spring-security

Commit Graph

Author	SHA1	Message	Date
Josh Cummings	10b835693c	Merge remote-tracking branch 'origin/6.5.x' into 7.0.x	4 weeks ago
dependabot[bot]	f37a706d62	Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.27 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.27 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.27 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	4 weeks ago
Rob Winch	b48967eebc	Merge Add Missing OnCommitedResponseWrapper Header Overrides Add Missing OnCommitedResponseWrapper Header Overrides	4 weeks ago
Rob Winch	522c48b3b5	Merge Add Missing OnCommitedResponseWrapper Header Overrides Add Missing OnCommitedResponseWrapper Header Overrides	4 weeks ago
Robert Winch	6898de8003	Merge Add Missing OnCommitedResponseWrapper Header Overrides	4 weeks ago
Robert Winch	1dae9aa459	Add Missing OnCommitedResponseWrapper Header Overrides Spring Security's `OnCommitedResponseWrapper` does not override the `setHeader`, `setIntHeader`, `addIntHeader` methods. This means that if the `Content-Length` response header is specified using any of those methods then the response body length is not tracked and can be committed before the response headers are written. Spring Security should override the missing methods and track `Content-Length` as is already done for `addHeader`. This issue is the underlying problem for spring-projects/spring-framework#36381 Closes gh-18797	4 weeks ago
Josh Cummings	73ee893d98	Merge remote-tracking branch 'origin/6.5.x' into 7.0.x	4 weeks ago
Josh Cummings	bec25edeb0	Merge pull request #18566 from Hann244/docs/gh-16530-jsp-method-attribute Clarify need for method attribute in JSP authorize tag	4 weeks ago
Josh Cummings	4d43edfb20	Polish Documentation - Combined explanation of method attribute with usage recommendations - Used one sentence per line format Issue gh-16530 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	4 weeks ago
onhann	9f9699f8a5	Clarify need for method attribute in JSP authorize tag Closes gh-16530 This aligns the JSP documentation with the changes made in gh-16529. Added a NOTE to clarify that the method attribute is required when the underlying RequestMatcher is method-specific. Signed-off-by: onhann <gusgus1467@naver.com>	4 weeks ago
Robert Winch	311235f39e	Document Keberose Dependency Coordinates Closes gh-18773	4 weeks ago
Robert Winch	fec988c82d	Add Kerberos Migration Section This links to the updated dependency coordinates Issue gh-18773 Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>	4 weeks ago
busoco-sjb	17b434c1c1	Document the change in dependency coordinates with Spring Security 7 Signed-off-by: busoco-sjb <169069865+busoco-sjb@users.noreply.github.com>	4 weeks ago
Rob Winch	0bb65411be	Merge pull request Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager	4 weeks ago
Rob Winch	d29c984881	Merge pull request #18544 from Khyojae/gh-18543 Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager	4 weeks ago
Robert Winch	151bcf3b0b	Merge Fix: Handle null authority string in AuthoritiesAuthorizationManager into 7.0.x	4 weeks ago
Robert Winch	1116241ee3	Fix Checks for NullPointerException in AuthoritiesAuthorizationManager - Fix checkstyle - Fix the test to use Collection that throws NullPointerException on .contains(null) to replicate the reported issue Closes gh-18544 Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>	4 weeks ago
Khyojae	d87dc9ae57	Fix: Handle null authority string in AuthoritiesAuthorizationManager This prevents NPE when GrantedAuthority.getAuthority() returns null. Closes gh-18543 Signed-off-by: Khyojae <khjae201@gmail.com>	4 weeks ago
Robert Winch	2eb948d9b5	Ensure tests clear AuthorizationServerContextHolder Closes gh-18768	4 weeks ago
Robert Winch	f2aef5168c	Merge branch '6.5.x' into 7.0.x	4 weeks ago
dependabot[bot]	ac556a45f9	Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.42.Final to 6.6.43.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.43/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.42...6.6.43) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.43.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	4 weeks ago
dependabot[bot]	c8731a8dc0	Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.5 to 2.18.6. - [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.5...jackson-bom-2.18.6) --- updated-dependencies: - dependency-name: com.fasterxml.jackson:jackson-bom dependency-version: 2.18.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	4 weeks ago
Robert Winch	a4a6e9124c	Merge branch '6.5.x' into 7.0.x	1 month ago
Robert Winch	b21159f453	Bump org.junit:junit-bom from 6.0.2 to 6.0.3	1 month ago
Robert Winch	6f7c8cb352	Bump org-apache-maven-resolver from 1.9.25 to 1.9.26	1 month ago
Robert Winch	5973a66bb1	Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32	1 month ago
Robert Winch	3e3eeda560	Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32	1 month ago
dependabot[bot]	e2486a2590	Bump org.springframework:spring-framework-bom from 7.0.4 to 7.0.5 Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.4 to 7.0.5. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.4...v7.0.5) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-version: 7.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	3c55f057b1	Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.29 to 1.5.32. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.29...v_1.5.32) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.32 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	6d2a414022	Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 Bumps `org-apache-maven-resolver` from 1.9.25 to 1.9.26. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.25 to 1.9.26 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.25 to 1.9.26 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.25 to 1.9.26 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.26 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.26 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.26 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	58df50c3a3	Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 Bumps `org-apache-maven-resolver` from 1.9.25 to 1.9.26. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.25 to 1.9.26 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.25 to 1.9.26 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.25 to 1.9.26 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.26 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.26 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.26 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	79156b2387	Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.29 to 1.5.32. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.29...v_1.5.32) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.32 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	3abb69d5a9	Bump org.junit:junit-bom from 6.0.2 to 6.0.3 Bumps [org.junit:junit-bom](https://github.com/junit-team/junit-framework) from 6.0.2 to 6.0.3. - [Release notes](https://github.com/junit-team/junit-framework/releases) - [Commits](https://github.com/junit-team/junit-framework/compare/r6.0.2...r6.0.3) --- updated-dependencies: - dependency-name: org.junit:junit-bom dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
github-actions[bot]	6c2b2a7611	Next development version	1 month ago
github-actions[bot]	0fab34f359	Release 6.5.8	1 month ago
github-actions[bot]	c0da8b390b	Next development version	1 month ago
github-actions[bot]	ffe73b4920	Release 7.0.3	1 month ago
Joe Grandja	f0ffda89e0	Update to spring-data-bom 2025.1.3 Closes gh-18735	1 month ago
dependabot[bot]	746c6e124e	Bump org.springframework:spring-framework-bom from 7.0.3 to 7.0.4 Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.3 to 7.0.4. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.3...v7.0.4) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-version: 7.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	08e5b375ac	Bump io.projectreactor:reactor-bom from 2024.0.14 to 2024.0.15 Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2024.0.14 to 2024.0.15. - [Release notes](https://github.com/reactor/reactor/releases) - [Commits](https://github.com/reactor/reactor/compare/2024.0.14...2024.0.15) --- updated-dependencies: - dependency-name: io.projectreactor:reactor-bom dependency-version: 2024.0.15 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	123a2d79cf	Bump io.projectreactor:reactor-bom from 2025.0.2 to 2025.0.3 Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.2 to 2025.0.3. - [Release notes](https://github.com/reactor/reactor/releases) - [Commits](https://github.com/reactor/reactor/compare/2025.0.2...2025.0.3) --- updated-dependencies: - dependency-name: io.projectreactor:reactor-bom dependency-version: 2025.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	f9c32afb6f	Bump org.springframework:spring-framework-bom from 6.2.15 to 6.2.16 Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.15 to 6.2.16. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.15...v6.2.16) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-version: 6.2.16 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	0c3e483432	Bump org.springframework.ldap:spring-ldap-core from 4.0.1 to 4.0.2 Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 4.0.1 to 4.0.2. - [Release notes](https://github.com/spring-projects/spring-ldap/releases) - [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt) - [Commits](https://github.com/spring-projects/spring-ldap/compare/4.0.1...4.0.2) --- updated-dependencies: - dependency-name: org.springframework.ldap:spring-ldap-core dependency-version: 4.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
Josh Cummings	b804da974d	Update Test to Align with webauthn4j The latest webauthn4j exposes Jackson 3 instead of Jackson 2, as such this test now uses Jackson 3 where needed. Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	1 month ago
dependabot[bot]	b9bb5e0b52	Bump com.webauthn4j:webauthn4j-core Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.7.RELEASE to 0.31.0.RELEASE. - [Release notes](https://github.com/webauthn4j/webauthn4j/releases) - [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.7.RELEASE...0.31.0.RELEASE) --- updated-dependencies: - dependency-name: com.webauthn4j:webauthn4j-core dependency-version: 0.31.0.RELEASE dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
Josh Cummings	4fd8e1d596	Remove Trailing Bytes from AttestationStatement Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	1 month ago
Josh Cummings	c59fb0cd35	Add Jackson 2 Databind as Optional Dependency Since spring-security-webauthn has Jackson 2 Mixins, it would be clearer to set Jackson 2 explicitly as an optional dependency Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	1 month ago
dependabot[bot]	50aba3aaf3	Bump io.spring.gradle:spring-security-release-plugin Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14. - [Release notes](https://github.com/spring-io/spring-security-release-tools/releases) - [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...v1.0.14) --- updated-dependencies: - dependency-name: io.spring.gradle:spring-security-release-plugin dependency-version: 1.0.14 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	3d61276a1a	Bump io.spring.gradle:spring-security-release-plugin Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14. - [Release notes](https://github.com/spring-io/spring-security-release-tools/releases) - [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...v1.0.14) --- updated-dependencies: - dependency-name: io.spring.gradle:spring-security-release-plugin dependency-version: 1.0.14 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
Josh Cummings	6cbbf6c561	Merge branch '6.5.x' into 7.0.x	1 month ago

1 2 3 4 5 ...

20124 Commits (10b835693c7a111eef3d579e2cd9385168a650fe) All Branches Search

20124 Commits (10b835693c7a111eef3d579e2cd9385168a650fe)

All Branches