Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-25 06:34:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,105 Commits 51 Branches 373 Tags
Commit Graph

20105 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Winch
f2aef5168c
Merge branch '6.5.x' into 7.0.x 2026-02-23 08:13:38 -06:00
dependabot[bot]
ac556a45f9 Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.42.Final to 6.6.43.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.43/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.42...6.6.43)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.43.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-23 08:12:23 -06:00
dependabot[bot]
c8731a8dc0 Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.5 to 2.18.6.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.5...jackson-bom-2.18.6)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-23 08:12:09 -06:00
Robert Winch
a4a6e9124c
Merge branch '6.5.x' into 7.0.x 2026-02-19 13:30:13 -06:00
Robert Winch
b21159f453
Bump org.junit:junit-bom from 6.0.2 to 6.0.3 2026-02-19 13:29:42 -06:00
Robert Winch
6f7c8cb352
Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 2026-02-19 13:29:36 -06:00
Robert Winch
5973a66bb1
Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 2026-02-19 13:29:30 -06:00
Robert Winch
3e3eeda560
Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 2026-02-19 13:28:49 -06:00
dependabot[bot]
e2486a2590 Bump org.springframework:spring-framework-bom from 7.0.4 to 7.0.5 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.4 to 7.0.5.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.4...v7.0.5)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 7.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-19 10:58:10 -06:00
dependabot[bot]
3c55f057b1
Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.29 to 1.5.32.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.29...v_1.5.32)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-17 03:10:25 +00:00
dependabot[bot]
6d2a414022
Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 
Bumps `org-apache-maven-resolver` from 1.9.25 to 1.9.26.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.25 to 1.9.26
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.25 to 1.9.26
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.25 to 1.9.26

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-17 03:09:56 +00:00
dependabot[bot]
58df50c3a3
Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 
Bumps `org-apache-maven-resolver` from 1.9.25 to 1.9.26.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.25 to 1.9.26
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.25 to 1.9.26
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.25 to 1.9.26

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-17 03:06:35 +00:00
dependabot[bot]
79156b2387
Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.29 to 1.5.32.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.29...v_1.5.32)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-17 03:06:15 +00:00
dependabot[bot]
3abb69d5a9
Bump org.junit:junit-bom from 6.0.2 to 6.0.3 
Bumps [org.junit:junit-bom](https://github.com/junit-team/junit-framework) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](https://github.com/junit-team/junit-framework/compare/r6.0.2...r6.0.3)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-16 03:15:44 +00:00
github-actions[bot]
6c2b2a7611 Next development version 2026-02-13 18:24:26 +00:00
github-actions[bot]
0fab34f359 Release 6.5.8 6.5.8 2026-02-13 17:54:05 +00:00
github-actions[bot]
c0da8b390b Next development version 2026-02-13 15:57:31 +00:00
github-actions[bot]
ffe73b4920 Release 7.0.3 7.0.3 2026-02-13 15:26:51 +00:00
Joe Grandja
f0ffda89e0 Update to spring-data-bom 2025.1.3 
Closes gh-18735
 2026-02-13 08:18:47 -05:00
dependabot[bot]
746c6e124e Bump org.springframework:spring-framework-bom from 7.0.3 to 7.0.4 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.3 to 7.0.4.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.3...v7.0.4)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 7.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 06:48:23 -05:00
dependabot[bot]
08e5b375ac Bump io.projectreactor:reactor-bom from 2024.0.14 to 2024.0.15 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2024.0.14 to 2024.0.15.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2024.0.14...2024.0.15)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2024.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 06:41:17 -05:00
dependabot[bot]
123a2d79cf Bump io.projectreactor:reactor-bom from 2025.0.2 to 2025.0.3 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.2 to 2025.0.3.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.2...2025.0.3)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 06:40:14 -05:00
dependabot[bot]
f9c32afb6f Bump org.springframework:spring-framework-bom from 6.2.15 to 6.2.16 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.15 to 6.2.16.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.15...v6.2.16)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 06:33:08 -05:00
dependabot[bot]
0c3e483432 Bump org.springframework.ldap:spring-ldap-core from 4.0.1 to 4.0.2 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/4.0.1...4.0.2)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 4.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 06:31:35 -05:00
Josh Cummings
b804da974d Update Test to Align with webauthn4j 
The latest webauthn4j exposes Jackson 3 instead of Jackson 2,
as such this test now uses Jackson 3 where needed.

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-12 16:45:13 -07:00
dependabot[bot]
b9bb5e0b52 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.7.RELEASE to 0.31.0.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.7.RELEASE...0.31.0.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.31.0.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-12 16:45:13 -07:00
Josh Cummings
4fd8e1d596 Remove Trailing Bytes from AttestationStatement 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-12 16:45:13 -07:00
Josh Cummings
c59fb0cd35 Add Jackson 2 Databind as Optional Dependency 
Since spring-security-webauthn has Jackson 2 Mixins, it would
be clearer to set Jackson 2 explicitly as an optional dependency

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-12 16:45:13 -07:00
dependabot[bot]
50aba3aaf3
Bump io.spring.gradle:spring-security-release-plugin 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...v1.0.14)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-12 10:35:14 -07:00
dependabot[bot]
3d61276a1a Bump io.spring.gradle:spring-security-release-plugin 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...v1.0.14)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-12 10:31:30 -07:00
Josh Cummings
6cbbf6c561
Merge branch '6.5.x' into 7.0.x 2026-02-12 10:27:46 -07:00
Josh Cummings
10cb6f7003
Update spring-security-release-tools 1.0.14 2026-02-12 10:25:47 -07:00
Josh Cummings
252c69460e
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-10 13:41:29 -07:00
dependabot[bot]
3131642aae Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 
Bumps [io.micrometer:context-propagation](https://github.com/micrometer-metrics/context-propagation) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/micrometer-metrics/context-propagation/releases)
- [Commits](https://github.com/micrometer-metrics/context-propagation/compare/v1.1.3...v1.1.4)

---
updated-dependencies:
- dependency-name: io.micrometer:context-propagation
  dependency-version: 1.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 13:41:09 -07:00
dependabot[bot]
552d8d1d29 Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.28 to 1.5.29.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.28...v_1.5.29)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 13:39:59 -07:00
dependabot[bot]
f240f29433 Bump gradle-wrapper from 8.14 to 8.14.4 
Bumps gradle-wrapper from 8.14 to 8.14.4.

---
updated-dependencies:
- dependency-name: gradle-wrapper
  dependency-version: 8.14.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 13:39:38 -07:00
dependabot[bot]
06caf327c1 Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 
Bumps [jakarta.xml.bind:jakarta.xml.bind-api](https://github.com/jakartaee/jaxb-api) from 4.0.4 to 4.0.5.
- [Release notes](https://github.com/jakartaee/jaxb-api/releases)
- [Commits](https://github.com/jakartaee/jaxb-api/compare/4.0.4...4.0.5)

---
updated-dependencies:
- dependency-name: jakarta.xml.bind:jakarta.xml.bind-api
  dependency-version: 4.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:47:51 -07:00
dependabot[bot]
4cc6687916 Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 
Bumps [io.micrometer:context-propagation](https://github.com/micrometer-metrics/context-propagation) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/micrometer-metrics/context-propagation/releases)
- [Commits](https://github.com/micrometer-metrics/context-propagation/compare/v1.1.3...v1.1.4)

---
updated-dependencies:
- dependency-name: io.micrometer:context-propagation
  dependency-version: 1.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:47:18 -07:00
dependabot[bot]
108dc5996b Bump gradle-wrapper from 8.14 to 8.14.4 
Bumps gradle-wrapper from 8.14 to 8.14.4.

---
updated-dependencies:
- dependency-name: gradle-wrapper
  dependency-version: 8.14.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:40:49 -07:00
dependabot[bot]
8c3453dfd2 Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.28 to 1.5.29.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.28...v_1.5.29)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:40:25 -07:00
Robert Winch
ce963c744c
Merge Remove unnecessary Gradle wrapper from buildSrc 
Closes gh-18693
 2026-02-06 13:08:41 -06:00
Robert Winch
1efacf1ad8
Remove unnecessary Gradle wrapper from buildSrc 
buildSrc does not need its own Gradle wrapper and should use
the parent project's wrapper. Having a separate wrapper causes
Dependabot to detect and attempt to update it independently,
creating confusion and unnecessary PRs.

Closes gh-18692
 2026-02-06 13:06:17 -06:00
Robert Winch
71a10cef0b
Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22 2026-02-06 12:14:22 -06:00
Robert Winch
784e6efcf5
Bump io.mockk:mockk from 1.14.7 to 1.14.9 2026-02-06 12:14:19 -06:00
Robert Winch
1caefd748b
Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 2026-02-06 12:14:15 -06:00
Robert Winch
b427587d27
Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 2026-02-06 12:14:12 -06:00
Robert Winch
832635c9e8
Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.28 2026-02-06 12:14:09 -06:00
Robert Winch
e45258a8bc
Merge branch '6.5.x' into 7.0.x 2026-02-06 12:13:35 -06:00
dependabot[bot]
fa7c6ea583
Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22 
Bumps [spring-io/spring-doc-actions](https://github.com/spring-io/spring-doc-actions) from 0.0.20 to 0.0.22.
- [Commits](e28269199d...415e2b11a7)

---
updated-dependencies:
- dependency-name: spring-io/spring-doc-actions
  dependency-version: 0.0.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 12:12:57 -06:00
dependabot[bot]
3841e0f6b3
Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 
Bumps [jakarta.xml.bind:jakarta.xml.bind-api](https://github.com/jakartaee/jaxb-api) from 4.0.4 to 4.0.5.
- [Release notes](https://github.com/jakartaee/jaxb-api/releases)
- [Commits](https://github.com/jakartaee/jaxb-api/compare/4.0.4...4.0.5)

---
updated-dependencies:
- dependency-name: jakarta.xml.bind:jakarta.xml.bind-api
  dependency-version: 4.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 12:12:56 -06:00