spring-security

Commit Graph

Author	SHA1	Message	Date
Marcus Da Coregio	6c9cb47125	Fix code style	2 years ago
Marcus Da Coregio	64e2a2ff8b	Apply updated Code Style Closes gh-13881	2 years ago
Tim te Beek	9df9cb5aed	refactor: AssertJ best practices Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/bGVuS?organizationId=RGVmYXVsdA%3D%3D Co-authored-by: Moderne <team@moderne.io>	2 years ago
Krzysztof Krason	9b603b99ab	Using modern Java features	3 years ago
Marcus Da Coregio	d5603a944d	Avoid exception if PBKDF2WithHmacSHA256 is not available Issue gh-12873	3 years ago
Joe Grandja	ed6a7f7730	Remove deprecated constructors in PasswordEncoders Closes gh-11985	3 years ago
Joe Grandja	c50441b59f	Update default configuration for Pbkdf2PasswordEncoder The recommended minimums for PBKDF2, as per OWASP Cheat Sheet Series (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html), are: If FIPS-140 compliance is required, use PBKDF2 with a work factor of 310,000 or more and set with an internal hash function of HMAC-SHA-256. Previous default configuration: algorithm=SHA1, iterations=185000, hashLength=256 New default configuration: algorithm=SHA256, iterations=310000, hashLength=256 The default salt length was also updated from 8 to 16. Closes gh-10506, Closes gh-10489	3 years ago
Joe Grandja	f8419003eb	Update default configuration for SCryptPasswordEncoder The recommended minimums for scrypt, as per OWASP Cheat Sheet Series (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html), are: Use scrypt with a minimum CPU/memory cost parameter of (2^16), a minimum block size of 8 (1024 bytes), and a parallelization parameter of 1. Previous default configuration: cpuCost=16384, memoryCost=8, parallelism=1 New default configuration: cpuCost=65536, memoryCost=8, parallelism=1 The default salt length was also updated from 64 to 16. Issue gh-10506	3 years ago
Joe Grandja	2ea62d0f8b	Update default configuration for Argon2PasswordEncoder The recommended minimums for Argon2, as per OWASP Cheat Sheet Series (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html), are: Use Argon2id with a minimum configuration of 15 MiB of memory, an iteration count of 2, and 1 degree of parallelism. Previous default configuration: memory=4, iterations=3, parallelism=1 New default configuration: memory=16, iterations=2, parallelism=1 Issue gh-10506	3 years ago
Rob Winch	d996c2a2c6	Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)` This method is insecure. Users should instead encrypt with their database. Closes gh-8980	3 years ago
Rob Winch	2fb625db84	Remove mockito deprecations Issue gh-11748	3 years ago
Josh Cummings	b0b4612609	Correct input validation for 31 rounds Closes gh-11470	4 years ago
Josh Cummings	28424f8ae5	Correct input validation for 31 rounds Closes gh-11470	4 years ago
Josh Cummings	37d856dca4	Correct input validation for 31 rounds Closes gh-11470	4 years ago
Josh Cummings	ba0f8ec3ef	Correct input validation for 31 rounds Closes gh-11470	4 years ago
Josh Cummings	3f13fa0285	Improve Upgrading Closes gh-11259	4 years ago
Josh Cummings	bc6f494af8	Correct input validation for 31 rounds Closes gh-11470	4 years ago
Marcus Da Coregio	b8b0661d73	Lock Dependencies for Release	4 years ago
Josh Cummings	e6297d3bf7	Improve Upgrading Closes gh-11259	4 years ago
Josh Cummings	5f7fc0eb26	Improve Upgrading Closes gh-11259	4 years ago
Josh Cummings	0bd7daf899	Improve Upgrading	4 years ago
Josh Cummings	a40f73521c	Improve Upgrading	4 years ago
Josh Cummings	1229b27b87	Improve Upgrading	4 years ago
Jihoon Cha	af7f943325	Prevent instantiation of DelegatingPasswordEncoder if idPrefix contains idSuffix Closes gh-10933	4 years ago
Steve Riesenberg	3bd160a71d	Polish gh-10933	4 years ago
Jihoon Cha	da606627b6	Prevent instantiation of DelegatingPasswordEncoder if idPrefix contains idSuffix Closes gh-10933	4 years ago
Eleftheria Stein	3389cf3ffc	Revert "Lock dependencies" This reverts commit `83bb4603f8`.	4 years ago
Marcus Da Coregio	cfbf28b8ba	Revert "Lock Dependencies for Release" This reverts commit `3d4e90ba2a`.	4 years ago
Eleftheria Stein	83bb4603f8	Lock dependencies	4 years ago
Marcus Da Coregio	3d4e90ba2a	Lock Dependencies for Release	4 years ago
Rob Winch	0c201565fc	Fix format DelegatingPasswordEncoder	4 years ago
Rob Winch	625c7d6473	Rename prefix/suffix in DelegatingPasswordEncoder Issue gh-10273	4 years ago
heowc	912c762e12	Support for changing prefix and suffix in `DelegatingPasswordEncoder` Closes gh-10273	4 years ago
Rob Winch	582629c087	Rename prefix/suffix in DelegatingPasswordEncoder Issue gh-10273	4 years ago
heowc	399cf2e59d	Support for changing prefix and suffix in `DelegatingPasswordEncoder` Closes gh-10273	4 years ago
Steve Riesenberg	0704c709dc	Revert "Lock Dependencies for Release" This reverts commit `03c2c49d66`.	4 years ago
Steve Riesenberg	03c2c49d66	Lock Dependencies for Release	4 years ago
Steve Riesenberg	c83bd075a2	Revert "Lock Dependencies for Release" This reverts commit `bedb569f0d`.	4 years ago
Steve Riesenberg	bedb569f0d	Lock Dependencies for Release	4 years ago
Joe Grandja	5c8cd23a2d	Revert "Lock dependencies" This reverts commit `fc53f81d2e`.	4 years ago
Eleftheria Stein	fc53f81d2e	Lock dependencies	4 years ago
Marcus Da Coregio	02b2fcc6f0	Restore ManagementConfigurationPlugin Issue gh-9615	4 years ago
Marcus Da Coregio	d2e5f2ae0d	Update Gradle to 7.2 Closes gh-9615	4 years ago
heowc	84d173c310	Fix typo	4 years ago
heowc	dbe2ef8758	Fix typo Closes gh-10276	4 years ago
heowc	31cc0b856e	Fix typo Closes gh-10276	4 years ago
heowc	02060015a5	Fix typo Closes gh-10276	4 years ago
heowc	c9917b3cd0	Fix typo Closes gh-10276	4 years ago
heowc	7b73b94198	Fix typo	4 years ago
Joe Grandja	ec6b2203ca	Revert "Lock Dependencies for Release" This reverts commit `067bdd0dd9`.	5 years ago

1 2 3 4 5 ...

254 Commits (2dcc6fe708c00cba9850bfbee36007be22013136)