Update dependency org.springframework.security:spring-security-crypto to v6.5.6 #760

renovate · 2023-12-20T10:16:55Z

This PR contains the following updates:

Package	Change	Age	Confidence
org.springframework.security:spring-security-crypto (source)	`6.2.2` -> `6.5.6`

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-crypto)

`v6.5.6`

Compare Source

🔨 Dependency Upgrades

Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 #18082
Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17930
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17929
Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 #18045
Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 #17950
Bump org.gretty:gretty from 4.1.7 to 4.1.10 #17945
Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final #18039
Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 #18083
Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 #18067
Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #18068

`v6.5.5`

Compare Source

🔨 Dependency Upgrades

Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17922
Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17911
Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17923
Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17910
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #17924
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #17913
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #17925
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #17912
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17926
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17914

`v6.5.4`

Compare Source

⭐ New Features

Update servlet test method docs to use include-code #17749

🪲 Bug Fixes

Annonation Scanning Should Fallback to Object when Parameter Matching #17899
Fix double-slash when basePath is root #17841
Fix traceId discrepancy in case error in servlet web #17796
Reference should advise avoiding post-authorization on writes #17798

🔨 Dependency Upgrades

Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17893
Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17874
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17895
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17854
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17836
Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17894
Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17858
Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17767
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17766
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17759
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #17853
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #17837
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #17896
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #17897
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17855
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17791
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17771
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17758
Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17773

❤️ Contributors

Thank you to all the contributors who worked on this release:

@jkuhel and @therepanic

`v6.5.3`

Compare Source

⭐ New Features

Add META-INF/LICENSE.txt to published jars #17639
Update Angular documentation links in csrf.adoc #17653
Update Shibboleth Repository URL #17637
Use 2004-present Copyright #17634

🪲 Bug Fixes

Add Missing Navigation in Preparing for 7.0 Guide #17731
DPoP authentication throws JwtDecoderFactory ClassNotFoundException #17249
OpenSamlAssertingPartyDetails Should Be Serializable #17727
Use final values in equals and hashCode #17621

🔨 Dependency Upgrades

Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17739
Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17690
Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17684
Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17661
Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17615
Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17599
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17737
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17701
Bump io.mockk:mockk from 1.14.4 to 1.14.5 #17614
Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #17647
Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17733
Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17711
Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17612
Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17598
Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #17742
Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17613
Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17595
Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17760
Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17692
Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17683
Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17671
Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17616
Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17597
Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final #17646
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final #17660
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17694
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17685
Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2 #17650
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17645
Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17757
Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17651
Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17596
Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #17735

❤️ Contributors

Thank you to all the contributors who worked on this release:

@codingtim

`v6.5.2`

Compare Source

🪲 Bug Fixes

<websocket-message-broker> should pick up a bean named csrfChannelInterceptor #17495
Add 7.0 Migration Steps for Messaging PathPattern Usage #17509
EnableReactiveMethodSecurity should not import Servlet configuration #17545
Fix equals and hashCode in PathPatternRequestMatcher to include HTTP method #17337
Fix securityContextRepository() initialization in oauth2Login() DSL #17557
OAuth2Login DSL should support post-processing AuthenticationProvider implementations #17176
Websocket XML config should pick up PathPatternMessageMatcher.Builder #17508

🔨 Dependency Upgrades

Bump com.webauthn4j:webauthn4j-core from 0.29.3.RELEASE to 0.29.4.RELEASE #17444
Bump io-spring-javaformat from 0.0.46 to 0.0.47 [#17470](#17470
Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 [#17570](#17570
Bump io.mockk:mockk from 1.14.2 to 1.14.4 #17467
Bump io.mockk:mockk from 1.14.4 to 1.14.5 #17572
Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #17469
Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17555
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.20.Final #17491
Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final #17571
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17466
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17569
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17468
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17481
Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17568

❤️ Contributors

Thank you to all the contributors who worked on this release:

@fkowal and @therepanic

`v6.5.1`

Compare Source

⭐ New Features

Create demonstration of include-code usage #17161
Setup include-code extension for docs #17160

🪲 Bug Fixes

ClearSiteDataHeaderWriter log is misleading #17166
Fix to allow multiple AuthenticationFilter instances to process each request #17216
Inconsistent constructor declaration on bean with name '_reactiveMethodSecurityConfiguration' #17210
OAuth2ResourceServer using authenticationManagerResolver results in tokenAuthenticationManager cannot be null while startup #17172
Publishing a default TargetVisitor should not override Spring MVC support #17189
Use HttpStatus in back-channel logout filters #17157

🔨 Dependency Upgrades

Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #17233
Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE #17192
Bump io-spring-javaformat from 0.0.43 to 0.0.45 #17152
Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #17220
Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #17232
Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #17204
Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #17214
Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #17184
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17256
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17257
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17239
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17238

❤️ Contributors

Thank you to all the contributors who worked on this release:

@evgeniycheban

`v6.5.0`

Compare Source

⭐ New Features

Add documentation for DPoP support #17072
Add logging to CsrfTokenRequestHandler implementations #16994
Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter #16806
Bump Gradle Wrapper from 8.13 to 8.14 #17018
ClientRegistrations.fromIssuerLocation does not include failure information #17015
Fix Typo In SubjectDnX509PrincipalExtractorTests #16997
Implement internal cache in JtiClaimValidator #17107
Polish javadoc #16924
Remove unused classes #16935
Replace NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in Documentation #16962
RequestHeaderAuthenticationFilter creates a session even if not configured to do so #17147

🪲 Bug Fixes

Add FunctionalInterface To X509PrincipalExtractor #16952
Change NonNull import from reactor to spring #16571
Fix DPoP jkt claim to be JWK SHA-256 thumbprint #17080
Minor error in the Handling Logouts documentation #17049
SecurityAnnotationScanner's method comparison should use .equals #17145
Use proper configuration key in Opaque Token documentation #17014

🔨 Dependency Upgrades

Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #17069
Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 #16995
Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 #16990
Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to 0.29.1.RELEASE #17024
Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to 0.29.2.RELEASE #17095
Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #17096
Bump io.mockk:mockk from 1.14.0 to 1.14.2 #17019
Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #17111
Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #17040
Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #17088
Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #16761
Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #17089
Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #17105
Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 #17037
Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #16981
Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 #17137
Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #17124

🔩 Build Updates

Release 6.5.0 #17138

❤️ Contributors

Thank you to all the contributors who worked on this release:

@dkowis, @franticticktick, @hammadirshad, @jearton, @ngocnhan-tran1996, @quaff, and @yybmion

`v6.4.12`

Compare Source

🔨 Dependency Upgrades

Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 #18080
Bump com.webauthn4j:webauthn4j-core from 0.29.6.RELEASE to 0.29.7.RELEASE #17985
Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 #18044
Bump io.mockk:mockk from 1.14.5 to 1.14.6 #17984
Bump org.gretty:gretty from 4.1.7 to 4.1.10 #17944
Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final #18038
Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 #18081
Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 #18065
Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #18066

`v6.4.11`

Compare Source

🔨 Dependency Upgrades

Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17921
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17909
Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17918
Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17905
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #17917
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #17907
Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #17919
Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #17906
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17920
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17908

`v6.4.10`

Compare Source

🪲 Bug Fixes

Annonation Scanning Should Fallback to Object when Parameter Matching #17898
Fix traceId discrepancy in case error in servlet web #17134
Reference should advise avoiding post-authorization on writes #17797
Remove MockWebServer from JwtIssuerAuthenticationManagerResolverTests #17869

🔨 Dependency Upgrades

Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17792
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17778
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17769
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17892
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17857
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17777
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17768
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17755
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final #17851
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final #17835
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #17890
Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #17891
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17889
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17877
Update to nimbus-jose-jwt:9.37.4 #17875

❤️ Contributors

Thank you to all the contributors who worked on this release:

@nkonev

`v6.4.9`

Compare Source

⭐ New Features

Add META-INF/LICENSE.txt to published jars #17638
Update Angular documentation links in csrf.adoc #17652
Update Shibboleth Repository URL #17636
Use 2004-present Copyright #17633

🪲 Bug Fixes

OpenSamlAssertingPartyDetails Should Be Serializable #17622

🔨 Dependency Upgrades

Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17611
Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17604
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17756
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17699
Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #17643
Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17741
Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17717
Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17609
Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17603
Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #17736
Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17607
Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17602
Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17641
Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final #17630
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final #17659
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17695
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17680
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17696
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17682
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17642
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17600
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.9 #17738
Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17745
Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17610
Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17601
Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #17744

`v6.4.8`

Compare Source

🪲 Bug Fixes

<websocket-message-broker> should pick up a bean named csrfChannelInterceptor #17494
Fix securityContextRepository() initialization in oauth2Login() DSL #17502
Support add nested security configurers during builder initialization #17020

🔨 Dependency Upgrades

Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17464
Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17576
Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #17463
Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17574
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final #17465
Bump org.hibernate.orm:hibernate-core from 6.6.19.Final to 6.6.20.Final #17490
Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final #17575
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17480
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17577
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17462
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17461
Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17578

❤️ Contributors

Thank you to all the contributors who worked on this release:

@kse-music and @marcusdacoregio

`v6.4.7`

Compare Source

🪲 Bug Fixes

ClearSiteDataHeaderWriter log is misleading #17165
Fix inconsistent constructor declaration for ReactiveAuthorizationManagerMethodSecurityConfiguration #17197
Fix to allow multiple AuthenticationFilter instances to process each request #17215
Use HttpStatus in back-channel logout filters #17156

🔨 Dependency Upgrades

Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #17229
Bump io-spring-javaformat from 0.0.43 to 0.0.45 #17148
Bump io-spring-javaformat from 0.0.45 to 0.0.46 #17199
Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #17221
Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #17230
Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #17206
Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #17212
Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #17183
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17253
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17254
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17237
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17236

❤️ Contributors

Thank you to all the contributors who worked on this release:

@damable-nuvolex

`v6.4.6`

Compare Source

⭐ New Features

Bump Gradle Wrapper from 8.13 to 8.14 #17017
ClientRegistrations.fromIssuerLocation does not include failure information #17016
RequestHeaderAuthenticationFilter creates a session even if not configured to do so #17146

🪲 Bug Fixes

Clear Site Data references non-existent constructor #17034
Ensure Serializable Components Have Serialization Sample #17038
Minor error in the Handling Logouts documentation #17048
NPE in BaseOpenSamlAuthenticationProvider #17008
SecurityAnnotationScanner's method comparison should use .equals #17143
StrictFirewallServerWebExchange should still protect when request is mutated #17032
Use proper configuration key in Opaque Token documentation #17013

🔨 Dependency Upgrades

Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #17065
Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #17094
Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #17110
Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #17042
Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #17086
Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #17087
Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #17103
Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #16983
Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #17121

🔩 Build Updates

Release Security 6.4.6 #17139

`v6.4.5`

Compare Source

⭐ New Features

Add link to docs zip file to the reference #16799
Fix attribute name in http.adoc #16784
Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc #16783

🪲 Bug Fixes

[Docs] Broken link on Spring MVC Test Integration page #16785
ServerBearerTokenAuthenticationConverter validates parameters when not enabled #16901
Clarify WebInvocationPrivilegeEvaluator JavaDoc #16782
CookieServerCsrfTokenRepository.withHttpOnlyFalse() ineffective if setCookieCustomizer() is used #16862
Correct closing tag in default PassKey HTML form #16601
Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity #16606
OpenSaml support should preserve encrypted elements for further analysis #16367
Sorting in AuthorizationAdvisorProxyFactory should be thread-safe #16837
WebFlux reference links to Servlet docs #16786
XML config does not apply request-handler-ref to CsrfAuthenticationStrategy #16844

🔨 Dependency Upgrades

Bump ch.qos.logback:logback-classic from 1.5.17 to 1.5.18 #16767
Bump io.micrometer:micrometer-observation from 1.14.5 to 1.14.6 #16938
Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17 #16944
Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 #16919
Bump org-aspectj from 1.9.22.1 to 1.9.24 #16928
Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #16758
Bump org.hibernate.orm:hibernate-core from 6.6.12.Final to 6.6.13.Final #16895
Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12 #16960
Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6 #16959

🔩 Build Updates

Bump spring-io/spring-doc-actions from 0.0.19 to 0.0.20 #16894
Release 6.4.5 #16972

❤️ Contributors

Thank you to all the contributors who worked on this release:

@AB-xdev, @Borghii, and @dependabot[bot]

`v6.4.4`

Compare Source

🪲 Bug Fixes

Add testRuntimeOnly junit-platform-launcher #16756
Align Method Traversal Algorithm with Spring Framework #16751
Disable Flaky WebAuthnWebDriverTests #16753
Fix @PostResult example in method-security doc #16628
Grammar Fixes in OAuth 2.0 JavaDoc #16619

🔨 Dependency Upgrades

Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.17 #16649
Bump com.fasterxml.jackson:jackson-bom from 2.18.2 to 2.18.3 #16692
Bump com.webauthn4j:webauthn4j-core from 0.28.5.RELEASE to 0.28.6.RELEASE #16691
Bump io.micrometer:micrometer-observation from 1.14.4 to 1.14.5 #16715
Bump io.mockk:mockk from 1.13.16 to 1.13.17 #16675
Bump io.projectreactor:reactor-bom from 2023.0.15 to 2023.0.16 #16725
Bump org.hibernate.orm:hibernate-core from 6.6.10.Final to 6.6.11.Final #16748
Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.23 to 4.33.24 #16669
Bump org.slf4j:slf4j-api from 2.0.16 to 2.0.17 #16650
Bump org.springframework.data:spring-data-bom from 2024.1.3 to 2024.1.4 #16749
Bump org.springframework:spring-framework-bom from 6.2.3 to 6.2.4 #16733

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Kuba15, @dependabot[bot], and @pat-mccusker

`v6.4.3`

Compare Source

⭐ New Features

Add Support disableDefaultRegistrationPage to WebAuthnDsl [#16395](https://redirect.github.com/spring-project

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

… to v6.5.6

renovate bot added the dependencies Pull requests that update a dependency file label Dec 20, 2023

hmcts-jenkins-d-to-i bot deployed to preview December 20, 2023 10:21 View deployment

hmcts-jenkins-d-to-i bot added ns:ethos prd:ethos rel:ethos-ecm-consumer-pr-760 labels Dec 20, 2023

renovate bot force-pushed the renovate/spring-security branch from c44e19a to 2fb44ed Compare February 2, 2024 11:03

hmcts-jenkins-d-to-i bot deployed to preview February 2, 2024 11:07 View deployment

renovate bot force-pushed the renovate/spring-security branch from 2fb44ed to 477ba1e Compare February 13, 2024 09:36

hmcts-jenkins-d-to-i bot deployed to preview February 13, 2024 09:43 View deployment

renovate bot force-pushed the renovate/spring-security branch from 477ba1e to 9cc7ca4 Compare February 13, 2024 10:08

hmcts-jenkins-d-to-i bot deployed to preview February 13, 2024 10:13 View deployment

renovate bot force-pushed the renovate/spring-security branch from 9cc7ca4 to d16cc39 Compare February 13, 2024 10:18

hmcts-jenkins-d-to-i bot deployed to preview February 13, 2024 10:23 View deployment

renovate bot force-pushed the renovate/spring-security branch from d16cc39 to 40f28dd Compare February 17, 2024 01:12

renovate bot changed the title ~~Update dependency org.springframework.security:spring-security-crypto to v6.2.1~~ Update dependency org.springframework.security:spring-security-crypto to v6.2.2 Feb 17, 2024

hmcts-jenkins-d-to-i bot deployed to preview February 17, 2024 01:24 View deployment

renovate bot force-pushed the renovate/spring-security branch 2 times, most recently from a35d0f3 to faace43 Compare February 22, 2024 19:08

hmcts-jenkins-d-to-i bot deployed to preview February 22, 2024 19:13 View deployment

renovate bot force-pushed the renovate/spring-security branch from faace43 to ec18983 Compare February 22, 2024 19:57

hmcts-jenkins-d-to-i bot deployed to preview February 22, 2024 20:09 View deployment

renovate bot force-pushed the renovate/spring-security branch from ec18983 to 556b643 Compare March 15, 2024 16:26

hmcts-jenkins-d-to-i bot deployed to preview March 15, 2024 16:34 View deployment

renovate bot changed the title ~~Update dependency org.springframework.security:spring-security-crypto to v6.2.2~~ Update dependency org.springframework.security:spring-security-crypto to v6.2.3 Mar 18, 2024

renovate bot force-pushed the renovate/spring-security branch from 556b643 to b9fe8d1 Compare March 18, 2024 13:12

hmcts-jenkins-d-to-i bot deployed to preview March 18, 2024 13:17 View deployment

renovate bot enabled auto-merge (rebase) March 20, 2024 13:31

renovate bot force-pushed the renovate/spring-security branch 2 times, most recently from 4bdedb1 to a1d3574 Compare March 26, 2024 18:07

hmcts-jenkins-d-to-i bot deployed to preview March 26, 2024 18:15 View deployment

hmcts-jenkins-d-to-i bot deployed to preview October 30, 2025 09:08 View deployment

renovate bot force-pushed the renovate/spring-security branch from 9d921e4 to 9269848 Compare October 30, 2025 09:21

hmcts-jenkins-d-to-i bot deployed to preview October 30, 2025 09:27 View deployment

renovate bot force-pushed the renovate/spring-security branch from 9269848 to 8c4ba88 Compare October 30, 2025 09:43

hmcts-jenkins-d-to-i bot deployed to preview October 30, 2025 09:48 View deployment

renovate bot force-pushed the renovate/spring-security branch from 8c4ba88 to c5b1158 Compare October 30, 2025 09:59

hmcts-jenkins-d-to-i bot deployed to preview October 30, 2025 10:05 View deployment

renovate bot force-pushed the renovate/spring-security branch from c5b1158 to 55d1312 Compare October 30, 2025 19:45

hmcts-jenkins-d-to-i bot deployed to preview October 31, 2025 05:53 View deployment

renovate bot force-pushed the renovate/spring-security branch from 55d1312 to 46ab7f2 Compare October 31, 2025 09:29

hmcts-jenkins-d-to-i bot deployed to preview October 31, 2025 09:34 View deployment

renovate bot force-pushed the renovate/spring-security branch from 46ab7f2 to 932242a Compare October 31, 2025 09:46

hmcts-jenkins-d-to-i bot deployed to preview October 31, 2025 09:52 View deployment

renovate bot force-pushed the renovate/spring-security branch from 932242a to 9b2f196 Compare October 31, 2025 10:11

hmcts-jenkins-d-to-i bot deployed to preview October 31, 2025 10:15 View deployment

renovate bot force-pushed the renovate/spring-security branch from 9b2f196 to ccbfdc6 Compare October 31, 2025 10:28

hmcts-jenkins-d-to-i bot deployed to preview October 31, 2025 10:37 View deployment

renovate bot force-pushed the renovate/spring-security branch from ccbfdc6 to 5c16ea8 Compare November 3, 2025 08:15

hmcts-jenkins-d-to-i bot deployed to preview November 3, 2025 08:19 View deployment

renovate bot force-pushed the renovate/spring-security branch from 5c16ea8 to 92dfe39 Compare November 3, 2025 08:31

hmcts-jenkins-d-to-i bot deployed to preview November 3, 2025 08:36 View deployment

renovate bot force-pushed the renovate/spring-security branch from 92dfe39 to e5490d9 Compare November 3, 2025 08:48

hmcts-jenkins-d-to-i bot deployed to preview November 3, 2025 08:52 View deployment

renovate bot force-pushed the renovate/spring-security branch from e5490d9 to 754776b Compare November 3, 2025 09:06

hmcts-jenkins-d-to-i bot deployed to preview November 3, 2025 09:11 View deployment

renovate bot force-pushed the renovate/spring-security branch from 754776b to c299b77 Compare November 3, 2025 09:27

hmcts-jenkins-d-to-i bot deployed to preview November 3, 2025 09:33 View deployment

Update dependency org.springframework.security:spring-security-crypto…

ccd3945

… to v6.5.6

renovate bot force-pushed the renovate/spring-security branch from c299b77 to ccd3945 Compare November 3, 2025 09:45

hmcts-jenkins-d-to-i bot deployed to preview November 3, 2025 09:49 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update dependency org.springframework.security:spring-security-crypto to v6.5.6 #760

Update dependency org.springframework.security:spring-security-crypto to v6.5.6 #760

Uh oh!

renovate bot commented Dec 20, 2023 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Update dependency org.springframework.security:spring-security-crypto to v6.5.6 #760

Are you sure you want to change the base?

Update dependency org.springframework.security:spring-security-crypto to v6.5.6 #760

Uh oh!

Conversation

renovate bot commented Dec 20, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

🔨 Dependency Upgrades

🔨 Dependency Upgrades

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

❤️ Contributors

🔨 Dependency Upgrades

🔨 Dependency Upgrades

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

❤️ Contributors

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

⭐ New Features

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented Dec 20, 2023 •

edited

Loading