Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-11-10 11:39:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,928 Commits 55 Branches 364 Tags
Commit Graph

18928 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
bf26dd9b33
Bump io.spring.gradle:spring-security-release-plugin 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.11 to 1.0.13.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.11...v1.0.13)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 03:19:25 +00:00
Josh Cummings
f988272fff Merge branch '6.4.x' into 6.5.x 2025-11-04 14:04:29 -07:00
Josh Cummings
532d0bef14 Add Test to Confirm 72-byte BCrypt Password Limit 
Closes gh-18133
 2025-11-04 14:04:02 -07:00
Rob Winch
c1e9e10bf0
Merge branch '6.4.x' into 6.5.x 
Closes gh-18131
 2025-11-04 11:28:40 -06:00
Daniel Garnier-Moiroux
fed6df5167 Default WebAuthnConfigurer#rpName to rpId 
In WebAuthn L3 spec, PublicKeyCredentialEntity.name is deprecated:

> This member is deprecated because many clients do not display it,
> but it remains a required dictionary member for backwards compatibility.
> Relying Parties MAY, as a safe default, set this equal to the RP ID.

Source: https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialentity

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-11-04 11:16:22 -06:00
Rob Winch
8fa2fc0e1e
Merge branch '6.4.x' into 6.5.x 2025-11-04 10:24:15 -06:00
Daniel Garnier-Moiroux
4feeb0f843 Docs: document effects of disabling CORS configurer 
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-11-04 10:23:46 -06:00
namest504
6501e97ece Fix sensitive case in JwtTypeValidator 
Closes gh-18092

Signed-off-by: namest504 <namest504@gmail.com>
 2025-10-28 12:08:29 -06:00
Josh Cummings
f548aaf5c5 Merge branch '6.4.x' into 6.5.x 2025-10-20 17:42:25 -06:00
Josh Cummings
1c112005fa Don't Attempt to Generate Token Without Valid Token Request 
Closes gh-18088

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2025-10-20 17:09:43 -06:00
Marcus Hert da Coregio
e0a71eb00e Fix GenerateOneTimeTokenRequestResolver ignored if username param not present 
Signed-off-by: Marcus Hert da Coregio <marcusdacoregio@gmail.com>
 2025-10-20 17:09:43 -06:00
Josh Cummings
42ddaba870 Next Development Version 2025-10-20 17:07:18 -06:00
Himanshu Pareek
dcb4e47cd5 Add Include-Code to the Password Storage page 
References gh-16226

Signed-off-by: Himanshu Pareek <himanshupareekiit01@gmail.com>
 2025-10-20 16:35:23 -06:00
Rob Winch
82f87cf2b6
Next Development Version 2025-10-20 16:55:17 -05:00
github-actions[bot]
56a23d9ddc Release 6.5.6 6.5.6 2025-10-20 17:17:40 +00:00
github-actions[bot]
dc5aed9b5f Release 6.4.12 6.4.12 2025-10-20 17:17:37 +00:00
Rob Winch
cb994aad6c
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 2025-10-20 09:15:32 -05:00
Rob Winch
6f6ee0c060
Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 2025-10-20 09:15:30 -05:00
Rob Winch
9cecc2cf09
Merge branch '6.4.x' into 6.5.x 2025-10-20 09:15:18 -05:00
Rob Winch
f19c9c8625
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 2025-10-20 09:14:31 -05:00
dependabot[bot]
8b89e31e3d
Bump org.springframework.data:spring-data-bom 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.10 to 2024.1.11.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.10...2024.1.11)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:18:26 +00:00
dependabot[bot]
67b15be917
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:18:21 +00:00
dependabot[bot]
217a29e6ba
Bump org.springframework.data:spring-data-bom 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.10 to 2024.1.11.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.10...2024.1.11)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:12:54 +00:00
dependabot[bot]
b2d6380633
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:12:45 +00:00
Josh Cummings
ba2619cb8a Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-10-17 13:49:54 -06:00
dependabot[bot]
43c53c3b78 Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.11 to 6.2.12.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.11...v6.2.12)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:48:50 -06:00
dependabot[bot]
b1e16cd147 Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.14 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.14...3.2.15)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:48:30 -06:00
dependabot[bot]
9961e6d56c Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.11 to 6.2.12.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.11...v6.2.12)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:48:13 -06:00
dependabot[bot]
cbad2ff5ca Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.14 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.14...3.2.15)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:47:56 -06:00
Rob Winch
dee33b5337
Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 2025-10-16 12:52:50 -05:00
Rob Winch
9f936015ff
Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 2025-10-16 12:52:46 -05:00
Rob Winch
79dfbe14c2
Merge branch '6.4.x' into 6.5.x 2025-10-16 12:52:34 -05:00
Rob Winch
b75f2582c4
Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 2025-10-16 12:51:41 -05:00
dependabot[bot]
90a1c2c15d
Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-14 03:20:40 +00:00
dependabot[bot]
978459bd1d
Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-14 03:15:43 +00:00
dependabot[bot]
73690a928b
Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.31.Final to 6.6.33.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.33/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.31...6.6.33)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.33.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 03:27:33 +00:00
dependabot[bot]
7cc9d2849e
Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.31.Final to 6.6.33.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.33/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.31...6.6.33)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.33.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 03:16:24 +00:00
Rob Winch
9f8ebdcf4d
Merge branch '6.4.x' into 6.5.x 2025-10-06 09:11:56 -05:00
Rob Winch
8ce38af608
Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 2025-10-06 09:11:20 -05:00
Rob Winch
607b1dfffe
Bump io.mockk:mockk from 1.14.5 to 1.14.6 2025-10-06 09:11:17 -05:00
Rob Winch
904f5157fa
Bump com.webauthn4j:webauthn4j-core from 0.29.6.RELEASE to 0.29.7.RELEASE 2025-10-06 09:11:15 -05:00
Rob Winch
f57c9ffcbb
Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 2025-10-06 09:10:34 -05:00
dependabot[bot]
b7f40a4e08
Bump org.hibernate.orm:hibernate-core from 6.6.29.Final to 6.6.31.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.29.Final to 6.6.31.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.31/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.29...6.6.31)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.31.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 03:21:28 +00:00
dependabot[bot]
dd7f809564
Bump org.hibernate.orm:hibernate-core from 6.6.29.Final to 6.6.31.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.29.Final to 6.6.31.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.31/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.29...6.6.31)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.31.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 03:13:36 +00:00
dependabot[bot]
564726adea
Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.6.RELEASE to 0.29.7.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.6.RELEASE...0.29.7.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.7.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-02 03:19:11 +00:00
dependabot[bot]
c1375b857a
Bump io.mockk:mockk from 1.14.5 to 1.14.6 
Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.14.5 to 1.14.6.
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](https://github.com/mockk/mockk/compare/1.14.5...1.14.6)

---
updated-dependencies:
- dependency-name: io.mockk:mockk
  dependency-version: 1.14.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-02 03:17:57 +00:00
dependabot[bot]
dc5962af16
Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.18 to 1.5.19.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.19)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-01 03:20:55 +00:00
dependabot[bot]
70da545463
Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.18 to 1.5.19.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.19)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-01 03:20:01 +00:00
dependabot[bot]
02bc3adfb8
Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.5 to 3.27.6.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.5...assertj-build-3.27.6)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-23 03:17:16 +00:00
Rob Winch
1878a1e03b
Merge branch '6.4.x' into 6.5.x 2025-09-22 11:57:26 -05:00