From d69af716c8c6480ceac353dbbe02f38f1e020bfe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2026 03:06:57 +0000 Subject: [PATCH 1/5] Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2024.0.15 to 2024.0.16. - [Release notes](https://github.com/reactor/reactor/releases) - [Commits](https://github.com/reactor/reactor/compare/2024.0.15...2024.0.16) --- updated-dependencies: - dependency-name: io.projectreactor:reactor-bom dependency-version: 2024.0.16 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 5245251f94..21a3b81259 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -31,7 +31,7 @@ commons-collections = "commons-collections:commons-collections:3.2.2" io-micrometer-context-propagation = "io.micrometer:context-propagation:1.1.4" io-micrometer-micrometer-observation = "io.micrometer:micrometer-observation:1.14.14" io-mockk = "io.mockk:mockk:1.14.7" -io-projectreactor-reactor-bom = "io.projectreactor:reactor-bom:2024.0.15" +io-projectreactor-reactor-bom = "io.projectreactor:reactor-bom:2024.0.16" io-rsocket-rsocket-bom = { module = "io.rsocket:rsocket-bom", version.ref = "io-rsocket" } io-spring-javaformat-spring-javaformat-checkstyle = { module = "io.spring.javaformat:spring-javaformat-checkstyle", version.ref = "io-spring-javaformat" } io-spring-javaformat-spring-javaformat-gradle-plugin = { module = "io.spring.javaformat:spring-javaformat-gradle-plugin", version.ref = "io-spring-javaformat" } From e25023627941233513b062a0e1ad846e668f99c9 Mon Sep 17 00:00:00 2001 From: Andrey Litvitski Date: Tue, 10 Mar 2026 21:24:26 +0300 Subject: [PATCH 2/5] Read relayState from authenticationRequest Closes gh-18243 Signed-off-by: Andrey Litvitski --- ...acheSaml2AuthenticationRequestRepository.java | 3 ++- ...aml2AuthenticationRequestRepositoryTests.java | 16 +++++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java index b4bab13d01..411e8e6a7a 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepository.java @@ -35,6 +35,7 @@ import org.springframework.util.Assert; * that it was for the user trying to log in. Please see the reference for details. * * @author Josh Cummings + * @author Andrey Litvitski * @since 6.5 */ public final class CacheSaml2AuthenticationRequestRepository @@ -53,7 +54,7 @@ public final class CacheSaml2AuthenticationRequestRepository public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authenticationRequest, HttpServletRequest request, HttpServletResponse response) { Assert.notNull(authenticationRequest, "authenticationRequest must not be null"); - String relayState = request.getParameter(Saml2ParameterNames.RELAY_STATE); + String relayState = authenticationRequest.getRelayState(); Assert.notNull(relayState, "relayState must not be null"); this.cache.put(relayState, authenticationRequest); } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepositoryTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepositoryTests.java index 10a77bdef6..96f22e606b 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepositoryTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/CacheSaml2AuthenticationRequestRepositoryTests.java @@ -42,9 +42,10 @@ class CacheSaml2AuthenticationRequestRepositoryTests { @Test void loadAuthenticationRequestWhenCachedThenReturns() { - MockHttpServletRequest request = new MockHttpServletRequest(); - request.setParameter(Saml2ParameterNames.RELAY_STATE, "test"); Saml2PostAuthenticationRequest authenticationRequest = TestSaml2PostAuthenticationRequests.create(); + String relayState = authenticationRequest.getRelayState(); + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setParameter(Saml2ParameterNames.RELAY_STATE, relayState); this.repository.saveAuthenticationRequest(authenticationRequest, request, null); assertThat(this.repository.loadAuthenticationRequest(request)).isEqualTo(authenticationRequest); this.repository.removeAuthenticationRequest(request, null); @@ -77,15 +78,16 @@ class CacheSaml2AuthenticationRequestRepositoryTests { CacheSaml2AuthenticationRequestRepository repository = new CacheSaml2AuthenticationRequestRepository(); Cache cache = spy(new ConcurrentMapCache("requests")); repository.setCache(cache); - MockHttpServletRequest request = new MockHttpServletRequest(); - request.setParameter(Saml2ParameterNames.RELAY_STATE, "test"); Saml2PostAuthenticationRequest authenticationRequest = TestSaml2PostAuthenticationRequests.create(); + String relayState = authenticationRequest.getRelayState(); + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setParameter(Saml2ParameterNames.RELAY_STATE, relayState); repository.saveAuthenticationRequest(authenticationRequest, request, null); - verify(cache).put(eq("test"), any()); + verify(cache).put(eq(relayState), any()); repository.loadAuthenticationRequest(request); - verify(cache).get("test", AbstractSaml2AuthenticationRequest.class); + verify(cache).get(relayState, AbstractSaml2AuthenticationRequest.class); repository.removeAuthenticationRequest(request, null); - verify(cache).evict("test"); + verify(cache).evict(relayState); } } From 06cbea383e665ee6a6a954b388314f4bd774239f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Mar 2026 03:07:50 +0000 Subject: [PATCH 3/5] Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 Bumps org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14. --- updated-dependencies: - dependency-name: org.apache.maven:maven-resolver-provider dependency-version: 3.9.14 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 5245251f94..a67974a7d6 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -57,7 +57,7 @@ org-apache-directory-server-apacheds-protocol-shared = { module = "org.apache.di org-apache-directory-server-apacheds-server-jndi = { module = "org.apache.directory.server:apacheds-server-jndi", version.ref = "org-apache-directory-server" } org-apache-directory-shared-shared-ldap = "org.apache.directory.shared:shared-ldap:0.9.15" org-apache-httpcomponents-httpclient = "org.apache.httpcomponents:httpclient:4.5.14" -org-apache-maven-maven-resolver-provider = "org.apache.maven:maven-resolver-provider:3.9.13" +org-apache-maven-maven-resolver-provider = "org.apache.maven:maven-resolver-provider:3.9.14" org-apache-maven-resolver-maven-resolver-connector-basic = { module = "org.apache.maven.resolver:maven-resolver-connector-basic", version.ref = "org-apache-maven-resolver" } org-apache-maven-resolver-maven-resolver-impl = { module = "org.apache.maven.resolver:maven-resolver-impl", version.ref = "org-apache-maven-resolver" } org-apache-maven-resolver-maven-resolver-transport-http = { module = "org.apache.maven.resolver:maven-resolver-transport-http", version.ref = "org-apache-maven-resolver" } From 03a5de19554b27152edb7e62557823f6f270f204 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 13 Mar 2026 17:45:05 +0000 Subject: [PATCH 4/5] Update Antora Spring UI to v0.4.26 --- docs/antora-playbook.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/antora-playbook.yml b/docs/antora-playbook.yml index a918490476..157ccc0e11 100644 --- a/docs/antora-playbook.yml +++ b/docs/antora-playbook.yml @@ -31,7 +31,7 @@ urls: redirect_facility: httpd ui: bundle: - url: https://github.com/spring-io/antora-ui-spring/releases/download/v0.4.25/ui-bundle.zip + url: https://github.com/spring-io/antora-ui-spring/releases/download/v0.4.26/ui-bundle.zip snapshot: true runtime: log: From a708d2f61bb6911c159e4b103cb06f27463c526c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Mar 2026 03:07:46 +0000 Subject: [PATCH 5/5] Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.16 to 6.2.17. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.16...v6.2.17) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-version: 6.2.17 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 5245251f94..bacfa57ad4 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -14,7 +14,7 @@ org-jetbrains-kotlinx = "1.10.2" org-mockito = "5.17.0" org-opensaml = "4.3.2" org-opensaml5 = "5.1.2" -org-springframework = "6.2.16" +org-springframework = "6.2.17" [libraries] ch-qos-logback-logback-classic = "ch.qos.logback:logback-classic:1.5.32"