spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-01 08:34:55 +00:00

Author	SHA1	Message	Date
Rob Winch	b48967eebc	Merge Add Missing OnCommitedResponseWrapper Header Overrides Add Missing OnCommitedResponseWrapper Header Overrides	2026-02-24 20:16:39 -06:00
Robert Winch	6898de8003	Merge Add Missing OnCommitedResponseWrapper Header Overrides	2026-02-24 19:49:38 -06:00
Robert Winch	1dae9aa459	Add Missing OnCommitedResponseWrapper Header Overrides Spring Security's `OnCommitedResponseWrapper` does not override the `setHeader`, `setIntHeader`, `addIntHeader` methods. This means that if the `Content-Length` response header is specified using any of those methods then the response body length is not tracked and can be committed before the response headers are written. Spring Security should override the missing methods and track `Content-Length` as is already done for `addHeader`. This issue is the underlying problem for spring-projects/spring-framework#36381 Closes gh-18797	2026-02-24 19:46:29 -06:00
Josh Cummings	73ee893d98	Merge remote-tracking branch 'origin/6.5.x' into 7.0.x	2026-02-24 17:10:14 -07:00
Josh Cummings	bec25edeb0	Merge pull request #18566 from Hann244/docs/gh-16530-jsp-method-attribute Clarify need for method attribute in JSP authorize tag	2026-02-24 17:08:14 -07:00
Josh Cummings	4d43edfb20	Polish Documentation - Combined explanation of method attribute with usage recommendations - Used one sentence per line format Issue gh-16530 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-02-24 14:24:11 -07:00
onhann	9f9699f8a5	Clarify need for method attribute in JSP authorize tag Closes gh-16530 This aligns the JSP documentation with the changes made in gh-16529. Added a NOTE to clarify that the method attribute is required when the underlying RequestMatcher is method-specific. Signed-off-by: onhann <gusgus1467@naver.com>	2026-02-24 14:24:11 -07:00
Robert Winch	311235f39e	Document Keberose Dependency Coordinates Closes gh-18773	2026-02-23 11:32:37 -06:00
Robert Winch	fec988c82d	Add Kerberos Migration Section This links to the updated dependency coordinates Issue gh-18773 Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>	2026-02-23 11:29:50 -06:00
busoco-sjb	17b434c1c1	Document the change in dependency coordinates with Spring Security 7 Signed-off-by: busoco-sjb <169069865+busoco-sjb@users.noreply.github.com>	2026-02-23 11:21:59 -06:00
Rob Winch	0bb65411be	Merge pull request Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager	2026-02-23 11:17:06 -06:00
Rob Winch	d29c984881	Merge pull request #18544 from Khyojae/gh-18543 Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager	2026-02-23 11:16:42 -06:00
Robert Winch	151bcf3b0b	Merge Fix: Handle null authority string in AuthoritiesAuthorizationManager into 7.0.x	2026-02-23 10:53:40 -06:00
Robert Winch	1116241ee3	Fix Checks for NullPointerException in AuthoritiesAuthorizationManager - Fix checkstyle - Fix the test to use Collection that throws NullPointerException on .contains(null) to replicate the reported issue Closes gh-18544 Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>	2026-02-23 10:47:11 -06:00
Khyojae	d87dc9ae57	Fix: Handle null authority string in AuthoritiesAuthorizationManager This prevents NPE when GrantedAuthority.getAuthority() returns null. Closes gh-18543 Signed-off-by: Khyojae <khjae201@gmail.com>	2026-02-23 09:30:28 -06:00
Robert Winch	2eb948d9b5	Ensure tests clear AuthorizationServerContextHolder Closes gh-18768	2026-02-23 08:17:02 -06:00
Robert Winch	f2aef5168c	Merge branch '6.5.x' into 7.0.x	2026-02-23 08:13:38 -06:00
dependabot[bot]	ac556a45f9	Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.42.Final to 6.6.43.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.43/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.42...6.6.43) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.43.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-23 08:12:23 -06:00
dependabot[bot]	c8731a8dc0	Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.5 to 2.18.6. - [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.5...jackson-bom-2.18.6) --- updated-dependencies: - dependency-name: com.fasterxml.jackson:jackson-bom dependency-version: 2.18.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-23 08:12:09 -06:00
Robert Winch	a4a6e9124c	Merge branch '6.5.x' into 7.0.x	2026-02-19 13:30:13 -06:00
Robert Winch	b21159f453	Bump org.junit:junit-bom from 6.0.2 to 6.0.3	2026-02-19 13:29:42 -06:00
Robert Winch	6f7c8cb352	Bump org-apache-maven-resolver from 1.9.25 to 1.9.26	2026-02-19 13:29:36 -06:00
Robert Winch	5973a66bb1	Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32	2026-02-19 13:29:30 -06:00
Robert Winch	3e3eeda560	Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32	2026-02-19 13:28:49 -06:00
dependabot[bot]	e2486a2590	Bump org.springframework:spring-framework-bom from 7.0.4 to 7.0.5 Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.4 to 7.0.5. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.4...v7.0.5) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-version: 7.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-19 10:58:10 -06:00
dependabot[bot]	3c55f057b1	Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.29 to 1.5.32. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.29...v_1.5.32) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.32 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-17 03:10:25 +00:00
dependabot[bot]	6d2a414022	Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 Bumps `org-apache-maven-resolver` from 1.9.25 to 1.9.26. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.25 to 1.9.26 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.25 to 1.9.26 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.25 to 1.9.26 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.26 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.26 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.26 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-17 03:09:56 +00:00
dependabot[bot]	58df50c3a3	Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 Bumps `org-apache-maven-resolver` from 1.9.25 to 1.9.26. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.25 to 1.9.26 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.25 to 1.9.26 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.25 to 1.9.26 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.26 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.26 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.26 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-17 03:06:35 +00:00
dependabot[bot]	79156b2387	Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.29 to 1.5.32. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.29...v_1.5.32) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.32 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-17 03:06:15 +00:00
dependabot[bot]	3abb69d5a9	Bump org.junit:junit-bom from 6.0.2 to 6.0.3 Bumps [org.junit:junit-bom](https://github.com/junit-team/junit-framework) from 6.0.2 to 6.0.3. - [Release notes](https://github.com/junit-team/junit-framework/releases) - [Commits](https://github.com/junit-team/junit-framework/compare/r6.0.2...r6.0.3) --- updated-dependencies: - dependency-name: org.junit:junit-bom dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-16 03:15:44 +00:00
github-actions[bot]	6c2b2a7611	Next development version	2026-02-13 18:24:26 +00:00
github-actions[bot]	0fab34f359	Release 6.5.8 6.5.8	2026-02-13 17:54:05 +00:00
github-actions[bot]	c0da8b390b	Next development version	2026-02-13 15:57:31 +00:00
github-actions[bot]	ffe73b4920	Release 7.0.3 7.0.3	2026-02-13 15:26:51 +00:00
Joe Grandja	f0ffda89e0	Update to spring-data-bom 2025.1.3 Closes gh-18735	2026-02-13 08:18:47 -05:00
dependabot[bot]	746c6e124e	Bump org.springframework:spring-framework-bom from 7.0.3 to 7.0.4 Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.3 to 7.0.4. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.3...v7.0.4) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-version: 7.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-13 06:48:23 -05:00
dependabot[bot]	08e5b375ac	Bump io.projectreactor:reactor-bom from 2024.0.14 to 2024.0.15 Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2024.0.14 to 2024.0.15. - [Release notes](https://github.com/reactor/reactor/releases) - [Commits](https://github.com/reactor/reactor/compare/2024.0.14...2024.0.15) --- updated-dependencies: - dependency-name: io.projectreactor:reactor-bom dependency-version: 2024.0.15 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-13 06:41:17 -05:00
dependabot[bot]	123a2d79cf	Bump io.projectreactor:reactor-bom from 2025.0.2 to 2025.0.3 Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.2 to 2025.0.3. - [Release notes](https://github.com/reactor/reactor/releases) - [Commits](https://github.com/reactor/reactor/compare/2025.0.2...2025.0.3) --- updated-dependencies: - dependency-name: io.projectreactor:reactor-bom dependency-version: 2025.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-13 06:40:14 -05:00
dependabot[bot]	f9c32afb6f	Bump org.springframework:spring-framework-bom from 6.2.15 to 6.2.16 Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.15 to 6.2.16. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.15...v6.2.16) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-version: 6.2.16 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-13 06:33:08 -05:00
dependabot[bot]	0c3e483432	Bump org.springframework.ldap:spring-ldap-core from 4.0.1 to 4.0.2 Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 4.0.1 to 4.0.2. - [Release notes](https://github.com/spring-projects/spring-ldap/releases) - [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt) - [Commits](https://github.com/spring-projects/spring-ldap/compare/4.0.1...4.0.2) --- updated-dependencies: - dependency-name: org.springframework.ldap:spring-ldap-core dependency-version: 4.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-13 06:31:35 -05:00
Josh Cummings	b804da974d	Update Test to Align with webauthn4j The latest webauthn4j exposes Jackson 3 instead of Jackson 2, as such this test now uses Jackson 3 where needed. Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-02-12 16:45:13 -07:00
dependabot[bot]	b9bb5e0b52	Bump com.webauthn4j:webauthn4j-core Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.7.RELEASE to 0.31.0.RELEASE. - [Release notes](https://github.com/webauthn4j/webauthn4j/releases) - [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.7.RELEASE...0.31.0.RELEASE) --- updated-dependencies: - dependency-name: com.webauthn4j:webauthn4j-core dependency-version: 0.31.0.RELEASE dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-12 16:45:13 -07:00
Josh Cummings	4fd8e1d596	Remove Trailing Bytes from AttestationStatement Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-02-12 16:45:13 -07:00
Josh Cummings	c59fb0cd35	Add Jackson 2 Databind as Optional Dependency Since spring-security-webauthn has Jackson 2 Mixins, it would be clearer to set Jackson 2 explicitly as an optional dependency Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-02-12 16:45:13 -07:00
dependabot[bot]	50aba3aaf3	Bump io.spring.gradle:spring-security-release-plugin Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14. - [Release notes](https://github.com/spring-io/spring-security-release-tools/releases) - [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...v1.0.14) --- updated-dependencies: - dependency-name: io.spring.gradle:spring-security-release-plugin dependency-version: 1.0.14 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-12 10:35:14 -07:00
dependabot[bot]	3d61276a1a	Bump io.spring.gradle:spring-security-release-plugin Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14. - [Release notes](https://github.com/spring-io/spring-security-release-tools/releases) - [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...v1.0.14) --- updated-dependencies: - dependency-name: io.spring.gradle:spring-security-release-plugin dependency-version: 1.0.14 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-12 10:31:30 -07:00
Josh Cummings	6cbbf6c561	Merge branch '6.5.x' into 7.0.x	2026-02-12 10:27:46 -07:00
Josh Cummings	10cb6f7003	Update spring-security-release-tools 1.0.14	2026-02-12 10:25:47 -07:00
Josh Cummings	252c69460e	Merge remote-tracking branch 'origin/6.5.x' into 7.0.x	2026-02-10 13:41:29 -07:00
dependabot[bot]	3131642aae	Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 Bumps [io.micrometer:context-propagation](https://github.com/micrometer-metrics/context-propagation) from 1.1.3 to 1.1.4. - [Release notes](https://github.com/micrometer-metrics/context-propagation/releases) - [Commits](https://github.com/micrometer-metrics/context-propagation/compare/v1.1.3...v1.1.4) --- updated-dependencies: - dependency-name: io.micrometer:context-propagation dependency-version: 1.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-10 13:41:09 -07:00

1 2 3 4 5 ...

20121 Commits