chore(deps): bump spring.security.version from 5.6.2 to 6.3.4 #1918

dependabot · 2024-10-21T22:44:06Z

Bumps spring.security.version from 5.6.2 to 6.3.4.
Updates org.springframework.security:spring-security-web from 5.6.2 to 6.3.4

Release notes

Sourced from org.springframework.security:spring-security-web's releases.

6.3.4

🪲 Bug Fixes

Annotation expression template processing should not fail on Class parameter types #15711

Disabling credentials erasure on custom AuthenticationManager is not working #15808

Documentation inconsistency in AuthorizationManager's verify method return type #15822

Methods annotated with @PostFilter are processed twice by PostFilterAuthorizationMethodInterceptor #15676

OidcBackChannelLogoutTokenValidator should not construct when missing OIDC Provider Issuer #15868

SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #15767

The additionalParameters array parameter of OAuth2AuthorizationRequest causes the authorizationRequestUri to be incorrect #15829

🔨 Dependency Upgrades

Bump ch.qos.logback:logback-classic from 1.5.10 to 1.5.11 #15926

Bump io.micrometer:micrometer-observation from 1.12.10 to 1.12.11 #15917

Bump io.mockk:mockk from 1.13.12 to 1.13.13 #15897

Bump io.projectreactor:reactor-bom from 2023.0.10 to 2023.0.11 #15925

Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.1 to 3.0.2 #15694

Bump org-eclipse-jetty from 11.0.23 to 11.0.24 #15731

Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.21 to 4.33.22 #15761

Bump org.junit:junit-bom from 5.10.4 to 5.10.5 #15883

Bump org.springframework.data:spring-data-bom from 2024.0.4 to 2024.0.5 #15958

Bump org.springframework.ldap:spring-ldap-core from 3.2.6 to 3.2.7 #15944

Bump org.springframework:spring-framework-bom from 6.1.13 to 6.1.14 #15945

🔩 Build Updates

Bump @antora/collector-extension from 1.0.0-beta.2 to 1.0.0-beta.3 in /docs #15907

Bump @springio/asciidoctor-extensions from 1.0.0-alpha.13 to 1.0.0-alpha.14 in /docs #15836

Migrate slack notifications to GChat #15668

Release 6.3.4 #15964

Update eclipse/vscode configuration to use -parameters #15681

❤️ Contributors

Thank you to all the contributors who worked on this release:

@dependabot[bot] and @kse-music

6.3.3

🪲 Bug Fixes

ObservationRegistry is never post-processed #15658

🔨 Dependency Upgrades

Bump org-eclipse-jetty from 11.0.22 to 11.0.23 #15664

❤️ Contributors

... (truncated)

Commits

51c06a5 Release 6.3.4
1528c42 Merge branch '6.2.x' into 6.3.x
0e257b5 Add Firewall for WebFlux
bf77213 Merge branch '6.2.x' into 6.3.x
ee5e11a Bump org.springframework.data:spring-data-bom
29e8c8e Bump org.springframework.data:spring-data-bom from 2024.0.4 to 2024.0.5
dbff977 Merge branch '6.2.x' into 6.3.x
a504b2f Merge branch '5.8.x' into 6.2.x
52438b4 Bump org.springframework:spring-framework-bom from 6.1.13 to 6.1.14
028dd45 Bump org.springframework:spring-framework-bom from 6.1.13 to 6.1.14
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-config from 5.6.2 to 6.3.4

Release notes

Sourced from org.springframework.security:spring-security-config's releases.

6.3.4

🪲 Bug Fixes

Annotation expression template processing should not fail on Class parameter types #15711

Disabling credentials erasure on custom AuthenticationManager is not working #15808

Documentation inconsistency in AuthorizationManager's verify method return type #15822

Methods annotated with @PostFilter are processed twice by PostFilterAuthorizationMethodInterceptor #15676

OidcBackChannelLogoutTokenValidator should not construct when missing OIDC Provider Issuer #15868

SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #15767

The additionalParameters array parameter of OAuth2AuthorizationRequest causes the authorizationRequestUri to be incorrect #15829

🔨 Dependency Upgrades

Bump ch.qos.logback:logback-classic from 1.5.10 to 1.5.11 #15926

Bump io.micrometer:micrometer-observation from 1.12.10 to 1.12.11 #15917

Bump io.mockk:mockk from 1.13.12 to 1.13.13 #15897

Bump io.projectreactor:reactor-bom from 2023.0.10 to 2023.0.11 #15925

Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.1 to 3.0.2 #15694

Bump org-eclipse-jetty from 11.0.23 to 11.0.24 #15731

Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.21 to 4.33.22 #15761

Bump org.junit:junit-bom from 5.10.4 to 5.10.5 #15883

Bump org.springframework.data:spring-data-bom from 2024.0.4 to 2024.0.5 #15958

Bump org.springframework.ldap:spring-ldap-core from 3.2.6 to 3.2.7 #15944

Bump org.springframework:spring-framework-bom from 6.1.13 to 6.1.14 #15945

🔩 Build Updates

Bump @antora/collector-extension from 1.0.0-beta.2 to 1.0.0-beta.3 in /docs #15907

Bump @springio/asciidoctor-extensions from 1.0.0-alpha.13 to 1.0.0-alpha.14 in /docs #15836

Migrate slack notifications to GChat #15668

Release 6.3.4 #15964

Update eclipse/vscode configuration to use -parameters #15681

❤️ Contributors

Thank you to all the contributors who worked on this release:

@dependabot[bot] and @kse-music

6.3.3

🪲 Bug Fixes

ObservationRegistry is never post-processed #15658

🔨 Dependency Upgrades

Bump org-eclipse-jetty from 11.0.22 to 11.0.23 #15664

❤️ Contributors

... (truncated)

Commits

51c06a5 Release 6.3.4
1528c42 Merge branch '6.2.x' into 6.3.x
0e257b5 Add Firewall for WebFlux
bf77213 Merge branch '6.2.x' into 6.3.x
ee5e11a Bump org.springframework.data:spring-data-bom
29e8c8e Bump org.springframework.data:spring-data-bom from 2024.0.4 to 2024.0.5
dbff977 Merge branch '6.2.x' into 6.3.x
a504b2f Merge branch '5.8.x' into 6.2.x
52438b4 Bump org.springframework:spring-framework-bom from 6.1.13 to 6.1.14
028dd45 Bump org.springframework:spring-framework-bom from 6.1.13 to 6.1.14
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-taglibs from 5.6.2 to 6.3.4

Release notes

Sourced from org.springframework.security:spring-security-taglibs's releases.

6.3.4

🪲 Bug Fixes

Annotation expression template processing should not fail on Class parameter types #15711

Disabling credentials erasure on custom AuthenticationManager is not working #15808

Documentation inconsistency in AuthorizationManager's verify method return type #15822

Methods annotated with @PostFilter are processed twice by PostFilterAuthorizationMethodInterceptor #15676

OidcBackChannelLogoutTokenValidator should not construct when missing OIDC Provider Issuer #15868

SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #15767

The additionalParameters array parameter of OAuth2AuthorizationRequest causes the authorizationRequestUri to be incorrect #15829

🔨 Dependency Upgrades

Bump ch.qos.logback:logback-classic from 1.5.10 to 1.5.11 #15926

Bump io.micrometer:micrometer-observation from 1.12.10 to 1.12.11 #15917

Bump io.mockk:mockk from 1.13.12 to 1.13.13 #15897

Bump io.projectreactor:reactor-bom from 2023.0.10 to 2023.0.11 #15925

Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.1 to 3.0.2 #15694

Bump org-eclipse-jetty from 11.0.23 to 11.0.24 #15731

Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.21 to 4.33.22 #15761

Bump org.junit:junit-bom from 5.10.4 to 5.10.5 #15883

Bump org.springframework.data:spring-data-bom from 2024.0.4 to 2024.0.5 #15958

Bump org.springframework.ldap:spring-ldap-core from 3.2.6 to 3.2.7 #15944

Bump org.springframework:spring-framework-bom from 6.1.13 to 6.1.14 #15945

🔩 Build Updates

Bump @antora/collector-extension from 1.0.0-beta.2 to 1.0.0-beta.3 in /docs #15907

Bump @springio/asciidoctor-extensions from 1.0.0-alpha.13 to 1.0.0-alpha.14 in /docs #15836

Migrate slack notifications to GChat #15668

Release 6.3.4 #15964

Update eclipse/vscode configuration to use -parameters #15681

❤️ Contributors

Thank you to all the contributors who worked on this release:

@dependabot[bot] and @kse-music

6.3.3

🪲 Bug Fixes

ObservationRegistry is never post-processed #15658

🔨 Dependency Upgrades

Bump org-eclipse-jetty from 11.0.22 to 11.0.23 #15664

❤️ Contributors

... (truncated)

Commits

51c06a5 Release 6.3.4
1528c42 Merge branch '6.2.x' into 6.3.x
0e257b5 Add Firewall for WebFlux
bf77213 Merge branch '6.2.x' into 6.3.x
ee5e11a Bump org.springframework.data:spring-data-bom
29e8c8e Bump org.springframework.data:spring-data-bom from 2024.0.4 to 2024.0.5
dbff977 Merge branch '6.2.x' into 6.3.x
a504b2f Merge branch '5.8.x' into 6.2.x
52438b4 Bump org.springframework:spring-framework-bom from 6.1.13 to 6.1.14
028dd45 Bump org.springframework:spring-framework-bom from 6.1.13 to 6.1.14
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `spring.security.version` from 5.6.2 to 6.3.4. Updates `org.springframework.security:spring-security-web` from 5.6.2 to 6.3.4 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.6.2...6.3.4) Updates `org.springframework.security:spring-security-config` from 5.6.2 to 6.3.4 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.6.2...6.3.4) Updates `org.springframework.security:spring-security-taglibs` from 5.6.2 to 6.3.4 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.6.2...6.3.4) --- updated-dependencies: - dependency-name: org.springframework.security:spring-security-web dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework.security:spring-security-config dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework.security:spring-security-taglibs dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested a review from a team as a code owner October 21, 2024 22:44

dependabot bot added the dependencies Pull requests that update a dependency file label Oct 21, 2024

dependabot bot requested a review from jpatel3 October 21, 2024 22:44

dependabot bot added the java Pull requests that update Java code label Oct 21, 2024

dependabot bot requested review from tomaszsmy and alexander-kuruvilla October 21, 2024 22:44

dependabot bot mentioned this pull request Oct 21, 2024

chore(deps): bump spring.security.version from 5.6.2 to 6.3.3 #1907

Closed

dependabot bot requested review from eymaal, sshivaditya2019 and vrudas October 21, 2024 22:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump spring.security.version from 5.6.2 to 6.3.4 #1918

chore(deps): bump spring.security.version from 5.6.2 to 6.3.4 #1918

dependabot bot commented on behalf of github Oct 21, 2024

chore(deps): bump spring.security.version from 5.6.2 to 6.3.4 #1918

Are you sure you want to change the base?

chore(deps): bump spring.security.version from 5.6.2 to 6.3.4 #1918

Conversation

dependabot bot commented on behalf of github Oct 21, 2024

6.3.4

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

❤️ Contributors

6.3.3

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

6.3.4

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

❤️ Contributors

6.3.3

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

6.3.4

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

❤️ Contributors

6.3.3

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors