Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,127 Commits 34 Branches 334 Tags 115 MiB
Commit Graph

14127 Commits

Author SHA1 Message Date
Steve Riesenberg 4d1ecdcca3
Merge branch '6.0.x' into 6.1.x 2023-10-10 11:40:21 -05:00
Steve Riesenberg c4b0d468a8
Add nohttp exclusions 
(cherry picked from commit ac7fbea248)

Issue gh-13910
 2023-10-10 11:40:05 -05:00
Marcus Da Coregio 84df78af12 Merge branch '6.0.x' into 6.1.x 2023-10-10 13:18:24 -03:00
Marcus Da Coregio d0ce8a412f Remove calls to setCanBeResolved(true) in IntegrationTestPuglin 
Issue gh-13864
 2023-10-10 13:08:21 -03:00
Steve Riesenberg 2f9f851bb2
Merge branch '6.0.x' into 6.1.x 2023-10-10 10:44:35 -05:00
Steve Riesenberg 7d5a541a7b
Backport "Revisit CSRF page" to 6.0.x 
(cherry picked from commit e7fa34008b)

Closes gh-13910
 2023-10-10 10:43:14 -05:00
dependabot[bot] b0d6ae2a29 Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 
Bumps [com.github.spullara.mustache.java:compiler](https://github.com/spullara/mustache.java) from 0.9.10 to 0.9.11.
- [Commits](https://github.com/spullara/mustache.java/compare/0.9.10...mustache.java-0.9.11)

---
updated-dependencies:
- dependency-name: com.github.spullara.mustache.java:compiler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-10 08:24:12 -03:00
dependabot[bot] 98531cde2c Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 
Bumps [io.spring.ge.conventions](https://github.com/spring-io/gradle-enterprise-conventions) from 0.0.7 to 0.0.14.
- [Release notes](https://github.com/spring-io/gradle-enterprise-conventions/releases)
- [Commits](https://github.com/spring-io/gradle-enterprise-conventions/compare/v0.0.7...v0.0.14)

---
updated-dependencies:
- dependency-name: io.spring.ge.conventions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-10 08:23:58 -03:00
Marcus Da Coregio 4a87705c69 Merge branch '6.0.x' into 6.1.x 2023-10-10 08:22:47 -03:00
dependabot[bot] 60e950598e Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 
Bumps [com.github.spullara.mustache.java:compiler](https://github.com/spullara/mustache.java) from 0.9.10 to 0.9.11.
- [Commits](https://github.com/spullara/mustache.java/compare/0.9.10...mustache.java-0.9.11)

---
updated-dependencies:
- dependency-name: com.github.spullara.mustache.java:compiler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-10 08:22:29 -03:00
dependabot[bot] 38f7361c15 Bump io.freefair.gradle:aspectj-plugin from 6.6-rc1 to 6.6.3 
Bumps [io.freefair.gradle:aspectj-plugin](https://github.com/freefair/gradle-plugins) from 6.6-rc1 to 6.6.3.
- [Release notes](https://github.com/freefair/gradle-plugins/releases)
- [Commits](https://github.com/freefair/gradle-plugins/commits/6.6.3)

---
updated-dependencies:
- dependency-name: io.freefair.gradle:aspectj-plugin
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-10 08:22:13 -03:00
dependabot[bot] 45883290a6 Bump org-aspectj from 1.9.20 to 1.9.20.1 
Bumps `org-aspectj` from 1.9.20 to 1.9.20.1.

Updates `org.aspectj:aspectjrt` from 1.9.20 to 1.9.20.1
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

Updates `org.aspectj:aspectjweaver` from 1.9.20 to 1.9.20.1
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

---
updated-dependencies:
- dependency-name: org.aspectj:aspectjrt
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.aspectj:aspectjweaver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-10 08:21:56 -03:00
dependabot[bot] de0a484367 Bump org.springframework:spring-framework-bom from 6.0.11 to 6.0.12 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.0.11 to 6.0.12.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.0.11...v6.0.12)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-10 08:21:36 -03:00
Marcus Da Coregio d989f96282 Merge branch '6.0.x' into 6.1.x 2023-10-10 08:20:36 -03:00
Marcus Da Coregio a576f19b41 Merge branch '5.8.x' into 6.0.x 2023-10-10 08:20:30 -03:00
dependabot[bot] bd9643af44 Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 
Bumps [com.github.spullara.mustache.java:compiler](https://github.com/spullara/mustache.java) from 0.9.10 to 0.9.11.
- [Commits](https://github.com/spullara/mustache.java/compare/0.9.10...mustache.java-0.9.11)

---
updated-dependencies:
- dependency-name: com.github.spullara.mustache.java:compiler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-10 08:20:03 -03:00
Marcus Da Coregio 7a3d9d033a Merge branch '6.0.x' into 6.1.x 2023-10-10 08:17:24 -03:00
github-actions[bot] 4e71110b68 Bump Gradle Wrapper from 8.3 to 8.4 2023-10-10 08:16:18 -03:00
Steve Riesenberg 4ffece7e66
Restore dependency convergence of nimbus-jose-jwt 
This commit reverts the change in 2801cdd which caused the
oauth2-oidc-sdk transitive dependency version of nimbus-jose-jwt to
diverge with the version depended on in spring-security-oauth2-jose.

The downgrade to 9.24.4 is intentional but the upgrade to 9.31 was not.

Issue gh-13333

Closes gh-13843
 2023-10-09 12:06:04 -05:00
dependabot[bot] dfae30a23f Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.0 to 4.0.1 
Bumps [jakarta.xml.bind:jakarta.xml.bind-api](https://github.com/eclipse-ee4j/jaxb-api) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/eclipse-ee4j/jaxb-api/releases)
- [Commits](https://github.com/eclipse-ee4j/jaxb-api/compare/4.0.0...4.0.1)

---
updated-dependencies:
- dependency-name: jakarta.xml.bind:jakarta.xml.bind-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-09 07:34:27 -03:00
dependabot[bot] c8054c218a Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.8.6 to 2.8.9.
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/gson/compare/gson-parent-2.8.6...gson-parent-2.8.9)

---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-09 07:34:15 -03:00
dependabot[bot] 57c91af1fd Bump org.springframework.data:spring-data-bom from 2022.0.9 to 2022.0.10 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2022.0.9 to 2022.0.10.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2022.0.9...2022.0.10)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-09 07:33:58 -03:00
dependabot[bot] f8cddee1b5 Bump io.mockk:mockk from 1.13.7 to 1.13.8 
Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.13.7 to 1.13.8.
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](https://github.com/mockk/mockk/compare/1.13.7...1.13.8)

---
updated-dependencies:
- dependency-name: io.mockk:mockk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-09 07:33:46 -03:00
dependabot[bot] 60c8f1f045 Bump org.jfrog.buildinfo:build-info-extractor-gradle 
Bumps [org.jfrog.buildinfo:build-info-extractor-gradle](https://github.com/jfrog/build-info) from 4.29.0 to 4.29.4.
- [Release notes](https://github.com/jfrog/build-info/releases)
- [Changelog](https://github.com/jfrog/build-info/blob/master/RELEASE.md)
- [Commits](https://github.com/jfrog/build-info/compare/build-info-gradle-extractor-4.29.0...build-info-gradle-extractor-4.29.4)

---
updated-dependencies:
- dependency-name: org.jfrog.buildinfo:build-info-extractor-gradle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-09 07:33:32 -03:00
Marcus Da Coregio c074b66a59 Merge branch '6.0.x' into 6.1.x 2023-10-09 07:32:52 -03:00
dependabot[bot] 1fc9e5b734 Bump org.jfrog.buildinfo:build-info-extractor-gradle 
Bumps [org.jfrog.buildinfo:build-info-extractor-gradle](https://github.com/jfrog/build-info) from 4.29.0 to 4.29.4.
- [Release notes](https://github.com/jfrog/build-info/releases)
- [Changelog](https://github.com/jfrog/build-info/blob/master/RELEASE.md)
- [Commits](https://github.com/jfrog/build-info/compare/build-info-gradle-extractor-4.29.0...build-info-gradle-extractor-4.29.4)

---
updated-dependencies:
- dependency-name: org.jfrog.buildinfo:build-info-extractor-gradle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-09 07:32:34 -03:00
dependabot[bot] 5cff186b9b Bump com.gradle.enterprise from 3.11.1 to 3.11.4 
Bumps com.gradle.enterprise from 3.11.1 to 3.11.4.

---
updated-dependencies:
- dependency-name: com.gradle.enterprise
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-09 07:32:22 -03:00
dependabot[bot] 3eea54cbf9 Bump io.projectreactor.netty:reactor-netty from 1.1.10 to 1.1.11 
Bumps [io.projectreactor.netty:reactor-netty](https://github.com/reactor/reactor-netty) from 1.1.10 to 1.1.11.
- [Release notes](https://github.com/reactor/reactor-netty/releases)
- [Commits](https://github.com/reactor/reactor-netty/compare/v1.1.10...v1.1.11)

---
updated-dependencies:
- dependency-name: io.projectreactor.netty:reactor-netty
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-09 07:32:06 -03:00
Marcus Da Coregio ae3a698ecd Merge branch '6.0.x' into 6.1.x 2023-10-09 07:30:22 -03:00
Marcus Da Coregio 34fd019c6c Merge branch '5.8.x' into 6.0.x 2023-10-09 07:30:11 -03:00
dependabot[bot] d46627b776 Bump org.jfrog.buildinfo:build-info-extractor-gradle 
Bumps [org.jfrog.buildinfo:build-info-extractor-gradle](https://github.com/jfrog/build-info) from 4.29.0 to 4.29.4.
- [Release notes](https://github.com/jfrog/build-info/releases)
- [Changelog](https://github.com/jfrog/build-info/blob/master/RELEASE.md)
- [Commits](https://github.com/jfrog/build-info/compare/build-info-gradle-extractor-4.29.0...build-info-gradle-extractor-4.29.4)

---
updated-dependencies:
- dependency-name: org.jfrog.buildinfo:build-info-extractor-gradle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-09 07:29:32 -03:00
Marcus Da Coregio 18773d653f Update to org.apereo.cas.client:cas-client-core 4.0.3 
Closes gh-13947
 2023-10-04 10:27:19 -03:00
dependabot[bot] c3e77f9058 Bump io.freefair.gradle:aspectj-plugin from 6.6-rc1 to 6.6.3 
Bumps [io.freefair.gradle:aspectj-plugin](https://github.com/freefair/gradle-plugins) from 6.6-rc1 to 6.6.3.
- [Release notes](https://github.com/freefair/gradle-plugins/releases)
- [Commits](https://github.com/freefair/gradle-plugins/commits/6.6.3)

---
updated-dependencies:
- dependency-name: io.freefair.gradle:aspectj-plugin
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 09:42:55 -03:00
dependabot[bot] 2b78ff5a5b Bump com.gradle.enterprise from 3.12.3 to 3.12.6 
Bumps com.gradle.enterprise from 3.12.3 to 3.12.6.

---
updated-dependencies:
- dependency-name: com.gradle.enterprise
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 09:42:02 -03:00
dependabot[bot] d0858273f1 Bump io.projectreactor:reactor-bom from 2022.0.10 to 2022.0.11 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2022.0.10 to 2022.0.11.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2022.0.10...2022.0.11)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 09:41:16 -03:00
dependabot[bot] 405016f4c6 Bump org.slf4j:slf4j-api from 2.0.7 to 2.0.9 
Bumps org.slf4j:slf4j-api from 2.0.7 to 2.0.9.

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 09:41:01 -03:00
dependabot[bot] 70590e4f83 Bump io.micrometer:micrometer-observation from 1.10.10 to 1.10.11 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.10.10 to 1.10.11.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.10.10...v1.10.11)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 09:40:49 -03:00
Marcus Da Coregio c76ba20b00 Merge branch '6.0.x' into 6.1.x 2023-10-04 09:33:27 -03:00
dependabot[bot] a05c158039 Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.17.2 
Bumps org.apache.logging.log4j:log4j-core from 2.17.1 to 2.17.2.

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 09:33:03 -03:00
dependabot[bot] e82efb45be Bump org-eclipse-jetty from 11.0.15 to 11.0.16 
Bumps `org-eclipse-jetty` from 11.0.15 to 11.0.16.

Updates `org.eclipse.jetty:jetty-server` from 11.0.15 to 11.0.16
- [Release notes](https://github.com/eclipse/jetty.project/releases)
- [Commits](https://github.com/eclipse/jetty.project/compare/jetty-11.0.15...jetty-11.0.16)

Updates `org.eclipse.jetty:jetty-servlet` from 11.0.15 to 11.0.16
- [Release notes](https://github.com/eclipse/jetty.project/releases)
- [Commits](https://github.com/eclipse/jetty.project/compare/jetty-11.0.15...jetty-11.0.16)

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty:jetty-servlet
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 09:32:47 -03:00
dependabot[bot] 19e2e19812 Bump io.micrometer:micrometer-observation from 1.10.10 to 1.10.11 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.10.10 to 1.10.11.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.10.10...v1.10.11)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 09:32:28 -03:00
dependabot[bot] d02a1bc849 Bump org.slf4j:slf4j-api from 2.0.7 to 2.0.9 
Bumps org.slf4j:slf4j-api from 2.0.7 to 2.0.9.

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 09:32:14 -03:00
dependabot[bot] 4aeb8f3eac Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 
Bumps [io.spring.ge.conventions](https://github.com/spring-io/gradle-enterprise-conventions) from 0.0.7 to 0.0.14.
- [Release notes](https://github.com/spring-io/gradle-enterprise-conventions/releases)
- [Commits](https://github.com/spring-io/gradle-enterprise-conventions/compare/v0.0.7...v0.0.14)

---
updated-dependencies:
- dependency-name: io.spring.ge.conventions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 09:32:01 -03:00
Marcus Da Coregio 58f340f9c6 Merge branch '6.0.x' into 6.1.x 2023-10-04 09:30:59 -03:00
Marcus Da Coregio 4a996b7339 Merge branch '5.8.x' into 6.0.x 2023-10-04 09:30:47 -03:00
dependabot[bot] 8c6b5e0efe Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 
Bumps [io.spring.ge.conventions](https://github.com/spring-io/gradle-enterprise-conventions) from 0.0.7 to 0.0.14.
- [Release notes](https://github.com/spring-io/gradle-enterprise-conventions/releases)
- [Commits](https://github.com/spring-io/gradle-enterprise-conventions/compare/v0.0.7...v0.0.14)

---
updated-dependencies:
- dependency-name: io.spring.ge.conventions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 09:29:32 -03:00
dependabot[bot] 3315775734 Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.17.2 
Bumps org.apache.logging.log4j:log4j-core from 2.17.1 to 2.17.2.

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 09:27:24 -03:00
dependabot[bot] cefcbdc819 Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 
Bumps [com.github.spullara.mustache.java:compiler](https://github.com/spullara/mustache.java) from 0.9.4 to 0.9.10.
- [Commits](https://github.com/spullara/mustache.java/compare/mustache.java-0.9.4...0.9.10)

---
updated-dependencies:
- dependency-name: com.github.spullara.mustache.java:compiler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 09:27:08 -03:00
dependabot[bot] 0b25dc53cc Bump com.gradle.enterprise from 3.11.1 to 3.11.4 
Bumps com.gradle.enterprise from 3.11.1 to 3.11.4.

---
updated-dependencies:
- dependency-name: com.gradle.enterprise
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 09:26:54 -03:00
dependabot[bot] 766396aa7c Bump io.projectreactor:reactor-bom from 2020.0.35 to 2020.0.36 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2020.0.35 to 2020.0.36.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2020.0.35...2020.0.36)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 09:26:23 -03:00