.projectreactor:reactor-bom from 2024.0.16 to 2024.0.17 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2024.0.16 to 2024.0.17.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2024.0.16...2024.0.17)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2024.0.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:57:33 -06:00
Josh Cummings
63cd037188 Fix Unit Test 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-17 11:54:31 -06:00
dependabot[bot]
d3e349c290 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.31.1.RELEASE to 0.31.2.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.31.1.RELEASE...0.31.2.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.31.2.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:54:31 -06:00
dependabot[bot]
bc16a6f723 Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.4 to 2025.0.5.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.4...2025.0.5)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:54:13 -06:00
dependabot[bot]
e480da69e9 Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.10 to 1.14.11.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.10...v1.14.11)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:12:01 -06:00
dependabot[bot]
1d466f86a0 Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 
Bumps [spring-io/spring-release-actions](https://github.com/spring-io/spring-release-actions) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/spring-io/spring-release-actions/releases)
- [Commits](https://github.com/spring-io/spring-release-actions/compare/0.0.3...0.0.4)

---
updated-dependencies:
- dependency-name: spring-io/spring-release-actions
  dependency-version: 0.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:11:39 -06:00
dependabot[bot]
9dfa5cf713 Bump actions/upload-artifact from 7.0.0 to 7.0.1 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](bbbca2ddaa...043fb46d1a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:11:17 -06:00
dependabot[bot]
bd8bdb8a98 Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/4.0.2...4.0.3)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 4.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:10:57 -06:00
dependabot[bot]
302cfb116e Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.10 to 1.14.11.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.10...v1.14.11)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:08:19 -06:00
dependabot[bot]
695ea1717f Bump org.hibernate.orm:hibernate-core from 6.6.47.Final to 6.6.48.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.47.Final to 6.6.48.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.48/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.47...6.6.48)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.48.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:07:58 -06:00
dependabot[bot]
1206c2b141 Bump actions/upload-artifact from 7.0.0 to 7.0.1 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](bbbca2ddaa...043fb46d1a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:07:36 -06:00
dependabot[bot]
3539f06146 Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 
Bumps [spring-io/spring-release-actions](https://github.com/spring-io/spring-release-actions) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/spring-io/spring-release-actions/releases)
- [Commits](https://github.com/spring-io/spring-release-actions/compare/0.0.3...0.0.4)

---
updated-dependencies:
- dependency-name: spring-io/spring-release-actions
  dependency-version: 0.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-17 11:07:08 -06:00
Joe Grandja
41524880c6 Fix auth_time claim should represent authentication time 
Closes gh-18282
 2026-04-07 15:44:57 -04:00
Josh Cummings
2361dc131e
Merge branch '6.5.x' into 7.0.x 2026-04-07 10:31:01 -06:00
dependabot[bot]
44d32815b1 Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.9 to 1.14.10.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.9...v1.14.10)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-07 10:29:49 -06:00
dependabot[bot]
87c3335e01 Bump org.hibernate.orm:hibernate-core from 6.6.45.Final to 6.6.47.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.45.Final to 6.6.47.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.47/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.45...6.6.47)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.47.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-07 10:07:57 -06:00
dependabot[bot]
76e9d91f24 Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.9 to 1.14.10.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.9...v1.14.10)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-07 10:06:09 -06:00
Joe Grandja
77fe9e892a Merge branch '6.5.x' into 7.0.x 
Closes gh-19022
 2026-04-02 10:52:15 -04:00
Joe Grandja
eefbb4da64 Fix DefaultOidcUser.equals() 
Closes gh-18622
 2026-04-02 10:41:32 -04:00
Rob Winch
8f65f88dc0
Merge Add XML Based shouldWriteHeadersEagerly tests 
Add XML Based shouldWriteHeadersEagerly tests
 2026-04-01 12:58:09 -04:00
Rob Winch
a2793f31b4
Merge Add XML Based shouldWriteHeadersEagerly tests 
Add XML Based shouldWriteHeadersEagerly tests
 2026-04-01 12:53:29 -04:00
Robert Winch
64d8e6cc9b
Merge Add XML Based shouldWriteHeadersEagerly tests 2026-04-01 11:41:58 -05:00
Robert Winch
679a47a51d
Add XML Based shouldWriteHeadersEagerly tests 2026-04-01 11:37:39 -05:00
Josh Cummings
d4678c8e04
Add Missing Serialization Support 
Closes gh-19013

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-31 15:55:09 -06:00
Josh Cummings
43b132bec6
Merge branch '6.5.x' into 7.0.x 2026-03-31 15:27:58 -06:00
Josh Cummings
08fca57d12
Add Missing Serialization Support 
Closed gh-19012

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-31 13:58:35 -06:00
Josh Cummings
acabacb971
Update Test to find SuppressWarnings 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-31 13:47:52 -06:00
johnycho
1a130fca3c
Improve serialVersionUID check in tests 
Signed-off-by: johnycho <shunnn215@gmail.com>
 2026-03-31 13:47:50 -06:00
Josh Cummings
067f79dde5
Merge branch 'fix-17729' into 7.0.x 2026-03-30 17:19:31 -06:00
Josh Cummings
45758a5cec
Merge branch '6.5.x' into 7.0.x 2026-03-30 17:14:28 -06:00
Josh Cummings
52d98ab7af
Add Needed SuppressWarnings Annotations 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-30 17:14:17 -06:00
Josh Cummings
0b680be97b
Update Test to find SuppressWarnings 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-30 17:14:03 -06:00
johnycho
7c28b15471 Improve serialVersionUID check in tests 
Signed-off-by: johnycho <shunnn215@gmail.com>
 2026-03-30 14:26:12 -06:00
Rob Winch
abf3c866fb
Merge pull request #19005 from rwinch/7.0.x-CredentialRecordOwnerAuthorizationManager 
Merge Add CredentialRecordOwnerAuthorizationManager
 2026-03-29 23:46:35 -04:00
Rob Winch
5a4ada04ac
Merge pull request #19004 from rwinch/CredentialRecordOwnerAuthorizationManager 
Add CredentialRecordOwnerAuthorizationManager
 2026-03-29 23:46:03 -04:00
Robert Winch
c08329c0c5
Merge CredentialRecordOwnerAuthorizationManager 2026-03-29 22:24:21 -05:00
Robert Winch
a856baa6a8
Add CredentialRecordOwnerAuthorizationManager 
Add CredentialRecordOwnerAuthorizationManager that verifies the
credential being deleted is owned by the currently authenticated user.
Also add an AuthorizationManager<Bytes> to WebAuthnRegistrationFilter
for the delete credential operation, defaulting to deny all, and wire it
up in WebAuthnConfigurer.

Per the WebAuthn specification [1], credential ids contain at least 16
bytes with at least 100 bits of entropy, making them practically
unguessable. The specification also advises that credential ids should
be kept private, as exposing them can leak personally identifying
information [2]. The CredentialRecordOwnerAuthorizationManager serves as
defense in depth: even if a credential id were somehow exposed, an
unauthorized user could not delete another user's credential.

[1] https://www.w3.org/TR/webauthn-3/#credential-id
[2] https://www.w3.org/TR/webauthn-3/#sctn-credential-id-privacy-leak
 2026-03-29 21:54:27 -05:00
Josh Cummings
611786e4b5 Merge branch '6.5.x' into 7.0.x 2026-03-27 16:49:26 -06:00
Josh Cummings
ac63cf4fa5 Polish CustomAuthorizationManager Docs 
Issue gh-13967

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-27 16:45:25 -06:00
as1605
f6bb55effb Fix documentation for Custom Authorization Manager 
Closes gh-13967

Signed-off-by: as1605 <1605.aditya.singh@gmail.com>
 2026-03-27 16:45:25 -06:00
Josh Cummings
6020ab8e65 Polish CustomAuthorizationManager Docs 
Issue gh-13967

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-27 16:36:00 -06:00
as1605
3076367168 Fix documentation for Custom Authorization Manager 
Closes gh-13967

Signed-off-by: as1605 <1605.aditya.singh@gmail.com>
 2026-03-27 16:36:00 -06:00
Josh Cummings
721b22d87a Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-03-27 16:10:18 -06:00
Tran Ngoc Nhan
85b756cb74 Update FilterChainProxy#getFilters(String) javadoc 
Closes gh-18157

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-03-27 16:09:50 -06:00
Josh Cummings
0ce76d2c5d Merge branch '6.5.x' into 7.0.x 2026-03-27 13:27:03 -06:00
dependabot[bot]
66cf02c6b0 Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 
Bumps [spring-io/spring-gradle-build-action](https://github.com/spring-io/spring-gradle-build-action) from 2.0.5 to 2.0.6.
- [Release notes](https://github.com/spring-io/spring-gradle-build-action/releases)
- [Commits](efc55f07f4...c8668747d7)

---
updated-dependencies:
- dependency-name: spring-io/spring-gradle-build-action
  dependency-version: 2.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-27 13:26:10 -06:00