spring-security

Commit Graph

Author	SHA1	Message	Date
[CLOUD4] 한현	b8735abb63	Clarify Resource Server startup expectations Clarify that Spring Boot defers OIDC discovery by default. Closes gh-16708 Signed-off-by: [CLOUD4] 한현 <gusgus1467@naver.com>	3 weeks ago
Guillaume Husta	68a02ff176	Update Link to CRSF Docs in FAQ Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>	3 weeks ago
dependabot[bot]	f37a706d62	Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.27 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.27 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.27 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 weeks ago
Rob Winch	522c48b3b5	Merge Add Missing OnCommitedResponseWrapper Header Overrides Add Missing OnCommitedResponseWrapper Header Overrides	3 weeks ago
Robert Winch	1dae9aa459	Add Missing OnCommitedResponseWrapper Header Overrides Spring Security's `OnCommitedResponseWrapper` does not override the `setHeader`, `setIntHeader`, `addIntHeader` methods. This means that if the `Content-Length` response header is specified using any of those methods then the response body length is not tracked and can be committed before the response headers are written. Spring Security should override the missing methods and track `Content-Length` as is already done for `addHeader`. This issue is the underlying problem for spring-projects/spring-framework#36381 Closes gh-18797	3 weeks ago
Josh Cummings	bec25edeb0	Merge pull request #18566 from Hann244/docs/gh-16530-jsp-method-attribute Clarify need for method attribute in JSP authorize tag	3 weeks ago
Josh Cummings	4d43edfb20	Polish Documentation - Combined explanation of method attribute with usage recommendations - Used one sentence per line format Issue gh-16530 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	3 weeks ago
onhann	9f9699f8a5	Clarify need for method attribute in JSP authorize tag Closes gh-16530 This aligns the JSP documentation with the changes made in gh-16529. Added a NOTE to clarify that the method attribute is required when the underlying RequestMatcher is method-specific. Signed-off-by: onhann <gusgus1467@naver.com>	3 weeks ago
Rob Winch	d29c984881	Merge pull request #18544 from Khyojae/gh-18543 Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager	3 weeks ago
Robert Winch	1116241ee3	Fix Checks for NullPointerException in AuthoritiesAuthorizationManager - Fix checkstyle - Fix the test to use Collection that throws NullPointerException on .contains(null) to replicate the reported issue Closes gh-18544 Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>	3 weeks ago
Khyojae	d87dc9ae57	Fix: Handle null authority string in AuthoritiesAuthorizationManager This prevents NPE when GrantedAuthority.getAuthority() returns null. Closes gh-18543 Signed-off-by: Khyojae <khjae201@gmail.com>	4 weeks ago
dependabot[bot]	ac556a45f9	Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.42.Final to 6.6.43.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.43/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.42...6.6.43) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.43.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	4 weeks ago
dependabot[bot]	c8731a8dc0	Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.5 to 2.18.6. - [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.5...jackson-bom-2.18.6) --- updated-dependencies: - dependency-name: com.fasterxml.jackson:jackson-bom dependency-version: 2.18.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	4 weeks ago
Robert Winch	3e3eeda560	Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32	4 weeks ago
dependabot[bot]	58df50c3a3	Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 Bumps `org-apache-maven-resolver` from 1.9.25 to 1.9.26. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.25 to 1.9.26 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.25 to 1.9.26 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.25...maven-resolver-1.9.26) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.25 to 1.9.26 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.26 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.26 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.26 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	79156b2387	Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.29 to 1.5.32. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.29...v_1.5.32) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.32 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
github-actions[bot]	6c2b2a7611	Next development version	1 month ago
github-actions[bot]	0fab34f359	Release 6.5.8	1 month ago
dependabot[bot]	08e5b375ac	Bump io.projectreactor:reactor-bom from 2024.0.14 to 2024.0.15 Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2024.0.14 to 2024.0.15. - [Release notes](https://github.com/reactor/reactor/releases) - [Commits](https://github.com/reactor/reactor/compare/2024.0.14...2024.0.15) --- updated-dependencies: - dependency-name: io.projectreactor:reactor-bom dependency-version: 2024.0.15 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	f9c32afb6f	Bump org.springframework:spring-framework-bom from 6.2.15 to 6.2.16 Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.15 to 6.2.16. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.15...v6.2.16) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-version: 6.2.16 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	3d61276a1a	Bump io.spring.gradle:spring-security-release-plugin Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14. - [Release notes](https://github.com/spring-io/spring-security-release-tools/releases) - [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...v1.0.14) --- updated-dependencies: - dependency-name: io.spring.gradle:spring-security-release-plugin dependency-version: 1.0.14 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
Josh Cummings	10cb6f7003	Update spring-security-release-tools 1.0.14	1 month ago
dependabot[bot]	3131642aae	Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 Bumps [io.micrometer:context-propagation](https://github.com/micrometer-metrics/context-propagation) from 1.1.3 to 1.1.4. - [Release notes](https://github.com/micrometer-metrics/context-propagation/releases) - [Commits](https://github.com/micrometer-metrics/context-propagation/compare/v1.1.3...v1.1.4) --- updated-dependencies: - dependency-name: io.micrometer:context-propagation dependency-version: 1.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	552d8d1d29	Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.28 to 1.5.29. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.28...v_1.5.29) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.29 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	f240f29433	Bump gradle-wrapper from 8.14 to 8.14.4 Bumps gradle-wrapper from 8.14 to 8.14.4. --- updated-dependencies: - dependency-name: gradle-wrapper dependency-version: 8.14.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
Robert Winch	1efacf1ad8	Remove unnecessary Gradle wrapper from buildSrc buildSrc does not need its own Gradle wrapper and should use the parent project's wrapper. Having a separate wrapper causes Dependabot to detect and attempt to update it independently, creating confusion and unnecessary PRs. Closes gh-18692	1 month ago
dependabot[bot]	fa7c6ea583	Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22 Bumps [spring-io/spring-doc-actions](https://github.com/spring-io/spring-doc-actions) from 0.0.20 to 0.0.22. - [Commits](`e28269199d...415e2b11a7`) --- updated-dependencies: - dependency-name: spring-io/spring-doc-actions dependency-version: 0.0.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	3841e0f6b3	Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 Bumps [jakarta.xml.bind:jakarta.xml.bind-api](https://github.com/jakartaee/jaxb-api) from 4.0.4 to 4.0.5. - [Release notes](https://github.com/jakartaee/jaxb-api/releases) - [Commits](https://github.com/jakartaee/jaxb-api/compare/4.0.4...4.0.5) --- updated-dependencies: - dependency-name: jakarta.xml.bind:jakarta.xml.bind-api dependency-version: 4.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
Robert Winch	50fad46df6	Bump @antora/atlas-extension in /docs --- updated-dependencies: - dependency-name: "@antora/atlas-extension" dependency-version: 1.0.0-alpha.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	e28eea208b	Bump @springio/antora-extensions from 1.14.4 to 1.14.7 in /docs Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.4 to 1.14.7. - [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc) - [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.4...v1.14.7) --- updated-dependencies: - dependency-name: "@springio/antora-extensions" dependency-version: 1.14.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	f646392542	Bump @antora/collector-extension from 1.0.1 to 1.0.2 in /docs --- updated-dependencies: - dependency-name: "@antora/collector-extension" dependency-version: 1.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	ffeda7a1b3	Bump ch.qos.logback:logback-classic from 1.5.27 to 1.5.28 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.27 to 1.5.28. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.27...v_1.5.28) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.28 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
dependabot[bot]	52ca16fa4b	Bump antora from 3.2.0-alpha.8 to 3.2.0-alpha.11 in /docs Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.8 to 3.2.0-alpha.11. - [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc) - [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.8...v3.2.0-alpha.11) --- updated-dependencies: - dependency-name: antora dependency-version: 3.2.0-alpha.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 month ago
Josh Cummings	447e76bd06	Update to actions/checkout 6.0.2	1 month ago
Josh Cummings	46a9514420	Update to setup-gradle 5.0.1 note that gradle/gradle-build-action is superceded by setup-gradle. Issue gh-18648 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	1 month ago
Josh Cummings	8432df498e	Update upload-artifact to 6.0.0 Issue gh-18648 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	1 month ago
Josh Cummings	63162eb5f1	Update to setup-java 5.2.0 Issue gh-18648 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	1 month ago
Josh Cummings	5c3b8c513b	Update spring-gradle-build-action to 2.0.5 Issue gh-18648	1 month ago
Josh Cummings	d276c943fc	Update actions/checkout to 6.0.2 Issue gh-18648 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	1 month ago
Josh Cummings	18d9dd77ec	Use SHA Hashes for spring-security-release-tools Workflows Issue gh-18648 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	1 month ago
Robert Winch	d6e3ec78cd	Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27	2 months ago
dependabot[bot]	48c1023fd6	Bump org.hibernate.orm:hibernate-core from 6.6.41.Final to 6.6.42.Final Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.41.Final to 6.6.42.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.42/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.41...6.6.42) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.42.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2 months ago
dependabot[bot]	04dbdc8588	Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.26 to 1.5.27. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.26...v_1.5.27) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.27 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2 months ago
Robert Winch	3960bf950d	Bump org.assertj:assertj-core from 3.27.6 to 3.27.7	2 months ago
Robert Winch	bc6ac7c8c6	Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26	2 months ago
Garvit Joshi	edd82ba82c	gh-18234: Create SHA-1 MessageDigest for every new check request Signed-off-by: Garvit Joshi <garvitjoshi9@gmail.com>	2 months ago
dependabot[bot]	cf656ce6e1	Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.25 to 1.5.26. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.25...v_1.5.26) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.26 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2 months ago
dependabot[bot]	f75e9c7138	Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.6 to 3.27.7. - [Release notes](https://github.com/assertj/assertj/releases) - [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.6...assertj-build-3.27.7) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-version: 3.27.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2 months ago
Robert Winch	27f91e03f9	Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final	2 months ago
Robert Winch	b7230c367e	Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25	2 months ago

1 2 3 4 5 ...

19101 Commits (b8735abb6366b366fc43e4bb91c2ba6e4d626bc4) All Branches Search

19101 Commits (b8735abb6366b366fc43e4bb91c2ba6e4d626bc4)

All Branches