Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump spring-security-config from 5.7.5 to 5.8.0 #1918

Merged
merged 1 commit into from
Nov 29, 2022
Merged

Bump spring-security-config from 5.7.5 to 5.8.0 #1918

merged 1 commit into from
Nov 29, 2022

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 22, 2022
edited
Loading

Bumps spring-security-config from 5.7.5 to 5.8.0.

Release notes

Sourced from spring-security-config's releases.

5.8.0

⭐ New Features

  • Add Kotlin example showing integration with WebTestClient #11611
  • Add MethodExpressionAuthorizationManager #11502
  • Add Polish localization to error messages from ExceptionTranslationFi… #12201
  • Add support AuthorizationManager + #11503
  • AnonymousAuthenticationFilter should cache its Supplier #11900
  • CookieServerCsrfTokenRepository doesn't support setting MaxAge #11441
  • DefaultFilterChainValidator should check AuthorizationFilter #11473
  • Deprecate Resource Owner Password Credentials grant #11591
  • Document Configure Default CsrfToken BREACH Protection #12107
  • Document Defer load CsrfToken #12105
  • Document DelegatingSecurityContextRepository #12069
  • Document deprecations in oauth2-client #12193
  • Document how to opt-in for SHA256 in RememberMe #12097
  • Document how to use the new requestMatchers and securityMatchers #12100
  • Document Migration to SecurityContextHolderFilter #12098
  • Document new oauth2Login() authority defaults #12188
  • Document reactive CSRF migration steps #12226
  • Document Saved Requests Spring Security 6 Migration #12089
  • Document Update to 5.8 for Migration Guide #12196
  • Fix Javadoc in EnableWebSocketSecurity #12211
  • Improve deprecation notice in WebSecurityConfigurerAdapter #12261
  • InterceptMethodsBeanDefinitionDecorator should allow using AuthorizationManager #11469
  • Migration guide for CAS support removal #12240
  • Preparation and Migration Guides should point to each other #12093
  • Preparation Guide should follow Reference Manual standards #12096
  • Preparation Guide should show opt-out steps after opt-in steps #12104
  • Provide guide for migrating from FilterSecurityInterceptor to AuthorizationFilter #11337
  • Register FilterChainProxy for All Dispatcher Types Migration Steps #12186
  • SAML: OpenSaml4AuthenticationProvider.createDefaultAssertionValidator() should make it easier to add ValidationContext static parameters #11675
  • trigger partial docs build on push (5.8.x) #12195

🪲 Bug Fixes

  • AuthenticationServiceException propagation flag is unconfigurable in 5.8 #12132
  • CsrfAuthenticationStrategy does not check for existing token #12236
  • CsrfAuthenticationStrategy does not regenerate CsrfToken with CookieCsrfTokenRepository #12141
  • fix deploy docs workflow (5.8.x) #12197
  • Fix saganCreateRelease saganDeleteRelease Required Permissions #11424
  • Incorrect scope map fix #12206
  • IpAddressServerWebExchangeMatcher throws NullPointerException with framework forward-headers-strategy #12076
  • org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute" #11604
  • SAML logout: Incorrect log messages #12209
  • Saml2MetadataFilter response should configure writer to UTF-8 #12222
  • SEC-2839: SecurityNamespaceHandler - related to SEC-1455 #12126
  • SecurityContextRepository.loadContext(HttpServletRequest) cache result #11391
  • Spring Security Bcrypt with strength/log rounds = 31 results in 'Bad number of rounds' error although 31 should be ok #11483
  • Update the RP-initiated Logout links #12122

... (truncated)

Commits
  • b873b24 Release 5.8.0
  • e774bd4 Merge branch '5.7.x' into 5.8.x
  • f561d37 Improve deprecation notice in WebSecurityConfigurerAdapter
  • 01117b1 Polish Kotlin snippet
  • 7804e32 Fix Migration 6.0 Link
  • e60eb87 Fix additional typos
  • 3d2be56 Fix reference to CookieServerCsrfTokenRepository
  • 4442a61 Add reactive opt out steps for CSRF BREACH
  • 4994e67 Add servlet opt out steps for CSRF BREACH
  • 2fe2f91 Update org.springframework.data to 2021.2.6
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the type: dependency-upgrade A dependency upgrade label Nov 22, 2022
@dependabot dependabot bot force-pushed the dependabot/maven/hotfix/org.springframework.security-spring-security-config-5.8.0 branch from 193ba41 to 278a935 Compare November 23, 2022 05:23
@tesshucom tesshucom linked an issue Nov 23, 2022 that may be closed by this pull request
Add option to change password precision #1826
Open
@dependabot dependabot bot force-pushed the dependabot/maven/hotfix/org.springframework.security-spring-security-config-5.8.0 branch from 278a935 to 3ba602c Compare November 29, 2022 11:29
@tesshucom
Copy link
Owner

tesshucom commented Nov 29, 2022
edited
Loading

A code fix is required.

Still seems ok..

@dependabot
Bump spring-security-config from 5.7.5 to 5.8.0
9f6882f 
Bumps [spring-security-config](https://github.com/spring-projects/spring-security) from 5.7.5 to 5.8.0.
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@5.7.5...5.8.0)

---
updated-dependencies:
- dependency-name: org.springframework.security:spring-security-config
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/maven/hotfix/org.springframework.security-spring-security-config-5.8.0 branch from 3ba602c to 9f6882f Compare November 29, 2022 13:28
@tesshucom
Copy link
Owner

@dependabot squash and merge

@dependabot dependabot bot merged commit 645bbd3 into hotfix Nov 29, 2022
@dependabot dependabot bot deleted the dependabot/maven/hotfix/org.springframework.security-spring-security-config-5.8.0 branch November 29, 2022 14:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
type: dependency-upgrade A dependency upgrade
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add option to change password precision
1 participant
@tesshucom