0bcfd4dc60
Update org.jetbrains.kotlin to 1.7.20
...
Closes gh-12060
2022-10-17 21:01:35 -05:00
6bef89c3a6
Update hibernate-entitymanager to 5.6.12.Final
...
Closes gh-12059
2022-10-17 21:01:34 -05:00
ec64c7f3ef
Update htmlunit to 2.65.1
...
Closes gh-12058
2022-10-17 21:01:34 -05:00
2e41c6e5c4
Update io.spring.javaformat to 0.0.35
...
Closes gh-12057
2022-10-17 21:01:33 -05:00
fd2b4e34e4
Update io.projectreactor to 2020.0.24
...
Closes gh-12055
2022-10-17 21:01:33 -05:00
ce25d7cc76
Update mockk to 1.13.2
...
Closes gh-12054
2022-10-17 21:01:32 -05:00
ba15881222
Update jackson-bom to 2.13.4.20221013
...
Closes gh-12052
2022-10-17 21:01:32 -05:00
acc35aeb18
Add DelegatingSecurityContextRepository
...
Issue gh-12023
2022-10-17 19:33:58 -05:00
c75ca10900
Add DeferredSecurityContext
...
Issue gh-12023
2022-10-17 19:33:58 -05:00
cfb7c87dfd
Merge remote-tracking branch 'origin/5.7.x' into 5.8.x
2022-10-17 15:00:40 -06:00
d5354db6f4
Next Development Version
2022-10-17 14:59:47 -06:00
6b25307339
Merge remote-tracking branch 'origin/5.6.x' into 5.7.x
2022-10-17 14:57:39 -06:00
730359f144
Next Development Version
2022-10-17 14:56:34 -06:00
89c815032c
Fix Index Out of Bounds
2022-10-17 14:52:03 -06:00
154f6d7316
Merge remote-tracking branch 'origin/5.6.x' into 5.7.x
2022-10-17 14:30:39 -06:00
ff055cf07a
Remote antoraUpdateVersion task from CI
2022-10-17 14:24:13 -06:00
b08a06aa76
Release 5.6.8
2022-10-17 18:55:50 +00:00
53cdec799b
Release 5.7.4
2022-10-17 18:55:41 +00:00
7994222436
Merge branch '5.7.x' into 5.8.x
2022-10-17 15:51:39 -03:00
31fd098b8e
Merge branch '5.6.x' into 5.7.x
2022-10-17 15:51:19 -03:00
465d80c162
Remove antoreUpdateVersion task from release automation
2022-10-17 15:50:44 -03:00
099aaa33ff
Remove Deprecation Markers
...
Since Spring Security still needs these methods and classes, we
should wait on deprecating them if we can.
Instead, this commit changes the original classes to have a
boolean property that is currently false, but will switch to true
in 6.0.
At that time, BearerTokenAuthenticationFilter can change to use
the handler.
Closes gh-11932
2022-10-13 19:47:22 -06:00
200b7fecd3
Add (Server)AuthenticationEntryPointFailureHandlerAdapter
...
Issue gh-11932, gh-9429
(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.
BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
2022-10-13 19:25:04 -06:00
56b9badcfe
AnonymousAuthenticationFilter should cache its Supplier<SecurityContext>
...
Closes gh-11900
2022-10-13 16:44:48 -05:00
5a55987d6e
Add links to reference in What's New for 5.8
...
Issue gh-4001
Issue gh-11959
2022-10-13 12:52:01 -05:00
59c4538798
Update What's New
...
Closes gh-12021
2022-10-13 10:13:20 -06:00
445833295b
Merge branch '5.7.x' into 5.8.x
2022-10-13 09:37:33 -03:00
0c239813e5
Merge branch '5.6.x' into 5.7.x
2022-10-13 09:36:09 -03:00
717320a9ba
Update org.springframework.data to 2021.2.4
...
Closes gh-12018
2022-10-13 09:30:50 -03:00
601fafd3de
Update org.springframework to 5.3.23
...
Closes gh-12017
2022-10-13 09:30:47 -03:00
0f5c23ab17
Update hibernate-entitymanager to 5.6.12.Final
...
Closes gh-12016
2022-10-13 09:30:43 -03:00
a73b8de0f4
Update org.eclipse.jetty to 9.4.49.v20220914
...
Closes gh-12015
2022-10-13 09:30:40 -03:00
2d7813be6e
Update io.rsocket to 1.1.3
...
Closes gh-12014
2022-10-13 09:30:37 -03:00
655a1e345e
Update io.projectreactor to 2020.0.24
...
Closes gh-12012
2022-10-13 09:30:31 -03:00
4fc00b74a9
Update mockk to 1.12.8
...
Closes gh-12011
2022-10-13 09:30:28 -03:00
0521bb1af5
Update jackson-bom to 2.13.4.20221012
...
Closes gh-12008
2022-10-13 09:30:17 -03:00
4992e8ce62
Update org.springframework.data to 2021.1.8
...
Closes gh-12007
2022-10-13 09:24:21 -03:00
c772daab92
Update org.springframework to 5.3.23
...
Closes gh-12006
2022-10-13 09:24:20 -03:00
45a4a89960
Update hibernate-entitymanager to 5.6.12.Final
...
Closes gh-12005
2022-10-13 09:24:20 -03:00
b43c7e927f
Update org.eclipse.jetty to 9.4.49.v20220914
...
Closes gh-12004
2022-10-13 09:24:20 -03:00
50d23622d0
Update io.rsocket to 1.1.3
...
Closes gh-12003
2022-10-13 09:24:20 -03:00
2c2603ba0f
Update io.projectreactor to 2020.0.24
...
Closes gh-12001
2022-10-13 09:24:20 -03:00
f7f53ea2b7
Update jackson-bom to 2.13.4.20221012
...
Closes gh-11997
2022-10-13 09:22:28 -03:00
185991a606
Revert "Add default AuthorizationManager"
...
This reverts commit 4ddec07d0e
2022-10-13 06:18:00 -04:00
440748ec65
Add test support for Xor CSRF tokens
...
Issue gh-4001
2022-10-12 15:02:15 -05:00
8bd25f90e4
Polish XorServerCsrfTokenRequestAttributeHandlerTests
2022-10-12 12:31:56 -05:00
804f20045e
Polish XorCsrfTokenRequestAttributeHandlerTests
2022-10-12 12:30:40 -05:00
05e4a1dd20
Cache Xor CsrfToken
...
Closes gh-11988
2022-10-12 12:30:40 -05:00
ffbcaca24a
Update reference for PasswordEncoders
...
Issue gh-10506
2022-10-12 07:32:30 -04:00
c50441b59f
Update default configuration for Pbkdf2PasswordEncoder
...
The recommended minimums for PBKDF2, as per OWASP Cheat Sheet Series (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html ), are:
If FIPS-140 compliance is required, use PBKDF2 with a work factor of 310,000 or more and set with an internal hash function of HMAC-SHA-256.
Previous default configuration:
algorithm=SHA1, iterations=185000, hashLength=256
New default configuration:
algorithm=SHA256, iterations=310000, hashLength=256
The default salt length was also updated from 8 to 16.
Closes gh-10506, Closes gh-10489
2022-10-12 00:45:10 -04:00
Steve Riesenberg
Josh Cummings
github-actions[bot]
Marcus Da Coregio
Daniel Garnier-Moiroux
Evgeniy Cheban
Joe Grandja