Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-26 03:51:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,585 Commits 50 Branches 376 Tags
Commit Graph

20585 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
ab4092dce1 Release 7.1.0-M3 7.1.0-M3 2026-03-16 18:15:54 +00:00
Josh Cummings
82e5b88947 Merge branch '7.0.x' 2026-03-16 11:43:35 -06:00
Josh Cummings
a2c0ac112b Update to spring-security-release-tools 1.0.15 
Closes gh-18909

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-16 11:43:19 -06:00
dependabot[bot]
34bc1e166e Bump io.projectreactor:reactor-bom from 2025.0.3 to 2025.0.4 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.3 to 2025.0.4.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.3...2025.0.4)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-16 16:50:29 +00:00
Josh Cummings
732afc3e17 Merge branch '7.0.x' 2026-03-16 10:49:35 -06:00
Josh Cummings
ea6e7ab78f Merge branch '6.5.x' into 7.0.x 2026-03-16 10:49:23 -06:00
Josh Cummings
01ff3b086a Add Workflow for Deferring Issues 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-16 10:49:07 -06:00
Rob Winch
d174b10f2a
Merge Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs 2026-03-16 12:07:49 -04:00
Rob Winch
e8cb0ef541
Merge Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs 2026-03-16 11:57:23 -04:00
Rob Winch
33e6f4bd3f
Merge Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs 2026-03-16 11:57:07 -04:00
Robert Winch
3950d5d9c5
Merge Fix Jackson deserializer for AuthenticationExtensionsClientOutputs 2026-03-16 10:53:23 -05:00
Rob Winch
81d07c5d68
Merge Add Jackson Mixin for WebAuthnAuthentication 2026-03-16 11:50:38 -04:00
Rob Winch
524ae92f6b
Merge Add Jackson Mixin for WebAuthnAuthentication 
Add Jackson Mixin for WebAuthnAuthentication
 2026-03-16 11:50:23 -04:00
Robert Winch
8b2ac9c99f
Merge Add Jackson Mixin for WebAuthnAuthentication 2026-03-16 10:33:52 -05:00
Toshiaki Maki
47146f375b
Add Jackson Mixin for WebAuthnAuthentication 
Closes gh-18034

Signed-off-by: Toshiaki Maki <makingx@gmail.com>
 2026-03-16 10:33:00 -05:00
github-actions[bot]
63d31d0566 Update Antora Spring UI to v0.4.26 2026-03-16 09:51:18 -04:00
Robert Winch
c23fda603f
Merge branch '7.0.x' 2026-03-16 08:50:37 -05:00
Robert Winch
e7080e8c7c
Update Antora UI Spring to v0.4.26 2026-03-16 08:50:29 -05:00
Robert Winch
29ebc1e6c3
Merge branch '7.0.x' 2026-03-16 08:48:36 -05:00
Robert Winch
c348a7aa46
Bump io.projectreactor:reactor-bom from 2025.0.3 to 2025.0.4 2026-03-16 08:44:25 -05:00
Robert Winch
f227934749
Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 2026-03-16 08:44:19 -05:00
Robert Winch
e645aef3be
Bump org.springframework.data:spring-data-bom from 2025.1.3 to 2025.1.4 2026-03-16 08:44:13 -05:00
Robert Winch
b238632fdc
Bump org.springframework:spring-framework-bom from 7.0.5 to 7.0.6 2026-03-16 08:44:07 -05:00
Robert Winch
e1c30e088d
Merge branch '7.0.x' 2026-03-16 08:43:14 -05:00
Robert Winch
3f05f4d30c
Merge branch '6.5.x' into 7.0.x 2026-03-16 08:42:55 -05:00
Robert Winch
cdd4b36d37
Update Antora UI Spring to v0.4.26 2026-03-16 08:26:19 -05:00
Robert Winch
7672f76fde
Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 2026-03-16 08:26:12 -05:00
Robert Winch
3db4999da4
Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 2026-03-16 08:26:04 -05:00
dependabot[bot]
59ef1c490f Bump org.springframework:spring-framework-bom from 7.0.5 to 7.0.6 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.5 to 7.0.6.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.5...v7.0.6)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 7.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-16 03:17:36 +00:00
dependabot[bot]
5339565cbf Bump org.springframework.data:spring-data-bom from 2025.1.3 to 2025.1.4 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2025.1.3 to 2025.1.4.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2025.1.3...2025.1.4)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2025.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-16 03:17:23 +00:00
dependabot[bot]
21593ab39f Bump org.hibernate.orm:hibernate-core from 7.2.6.Final to 7.2.7.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.2.6.Final to 7.2.7.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/7.2.7/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/7.2.6...7.2.7)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 7.2.7.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-16 03:16:53 +00:00
dependabot[bot]
3813627a15
Bump org.springframework:spring-framework-bom from 7.0.5 to 7.0.6 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.5 to 7.0.6.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.5...v7.0.6)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 7.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-16 03:13:40 +00:00
dependabot[bot]
9616e6b640
Bump org.springframework.data:spring-data-bom from 2025.1.3 to 2025.1.4 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2025.1.3 to 2025.1.4.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2025.1.3...2025.1.4)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2025.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-16 03:13:21 +00:00
dependabot[bot]
a708d2f61b
Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.16 to 6.2.17.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.16...v6.2.17)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-16 03:07:46 +00:00
Ziqin Wang
ae827b6e1b
Fix Jackson 3 deserializer for AuthenticationExtensionsClientOutputs 
The deserializer is updated to properly ignore unknown extensions.

This fix addresses the WebAuthn authentication failure appeared when
using FIDO2 security keys on Safari.

Closes gh-18643

Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:34:34 +08:00
Ziqin Wang
65bf54d842
Test Jackson 3 deserializer with unknown primitive WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:34:24 +08:00
Ziqin Wang
7f75fd611e
Test Jackson 3 deserializer with unknown obj/arr WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:34:13 +08:00
Ziqin Wang
a013bfaaec
Merge branch 'gh-18643-6.5.x' into gh-18643-7.0.x 2026-03-15 15:25:04 +08:00
Ziqin Wang
e726c05e76
Fix Jackson 2 deserializer for AuthenticationExtensionsClientOutputs 
The deserializer is updated to properly ignore unknown extensions.

Closes gh-18643

Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:04:14 +08:00
Ziqin Wang
a7039fb3e6
Test Jackson 2 deserializer with unknown primitive WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:03:28 +08:00
Ziqin Wang
88ea668f47
Test Jackson 2 deserializer with unknown obj/arr WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:03:17 +08:00
github-actions[bot]
2c1c50ddca Update Antora Spring UI to v0.4.26 2026-03-13 17:45:06 +00:00
github-actions[bot]
03a5de1955 Update Antora Spring UI to v0.4.26 2026-03-13 17:45:05 +00:00
Joe Grandja
22a98583f1 Enable null-safety in spring-security-oauth2-jose 
Closes gh-17821
 2026-03-13 11:58:29 -04:00
Joe Grandja
78f762fab8 Remove checkstyle suppressions for spring-security-oauth2-jose 
Issue gh-17821
 2026-03-13 11:38:08 -04:00
dependabot[bot]
a29422950a Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 
Bumps org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 03:16:31 +00:00
dependabot[bot]
91167adaa8
Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 
Bumps org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 03:09:24 +00:00
dependabot[bot]
06cbea383e
Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 
Bumps org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 03:07:50 +00:00
Andrey Litvitski
e250236279 Read relayState from authenticationRequest 
Closes gh-18243

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-12 10:30:11 -06:00
dependabot[bot]
eae1a0a55c Bump org.mockito:mockito-bom from 5.22.0 to 5.23.0 
Bumps [org.mockito:mockito-bom](https://github.com/mockito/mockito) from 5.22.0 to 5.23.0.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v5.22.0...v5.23.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-bom
  dependency-version: 5.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-12 03:18:20 +00:00