Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-12-27 02:23:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,955 Commits 54 Branches 369 Tags
Commit Graph

18955 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
e5a379cc91 Release 6.5.7 6.5.7 2025-11-17 17:04:45 +00:00
Rob Winch
7ad28772bc
Update to Spring Data 2024.1.12 
Closes gh-18182
 2025-11-17 10:31:45 -06:00
Rob Winch
2678925c21
Update to Reactor 2024.0.12 
This aligns with Spring Framework's version.

Closes gh-18181
 2025-11-17 10:30:45 -06:00
Rob Winch
87472c9ab4
Update to Spring Framework 6.2.13 
Closes gh-18180
 2025-11-17 10:29:49 -06:00
Rob Winch
ea036702fc
Merge branch '6.4.x' into 6.5.x 2025-11-17 10:27:16 -06:00
Rob Winch
09805317e6
Update Spring Data 2024.1.12 
Closes gh-18179
 2025-11-17 10:27:01 -06:00
Rob Winch
4ab933803f
Update to Reactor 2024.0.12 
This aligns with Spring Framework's version of Reactor

Closes gh-18178
 2025-11-17 10:26:09 -06:00
Rob Winch
d2b1cb572f
Update to Spring Framework 6.2.13 
Closes gh-18177
 2025-11-17 10:25:21 -06:00
Rob Winch
70076188af
Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 2025-11-17 09:34:44 -06:00
Rob Winch
57c9b1365c
Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final 2025-11-17 09:34:42 -06:00
Rob Winch
1c3d28f14d
Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 2025-11-17 09:34:40 -06:00
Rob Winch
aaadb43ef8
Bump org-aspectj from 1.9.24 to 1.9.25 2025-11-17 09:34:38 -06:00
Rob Winch
a6c1a02afa
Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 2025-11-17 09:34:35 -06:00
Rob Winch
baebd04df7
Merge branch '6.4.x' into 6.5.x 2025-11-17 09:34:26 -06:00
Rob Winch
d0166004aa
Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 2025-11-17 09:33:40 -06:00
Rob Winch
9f96fbcda0
Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final 2025-11-17 09:33:37 -06:00
Rob Winch
ccffb48fd1
Bump org-aspectj from 1.9.24 to 1.9.25 2025-11-17 09:33:35 -06:00
Rob Winch
d0fcdebe88
Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 2025-11-17 09:33:33 -06:00
dependabot[bot]
af47cc2abe
Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.12 to 1.14.13.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.12...v1.14.13)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-07 03:20:24 +00:00
dependabot[bot]
f997e22d9d
Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.12 to 1.14.13.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.12...v1.14.13)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-07 03:14:59 +00:00
dependabot[bot]
c85cb2d1ef
Bump org-aspectj from 1.9.24 to 1.9.25 
Bumps `org-aspectj` from 1.9.24 to 1.9.25.

Updates `org.aspectj:aspectjrt` from 1.9.24 to 1.9.25
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

Updates `org.aspectj:aspectjweaver` from 1.9.24 to 1.9.25
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

---
updated-dependencies:
- dependency-name: org.aspectj:aspectjrt
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.aspectj:aspectjweaver
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 03:19:48 +00:00
dependabot[bot]
bf26dd9b33
Bump io.spring.gradle:spring-security-release-plugin 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.11 to 1.0.13.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.11...v1.0.13)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 03:19:25 +00:00
dependabot[bot]
ff908c4d7c
Bump io.spring.gradle:spring-security-release-plugin 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.11 to 1.0.13.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.11...v1.0.13)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 03:15:17 +00:00
dependabot[bot]
521f533fc4
Bump org-aspectj from 1.9.24 to 1.9.25 
Bumps `org-aspectj` from 1.9.24 to 1.9.25.

Updates `org.aspectj:aspectjrt` from 1.9.24 to 1.9.25
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

Updates `org.aspectj:aspectjweaver` from 1.9.24 to 1.9.25
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

---
updated-dependencies:
- dependency-name: org.aspectj:aspectjrt
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.aspectj:aspectjweaver
  dependency-version: 1.9.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 03:14:41 +00:00
Josh Cummings
f988272fff Merge branch '6.4.x' into 6.5.x 2025-11-04 14:04:29 -07:00
Josh Cummings
532d0bef14 Add Test to Confirm 72-byte BCrypt Password Limit 
Closes gh-18133
 2025-11-04 14:04:02 -07:00
Rob Winch
c1e9e10bf0
Merge branch '6.4.x' into 6.5.x 
Closes gh-18131
 2025-11-04 11:28:40 -06:00
Daniel Garnier-Moiroux
fed6df5167 Default WebAuthnConfigurer#rpName to rpId 
In WebAuthn L3 spec, PublicKeyCredentialEntity.name is deprecated:

> This member is deprecated because many clients do not display it,
> but it remains a required dictionary member for backwards compatibility.
> Relying Parties MAY, as a safe default, set this equal to the RP ID.

Source: https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialentity

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-11-04 11:16:22 -06:00
Rob Winch
8fa2fc0e1e
Merge branch '6.4.x' into 6.5.x 2025-11-04 10:24:15 -06:00
Daniel Garnier-Moiroux
4feeb0f843 Docs: document effects of disabling CORS configurer 
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-11-04 10:23:46 -06:00
namest504
6501e97ece Fix sensitive case in JwtTypeValidator 
Closes gh-18092

Signed-off-by: namest504 <namest504@gmail.com>
 2025-10-28 12:08:29 -06:00
dependabot[bot]
ee49c18ce2
Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.33.Final to 6.6.34.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.34/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.33...6.6.34)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.34.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-28 03:20:26 +00:00
dependabot[bot]
f0afca7610
Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.4.1 to 2.18.5.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.4.1...jackson-bom-2.18.5)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-28 03:19:44 +00:00
dependabot[bot]
8b0689cbb8
Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.33.Final to 6.6.34.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.34/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.33...6.6.34)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.34.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-28 03:15:58 +00:00
dependabot[bot]
28e158d1cb
Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.4.1 to 2.18.5.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.4.1...jackson-bom-2.18.5)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-28 03:15:38 +00:00
Josh Cummings
f548aaf5c5 Merge branch '6.4.x' into 6.5.x 2025-10-20 17:42:25 -06:00
Josh Cummings
1c112005fa Don't Attempt to Generate Token Without Valid Token Request 
Closes gh-18088

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2025-10-20 17:09:43 -06:00
Marcus Hert da Coregio
e0a71eb00e Fix GenerateOneTimeTokenRequestResolver ignored if username param not present 
Signed-off-by: Marcus Hert da Coregio <marcusdacoregio@gmail.com>
 2025-10-20 17:09:43 -06:00
Josh Cummings
42ddaba870 Next Development Version 2025-10-20 17:07:18 -06:00
Himanshu Pareek
dcb4e47cd5 Add Include-Code to the Password Storage page 
References gh-16226

Signed-off-by: Himanshu Pareek <himanshupareekiit01@gmail.com>
 2025-10-20 16:35:23 -06:00
Rob Winch
82f87cf2b6
Next Development Version 2025-10-20 16:55:17 -05:00
github-actions[bot]
56a23d9ddc Release 6.5.6 6.5.6 2025-10-20 17:17:40 +00:00
github-actions[bot]
dc5aed9b5f Release 6.4.12 6.4.12 2025-10-20 17:17:37 +00:00
Rob Winch
cb994aad6c
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 2025-10-20 09:15:32 -05:00
Rob Winch
6f6ee0c060
Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 2025-10-20 09:15:30 -05:00
Rob Winch
9cecc2cf09
Merge branch '6.4.x' into 6.5.x 2025-10-20 09:15:18 -05:00
Rob Winch
f19c9c8625
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 2025-10-20 09:14:31 -05:00
dependabot[bot]
8b89e31e3d
Bump org.springframework.data:spring-data-bom 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.10 to 2024.1.11.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.10...2024.1.11)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:18:26 +00:00
dependabot[bot]
67b15be917
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:18:21 +00:00
dependabot[bot]
217a29e6ba
Bump org.springframework.data:spring-data-bom 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.10 to 2024.1.11.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.10...2024.1.11)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:12:54 +00:00