chore(deps): bump spring.security.version from 5.6.2 to 6.4.0 #1954

dependabot · 2024-11-18T22:54:02Z

Bumps spring.security.version from 5.6.2 to 6.4.0.
Updates org.springframework.security:spring-security-web from 5.6.2 to 6.4.0

Release notes

Sourced from org.springframework.security:spring-security-web's releases.

6.4.0

⭐ New Features

Add @FunctionalInterface to AuthorizationEventPublisher #15934

Add DefaultResourcesFilter.webauthn() #15970

Add deprecation notice for missing leading slashes #16020

Code Cleanup #15996

Document passkeys dependencies #16107

Factor out some common object mocking in tests #15396

Fix saml2 authentication guide docs #16017

Improve documentation about CredentialsContainer #15554

Improve Documentation on Adding a Custom Security Filter #15893

Improve Error Message for Conflicting Filter Chains #15992

Make it easier to determine where a filter chain has been defined #15874

OIDC logout not working for JPA/JDBC OAuth2AuthorizationService because DefaultSaml2AuthenticatedPrincipal does not implement equality #15346

Polish JdbcOneTimeTokenService #15997

relying-party-registration doesn't allow placeholders in xml #14645

Remove unnecessary parentheses and add static final field MockPortResolver#getServerPort #15875

Support ServerExchangeRejectedHandler @Bean #16063

🪲 Bug Fixes

An empty-string bearer token should result in an appropriate HTTP status code #16037

AuthorizeReturnObject AOT support should register proxied class as well #16106

Correct class name reference in WebFilterChainProxy JavaDoc #16004

Fix typo javadoc some classes #16022

Initialize OpenSAML in OpenSamlAssertingPartyMetadataRepository #16055

IpAddressMatcher null pointer exception #16104

OpenSamlAssertingPartyMetadataRepository should initialize OpenSAML #16042

Support ServerWebExchangeFirewall @Bean #15999

UniqueSecurityAnnotationScanner throws ConcurrentModificationException #15906

🔨 Dependency Upgrades

Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 #16005

Bump com.fasterxml.jackson:jackson-bom from 2.18.0 to 2.18.1 #16007

Bump com.webauthn4j:webauthn4j-core from 0.28.1.RELEASE to 0.28.2.RELEASE #16122

Bump io.freefair.gradle:aspectj-plugin from 8.10.2 to 8.11 #16123

Bump io.micrometer:micrometer-observation from 1.14.0 to 1.14.1 #16121

Bump io.projectreactor:reactor-bom from 2023.0.11 to 2023.0.12 #16079

Bump org-bouncycastle from 1.78.1 to 1.79 #16010

Bump org.hibernate.orm:hibernate-core from 6.6.1.Final to 6.6.2.Final #16048

Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #16028

Bump org.htmlunit:htmlunit from 4.5.0 to 4.6.0 #16044

Bump org.junit:junit-bom from 5.11.2 to 5.11.3 #15968

Bump org.seleniumhq.selenium:htmlunit3-driver from 4.25.0 to 4.26.0 #16043

Bump org.seleniumhq.selenium:selenium-java from 4.25.0 to 4.26.0 #16018

Bump org.springframework.data:spring-data-bom from 2024.0.5 to 2024.1.0 #16124

Bump org.springframework.ldap:spring-ldap-core from 3.2.7 to 3.2.8 #16097

Bump org.springframework:spring-framework-bom from 6.2.0-RC3 to 6.2.0 #16096

... (truncated)

Commits

13816b7 Release 6.4.0
c2cfe92 Merge branch '6.3.x'
fa5fc6d Fix checkstyle errors for toLower/toUpperCase usage
709103e Merge branch '6.2.x' into 6.3.x
a8c4d6c Require Locale argument for toLower/toUpperCase usage
98cdb20 Merge branch '6.3.x'
0c6b074 Merge branch '6.2.x' into 6.3.x
5f838b0 Bump io.micrometer:micrometer-observation from 1.12.12 to 1.12.13
d1115d2 Bump io.micrometer:micrometer-observation from 1.12.12 to 1.12.13
ba0ac6a Merge branch '6.3.x'
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-config from 5.6.2 to 6.4.0

Release notes

Sourced from org.springframework.security:spring-security-config's releases.

6.4.0

⭐ New Features

Add @FunctionalInterface to AuthorizationEventPublisher #15934

Add DefaultResourcesFilter.webauthn() #15970

Add deprecation notice for missing leading slashes #16020

Code Cleanup #15996

Document passkeys dependencies #16107

Factor out some common object mocking in tests #15396

Fix saml2 authentication guide docs #16017

Improve documentation about CredentialsContainer #15554

Improve Documentation on Adding a Custom Security Filter #15893

Improve Error Message for Conflicting Filter Chains #15992

Make it easier to determine where a filter chain has been defined #15874

OIDC logout not working for JPA/JDBC OAuth2AuthorizationService because DefaultSaml2AuthenticatedPrincipal does not implement equality #15346

Polish JdbcOneTimeTokenService #15997

relying-party-registration doesn't allow placeholders in xml #14645

Remove unnecessary parentheses and add static final field MockPortResolver#getServerPort #15875

Support ServerExchangeRejectedHandler @Bean #16063

🪲 Bug Fixes

An empty-string bearer token should result in an appropriate HTTP status code #16037

AuthorizeReturnObject AOT support should register proxied class as well #16106

Correct class name reference in WebFilterChainProxy JavaDoc #16004

Fix typo javadoc some classes #16022

Initialize OpenSAML in OpenSamlAssertingPartyMetadataRepository #16055

IpAddressMatcher null pointer exception #16104

OpenSamlAssertingPartyMetadataRepository should initialize OpenSAML #16042

Support ServerWebExchangeFirewall @Bean #15999

UniqueSecurityAnnotationScanner throws ConcurrentModificationException #15906

🔨 Dependency Upgrades

Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 #16005

Bump com.fasterxml.jackson:jackson-bom from 2.18.0 to 2.18.1 #16007

Bump com.webauthn4j:webauthn4j-core from 0.28.1.RELEASE to 0.28.2.RELEASE #16122

Bump io.freefair.gradle:aspectj-plugin from 8.10.2 to 8.11 #16123

Bump io.micrometer:micrometer-observation from 1.14.0 to 1.14.1 #16121

Bump io.projectreactor:reactor-bom from 2023.0.11 to 2023.0.12 #16079

Bump org-bouncycastle from 1.78.1 to 1.79 #16010

Bump org.hibernate.orm:hibernate-core from 6.6.1.Final to 6.6.2.Final #16048

Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #16028

Bump org.htmlunit:htmlunit from 4.5.0 to 4.6.0 #16044

Bump org.junit:junit-bom from 5.11.2 to 5.11.3 #15968

Bump org.seleniumhq.selenium:htmlunit3-driver from 4.25.0 to 4.26.0 #16043

Bump org.seleniumhq.selenium:selenium-java from 4.25.0 to 4.26.0 #16018

Bump org.springframework.data:spring-data-bom from 2024.0.5 to 2024.1.0 #16124

Bump org.springframework.ldap:spring-ldap-core from 3.2.7 to 3.2.8 #16097

Bump org.springframework:spring-framework-bom from 6.2.0-RC3 to 6.2.0 #16096

... (truncated)

Commits

13816b7 Release 6.4.0
c2cfe92 Merge branch '6.3.x'
fa5fc6d Fix checkstyle errors for toLower/toUpperCase usage
709103e Merge branch '6.2.x' into 6.3.x
a8c4d6c Require Locale argument for toLower/toUpperCase usage
98cdb20 Merge branch '6.3.x'
0c6b074 Merge branch '6.2.x' into 6.3.x
5f838b0 Bump io.micrometer:micrometer-observation from 1.12.12 to 1.12.13
d1115d2 Bump io.micrometer:micrometer-observation from 1.12.12 to 1.12.13
ba0ac6a Merge branch '6.3.x'
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-taglibs from 5.6.2 to 6.4.0

Release notes

Sourced from org.springframework.security:spring-security-taglibs's releases.

6.4.0

⭐ New Features

Add @FunctionalInterface to AuthorizationEventPublisher #15934

Add DefaultResourcesFilter.webauthn() #15970

Add deprecation notice for missing leading slashes #16020

Code Cleanup #15996

Document passkeys dependencies #16107

Factor out some common object mocking in tests #15396

Fix saml2 authentication guide docs #16017

Improve documentation about CredentialsContainer #15554

Improve Documentation on Adding a Custom Security Filter #15893

Improve Error Message for Conflicting Filter Chains #15992

Make it easier to determine where a filter chain has been defined #15874

OIDC logout not working for JPA/JDBC OAuth2AuthorizationService because DefaultSaml2AuthenticatedPrincipal does not implement equality #15346

Polish JdbcOneTimeTokenService #15997

relying-party-registration doesn't allow placeholders in xml #14645

Remove unnecessary parentheses and add static final field MockPortResolver#getServerPort #15875

Support ServerExchangeRejectedHandler @Bean #16063

🪲 Bug Fixes

An empty-string bearer token should result in an appropriate HTTP status code #16037

AuthorizeReturnObject AOT support should register proxied class as well #16106

Correct class name reference in WebFilterChainProxy JavaDoc #16004

Fix typo javadoc some classes #16022

Initialize OpenSAML in OpenSamlAssertingPartyMetadataRepository #16055

IpAddressMatcher null pointer exception #16104

OpenSamlAssertingPartyMetadataRepository should initialize OpenSAML #16042

Support ServerWebExchangeFirewall @Bean #15999

UniqueSecurityAnnotationScanner throws ConcurrentModificationException #15906

🔨 Dependency Upgrades

Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 #16005

Bump com.fasterxml.jackson:jackson-bom from 2.18.0 to 2.18.1 #16007

Bump com.webauthn4j:webauthn4j-core from 0.28.1.RELEASE to 0.28.2.RELEASE #16122

Bump io.freefair.gradle:aspectj-plugin from 8.10.2 to 8.11 #16123

Bump io.micrometer:micrometer-observation from 1.14.0 to 1.14.1 #16121

Bump io.projectreactor:reactor-bom from 2023.0.11 to 2023.0.12 #16079

Bump org-bouncycastle from 1.78.1 to 1.79 #16010

Bump org.hibernate.orm:hibernate-core from 6.6.1.Final to 6.6.2.Final #16048

Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #16028

Bump org.htmlunit:htmlunit from 4.5.0 to 4.6.0 #16044

Bump org.junit:junit-bom from 5.11.2 to 5.11.3 #15968

Bump org.seleniumhq.selenium:htmlunit3-driver from 4.25.0 to 4.26.0 #16043

Bump org.seleniumhq.selenium:selenium-java from 4.25.0 to 4.26.0 #16018

Bump org.springframework.data:spring-data-bom from 2024.0.5 to 2024.1.0 #16124

Bump org.springframework.ldap:spring-ldap-core from 3.2.7 to 3.2.8 #16097

Bump org.springframework:spring-framework-bom from 6.2.0-RC3 to 6.2.0 #16096

... (truncated)

Commits

13816b7 Release 6.4.0
c2cfe92 Merge branch '6.3.x'
fa5fc6d Fix checkstyle errors for toLower/toUpperCase usage
709103e Merge branch '6.2.x' into 6.3.x
a8c4d6c Require Locale argument for toLower/toUpperCase usage
98cdb20 Merge branch '6.3.x'
0c6b074 Merge branch '6.2.x' into 6.3.x
5f838b0 Bump io.micrometer:micrometer-observation from 1.12.12 to 1.12.13
d1115d2 Bump io.micrometer:micrometer-observation from 1.12.12 to 1.12.13
ba0ac6a Merge branch '6.3.x'
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `spring.security.version` from 5.6.2 to 6.4.0. Updates `org.springframework.security:spring-security-web` from 5.6.2 to 6.4.0 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.6.2...6.4.0) Updates `org.springframework.security:spring-security-config` from 5.6.2 to 6.4.0 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.6.2...6.4.0) Updates `org.springframework.security:spring-security-taglibs` from 5.6.2 to 6.4.0 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.6.2...6.4.0) --- updated-dependencies: - dependency-name: org.springframework.security:spring-security-web dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework.security:spring-security-config dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework.security:spring-security-taglibs dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-11-20T22:48:35Z

Superseded by #1955.

dependabot bot requested a review from a team as a code owner November 18, 2024 22:54

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Nov 18, 2024

dependabot bot requested review from jpatel3, eymaal and shiv810 November 18, 2024 22:54

dependabot bot mentioned this pull request Nov 18, 2024

chore(deps): bump spring.security.version from 5.6.2 to 6.3.4 #1918

Closed

dependabot bot requested review from alexander-kuruvilla, tomaszsmy and vrudas November 18, 2024 22:54

dependabot bot closed this Nov 20, 2024

dependabot bot deleted the dependabot/maven/spring.security.version-6.4.0 branch November 20, 2024 22:48

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump spring.security.version from 5.6.2 to 6.4.0 #1954

chore(deps): bump spring.security.version from 5.6.2 to 6.4.0 #1954

dependabot bot commented on behalf of github Nov 18, 2024

dependabot bot commented on behalf of github Nov 20, 2024

chore(deps): bump spring.security.version from 5.6.2 to 6.4.0 #1954

chore(deps): bump spring.security.version from 5.6.2 to 6.4.0 #1954

Conversation

dependabot bot commented on behalf of github Nov 18, 2024

6.4.0

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

6.4.0

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

6.4.0

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

dependabot bot commented on behalf of github Nov 20, 2024