Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-25 06:34:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,321 Commits 51 Branches 373 Tags
Commit Graph

20321 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tran Ngoc Nhan
dc8ed8b168 Fix checkstyle 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
17933ddab3 Resolve feedback 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
deb6416c93 Fix checkstyle 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
9323775c5f Update javadoc and apply StringUtils#hasLength 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
4cc5f543ab Add author 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
67bc1d8d4a Polish some methods 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
17b5cdde55 Remove redundant check and exception 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
e91b098c7c Update javadoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
21bef947b0 Use String#isEmpty 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Andrey Litvitski
6fcca39500 Mark CsrfTokenRequestAttributeHandler#setCsrfRequestAttributeName as Nullable 
Closes: gh-18617

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-02-17 16:57:15 -07:00
Joe Grandja
544f635e9b Polish gh-17246 2026-02-17 16:35:57 -05:00
Evgeniy Cheban
e4dcffae8a Ensure ID Token is updated after refresh token (Reactive) 
Closes gh-17188

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2026-02-17 14:38:15 -05:00
dependabot[bot]
f52f097a4d Bump ch.qos.logback:logback-classic from 1.5.31 to 1.5.32 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.31 to 1.5.32.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.31...v_1.5.32)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-17 03:16:46 +00:00
dependabot[bot]
1cd145d026 Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 
Bumps `org-apache-maven-resolver` from 1.9.25 to 1.9.26.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.25 to 1.9.26
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.25 to 1.9.26
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.25 to 1.9.26

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-17 03:16:31 +00:00
dependabot[bot]
4aa9ff99f5 Bump org.junit:junit-bom from 6.0.2 to 6.0.3 
Bumps [org.junit:junit-bom](https://github.com/junit-team/junit-framework) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](https://github.com/junit-team/junit-framework/compare/r6.0.2...r6.0.3)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-16 03:18:27 +00:00
dependabot[bot]
9b978ae70b Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.31 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.29 to 1.5.31.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.29...v_1.5.31)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.31
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-16 03:17:59 +00:00
Joe Grandja
73dff1f8a3 Next development version 2026-02-13 12:23:48 -05:00
Josh Cummings
e5906d97ea Remove Typo in Java Version Declaration 
Issue gh-18512

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-13 10:04:03 -07:00
github-actions[bot]
928ad9600c Release 7.1.0-M2 7.1.0-M2 2026-02-13 16:25:52 +00:00
dependabot[bot]
f9b2c86e1d Bump org.springframework.data:spring-data-bom from 2025.1.2 to 2025.1.3 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2025.1.2 to 2025.1.3.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2025.1.2...2025.1.3)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2025.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 12:19:41 +00:00
dependabot[bot]
d77e48f9ef Bump org.springframework.ldap:spring-ldap-core from 4.0.1 to 4.0.2 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/4.0.1...4.0.2)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 4.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 03:17:06 +00:00
dependabot[bot]
25da472d67 Bump org.springframework:spring-framework-bom from 7.0.3 to 7.0.4 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.3 to 7.0.4.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.3...v7.0.4)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 7.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 03:16:43 +00:00
dependabot[bot]
9d3e217b79 Bump spring-io/spring-security-release-tools from 1.0.13 to 1.0.14 
Bumps [spring-io/spring-security-release-tools](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...729fed56d42122f88583aff1be35c0800b7d77e9)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools
  dependency-version: 1.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 00:49:00 +00:00
dependabot[bot]
7bbfc09f49 Bump spring-io/spring-security-release-tools/.github/workflows/perform-release.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/perform-release.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...729fed56d42122f88583aff1be35c0800b7d77e9)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/perform-release.yml
  dependency-version: 1.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 00:47:48 +00:00
Josh Cummings
85e2d9298b Merge remote-tracking branch 'origin/7.0.x' 2026-02-12 16:46:14 -07:00
Josh Cummings
b804da974d Update Test to Align with webauthn4j 
The latest webauthn4j exposes Jackson 3 instead of Jackson 2,
as such this test now uses Jackson 3 where needed.

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-12 16:45:13 -07:00
dependabot[bot]
b9bb5e0b52 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.7.RELEASE to 0.31.0.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.7.RELEASE...0.31.0.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.31.0.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-12 16:45:13 -07:00
Josh Cummings
4fd8e1d596 Remove Trailing Bytes from AttestationStatement 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-12 16:45:13 -07:00
Josh Cummings
c59fb0cd35 Add Jackson 2 Databind as Optional Dependency 
Since spring-security-webauthn has Jackson 2 Mixins, it would
be clearer to set Jackson 2 explicitly as an optional dependency

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-12 16:45:13 -07:00
Josh Cummings
bc6ce0d346
Merge branch '7.0.x' 2026-02-12 10:36:20 -07:00
dependabot[bot]
50aba3aaf3
Bump io.spring.gradle:spring-security-release-plugin 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...v1.0.14)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-12 10:35:14 -07:00
Josh Cummings
25aec8c5e0
Update Release Steps to JDK 25 
Issue gh-18512

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-12 10:29:43 -07:00
Josh Cummings
6eb0af9912
Merge branch '7.0.x' 2026-02-12 10:28:00 -07:00
Josh Cummings
6cbbf6c561
Merge branch '6.5.x' into 7.0.x 2026-02-12 10:27:46 -07:00
Josh Cummings
10cb6f7003
Update spring-security-release-tools 1.0.14 2026-02-12 10:25:47 -07:00
Josh Cummings
7fdff6a907
Use spring-github-workflows Auto-Merge 2026-02-12 10:21:32 -07:00
github-actions[bot]
117af3bc2b
Merge pull request #18723 from spring-projects/dependabot/gradle/main/io.spring.gradle-spring-security-release-plugin-1.0.14 
Bump io.spring.gradle:spring-security-release-plugin from 1.0.13 to 1.0.14
 2026-02-12 03:17:42 +00:00
dependabot[bot]
c7f781423f
Bump io.spring.gradle:spring-security-release-plugin 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...v1.0.14)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-12 03:06:08 +00:00
github-actions[bot]
fb2f0d5c38
Merge pull request #18715 from spring-projects/dependabot/gradle/main/io.projectreactor-reactor-bom-2025.0.3 
Bump io.projectreactor:reactor-bom from 2025.0.2 to 2025.0.3
 2026-02-11 03:18:39 +00:00
github-actions[bot]
10b9cc8c2b
Merge pull request #18713 from spring-projects/dependabot/gradle/main/io.micrometer-micrometer-observation-1.16.3 
Bump io.micrometer:micrometer-observation from 1.16.2 to 1.16.3
 2026-02-11 03:18:24 +00:00
github-actions[bot]
5240878272
Merge pull request #18714 from spring-projects/dependabot/gradle/main/ch.qos.logback-logback-classic-1.5.29 
Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29
 2026-02-11 03:18:04 +00:00
dependabot[bot]
ba4bd61c5b
Bump io.projectreactor:reactor-bom from 2025.0.2 to 2025.0.3 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.2 to 2025.0.3.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.2...2025.0.3)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-11 03:06:26 +00:00
dependabot[bot]
c25ec70374
Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.28 to 1.5.29.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.28...v_1.5.29)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-11 03:06:19 +00:00
dependabot[bot]
8e1e0ca9d2
Bump io.micrometer:micrometer-observation from 1.16.2 to 1.16.3 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.16.2 to 1.16.3.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.16.2...v1.16.3)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.16.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-11 03:05:06 +00:00
Josh Cummings
705fa60a01 Document Method Security hasScope Support 
Issue gh-18013

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-10 15:23:32 -07:00
Tran Ngoc Nhan
f2b7cb2de5 Support hasScope in Method Security 
Closes gh-18013

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-10 15:23:32 -07:00
coehgns
8652950fb2 Fix typos in contributing guide Tidy up wording in CONTRIBUTING.adoc to improve readability. 
Signed-off-by: coehgns <modooboiroo@gmail.com>
 2026-02-10 13:54:55 -07:00
Josh Cummings
07ba3e623f
Merge branch '7.0.x' 2026-02-10 13:41:47 -07:00
Josh Cummings
252c69460e
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-10 13:41:29 -07:00
dependabot[bot]
3131642aae Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 
Bumps [io.micrometer:context-propagation](https://github.com/micrometer-metrics/context-propagation) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/micrometer-metrics/context-propagation/releases)
- [Commits](https://github.com/micrometer-metrics/context-propagation/compare/v1.1.3...v1.1.4)

---
updated-dependencies:
- dependency-name: io.micrometer:context-propagation
  dependency-version: 1.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 13:41:09 -07:00