Branch: 2.0.x

1.0.x

2.0.x

3.0.x

3.1.x

3.2.x

4.0.x

4.1.x

4.2.x

5.0.x

5.1.x

5.2.x

5.3.x

5.4.x

5.5.x

5.6.x

5.7.x

5.8.x

5.8.x_update-antora-ui-spring

6.0.x

6.1.x

6.2.x

6.2.x_update-antora-ui-spring

6.3.x

6.3.x_update-antora-ui-spring

6.4.x

6.5.x

dependabot/gradle/6.4.x/io.micrometer-micrometer-observation-1.14.14

dependabot/gradle/6.4.x/org-aspectj-1.9.25.1

dependabot/gradle/6.4.x/org.hibernate.orm-hibernate-core-6.6.39.Final

dependabot/gradle/6.4.x/org.springframework.data-spring-data-bom-2024.1.13

dependabot/gradle/6.4.x/org.springframework.ldap-spring-ldap-core-3.2.16

dependabot/gradle/6.5.x/ch.qos.logback-logback-classic-1.5.22

dependabot/gradle/6.5.x/org-aspectj-1.9.25.1

dependabot/gradle/6.5.x/org.springframework-spring-framework-bom-6.2.15

dependabot/gradle/6.5.x/org.springframework.data-spring-data-bom-2024.1.13

dependabot/gradle/6.5.x/org.springframework.ldap-spring-ldap-core-3.2.16

dependabot/gradle/main/io.spring.nullability-io.spring.nullability.gradle.plugin-0.0.8

dependabot/gradle/main/org-apache-maven-resolver-1.9.25

dependabot/gradle/main/org-aspectj-1.9.25.1

dependabot/gradle/main/org.apache.maven-maven-resolver-provider-3.9.12

dependabot/gradle/main/org.springframework.data-spring-data-bom-2025.1.0-SNAPSHOT

dependabot/gradle/main/org.springframework.ldap-spring-ldap-core-4.0.1

dependencies-typo-6.5.x

dependencies-typo-main

docs-build

finalize

gh-16886

gh-pages

kotlin22

main

main_update-antora-ui-spring

wrapperbot/spring-security/gradle-wrapper-8.10

wrapperbot/spring-security/gradle-wrapper-8.10.1

wrapperbot/spring-security/gradle-wrapper-8.10.2

wrapperbot/spring-security/gradle-wrapper-8.11

wrapperbot/spring-security/gradle-wrapper-8.11.1

wrapperbot/spring-security/gradle-wrapper-8.12

wrapperbot/spring-security/gradle-wrapper-8.12.1

wrapperbot/spring-security/gradle-wrapper-8.13

wrapperbot/spring-security/gradle-wrapper-8.14

wrapperbot/spring-security/gradle-wrapper-8.9

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

2.0.0

2.0.0.M1

2.0.0.M2

2.0.0.RC1

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5.RELEASE

2.0.6.RELEASE

2.0.7.RELEASE

2.0.8.RELEASE

2.5.0.M1

3.0.0.M1

3.0.0.M2

3.0.0.RC1

3.0.0.RC2

3.0.0.RELEASE

3.0.1.RELEASE

3.0.2.RELEASE

3.0.3.RELEASE

3.0.4.RELEASE

3.0.5.RELEASE

3.0.6.RELEASE

3.0.7.RELEASE

3.0.8.RELEASE

3.1.0.M1

3.1.0.M2

3.1.0.RC1

3.1.0.RC2

3.1.0.RC3

3.1.0.RELEASE

3.1.1.RELEASE

3.1.2.RELEASE

3.1.3.RELEASE

3.1.4.RELEASE

3.1.5.RELEASE

3.1.6.RELEASE

3.1.7.RELEASE

3.2.0.M1

3.2.0.M2

3.2.0.RC1

3.2.0.RC2

3.2.0.RELEASE

3.2.1.RELEASE

3.2.10.RELEASE

3.2.2.RELEASE

3.2.3.RELEASE

3.2.4.RELEASE

3.2.5.RELEASE

3.2.6.RELEASE

3.2.7.RELEASE

3.2.8.RELEASE

3.2.9.RELEASE

4.0.0.M1

4.0.0.M2

4.0.0.RC1

4.0.0.RC2

4.0.0.RELEASE

4.0.1.RELEASE

4.0.2.RELEASE

4.0.3.RELEASE

4.0.4.RELEASE

4.1.0.RC1

4.1.0.RC2

4.1.0.RELEASE

4.1.1.RELEASE

4.1.2.RELEASE

4.1.3.RELEASE

4.1.4.RELEASE

4.1.5.RELEASE

4.2.0.M1

4.2.0.RC1

4.2.0.RELEASE

4.2.1.RELEASE

4.2.10.RELEASE

4.2.11.RELEASE

4.2.12.RELEASE

4.2.13.RELEASE

4.2.14.RELEASE

4.2.15.RELEASE

4.2.16.RELEASE

4.2.17.RELEASE

4.2.18.RELEASE

4.2.19.RELEASE

4.2.2.RELEASE

4.2.20.RELEASE

4.2.3.RELEASE

4.2.4.RELEASE

4.2.5.RELEASE

4.2.6.RELEASE

4.2.7.RELEASE

4.2.8.RELEASE

4.2.9.RELEASE

5.0.0.M1

5.0.0.M2

5.0.0.M3

5.0.0.M4

5.0.0.M5

5.0.0.RC1

5.0.0.RELEASE

5.0.1.RELEASE

5.0.10.RELEASE

5.0.11.RELEASE

5.0.12.RELEASE

5.0.13.RELEASE

5.0.14.RELEASE

5.0.15.RELEASE

5.0.16.RELEASE

5.0.17.RELEASE

5.0.18.RELEASE

5.0.19.RELEASE

5.0.2.RELEASE

5.0.3.RELEASE

5.0.4.RELEASE

5.0.5.RELEASE

5.0.6.RELEASE

5.0.7.RELEASE

5.0.8.RELEASE

5.0.9.RELEASE

5.1.0.M1

5.1.0.M2

5.1.0.RC1

5.1.0.RC2

5.1.0.RELEASE

5.1.1.RELEASE

5.1.10.RELEASE

5.1.11.RELEASE

5.1.12.RELEASE

5.1.13.RELEASE

5.1.2.RELEASE

5.1.3.RELEASE

5.1.4.RELEASE

5.1.5.RELEASE

5.1.6.RELEASE

5.1.7.RELEASE

5.1.8.RELEASE

5.1.9.RELEASE

5.2.0.M1

5.2.0.M2

5.2.0.M3

5.2.0.M4

5.2.0.RC1

5.2.0.RELEASE

5.2.1.RELEASE

5.2.10.RELEASE

5.2.11.RELEASE

5.2.12.RELEASE

5.2.13.RELEASE

5.2.14.RELEASE

5.2.15.RELEASE

5.2.2.RELEASE

5.2.3.RELEASE

5.2.4.RELEASE

5.2.5.RELEASE

5.2.6.RELEASE

5.2.7.RELEASE

5.2.8.RELEASE

5.2.9.RELEASE

5.3.0.M1

5.3.0.RC1

5.3.0.RELEASE

5.3.1.RELEASE

5.3.10.RELEASE

5.3.11.RELEASE

5.3.12.RELEASE

5.3.13.RELEASE

5.3.2.RELEASE

5.3.3.RELEASE

5.3.4.RELEASE

5.3.5.RELEASE

5.3.6.RELEASE

5.3.7.RELEASE

5.3.8.RELEASE

5.3.9.RELEASE

5.4.0

5.4.0-M1

5.4.0-M2

5.4.0-RC1

5.4.1

5.4.10

5.4.11

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.4.8

5.4.9

5.5.0

5.5.0-M1

5.5.0-M2

5.5.0-M3

5.5.0-RC1

5.5.0-RC2

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.6.0

5.6.0-M1

5.6.0-M2

5.6.0-M3

5.6.0-RC1

5.6.1

5.6.10

5.6.11

5.6.12

5.6.2

5.6.3

5.6.4

5.6.5

5.6.6

5.6.7

5.6.8

5.6.9

5.7.0

5.7.0-M1

5.7.0-M2

5.7.0-M3

5.7.0-RC1

5.7.1

5.7.10

5.7.11

5.7.12

5.7.13

5.7.14

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.7

5.7.8

5.7.9

5.8.0

5.8.0-M1

5.8.0-M2

5.8.0-M3

5.8.0-RC1

5.8.1

5.8.10

5.8.11

5.8.12

5.8.13

5.8.14

5.8.15

5.8.16

5.8.2

5.8.3

5.8.4

5.8.5

5.8.6

5.8.7

5.8.8

5.8.9

6.0.0

6.0.0-M1

6.0.0-M2

6.0.0-M3

6.0.0-M4

6.0.0-M5

6.0.0-M6

6.0.0-M7

6.0.0-RC1

6.0.0-RC2

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.1.0

6.1.0-M1

6.1.0-M2

6.1.0-RC1

6.1.1

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

6.2.0

6.2.0-M1

6.2.0-M2

6.2.0-M3

6.2.0-RC1

6.2.0-RC2

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.3.0

6.3.0-M1

6.3.0-M2

6.3.0-M3

6.3.0-RC1

6.3.1

6.3.10

6.3.2

6.3.3

6.3.4

6.3.5

6.3.6

6.3.7

6.3.8

6.3.9

6.4.0

6.4.0-M1

6.4.0-M2

6.4.0-M3

6.4.0-M4

6.4.0-RC1

6.4.1

6.4.10

6.4.11

6.4.12

6.4.13

6.4.2

6.4.3

6.4.4

6.4.5

6.4.6

6.4.7

6.4.8

6.4.9

6.5.0

6.5.0-M1

6.5.0-M2

6.5.0-M3

6.5.0-RC1

6.5.1

6.5.2

6.5.3

6.5.4

6.5.5

6.5.6

6.5.7

7.0.0

7.0.0-M1

7.0.0-M2

7.0.0-M3

7.0.0-RC1

7.0.0-RC2

7.0.0-RC3

7.0.1

7.0.2

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from '2.0.x'

${ noResults }

Commit Graph

1721 Commits (2.0.x)

Author	SHA1	Message	Date
Rob Winch	c4bcce1ac3	Next development version	13 years ago
Rob Winch	23bdc7d766	Release 2.0.8.RELEASE	13 years ago
Rob Winch	f5fc94e1be	SEC-2056: DaoAuthenticationProvider performs isPasswordValid when user not found ... Previously authenticating a user could take significantly longer than determining that a user does not exist. This was due to the fact that only users that were found would use the password encoder and comparing a password can take a significant amount of time. The difference in the time required could allow a side channel attack that reveals if a user exists. The code has been updated to do comparison against a dummy password even when the the user was not found.	13 years ago
Luke Taylor	55e501711d	Set version to 2.0.8.CI-SNAPSHOT	15 years ago
Luke Taylor	d5e6f0b575	Set release version to 2.0.7.RELEASE	15 years ago
Luke Taylor	76dc21469e	SEC-1750: Make sure RunAs replacement is constrained to the SecurityContext of the current thread.	15 years ago
Luke Taylor	22b7c9b905	SEC-1742: Make extraInformation in AuthenticationException transient.	15 years ago
Luke Taylor	0cdf202b10	SEC-1744: Do not trust authorities contained in the authentication request in JaasAuthenticationProvider.	15 years ago
Luke Taylor	a507e3612a	SEC-1741: Modify ContextPropagatingRemoteInvocation to pass a simple combination of principal/credentials as Strings, rather than serializing the whole SecurityContext object from the client.	15 years ago
Luke Taylor	f5fbda42e5	SEC-1790: Reject redirect locations containing CR or LF.	15 years ago
Rob Winch	d5b72275e5	SEC-1639: FirewalledRequest is now called on the specific FirewalledRequest instance rather that looping through ServletRequestWrappers. ... VirtualFilterChain now accepts the FirewalledRequest in the constructor. The reset method is called directly on the instance passed in instead of looping through the ServletRequestWrappers.	15 years ago
Luke Taylor	08a933f930	SEC-1608: Ensure request wrapper is reset for empty filter chains.	15 years ago
Rob Winch	54ffc98bb4	SEC-1606: Added a FirewalledRequestAwareRequestDispatcher that will call FirewalledRequest.reset() before a forward	15 years ago
Luke Taylor	1c3d530b60	Switch versions to 2.0.7.CI-SNAPSHOT	15 years ago
Luke Taylor	beb0ec4ba9	Version 2.0.6.RELEASE	15 years ago
Luke Taylor	dec2e59fba	SEC-1584: Backport of namespace support for injecting custom HttpFirewall instance into FilterChainProxy.	15 years ago
Luke Taylor	8f6ddb0f17	SEC-1584: Backport to 2.0.x branch of request firewalling (normalization checks and path-parameter stripping from servletPath and pathInfo).	15 years ago
Luke Taylor	9c6a5135a3	SEC-1532: Patch applied to 2.0.x branch	16 years ago
Luke Taylor	0acf262546	SEC-1462: Added suggested patch (effectively the same as changes in 3.0.x and master branches).	16 years ago
Luke Taylor	6ad652ae97	Update 2.0 branch pom versions.	16 years ago
Luke Taylor	d6f6a54455	SEC-1444: Backport of changes to 2.0.x	16 years ago
Luke Taylor	71adc26b0f	[maven-release-plugin] prepare release spring-security-2.0.5.RELEASE	17 years ago
Luke Taylor	3e393c9df6	Tidying test class	17 years ago
Luke Taylor	149fd5d8de	Add bundlor templates	17 years ago
Luke Taylor	f3f02d8aed	Update sec-2.0.x branch to use bundlor	17 years ago
Luke Taylor	781c99f257	SEC-1145: Updated LDAP code to make sure pooling flag is removed when binding as a specific user (for real this time)	17 years ago
Luke Taylor	b77f780993	SEC-1145: Updated LDAP code to make sure pooling flag is removed when binding as a specific user	17 years ago
Luke Taylor	4c3867718e	SEC-1031: Ported change from trunk.	17 years ago
Luke Taylor	97381fb448	SEC-974: Made getExceptionMappings() protected.	17 years ago
Luke Taylor	4542f00b14	SEC-975: Namespace security syntax does not interpret properties ... http://jira.springframework.org/browse/SEC-975. Changed creation of AccessDeniedHandler to use a BeanDefinition to make sure placeholders work OK.	18 years ago
Luke Taylor	5e4634d216	Minor Javadoc improvement.	18 years ago
Luke Taylor	d291def963	Removed invalid comment.	18 years ago
Luke Taylor	df59cb9dcd	Import cleaning.	18 years ago
Luke Taylor	ef0389ae79	SEC-976: Removed checks for presence of core-tiger classes.	18 years ago
Luke Taylor	5b9bb8ba54	[maven-release-plugin] prepare for next development iteration	18 years ago
Luke Taylor	73eed2656d	[maven-release-plugin] prepare release spring-security-parent-2.0.4	18 years ago
Luke Taylor	8661e17df9	OPEN - issue SEC-960: DN Encoding in LDAPUserDetailsManager.changePassword() causes bind errors ... http://jira.springframework.org/browse/SEC-960. Replaced call to toUrl() with toString() to prevent URL encoding when setting up principal name for reconnect() in changePassword() method.	18 years ago
Luke Taylor	5102be3a59	SEC-971: getter for cookieName in AbstractRememberMeServices ... http://jira.springframework.org/browse/SEC-971. Added getCookieName() method.	18 years ago
Luke Taylor	4e2d6f8b2e	SEC-967: TextUtils.java does not escape ampersand character ... http://jira.springframework.org/browse/SEC-967. Added escaping of '&' character	18 years ago
Luke Taylor	d781deffe7	OPEN - issue SEC-966: Consider adding escapeXml attribute to security:authentication ... http://jira.springframework.org/browse/SEC-966. Added escaping of rendered text as default.	18 years ago
Luke Taylor	a4e4120443	SEC-963: LDAP Group Search Root ... http://jira.springframework.org/browse/SEC-963. Changed namespace instances of DefaultAuthoritiesPopulator to use the root as the default search location.	18 years ago
Luke Taylor	83868a7334	SEC-955: ability to externalize port mapping for secured channel to a property file ... http://jira.springframework.org/browse/SEC-955. Changed schema to make port-mapping type xsd:string to allow placeholders.	18 years ago
Luke Taylor	150f3d97d0	SEC-832: NamingEnumeration.hasMore fails on MS AD with PartialResultException ... http://jira.springframework.org/browse/SEC-832. Changed searchForSingleEntry method to ignore PartialResultException, similar to Spring LDAP's approach.	18 years ago
Luke Taylor	7f28a8bc5d	Refactored DefaultLdapAuthoritiesPopulator to remove contextSource field and setter method.	18 years ago
Luke Taylor	1cfd886517	SEC-922: Spring Security should respect Spring XML boolean operators for AJ pointcut ... http://jira.springframework.org/browse/SEC-922. Added method to substitute boolean operators "and, not, or" with aspectj versions "&&, !, ||".	18 years ago
Luke Taylor	bb457e1d07	SEC-957: logger.debug without guard causing massive performance hit ... http://jira.springframework.org/browse/SEC-957. Added debug logging guard as requested.	18 years ago
Luke Taylor	09cf90258f	SEC-758: Both AspectJSecurityInterceptor and AspectJAnnotationSecurityInterceptor not usable with @AspectJ notation ... http://jira.springframework.org/browse/SEC-758. Added "throws Throwable" to AspectJAnnotationCallback signature.	18 years ago
Luke Taylor	e15d7a78cd	SEC-956: Remove MapBasedMethodDefinitionSource.lookupAttributes ... http://jira.springframework.org/browse/SEC-956. Done.	18 years ago
Luke Taylor	3bf5e406b7	SEC-936: NPE in AbstractFallbackMethodDefinitionSource ... http://jira.springframework.org/browse/SEC-936. Changed to check if the value of MethodInvocation.getThis() is null to prevent NPE. MapBasedMethodDefinitionSource now ignores calls to findAttributes() with a null target class (all its entries require a class) and the fallback option in AbstractFallbackMethodDefinitionSource is used if the targetClass is null (i.e. Method.getDeclaringClass() will be used as the Class)	18 years ago
Luke Taylor	55d357f42d	OPEN - issue SEC-905: <protect-pointcut /> pointcuts do not respect method arguments ... http://jira.springframework.org/browse/SEC-905. Added extra registration method to MapBasedMethodDefinitionSource which takes a Method instance rather than the method name.	18 years ago