Tag: 3.2.7.RELEASE

1.0.x

2.0.x

3.0.x

3.1.x

3.2.x

4.0.x

4.1.x

4.2.x

5.0.x

5.1.x

5.2.x

5.3.x

5.4.x

5.5.x

5.6.x

5.7.x

5.8.x

5.8.x_update-antora-ui-spring

6.0.x

6.1.x

6.2.x

6.2.x_update-antora-ui-spring

6.3.x

6.3.x_update-antora-ui-spring

6.4.x

6.5.x

7.0.x

dependabot/gradle/main/org.springframework.data-spring-data-bom-2025.1.0-SNAPSHOT

dependencies-typo-6.5.x

dependencies-typo-main

docs-build

finalize

gh-16886

gh-pages

kotlin22

main

wrapperbot/spring-security/gradle-wrapper-8.10

wrapperbot/spring-security/gradle-wrapper-8.10.1

wrapperbot/spring-security/gradle-wrapper-8.10.2

wrapperbot/spring-security/gradle-wrapper-8.11

wrapperbot/spring-security/gradle-wrapper-8.11.1

wrapperbot/spring-security/gradle-wrapper-8.12

wrapperbot/spring-security/gradle-wrapper-8.12.1

wrapperbot/spring-security/gradle-wrapper-8.13

wrapperbot/spring-security/gradle-wrapper-8.14

wrapperbot/spring-security/gradle-wrapper-8.9

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

2.0.0

2.0.0.M1

2.0.0.M2

2.0.0.RC1

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5.RELEASE

2.0.6.RELEASE

2.0.7.RELEASE

2.0.8.RELEASE

2.5.0.M1

3.0.0.M1

3.0.0.M2

3.0.0.RC1

3.0.0.RC2

3.0.0.RELEASE

3.0.1.RELEASE

3.0.2.RELEASE

3.0.3.RELEASE

3.0.4.RELEASE

3.0.5.RELEASE

3.0.6.RELEASE

3.0.7.RELEASE

3.0.8.RELEASE

3.1.0.M1

3.1.0.M2

3.1.0.RC1

3.1.0.RC2

3.1.0.RC3

3.1.0.RELEASE

3.1.1.RELEASE

3.1.2.RELEASE

3.1.3.RELEASE

3.1.4.RELEASE

3.1.5.RELEASE

3.1.6.RELEASE

3.1.7.RELEASE

3.2.0.M1

3.2.0.M2

3.2.0.RC1

3.2.0.RC2

3.2.0.RELEASE

3.2.1.RELEASE

3.2.10.RELEASE

3.2.2.RELEASE

3.2.3.RELEASE

3.2.4.RELEASE

3.2.5.RELEASE

3.2.6.RELEASE

3.2.7.RELEASE

3.2.8.RELEASE

3.2.9.RELEASE

4.0.0.M1

4.0.0.M2

4.0.0.RC1

4.0.0.RC2

4.0.0.RELEASE

4.0.1.RELEASE

4.0.2.RELEASE

4.0.3.RELEASE

4.0.4.RELEASE

4.1.0.RC1

4.1.0.RC2

4.1.0.RELEASE

4.1.1.RELEASE

4.1.2.RELEASE

4.1.3.RELEASE

4.1.4.RELEASE

4.1.5.RELEASE

4.2.0.M1

4.2.0.RC1

4.2.0.RELEASE

4.2.1.RELEASE

4.2.10.RELEASE

4.2.11.RELEASE

4.2.12.RELEASE

4.2.13.RELEASE

4.2.14.RELEASE

4.2.15.RELEASE

4.2.16.RELEASE

4.2.17.RELEASE

4.2.18.RELEASE

4.2.19.RELEASE

4.2.2.RELEASE

4.2.20.RELEASE

4.2.3.RELEASE

4.2.4.RELEASE

4.2.5.RELEASE

4.2.6.RELEASE

4.2.7.RELEASE

4.2.8.RELEASE

4.2.9.RELEASE

5.0.0.M1

5.0.0.M2

5.0.0.M3

5.0.0.M4

5.0.0.M5

5.0.0.RC1

5.0.0.RELEASE

5.0.1.RELEASE

5.0.10.RELEASE

5.0.11.RELEASE

5.0.12.RELEASE

5.0.13.RELEASE

5.0.14.RELEASE

5.0.15.RELEASE

5.0.16.RELEASE

5.0.17.RELEASE

5.0.18.RELEASE

5.0.19.RELEASE

5.0.2.RELEASE

5.0.3.RELEASE

5.0.4.RELEASE

5.0.5.RELEASE

5.0.6.RELEASE

5.0.7.RELEASE

5.0.8.RELEASE

5.0.9.RELEASE

5.1.0.M1

5.1.0.M2

5.1.0.RC1

5.1.0.RC2

5.1.0.RELEASE

5.1.1.RELEASE

5.1.10.RELEASE

5.1.11.RELEASE

5.1.12.RELEASE

5.1.13.RELEASE

5.1.2.RELEASE

5.1.3.RELEASE

5.1.4.RELEASE

5.1.5.RELEASE

5.1.6.RELEASE

5.1.7.RELEASE

5.1.8.RELEASE

5.1.9.RELEASE

5.2.0.M1

5.2.0.M2

5.2.0.M3

5.2.0.M4

5.2.0.RC1

5.2.0.RELEASE

5.2.1.RELEASE

5.2.10.RELEASE

5.2.11.RELEASE

5.2.12.RELEASE

5.2.13.RELEASE

5.2.14.RELEASE

5.2.15.RELEASE

5.2.2.RELEASE

5.2.3.RELEASE

5.2.4.RELEASE

5.2.5.RELEASE

5.2.6.RELEASE

5.2.7.RELEASE

5.2.8.RELEASE

5.2.9.RELEASE

5.3.0.M1

5.3.0.RC1

5.3.0.RELEASE

5.3.1.RELEASE

5.3.10.RELEASE

5.3.11.RELEASE

5.3.12.RELEASE

5.3.13.RELEASE

5.3.2.RELEASE

5.3.3.RELEASE

5.3.4.RELEASE

5.3.5.RELEASE

5.3.6.RELEASE

5.3.7.RELEASE

5.3.8.RELEASE

5.3.9.RELEASE

5.4.0

5.4.0-M1

5.4.0-M2

5.4.0-RC1

5.4.1

5.4.10

5.4.11

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.4.8

5.4.9

5.5.0

5.5.0-M1

5.5.0-M2

5.5.0-M3

5.5.0-RC1

5.5.0-RC2

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.6.0

5.6.0-M1

5.6.0-M2

5.6.0-M3

5.6.0-RC1

5.6.1

5.6.10

5.6.11

5.6.12

5.6.2

5.6.3

5.6.4

5.6.5

5.6.6

5.6.7

5.6.8

5.6.9

5.7.0

5.7.0-M1

5.7.0-M2

5.7.0-M3

5.7.0-RC1

5.7.1

5.7.10

5.7.11

5.7.12

5.7.13

5.7.14

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.7

5.7.8

5.7.9

5.8.0

5.8.0-M1

5.8.0-M2

5.8.0-M3

5.8.0-RC1

5.8.1

5.8.10

5.8.11

5.8.12

5.8.13

5.8.14

5.8.15

5.8.16

5.8.2

5.8.3

5.8.4

5.8.5

5.8.6

5.8.7

5.8.8

5.8.9

6.0.0

6.0.0-M1

6.0.0-M2

6.0.0-M3

6.0.0-M4

6.0.0-M5

6.0.0-M6

6.0.0-M7

6.0.0-RC1

6.0.0-RC2

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.1.0

6.1.0-M1

6.1.0-M2

6.1.0-RC1

6.1.1

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

6.2.0

6.2.0-M1

6.2.0-M2

6.2.0-M3

6.2.0-RC1

6.2.0-RC2

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.3.0

6.3.0-M1

6.3.0-M2

6.3.0-M3

6.3.0-RC1

6.3.1

6.3.10

6.3.2

6.3.3

6.3.4

6.3.5

6.3.6

6.3.7

6.3.8

6.3.9

6.4.0

6.4.0-M1

6.4.0-M2

6.4.0-M3

6.4.0-M4

6.4.0-RC1

6.4.1

6.4.10

6.4.11

6.4.12

6.4.13

6.4.2

6.4.3

6.4.4

6.4.5

6.4.6

6.4.7

6.4.8

6.4.9

6.5.0

6.5.0-M1

6.5.0-M2

6.5.0-M3

6.5.0-RC1

6.5.1

6.5.2

6.5.3

6.5.4

6.5.5

6.5.6

6.5.7

7.0.0

7.0.0-M1

7.0.0-M2

7.0.0-M3

7.0.0-RC1

7.0.0-RC2

7.0.0-RC3

7.0.1

7.0.2

7.1.0-M1

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from '3.2.7.RELEASE'

${ noResults }

Commit Graph

434 Commits (3.2.7.RELEASE)

Author	SHA1	Message	Date
Rob Winch	1374898cd8	SEC-2879: Add Test	11 years ago
Michael Cramer	d5ed97eba6	SEC-2879: JdbcTokenRepositoryImpl updateToken should use lastUsed arg	11 years ago
Marcin Mielnicki	8f29c2cc36	SEC-2878: Clean imports in UsernamePasswordAuthenticationFilter	11 years ago
Rob Winch	dfaebfa63b	SEC-2872: CsrfAuthenticationStrategy Delay Saving CsrfToken	11 years ago
Rob Winch	f794272bac	SEC-2832: Add Tests	11 years ago
Stillglade	aa0a5b96ab	SEC-2832: Update request attributes with new CsrfToken	11 years ago
Rob Winch	975e4ec019	SEC-2078: AbstractPreAuthenticatedProcessingFilter requriesAuthentication support for non-String Principals ... Previously, if the Principal returned by getPreAuthenticatedPrincipal was not a String, it prevented requiresAuthentication from detecting when the Principal was the same. This caused the need to authenticate the user for every request even when the Principal did not change. Now requiresAuthentication will check to see if the result of getPreAuthenticatedPrincipal is equal to the current Authentication.getPrincipal().	11 years ago
Rob Winch	74f8534b17	SEC-2791: AbstractRememberMeServices sets the version ... If the maxAge < 1 then the version must be 1 otherwise browsers ignore the value.	11 years ago
Rob Winch	478a9650aa	SEC-2831: Regex/AntPath RequestMatcher handle invalid HTTP method	11 years ago
Rob Winch	89c5c56849	SEC-2599: HttpSessionEventPublisher get required ApplicationContext ... In order to get better error messages (avoid NullPointerException) the HttpSessionEventPublisher now gets the required ApplicationContext which throws an IllegalStateException with a good error message.	12 years ago
Rob Winch	89d80ed5c9	SEC-2683: Correct spelling of assignamble in AuthenticationPrincipalResolver Exception	12 years ago
Rob Winch	d6b81abcf2	SEC-2578: HttpSessionSecurityContextRepository traverses HttpServletResponseWrapper	12 years ago
Mattias Severson	c074493f24	SEC-2573: RequestHeaderRequestMatcher constructor argument name has typo	12 years ago
Rob Winch	d7a2c0a98c	SEC-2177: Polish	12 years ago
Maciej Zasada	9057fbe0ed	SEC-2177: Striping off all leading schemes ... Striping off all leading schemes in the DefaultRedirectStrategy, so it will be less vulnerable to open redirect phishing attacks. More info can be found at SEC-2177 JIRA issue.	12 years ago
Julien Dubois	537d8f974f	SEC-2519: RememberMeAuthenticationException supports root cause ... Added a constructor which keeps the root cause of the exception, and added some documentation	12 years ago
Rob Winch	bb563967cc	SEC-2507: WebExpressionVoter.supports support subclasses of FilterInvocation	12 years ago
Rob Winch	60704eb50e	SEC-2511: Remove double ALLOW-FROM in X-Frame-Options header	12 years ago
getvictor	f02b77794f	SEC-2511: Remove double ALLOW-FROM from X-Frame-Options header. ... The interface documentation for getAllowFromValue states: Gets the value for ALLOW-FROM excluding the ALLOW-FROM.	12 years ago
Rob Winch	8d8475deb1	SEC-2455: form-login@login-processing-url & logout@logout-url use matchers ... Remove the deprecation warnings of using setFilterProcessingUrl by invoking the matcher methods instead.	12 years ago
Rob Winch	2df5541905	SEC-2448: Update to HSQL 2.3.1	12 years ago
Rob Winch	ca1080fb96	SEC-2439: HttpSessionCsrfTokenRepository setHeaderName sets header instead of parameter	12 years ago
Rob Winch	aaa7cec32e	SEC-2326: CsrfRequestDataValueProcessor implements RequestDataValueProcessor ... Previously there was unecessary complexity in CsrfRequestDataValueProcessor due to the non-passive changes in RequestDataValueProcessor. Now it simply implements the interface with the methods for both versions of the interface. This works since linking happens at runtime.	12 years ago
Rob Winch	7f714ebb23	SEC-2422: Session timeout detection with CSRF protection	12 years ago
Rob Winch	59e13e7bbb	SEC-2404: CsrfAuthenticationStrategy creates new valid CsrfToken	12 years ago
Rob Winch	1a1f577a8b	SEC-2358: Add RequestHEaderRequestMatcher#toString()	12 years ago
Rob Winch	e638f0a547	SEC-2357: old RequestMatcher interface extends new RequestMatcher	12 years ago
Rob Winch	04b091c385	SEC-2369: PreAuthenticatedGrantedAuthoritiesUserDetailsService fix case to createUserDetails method	12 years ago
Rob Winch	15a63c58a7	SEC-2368: DebugFilter outputs headers and HTTP method	12 years ago
Rob Winch	1351c8bada	SEC-2362: Clarify AbstractRememberMeServices loginSuccess javadoc	12 years ago
Adrien be	e50b587d60	SEC-2360: AbstractRememberMeServices provide message for Assert on key fieldd	12 years ago
Rob Winch	0b0e7dbea9	SEC-2359: Merge DefaultLoginPageViewFilter w/ DefaultLoginPageGeneratingFilter	12 years ago
Rob Winch	51171efa7a	SEC-2357: Move *RequestMatcher to .matcher package	12 years ago
Rob Winch	45ad74a0bd	SEC-2357: Fix package cycles	12 years ago
Rob Winch	14b9050616	SEC-2357: Move *RequestMatchers to .matchers package	12 years ago
Rob Winch	7d99436740	SEC-2358: Add RequestHeaderRequestMatcher	12 years ago
Rob Winch	0ac1176152	Polish RequestMatcher logging and toString	12 years ago
Rob Winch	cffbefadd1	SEC-2306: Fix Session Fixation logging race condition ... Previously session fixation protection could output an incorrect warning that session fixation protection did not work. The code now synchronizes on WebUtils.getSessionMutex(..).	12 years ago
kazuki43zoo	611a97023d	SEC-2352: HttpSessionCsrfTokenRepository lazy session creation	12 years ago
Rob Winch	17efd25717	SEC-2331: Include Expires: 0 in security headers documentation	13 years ago
Rob Winch	cea0cf9260	SEC-2243: Remove additional Debug Filter	13 years ago
Rob Winch	b591881e95	SEC-2302: Provide beforeSpringSecurityFilterChain hook ... This allows inserting filters before the springSecurityFilterChain.	13 years ago
Rob Winch	ddc0ef7ab3	SEC-2339: Added Logical (Or, And, Negated) RequestMatchers	13 years ago
Rob Winch	788ba9a1fa	SEC-2329: Allow injecting of AuthenticationTrustResolver	13 years ago
Rob Winch	9133c33f1d	SEC-2246: HttpSessionRequestCache.getRequest casts to RequestCache ... The method getRequest use to cast to DefaultRequestCache, but this is not necessary. Now the cast is to SavedRequest.	13 years ago
Rob Winch	8f8c6169e8	SEC-2331: Cache Control now includes Expires: 0	13 years ago
Rob Winch	0114b457c0	SEC-2330: CacheControlHeadersWriter use a single header	13 years ago
Rob Winch	32e9239fd2	SEC-2320: AuthenticationPrincipal can be null on invalid type ... Previously a ClassCastException was thrown if the type was invalid. Now a flag exists on AuthenticationPrincipal which indicates if a ClassCastException should be thrown or not with the default being no error.	13 years ago
Rob Winch	b22acd0768	SEC-2314: AbstractSecurityWebApplicationInitializer.getSessionTrackingModes() uses EnumSet	13 years ago
Rob Winch	8e74407381	SEC-2296: HttpServletRequest.login should throw ServletException if already authenticated ... See throws documentation at http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login%28java.lang.String,%20java.lang.String%29	13 years ago