9dbe3bdcc0
Polish Session Management Persistence Docs
...
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
5 days ago
d547ae0181
Fix defaults description in Session Management doc
...
Corrected that starting from Spring Security 6
security context is not automatically saved by default.
Signed-off-by: sankranti <sankranty@gmail.com>
5 days ago
b8b1278e1f
Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs
...
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions ) from 1.14.7 to 1.14.9.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc )
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.7...v1.14.9 )
---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
dependency-version: 1.14.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
5 days ago
381047e386
Bump spring-io/spring-security-release-tools from 1.0.14 to 1.0.15
...
Bumps [spring-io/spring-security-release-tools](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](729fed56d4...b92832ecbc
5 days ago
376b40a735
Bump io.spring.gradle:spring-security-release-plugin
...
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.14...v1.0.15 )
---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
dependency-version: 1.0.15
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
5 days ago
89fa1cbdd2
Bump spring-io/spring-security-release-tools/.github/workflows/build.yml
...
Bumps [spring-io/spring-security-release-tools/.github/workflows/build.yml](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](729fed56d4...b92832ecbc
5 days ago
0d75e6d10c
Bump @springio/asciidoctor-extensions in /docs
...
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions ) from 1.0.0-alpha.17 to 1.0.0-alpha.18.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc )
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.17...v1.0.0-alpha.18 )
---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
dependency-version: 1.0.0-alpha.18
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
5 days ago
01758c4c59
Bump spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml
...
Bumps [spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](729fed56d4...b92832ecbc
5 days ago
f37833a59c
Bump spring-io/spring-security-release-tools/.github/workflows/test.yml
...
Bumps [spring-io/spring-security-release-tools/.github/workflows/test.yml](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](729fed56d4...b92832ecbc
5 days ago
52e6c4c4be
Bump spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml
...
Bumps [spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](729fed56d4...b92832ecbc
5 days ago
96ceb535f4
Next development version
1 week ago
0c54a55ae8
Release 6.5.9
1 week ago
01ff3b086a
Add Workflow for Deferring Issues
...
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
1 week ago
33e6f4bd3f
Merge Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs
1 week ago
cdd4b36d37
Update Antora UI Spring to v0.4.26
1 week ago
7672f76fde
Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16
1 week ago
3db4999da4
Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14
1 week ago
a708d2f61b
Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17
...
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework ) from 6.2.16 to 6.2.17.
- [Release notes](https://github.com/spring-projects/spring-framework/releases )
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.16...v6.2.17 )
---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
dependency-version: 6.2.17
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
1 week ago
e726c05e76
Fix Jackson 2 deserializer for AuthenticationExtensionsClientOutputs
...
The deserializer is updated to properly ignore unknown extensions.
Closes gh-18643
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
1 week ago
a7039fb3e6
Test Jackson 2 deserializer with unknown primitive WebAuthn ext
...
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
1 week ago
88ea668f47
Test Jackson 2 deserializer with unknown obj/arr WebAuthn ext
...
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
1 week ago
03a5de1955
Update Antora Spring UI to v0.4.26
2 weeks ago
06cbea383e
Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14
...
Bumps org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14.
---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
dependency-version: 3.9.14
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 weeks ago
e250236279
Read relayState from authenticationRequest
...
Closes gh-18243
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
2 weeks ago
ef76ba040d
Require non-null authenticationRequest
...
Closes gh-18880
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
2 weeks ago
d69af716c8
Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16
...
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor ) from 2024.0.15 to 2024.0.16.
- [Release notes](https://github.com/reactor/reactor/releases )
- [Commits](https://github.com/reactor/reactor/compare/2024.0.15...2024.0.16 )
---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
dependency-version: 2024.0.16
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 weeks ago
7e37aa2b75
Merge Fix CookieRequestCache parameters
2 weeks ago
07bfe371b4
Fix CookieRequestCache parameters
...
Previously the parameters were not restored.
This commit ensures the parameters are restored.
Closes gh-18204
Signed-off-by: Vishnutheep B <vishnutheep@gmail.com>
2 weeks ago
e12edf43f2
Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs
2 weeks ago
a499e56b9b
Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13
...
Bumps org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13.
---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
dependency-version: 3.9.13
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 weeks ago
8c3f6ea0d4
Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs
...
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
dependency-version: 1.0.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
3 weeks ago
e17d85e460
Add IDE Setup Documentation
...
Issue gh-17833
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
3 weeks ago
f12036db05
Bump actions/upload-artifact from 6.0.0 to 7.0.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](b7c566a772...bbbca2ddaa
3 weeks ago
7b5c502a97
Bump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final
...
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm ) from 6.6.43.Final to 6.6.44.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases )
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.44/changelog.txt )
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.43...6.6.44 )
---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
dependency-version: 6.6.44.Final
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
3 weeks ago
706b059ea8
Update logout.adoc
...
Directives should be Directive
Signed-off-by: HaiYan <haiyan_qi@hotmail.com>
3 weeks ago
ea3b112bea
Fix Flaky Crypto Tests
3 weeks ago
1261c229a3
Fix Flaky Crypto Tests
...
Previously the RsaSecretEncryptorTests were flaky because the assumed that a BadPaddigException would be thrown
when using things like different salt. However, given that the tests had random inputs (e.g. keys) there is the
possibility that, despite the fact that it can never be properly decrypted, the final bytes look like a valid
encrypted value.
This updates the tests to ensure that decrypt either throws an Exception or is not equal to the original
plaintext.
3 weeks ago
4501ae7d1c
Update Reactive Resource Server startup exceptations
...
Issue gh-16708
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
4 weeks ago
48112d3d74
Polish Resource Server startup expectations
...
Issue gh-16708
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
4 weeks ago
b8735abb63
Clarify Resource Server startup expectations
...
Clarify that Spring Boot defers OIDC discovery by default.
Closes gh-16708
Signed-off-by: [CLOUD4] 한현 <gusgus1467@naver.com>
4 weeks ago
68a02ff176
Update Link to CRSF Docs in FAQ
...
Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
4 weeks ago
f37a706d62
Bump org-apache-maven-resolver from 1.9.26 to 1.9.27
...
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.
Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases )
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27 )
Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases )
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27 )
Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27
---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
dependency-version: 1.9.27
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
dependency-version: 1.9.27
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
dependency-version: 1.9.27
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
4 weeks ago
522c48b3b5
Merge Add Missing OnCommitedResponseWrapper Header Overrides
...
Add Missing OnCommitedResponseWrapper Header Overrides
4 weeks ago
1dae9aa459
Add Missing OnCommitedResponseWrapper Header Overrides
...
Spring Security's `OnCommitedResponseWrapper` does not override the `setHeader`, `setIntHeader`, `addIntHeader`
methods. This means that if the `Content-Length` response header is specified using any of those methods then
the response body length is not tracked and can be committed before the response headers are written.
Spring Security should override the missing methods and track `Content-Length` as is already done for `addHeader`.
This issue is the underlying problem for spring-projects/spring-framework#36381
Closes gh-18797
4 weeks ago
bec25edeb0
Merge pull request #18566 from Hann244/docs/gh-16530-jsp-method-attribute
...
Clarify need for method attribute in JSP authorize tag
4 weeks ago
4d43edfb20
Polish Documentation
...
- Combined explanation of method attribute with usage recommendations
- Used one sentence per line format
Issue gh-16530
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
4 weeks ago
9f9699f8a5
Clarify need for method attribute in JSP authorize tag
...
Closes gh-16530
This aligns the JSP documentation with the changes made in gh-16529.
Added a NOTE to clarify that the method attribute is required when the underlying RequestMatcher is method-specific.
Signed-off-by: onhann <gusgus1467@naver.com>
4 weeks ago
d29c984881
Merge pull request #18544 from Khyojae/gh-18543
...
Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager
1 month ago
1116241ee3
Fix Checks for NullPointerException in AuthoritiesAuthorizationManager
...
- Fix checkstyle
- Fix the test to use Collection that throws NullPointerException on .contains(null) to replicate the reported issue
Closes gh-18544
Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
1 month ago
d87dc9ae57
Fix: Handle null authority string in AuthoritiesAuthorizationManager
...
This prevents NPE when GrantedAuthority.getAuthority() returns null. Closes gh-18543
Signed-off-by: Khyojae <khjae201@gmail.com>
1 month ago
Josh Cummings
sankranti
dependabot[bot]
github-actions[bot]
Rob Winch
Ziqin Wang
Andrey Litvitski
Vishnutheep B
HaiYan
[CLOUD4] 한현
Guillaume Husta
Khyojae