Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-25 06:34:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,303 Commits 51 Branches 373 Tags
Commit Graph

20303 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
928ad9600c Release 7.1.0-M2 7.1.0-M2 2026-02-13 16:25:52 +00:00
dependabot[bot]
f9b2c86e1d Bump org.springframework.data:spring-data-bom from 2025.1.2 to 2025.1.3 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2025.1.2 to 2025.1.3.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2025.1.2...2025.1.3)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2025.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 12:19:41 +00:00
dependabot[bot]
d77e48f9ef Bump org.springframework.ldap:spring-ldap-core from 4.0.1 to 4.0.2 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/4.0.1...4.0.2)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 4.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 03:17:06 +00:00
dependabot[bot]
25da472d67 Bump org.springframework:spring-framework-bom from 7.0.3 to 7.0.4 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.3 to 7.0.4.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.3...v7.0.4)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 7.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 03:16:43 +00:00
dependabot[bot]
9d3e217b79 Bump spring-io/spring-security-release-tools from 1.0.13 to 1.0.14 
Bumps [spring-io/spring-security-release-tools](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...729fed56d42122f88583aff1be35c0800b7d77e9)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools
  dependency-version: 1.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 00:49:00 +00:00
dependabot[bot]
7bbfc09f49 Bump spring-io/spring-security-release-tools/.github/workflows/perform-release.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/perform-release.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...729fed56d42122f88583aff1be35c0800b7d77e9)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/perform-release.yml
  dependency-version: 1.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 00:47:48 +00:00
Josh Cummings
85e2d9298b Merge remote-tracking branch 'origin/7.0.x' 2026-02-12 16:46:14 -07:00
Josh Cummings
b804da974d Update Test to Align with webauthn4j 
The latest webauthn4j exposes Jackson 3 instead of Jackson 2,
as such this test now uses Jackson 3 where needed.

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-12 16:45:13 -07:00
dependabot[bot]
b9bb5e0b52 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.7.RELEASE to 0.31.0.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.7.RELEASE...0.31.0.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.31.0.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-12 16:45:13 -07:00
Josh Cummings
4fd8e1d596 Remove Trailing Bytes from AttestationStatement 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-12 16:45:13 -07:00
Josh Cummings
c59fb0cd35 Add Jackson 2 Databind as Optional Dependency 
Since spring-security-webauthn has Jackson 2 Mixins, it would
be clearer to set Jackson 2 explicitly as an optional dependency

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-12 16:45:13 -07:00
Josh Cummings
bc6ce0d346
Merge branch '7.0.x' 2026-02-12 10:36:20 -07:00
dependabot[bot]
50aba3aaf3
Bump io.spring.gradle:spring-security-release-plugin 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...v1.0.14)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-12 10:35:14 -07:00
Josh Cummings
25aec8c5e0
Update Release Steps to JDK 25 
Issue gh-18512

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-12 10:29:43 -07:00
Josh Cummings
6eb0af9912
Merge branch '7.0.x' 2026-02-12 10:28:00 -07:00
Josh Cummings
6cbbf6c561
Merge branch '6.5.x' into 7.0.x 2026-02-12 10:27:46 -07:00
Josh Cummings
10cb6f7003
Update spring-security-release-tools 1.0.14 2026-02-12 10:25:47 -07:00
Josh Cummings
7fdff6a907
Use spring-github-workflows Auto-Merge 2026-02-12 10:21:32 -07:00
github-actions[bot]
117af3bc2b
Merge pull request #18723 from spring-projects/dependabot/gradle/main/io.spring.gradle-spring-security-release-plugin-1.0.14 
Bump io.spring.gradle:spring-security-release-plugin from 1.0.13 to 1.0.14
 2026-02-12 03:17:42 +00:00
dependabot[bot]
c7f781423f
Bump io.spring.gradle:spring-security-release-plugin 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...v1.0.14)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-12 03:06:08 +00:00
github-actions[bot]
fb2f0d5c38
Merge pull request #18715 from spring-projects/dependabot/gradle/main/io.projectreactor-reactor-bom-2025.0.3 
Bump io.projectreactor:reactor-bom from 2025.0.2 to 2025.0.3
 2026-02-11 03:18:39 +00:00
github-actions[bot]
10b9cc8c2b
Merge pull request #18713 from spring-projects/dependabot/gradle/main/io.micrometer-micrometer-observation-1.16.3 
Bump io.micrometer:micrometer-observation from 1.16.2 to 1.16.3
 2026-02-11 03:18:24 +00:00
github-actions[bot]
5240878272
Merge pull request #18714 from spring-projects/dependabot/gradle/main/ch.qos.logback-logback-classic-1.5.29 
Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29
 2026-02-11 03:18:04 +00:00
dependabot[bot]
ba4bd61c5b
Bump io.projectreactor:reactor-bom from 2025.0.2 to 2025.0.3 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.2 to 2025.0.3.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.2...2025.0.3)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-11 03:06:26 +00:00
dependabot[bot]
c25ec70374
Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.28 to 1.5.29.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.28...v_1.5.29)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-11 03:06:19 +00:00
dependabot[bot]
8e1e0ca9d2
Bump io.micrometer:micrometer-observation from 1.16.2 to 1.16.3 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.16.2 to 1.16.3.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.16.2...v1.16.3)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.16.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-11 03:05:06 +00:00
Josh Cummings
705fa60a01 Document Method Security hasScope Support 
Issue gh-18013

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-10 15:23:32 -07:00
Tran Ngoc Nhan
f2b7cb2de5 Support hasScope in Method Security 
Closes gh-18013

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-10 15:23:32 -07:00
coehgns
8652950fb2 Fix typos in contributing guide Tidy up wording in CONTRIBUTING.adoc to improve readability. 
Signed-off-by: coehgns <modooboiroo@gmail.com>
 2026-02-10 13:54:55 -07:00
Josh Cummings
07ba3e623f
Merge branch '7.0.x' 2026-02-10 13:41:47 -07:00
Josh Cummings
252c69460e
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-10 13:41:29 -07:00
dependabot[bot]
3131642aae Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 
Bumps [io.micrometer:context-propagation](https://github.com/micrometer-metrics/context-propagation) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/micrometer-metrics/context-propagation/releases)
- [Commits](https://github.com/micrometer-metrics/context-propagation/compare/v1.1.3...v1.1.4)

---
updated-dependencies:
- dependency-name: io.micrometer:context-propagation
  dependency-version: 1.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 13:41:09 -07:00
dependabot[bot]
552d8d1d29 Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.28 to 1.5.29.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.28...v_1.5.29)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 13:39:59 -07:00
dependabot[bot]
f240f29433 Bump gradle-wrapper from 8.14 to 8.14.4 
Bumps gradle-wrapper from 8.14 to 8.14.4.

---
updated-dependencies:
- dependency-name: gradle-wrapper
  dependency-version: 8.14.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 13:39:38 -07:00
github-actions[bot]
f91b5f33fc
Merge pull request #18701 from spring-projects/dependabot/gradle/main/com.nimbusds-oauth2-oidc-sdk-11.33 
Bump com.nimbusds:oauth2-oidc-sdk from 11.26.1 to 11.33
 2026-02-10 17:51:23 +00:00
Josh Cummings
095cc3bf74 Merge remote-tracking branch 'origin/7.0.x' 2026-02-10 10:50:04 -07:00
dependabot[bot]
06caf327c1 Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 
Bumps [jakarta.xml.bind:jakarta.xml.bind-api](https://github.com/jakartaee/jaxb-api) from 4.0.4 to 4.0.5.
- [Release notes](https://github.com/jakartaee/jaxb-api/releases)
- [Commits](https://github.com/jakartaee/jaxb-api/compare/4.0.4...4.0.5)

---
updated-dependencies:
- dependency-name: jakarta.xml.bind:jakarta.xml.bind-api
  dependency-version: 4.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:47:51 -07:00
dependabot[bot]
4cc6687916 Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 
Bumps [io.micrometer:context-propagation](https://github.com/micrometer-metrics/context-propagation) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/micrometer-metrics/context-propagation/releases)
- [Commits](https://github.com/micrometer-metrics/context-propagation/compare/v1.1.3...v1.1.4)

---
updated-dependencies:
- dependency-name: io.micrometer:context-propagation
  dependency-version: 1.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:47:18 -07:00
dependabot[bot]
108dc5996b Bump gradle-wrapper from 8.14 to 8.14.4 
Bumps gradle-wrapper from 8.14 to 8.14.4.

---
updated-dependencies:
- dependency-name: gradle-wrapper
  dependency-version: 8.14.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:40:49 -07:00
dependabot[bot]
8c3453dfd2 Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.28 to 1.5.29.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.28...v_1.5.29)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:40:25 -07:00
Josh Cummings
5418ab2081 Update nimbus-jose-jwt from 10.4 to 10.6 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-10 10:37:44 -07:00
Josh Cummings
e8e4110334 Wrap RuntimeException in fromOidcConfiguration 
This commit makes so that fromOidcConfiguration throws the same exception
caused by chain as other configuration methods. Specifically, if parsing
throws a RuntimeException, this method will now wrap it in an
IllegalArgumentException as other configuration methods do.

This makes specific sense here since the RuntimeException is almost certainly
caused by a malformed configuration set handed in as a method parameter.

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-10 10:37:40 -07:00
dependabot[bot]
92fd945b02 Bump org.hibernate.orm:hibernate-core from 7.2.3.Final to 7.2.4.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.2.3.Final to 7.2.4.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/7.2.4/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/7.2.3...7.2.4)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 7.2.4.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 09:58:20 -07:00
dependabot[bot]
d0b0b5a252 Bump gradle-wrapper from 9.2.1 to 9.3.1 
Bumps gradle-wrapper from 9.2.1 to 9.3.1.

---
updated-dependencies:
- dependency-name: gradle-wrapper
  dependency-version: 9.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 09:57:59 -07:00
dependabot[bot]
601dfb2764 Bump io.micrometer:context-propagation from 1.2.0 to 1.2.1 
Bumps [io.micrometer:context-propagation](https://github.com/micrometer-metrics/context-propagation) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/micrometer-metrics/context-propagation/releases)
- [Commits](https://github.com/micrometer-metrics/context-propagation/compare/v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: io.micrometer:context-propagation
  dependency-version: 1.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 09:57:12 -07:00
Josh Cummings
b88ddc8d0d Enable Dependabot Auto-Merge on Main 
Closes gh-18712

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-10 09:56:02 -07:00
Josh Cummings
688b6ca733 Add Documentation for ExpressionJwtGrantedAuthoritiesConverter 
Closes gh-18300
 2026-02-10 09:11:26 -07:00
dependabot[bot]
17e368435d
Bump com.nimbusds:oauth2-oidc-sdk from 11.26.1 to 11.33 
Bumps [com.nimbusds:oauth2-oidc-sdk](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions) from 11.26.1 to 11.33.
- [Changelog](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/branches/compare/11.33..11.26.1)

---
updated-dependencies:
- dependency-name: com.nimbusds:oauth2-oidc-sdk
  dependency-version: '11.33'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-09 03:07:15 +00:00
dependabot[bot]
6b028cfe8e Bump ch.qos.logback:logback-classic from 1.5.27 to 1.5.28 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.27 to 1.5.28.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.27...v_1.5.28)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 16:39:24 -06:00
dependabot[bot]
d912393280 Bump com.fasterxml.jackson:jackson-bom from 2.20.2 to 2.21.0 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.20.2 to 2.21.0.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.20.2...jackson-bom-2.21.0)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 16:25:51 -06:00