Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 21:12:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,461 Commits 55 Branches 348 Tags
Commit Graph

17461 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
e5d9659b8f Merge branch '6.3.x' into 6.4.x 2025-04-18 03:37:29 +00:00
dependabot[bot]
99c4f58c34 Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.11 to 3.2.12.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.11...3.2.12)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-17 20:36:42 -07:00
Joe Grandja
cb60d8b3ed Merge branch '6.3.x' into 6.4.x 
Closes gh-16951
 2025-04-17 05:17:38 -04:00
Joe Grandja
c1aa99fdd2 Enforce BCrypt password length for new passwords only 
Closes gh-16802
 2025-04-17 04:53:33 -04:00
dependabot[bot]
f1a211ae0c Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.16 to 2023.0.17.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.16...2023.0.17)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2023.0.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-15 21:22:57 -07:00
github-actions[bot]
a1481572ed Merge branch '6.3.x' into 6.4.x 2025-04-16 03:51:45 +00:00
dependabot[bot]
eb01394427 Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.16 to 2023.0.17.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.16...2023.0.17)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2023.0.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-15 20:50:56 -07:00
dependabot[bot]
0ff3474e2d Bump io.micrometer:micrometer-observation from 1.14.5 to 1.14.6 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.5 to 1.14.6.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.5...v1.14.6)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-14 20:34:10 -07:00
dependabot[bot]
2ce4aecec7 Bump org-aspectj from 1.9.22.1 to 1.9.24 
Bumps `org-aspectj` from 1.9.22.1 to 1.9.24.

Updates `org.aspectj:aspectjrt` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

Updates `org.aspectj:aspectjweaver` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

---
updated-dependencies:
- dependency-name: org.aspectj:aspectjrt
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.aspectj:aspectjweaver
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-13 20:30:04 -07:00
github-actions[bot]
7c90300912 Merge branch '6.3.x' into 6.4.x 2025-04-14 03:23:18 +00:00
dependabot[bot]
0d3d6f75f8 Bump org-aspectj from 1.9.22.1 to 1.9.24 
Bumps `org-aspectj` from 1.9.22.1 to 1.9.24.

Updates `org.aspectj:aspectjrt` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

Updates `org.aspectj:aspectjweaver` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

---
updated-dependencies:
- dependency-name: org.aspectj:aspectjrt
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.aspectj:aspectjweaver
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-13 20:22:34 -07:00
dependabot[bot]
a10a35c2ac Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.3...v1.0.4)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-09 21:12:41 -07:00
github-actions[bot]
ee13d19503 Merge branch '6.3.x' into 6.4.x 2025-04-10 03:34:09 +00:00
dependabot[bot]
eb83c35ded Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.3...v1.0.4)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-09 20:33:22 -07:00
Steve Riesenberg
db34de59bc
Merge branch '6.3.x' into 6.4.x 
Closes gh-16901
 2025-04-07 10:55:51 -05:00
Steve Riesenberg
3c0fef59b5
Polish gh-16039 
Closes gh-16038
 2025-04-07 10:54:09 -05:00
Jonah Klöckner
da94fbe431
Evaluate URI query parameter only if enabled 
Issue gh-16038
 2025-04-07 10:54:07 -05:00
dependabot[bot]
a081402383 Bump org.hibernate.orm:hibernate-core from 6.6.12.Final to 6.6.13.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.12.Final to 6.6.13.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.13/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.12...6.6.13)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.13.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-06 20:55:51 -07:00
dependabot[bot]
f3c8262a00 Bump spring-io/spring-doc-actions from 0.0.19 to 0.0.20 
Bumps [spring-io/spring-doc-actions](https://github.com/spring-io/spring-doc-actions) from 0.0.19 to 0.0.20.
- [Commits](c203826512...e28269199d)

---
updated-dependencies:
- dependency-name: spring-io/spring-doc-actions
  dependency-version: 0.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-06 17:22:18 -07:00
Josh Cummings
0954638d57
Merge branch '6.3.x' into 6.4.x 
Closes gh-16862
 2025-04-01 12:02:25 -06:00
DingHao
857ef6fe08 WithHttpOnlyCookie defaults to false 
Closes gh-16820

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-04-01 11:59:51 -06:00
dependabot[bot]
55815103a5 Bump org.hibernate.orm:hibernate-core from 6.6.11.Final to 6.6.12.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.11.Final to 6.6.12.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.12/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.11...6.6.12)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-30 21:00:22 -07:00
Steve Riesenberg
26c63aeb01
Merge branch '6.3.x' into 6.4.x 
Closes gh-16844
 2025-03-28 16:34:01 -05:00
Steve Riesenberg
b7df86197c
Apply request-handler-ref to CsrfAuthenticationStrategy 
Closes gh-16801
 2025-03-28 16:25:52 -05:00
Steve Riesenberg
c84c438075
Apply request-handler-ref to CsrfAuthenticationStrategy 
Closes gh-16801
 2025-03-28 16:08:36 -05:00
Josh Cummings
1ad4323cec
Merge branch '6.3.x' into 6.4.x 2025-03-27 16:43:43 -06:00
DingHao
1e7db094d1 Use correct message prompt 
Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-03-27 16:42:52 -06:00
Josh Cummings
6c5b6d1c51
Merge branch '6.3.x' into 6.4.x 
Closes gh-16837
 2025-03-27 16:32:12 -06:00
Josh Cummings
456604ab45 Sort Default Advisors and Added Advisors 
This commit ensures that the default advisors and added advisors
are sorted in the event that this component is not being published
as a Spring bean.

Issue gh-16819
 2025-03-27 16:18:00 -06:00
Josh Cummings
15b9a50060 Add Test 
Issue gh-16819
 2025-03-27 16:18:00 -06:00
Tran Ngoc Nhan
fcc1bd598d Sort Advisors AfterSingletonsInstantiated 
In order to make so that authorization advisors are sorted
only one time and also as part of the configuration lifecycle,
AuthorizationAdvisorProxyFactory now implements
SmartInitializingBean.

Closes gh-16819

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-03-27 16:18:00 -06:00
Rob Winch
1f3dd53bdf
Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity 
Closes gh-16606
 2025-03-25 16:14:58 -05:00
Rob Winch
a6b5c05da9
Additional WebAuthn4jRelyingPartyOperationTests 
- verify that anonymous users not saved
- verify that when user found the CredentialRecord is allowed

Issue gh-16385
 2025-03-25 16:14:25 -05:00
Rob Winch
9c054474a8
Use Test Name Conventions 
Issue gh-16385
 2025-03-25 16:14:25 -05:00
Rob Winch
593f7c4490
Use !isAuthenticated 
It's more verbose to see if the user is not null and not anonymous

Issue gh-16385
 2025-03-25 16:14:25 -05:00
Rob Winch
4e20d56d2d
Fix format for WebAuthn4jRelyingPartyOperations 
Issue gh-16385
 2025-03-25 16:14:25 -05:00
Josh Cummings
26aa253633
Merge branch '6.3.x' into 6.4.x 2025-03-25 15:11:42 -06:00
github-actions[bot]
af2668f7cb Bump Gradle Wrapper from 8.10.2 to 8.13. 
Release notes of Gradle 8.13 can be found here:
https://docs.gradle.org/8.13/release-notes.html

Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
 2025-03-25 15:11:10 -06:00
Tomas Borghi
0a084135ec
Delete import unused 
Signed-off-by: Tomas Borghi <137845283+Borghii@users.noreply.github.com>
 2025-03-24 16:50:39 -03:00
Tomas Borghi
5571ad1b27
Fix issues identified in PR review 
Signed-off-by: Tomas Borghi <137845283+Borghii@users.noreply.github.com>
 2025-03-24 13:18:23 -03:00
Borghi
e3a715b8f5 Fix issues identified in PR review 
Signed-off-by: Borghi <137845283+Borghii@users.noreply.github.com>
 2025-03-24 13:00:27 -03:00
dependabot[bot]
2f04512e01 Bump spring-io/spring-doc-actions from 0.0.18 to 0.0.19 
Bumps [spring-io/spring-doc-actions](https://github.com/spring-io/spring-doc-actions) from 0.0.18 to 0.0.19.
- [Commits](852920ba3f...c203826512)

---
updated-dependencies:
- dependency-name: spring-io/spring-doc-actions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-23 18:49:53 -07:00
github-actions[bot]
23444dd13f Merge branch '6.3.x' into 6.4.x 2025-03-24 01:41:22 +00:00
dependabot[bot]
883765b2de Bump @springio/asciidoctor-extensions in /docs 
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.16 to 1.0.0-alpha.17.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.16...v1.0.0-alpha.17)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-23 18:40:37 -07:00
Rob Winch
c032b20178
Merge branch '6.3.x' into 6.4.x 2025-03-21 15:59:51 -05:00
Rob Winch
58e7ba4a4b
https docs download 2025-03-21 15:59:39 -05:00
Josh Cummings
db8b6322e2
Merge branch '6.3.x' into 6.4.x 2025-03-21 14:47:24 -06:00
Bragolgirith
72554f7f36 Update authorize-http-requests.adoc 
Fix patterns in the Security Matchers documentation

Signed-off-by: Bragolgirith <6455473+Bragolgirith@users.noreply.github.com>
 2025-03-21 14:46:53 -06:00
Rob Winch
af8786150e
Merge branch '6.3.x' into 6.4.x 
Closes gh-16799
 2025-03-21 15:11:18 -05:00
Rob Winch
65e83f8e7a
Add link to docs zip 
Closes gh-16798
 2025-03-21 15:10:52 -05:00