Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-25 14:45:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,084 Commits 51 Branches 373 Tags
Commit Graph

20084 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Grandja
f0ffda89e0 Update to spring-data-bom 2025.1.3 
Closes gh-18735
 2026-02-13 08:18:47 -05:00
dependabot[bot]
746c6e124e Bump org.springframework:spring-framework-bom from 7.0.3 to 7.0.4 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.3 to 7.0.4.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.3...v7.0.4)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 7.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 06:48:23 -05:00
dependabot[bot]
123a2d79cf Bump io.projectreactor:reactor-bom from 2025.0.2 to 2025.0.3 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.2 to 2025.0.3.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.2...2025.0.3)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 06:40:14 -05:00
dependabot[bot]
0c3e483432 Bump org.springframework.ldap:spring-ldap-core from 4.0.1 to 4.0.2 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/4.0.1...4.0.2)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 4.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 06:31:35 -05:00
Josh Cummings
b804da974d Update Test to Align with webauthn4j 
The latest webauthn4j exposes Jackson 3 instead of Jackson 2,
as such this test now uses Jackson 3 where needed.

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-12 16:45:13 -07:00
dependabot[bot]
b9bb5e0b52 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.7.RELEASE to 0.31.0.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.7.RELEASE...0.31.0.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.31.0.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-12 16:45:13 -07:00
Josh Cummings
4fd8e1d596 Remove Trailing Bytes from AttestationStatement 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-12 16:45:13 -07:00
Josh Cummings
c59fb0cd35 Add Jackson 2 Databind as Optional Dependency 
Since spring-security-webauthn has Jackson 2 Mixins, it would
be clearer to set Jackson 2 explicitly as an optional dependency

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-12 16:45:13 -07:00
dependabot[bot]
50aba3aaf3
Bump io.spring.gradle:spring-security-release-plugin 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...v1.0.14)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-12 10:35:14 -07:00
Josh Cummings
6cbbf6c561
Merge branch '6.5.x' into 7.0.x 2026-02-12 10:27:46 -07:00
Josh Cummings
10cb6f7003
Update spring-security-release-tools 1.0.14 2026-02-12 10:25:47 -07:00
Josh Cummings
252c69460e
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-10 13:41:29 -07:00
dependabot[bot]
3131642aae Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 
Bumps [io.micrometer:context-propagation](https://github.com/micrometer-metrics/context-propagation) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/micrometer-metrics/context-propagation/releases)
- [Commits](https://github.com/micrometer-metrics/context-propagation/compare/v1.1.3...v1.1.4)

---
updated-dependencies:
- dependency-name: io.micrometer:context-propagation
  dependency-version: 1.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 13:41:09 -07:00
dependabot[bot]
552d8d1d29 Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.28 to 1.5.29.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.28...v_1.5.29)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 13:39:59 -07:00
dependabot[bot]
f240f29433 Bump gradle-wrapper from 8.14 to 8.14.4 
Bumps gradle-wrapper from 8.14 to 8.14.4.

---
updated-dependencies:
- dependency-name: gradle-wrapper
  dependency-version: 8.14.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 13:39:38 -07:00
dependabot[bot]
06caf327c1 Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 
Bumps [jakarta.xml.bind:jakarta.xml.bind-api](https://github.com/jakartaee/jaxb-api) from 4.0.4 to 4.0.5.
- [Release notes](https://github.com/jakartaee/jaxb-api/releases)
- [Commits](https://github.com/jakartaee/jaxb-api/compare/4.0.4...4.0.5)

---
updated-dependencies:
- dependency-name: jakarta.xml.bind:jakarta.xml.bind-api
  dependency-version: 4.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:47:51 -07:00
dependabot[bot]
4cc6687916 Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 
Bumps [io.micrometer:context-propagation](https://github.com/micrometer-metrics/context-propagation) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/micrometer-metrics/context-propagation/releases)
- [Commits](https://github.com/micrometer-metrics/context-propagation/compare/v1.1.3...v1.1.4)

---
updated-dependencies:
- dependency-name: io.micrometer:context-propagation
  dependency-version: 1.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:47:18 -07:00
dependabot[bot]
108dc5996b Bump gradle-wrapper from 8.14 to 8.14.4 
Bumps gradle-wrapper from 8.14 to 8.14.4.

---
updated-dependencies:
- dependency-name: gradle-wrapper
  dependency-version: 8.14.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:40:49 -07:00
dependabot[bot]
8c3453dfd2 Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.28 to 1.5.29.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.28...v_1.5.29)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:40:25 -07:00
Robert Winch
ce963c744c
Merge Remove unnecessary Gradle wrapper from buildSrc 
Closes gh-18693
 2026-02-06 13:08:41 -06:00
Robert Winch
1efacf1ad8
Remove unnecessary Gradle wrapper from buildSrc 
buildSrc does not need its own Gradle wrapper and should use
the parent project's wrapper. Having a separate wrapper causes
Dependabot to detect and attempt to update it independently,
creating confusion and unnecessary PRs.

Closes gh-18692
 2026-02-06 13:06:17 -06:00
Robert Winch
71a10cef0b
Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22 2026-02-06 12:14:22 -06:00
Robert Winch
784e6efcf5
Bump io.mockk:mockk from 1.14.7 to 1.14.9 2026-02-06 12:14:19 -06:00
Robert Winch
1caefd748b
Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 2026-02-06 12:14:15 -06:00
Robert Winch
b427587d27
Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 2026-02-06 12:14:12 -06:00
Robert Winch
832635c9e8
Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.28 2026-02-06 12:14:09 -06:00
Robert Winch
e45258a8bc
Merge branch '6.5.x' into 7.0.x 2026-02-06 12:13:35 -06:00
dependabot[bot]
fa7c6ea583
Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22 
Bumps [spring-io/spring-doc-actions](https://github.com/spring-io/spring-doc-actions) from 0.0.20 to 0.0.22.
- [Commits](e28269199d...415e2b11a7)

---
updated-dependencies:
- dependency-name: spring-io/spring-doc-actions
  dependency-version: 0.0.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 12:12:57 -06:00
dependabot[bot]
3841e0f6b3
Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 
Bumps [jakarta.xml.bind:jakarta.xml.bind-api](https://github.com/jakartaee/jaxb-api) from 4.0.4 to 4.0.5.
- [Release notes](https://github.com/jakartaee/jaxb-api/releases)
- [Commits](https://github.com/jakartaee/jaxb-api/compare/4.0.4...4.0.5)

---
updated-dependencies:
- dependency-name: jakarta.xml.bind:jakarta.xml.bind-api
  dependency-version: 4.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 12:12:56 -06:00
Robert Winch
50fad46df6
Bump @antora/atlas-extension in /docs 
---
updated-dependencies:
- dependency-name: "@antora/atlas-extension"
  dependency-version: 1.0.0-alpha.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 12:12:48 -06:00
dependabot[bot]
e28eea208b
Bump @springio/antora-extensions from 1.14.4 to 1.14.7 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.4 to 1.14.7.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.4...v1.14.7)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 12:11:58 -06:00
dependabot[bot]
f646392542
Bump @antora/collector-extension from 1.0.1 to 1.0.2 in /docs 
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-version: 1.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 12:11:57 -06:00
dependabot[bot]
ffeda7a1b3
Bump ch.qos.logback:logback-classic from 1.5.27 to 1.5.28 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.27 to 1.5.28.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.27...v_1.5.28)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 12:11:57 -06:00
dependabot[bot]
c85e7a0828
Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.28 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.24 to 1.5.28.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.24...v_1.5.28)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 17:54:04 +00:00
dependabot[bot]
14cf90a7b9
Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 
Bumps [io.spring.develocity.conventions](https://github.com/spring-io/develocity-conventions) from 0.0.24 to 0.0.25.
- [Release notes](https://github.com/spring-io/develocity-conventions/releases)
- [Commits](https://github.com/spring-io/develocity-conventions/compare/v0.0.24...v0.0.25)

---
updated-dependencies:
- dependency-name: io.spring.develocity.conventions
  dependency-version: 0.0.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 17:53:25 +00:00
dependabot[bot]
729e58b9de
Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.6 to 3.27.7.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.6...assertj-build-3.27.7)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 17:53:06 +00:00
dependabot[bot]
5c678bd78a
Bump io.mockk:mockk from 1.14.7 to 1.14.9 
Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.14.7 to 1.14.9.
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](https://github.com/mockk/mockk/compare/1.14.7...1.14.9)

---
updated-dependencies:
- dependency-name: io.mockk:mockk
  dependency-version: 1.14.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 17:52:45 +00:00
dependabot[bot]
52ca16fa4b
Bump antora from 3.2.0-alpha.8 to 3.2.0-alpha.11 in /docs 
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.8 to 3.2.0-alpha.11.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.8...v3.2.0-alpha.11)

---
updated-dependencies:
- dependency-name: antora
  dependency-version: 3.2.0-alpha.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 17:52:25 +00:00
Robert Winch
31993e72ea Update to Spring Framework 7.0.3 2026-02-06 09:24:43 -06:00
Robert Winch
0bd3aa9a02
Bump org.springframework.data:spring-data-bom from 2025.1.1 to 2025.1.2 2026-02-06 09:02:42 -06:00
Robert Winch
dc7edcaf95
Bump org.springframework:spring-framework-bom from 7.0.3-SNAPSHOT to 7.0.4-SNAPSHOT 2026-02-06 09:02:35 -06:00
Robert Winch
310abcf23b
Bump io.projectreactor:reactor-bom from 2025.0.1 to 2025.0.2 2026-02-06 09:02:29 -06:00
Robert Winch
5807da104b
Bump tools.jackson:jackson-bom from 3.0.3 to 3.0.4 2026-02-06 09:02:23 -06:00
Robert Winch
24e5f2f910
Bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.20.2 2026-02-06 09:02:15 -06:00
dependabot[bot]
4f8fcea4de
Bump org.springframework.data:spring-data-bom from 2025.1.1 to 2025.1.2 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2025.1.1 to 2025.1.2.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2025.1.1...2025.1.2)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2025.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 09:00:01 -06:00
dependabot[bot]
659aedbe96
Bump org.springframework:spring-framework-bom 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.3-SNAPSHOT to 7.0.4-SNAPSHOT.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/commits)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 7.0.4-SNAPSHOT
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 09:00:01 -06:00
dependabot[bot]
d589707385
Bump io.projectreactor:reactor-bom from 2025.0.1 to 2025.0.2 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.1 to 2025.0.2.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.1...2025.0.2)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 09:00:01 -06:00
dependabot[bot]
4734af6856
Bump tools.jackson:jackson-bom from 3.0.3 to 3.0.4 
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 3.0.3 to 3.0.4.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.0.3...jackson-bom-3.0.4)

---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 09:00:01 -06:00
dependabot[bot]
ac09b73725
Bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.20.2 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.20.1 to 2.20.2.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.20.1...jackson-bom-2.20.2)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.20.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 09:00:01 -06:00
Vincent Stradiot
075c48c0d8 Fix typo in documentation 
Signed-off-by: Vincent Stradiot <vincentstradiot@hotmail.com>
 2026-02-05 17:22:43 -07:00