Update spring security to v6.5.6 #291

renovate · 2025-07-11T09:37:41Z

This PR contains the following updates:

Package	Change	Age	Confidence
org.springframework.security:spring-security-oauth2-core (source)	`6.4.2` -> `6.5.6`
org.springframework.security:spring-security-oauth2-jose (source)	`6.4.2` -> `6.5.6`
org.springframework.security:spring-security-oauth2-client (source)	`6.4.2` -> `6.5.6`
org.springframework.security:spring-security-oauth2-resource-server (source)	`6.4.2` -> `6.5.6`
org.springframework.security:spring-security-config (source)	`6.4.2` -> `6.5.6`
org.springframework.security:spring-security-core (source)	`6.4.2` -> `6.5.6`
org.springframework.security:spring-security-web (source)	`6.4.2` -> `6.5.6`

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-oauth2-core)

`v6.5.6`

Compare Source

🔨 Dependency Upgrades

Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 #18082
Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17930
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17929
Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 #18045
Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 #17950
Bump org.gretty:gretty from 4.1.7 to 4.1.10 #17945
Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final #18039
Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 #18083
Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 #18067
Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #18068

`v6.5.5`

Compare Source

🔨 Dependency Upgrades

Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17922
Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17911
Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17923
Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17910
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #17924
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #17913
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #17925
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #17912
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17926
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17914

`v6.5.4`

Compare Source

⭐ New Features

Update servlet test method docs to use include-code #17749

🪲 Bug Fixes

Annonation Scanning Should Fallback to Object when Parameter Matching #17899
Fix double-slash when basePath is root #17841
Fix traceId discrepancy in case error in servlet web #17796
Reference should advise avoiding post-authorization on writes #17798

🔨 Dependency Upgrades

Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17893
Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17874
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17895
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17854
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17836
Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17894
Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17858
Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17767
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17766
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17759
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #17853
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #17837
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #17896
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #17897
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17855
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17791
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17771
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17758
Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17773

❤️ Contributors

Thank you to all the contributors who worked on this release:

@jkuhel and @therepanic

`v6.5.3`

Compare Source

⭐ New Features

Add META-INF/LICENSE.txt to published jars #17639
Update Angular documentation links in csrf.adoc #17653
Update Shibboleth Repository URL #17637
Use 2004-present Copyright #17634

🪲 Bug Fixes

Add Missing Navigation in Preparing for 7.0 Guide #17731
DPoP authentication throws JwtDecoderFactory ClassNotFoundException #17249
OpenSamlAssertingPartyDetails Should Be Serializable #17727
Use final values in equals and hashCode #17621

🔨 Dependency Upgrades

Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17739
Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17690
Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17684
Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17661
Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17615
Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17599
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17737
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17701
Bump io.mockk:mockk from 1.14.4 to 1.14.5 #17614
Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #17647
Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17733
Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17711
Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17612
Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17598
Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #17742
Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17613
Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17595
Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17760
Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17692
Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17683
Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17671
Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17616
Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17597
Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final #17646
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final #17660
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17694
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17685
Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2 #17650
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17645
Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17757
Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17651
Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17596
Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #17735

❤️ Contributors

Thank you to all the contributors who worked on this release:

@codingtim

`v6.5.2`

Compare Source

🪲 Bug Fixes

<websocket-message-broker> should pick up a bean named csrfChannelInterceptor #17495
Add 7.0 Migration Steps for Messaging PathPattern Usage #17509
EnableReactiveMethodSecurity should not import Servlet configuration #17545
Fix equals and hashCode in PathPatternRequestMatcher to include HTTP method #17337
Fix securityContextRepository() initialization in oauth2Login() DSL #17557
OAuth2Login DSL should support post-processing AuthenticationProvider implementations #17176
Websocket XML config should pick up PathPatternMessageMatcher.Builder #17508

🔨 Dependency Upgrades

Bump com.webauthn4j:webauthn4j-core from 0.29.3.RELEASE to 0.29.4.RELEASE #17444
Bump io-spring-javaformat from 0.0.46 to 0.0.47 [#17470](#17470
Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 [#17570](#17570
Bump io.mockk:mockk from 1.14.2 to 1.14.4 #17467
Bump io.mockk:mockk from 1.14.4 to 1.14.5 #17572
Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #17469
Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17555
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.20.Final #17491
Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final #17571
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17466
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17569
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17468
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17481
Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17568

❤️ Contributors

Thank you to all the contributors who worked on this release:

@fkowal and @therepanic

`v6.5.1`

Compare Source

⭐ New Features

Create demonstration of include-code usage #17161
Setup include-code extension for docs #17160

🪲 Bug Fixes

ClearSiteDataHeaderWriter log is misleading #17166
Fix to allow multiple AuthenticationFilter instances to process each request #17216
Inconsistent constructor declaration on bean with name '_reactiveMethodSecurityConfiguration' #17210
OAuth2ResourceServer using authenticationManagerResolver results in tokenAuthenticationManager cannot be null while startup #17172
Publishing a default TargetVisitor should not override Spring MVC support #17189
Use HttpStatus in back-channel logout filters #17157

🔨 Dependency Upgrades

Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #17233
Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE #17192
Bump io-spring-javaformat from 0.0.43 to 0.0.45 #17152
Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #17220
Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #17232
Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #17204
Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #17214
Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #17184
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17256
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17257
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17239
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17238

❤️ Contributors

Thank you to all the contributors who worked on this release:

@evgeniycheban

`v6.5.0`

Compare Source

⭐ New Features

Add documentation for DPoP support #17072
Add logging to CsrfTokenRequestHandler implementations #16994
Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter #16806
Bump Gradle Wrapper from 8.13 to 8.14 #17018
ClientRegistrations.fromIssuerLocation does not include failure information #17015
Fix Typo In SubjectDnX509PrincipalExtractorTests #16997
Implement internal cache in JtiClaimValidator #17107
Polish javadoc #16924
Remove unused classes #16935
Replace NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in Documentation #16962
RequestHeaderAuthenticationFilter creates a session even if not configured to do so #17147

🪲 Bug Fixes

Add FunctionalInterface To X509PrincipalExtractor #16952
Change NonNull import from reactor to spring #16571
Fix DPoP jkt claim to be JWK SHA-256 thumbprint #17080
Minor error in the Handling Logouts documentation #17049
SecurityAnnotationScanner's method comparison should use .equals #17145
Use proper configuration key in Opaque Token documentation #17014

🔨 Dependency Upgrades

Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #17069
Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 #16995
Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 #16990
Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to 0.29.1.RELEASE #17024
Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to 0.29.2.RELEASE #17095
Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #17096
Bump io.mockk:mockk from 1.14.0 to 1.14.2 #17019
Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #17111
Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #17040
Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #17088
Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #16761
Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #17089
Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #17105
Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 #17037
Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #16981
Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 #17137
Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #17124

🔩 Build Updates

Release 6.5.0 #17138

❤️ Contributors

Thank you to all the contributors who worked on this release:

@dkowis, @franticticktick, @hammadirshad, @jearton, @ngocnhan-tran1996, @quaff, and @yybmion

`v6.4.12`

Compare Source

🔨 Dependency Upgrades

Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 #18080
Bump com.webauthn4j:webauthn4j-core from 0.29.6.RELEASE to 0.29.7.RELEASE #17985
Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 #18044
Bump io.mockk:mockk from 1.14.5 to 1.14.6 #17984
Bump org.gretty:gretty from 4.1.7 to 4.1.10 #17944
Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final #18038
Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 #18081
Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 #18065
Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #18066

`v6.4.11`

Compare Source

🔨 Dependency Upgrades

Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17921
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17909
Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17918
Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17905
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #17917
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #17907
Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #17919
Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #17906
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17920
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17908

`v6.4.10`

Compare Source

🪲 Bug Fixes

Annonation Scanning Should Fallback to Object when Parameter Matching #17898
Fix traceId discrepancy in case error in servlet web #17134
Reference should advise avoiding post-authorization on writes #17797
Remove MockWebServer from JwtIssuerAuthenticationManagerResolverTests #17869

🔨 Dependency Upgrades

Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17792
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17778
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17769
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17892
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17857
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17777
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17768
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17755
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final #17851
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final #17835
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #17890
Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #17891
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17889
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17877
Update to nimbus-jose-jwt:9.37.4 #17875

❤️ Contributors

Thank you to all the contributors who worked on this release:

@nkonev

`v6.4.9`

Compare Source

⭐ New Features

Add META-INF/LICENSE.txt to published jars #17638
Update Angular documentation links in csrf.adoc #17652
Update Shibboleth Repository URL #17636
Use 2004-present Copyright #17633

🪲 Bug Fixes

OpenSamlAssertingPartyDetails Should Be Serializable #17622

🔨 Dependency Upgrades

Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17611
Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17604
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17756
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17699
Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #17643
Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17741
Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17717
Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17609
Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17603
Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #17736
Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17607
Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17602
Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17641
Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final #17630
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final #17659
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17695
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17680
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17696
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17682
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17642
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17600
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.9 #17738
Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17745
Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17610
Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17601
Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #17744

`v6.4.8`

Compare Source

🪲 Bug Fixes

<websocket-message-broker> should pick up a bean named csrfChannelInterceptor #17494
Fix securityContextRepository() initialization in oauth2Login() DSL #17502
Support add nested security configurers during builder initialization #17020

🔨 Dependency Upgrades

Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17464
Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17576
Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #17463
Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17574
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final #17465
Bump org.hibernate.orm:hibernate-core from 6.6.19.Final to 6.6.20.Final #17490
Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final #17575
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17480
Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17577
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17462
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17461
Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17578

❤️ Contributors

Thank you to all the contributors who worked on this release:

@kse-music and @marcusdacoregio

`v6.4.7`

Compare Source

🪲 Bug Fixes

ClearSiteDataHeaderWriter log is misleading #17165
Fix inconsistent constructor declaration for ReactiveAuthorizationManagerMethodSecurityConfiguration #17197
Fix to allow multiple AuthenticationFilter instances to process each request #17215
Use HttpStatus in back-channel logout filters #17156

🔨 Dependency Upgrades

Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #17229
Bump io-spring-javaformat from 0.0.43 to 0.0.45 #17148
Bump io-spring-javaformat from 0.0.45 to 0.0.46 #17199
Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #17221
Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #17230
Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #17206
Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #17212
Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #17183
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17253
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17254
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17237
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17236

❤️ Contributors

Thank you to all the contributors who worked on this release:

@damable-nuvolex

`v6.4.6`

Compare Source

⭐ New Features

Bump Gradle Wrapper from 8.13 to 8.14 #17017
ClientRegistrations.fromIssuerLocation does not include failure information #17016
RequestHeaderAuthenticationFilter creates a session even if not configured to do so #17146

🪲 Bug Fixes

Clear Site Data references non-existent constructor #17034
Ensure Serializable Components Have Serialization Sample #17038
Minor error in the Handling Logouts documentation #17048
NPE in BaseOpenSamlAuthenticationProvider #17008
SecurityAnnotationScanner's method comparison should use .equals #17143
StrictFirewallServerWebExchange should still protect when request is mutated #17032
Use proper configuration key in Opaque Token documentation #17013

🔨 Dependency Upgrades

Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #17065
Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #17094
Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #17110
Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #17042
Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #17086
Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #17087
Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #17103
Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #16983
Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #17121

🔩 Build Updates

Release Security 6.4.6 #17139

`v6.4.5`

Compare Source

⭐ New Features

Add link to docs zip file to the reference #16799
Fix attribute name in http.adoc #16784
Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc #16783

🪲 Bug Fixes

[Docs] Broken link on Spring MVC Test Integration page #16785
ServerBearerTokenAuthenticationConverter validates parameters when not enabled #16901
Clarify WebInvocationPrivilegeEvaluator JavaDoc #16782
CookieServerCsrfTokenRepository.withHttpOnlyFalse() ineffective if setCookieCustomizer() is used #16862
Correct closing tag in default PassKey HTML form #16601
Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity #16606
OpenSaml support should preserve encrypted elements for further analysis #16367
Sorting in AuthorizationAdvisorProxyFactory should be thread-safe #16837
WebFlux reference links to Servlet docs #16786
XML config does not apply request-handler-ref to CsrfAuthenticationStrategy #16844

🔨 Dependency Upgrades

Bump ch.qos.logback:logback-classic from 1.5.17 to 1.5.18 #16767
Bump io.micrometer:micrometer-observation from 1.14.5 to 1.14.6 #16938
Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17 #16944
Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 #16919
Bump org-aspectj from 1.9.22.1 to 1.9.24 #16928
Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #16758
Bump org.hibernate.orm:hibernate-core from 6.6.12.Final to 6.6.13.Final #16895
Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12 #16960
Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6 #16959

🔩 Build Updates

Bump spring-io/spring-doc-actions from 0.0.19 to 0.0.20 #16894
Release 6.4.5 [#16972](https://redirect.github.com/spring

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot added the dependencies Pull requests that update a dependency file label Jul 11, 2025

hmcts-jenkins-j-to-z bot deployed to preview July 11, 2025 09:41 Active

hmcts-jenkins-j-to-z bot added ns:nfdiv prd:nfdiv rel:nfdiv-ccd-case-migration-pr-291 labels Jul 11, 2025

renovate bot enabled auto-merge (squash) July 21, 2025 22:12

renovate bot force-pushed the renovate/spring-security branch from 34905a2 to 1881eed Compare July 21, 2025 22:12

renovate bot changed the title ~~Update spring security to v6.5.1~~ Update spring security to v6.5.2 Jul 21, 2025

hmcts-jenkins-j-to-z bot deployed to preview July 21, 2025 22:17 Active

renovate bot force-pushed the renovate/spring-security branch 2 times, most recently from 1922350 to 84973c1 Compare July 29, 2025 15:36

hmcts-jenkins-j-to-z bot deployed to preview July 29, 2025 15:40 Active

renovate bot force-pushed the renovate/spring-security branch from 84973c1 to 5353769 Compare July 30, 2025 12:02

hmcts-jenkins-j-to-z bot deployed to preview July 30, 2025 12:06 Active

renovate bot force-pushed the renovate/spring-security branch from 5353769 to 167f217 Compare August 5, 2025 11:35

hmcts-jenkins-j-to-z bot deployed to preview August 5, 2025 11:38 Active

renovate bot force-pushed the renovate/spring-security branch from 167f217 to b1c73f6 Compare August 5, 2025 14:46

hmcts-jenkins-j-to-z bot deployed to preview August 5, 2025 14:51 Active

renovate bot force-pushed the renovate/spring-security branch from b1c73f6 to 110502a Compare August 11, 2025 10:56

hmcts-jenkins-j-to-z bot deployed to preview August 11, 2025 11:00 Active

renovate bot force-pushed the renovate/spring-security branch from 110502a to d132409 Compare August 11, 2025 16:26

hmcts-jenkins-j-to-z bot deployed to preview August 11, 2025 16:32 Active

renovate bot force-pushed the renovate/spring-security branch from d132409 to bc5cce4 Compare August 12, 2025 16:48

hmcts-jenkins-j-to-z bot deployed to preview August 12, 2025 16:51 Active

renovate bot force-pushed the renovate/spring-security branch from bc5cce4 to 97854cb Compare August 12, 2025 23:15

hmcts-jenkins-j-to-z bot deployed to preview August 12, 2025 23:24 Active

renovate bot force-pushed the renovate/spring-security branch from 97854cb to 2a4d061 Compare August 14, 2025 16:15

hmcts-jenkins-j-to-z bot deployed to preview August 14, 2025 16:28 Active

renovate bot force-pushed the renovate/spring-security branch from 2a4d061 to af8a95e Compare August 18, 2025 12:06

hmcts-jenkins-j-to-z bot deployed to preview August 18, 2025 12:12 Active

renovate bot force-pushed the renovate/spring-security branch from c739f0f to 3b2a7f5 Compare August 18, 2025 19:46

renovate bot changed the title ~~Update spring security to v6.5.2~~ Update spring security to v6.5.3 Aug 18, 2025

hmcts-jenkins-j-to-z bot deployed to preview August 18, 2025 19:51 Active

renovate bot force-pushed the renovate/spring-security branch from 3b2a7f5 to a613176 Compare August 19, 2025 12:53

hmcts-jenkins-j-to-z bot deployed to preview August 19, 2025 12:56 Active

renovate bot force-pushed the renovate/spring-security branch from a613176 to 69f77b5 Compare August 21, 2025 20:44

hmcts-jenkins-j-to-z bot deployed to preview August 21, 2025 20:49 Active

renovate bot force-pushed the renovate/spring-security branch from 69f77b5 to d290884 Compare August 22, 2025 03:46

hmcts-jenkins-j-to-z bot deployed to preview August 22, 2025 03:51 Active

renovate bot force-pushed the renovate/spring-security branch from d290884 to 375199d Compare August 22, 2025 15:52

hmcts-jenkins-j-to-z bot deployed to preview August 22, 2025 15:55 Active

renovate bot force-pushed the renovate/spring-security branch from 375199d to b14be46 Compare September 1, 2025 13:16

hmcts-jenkins-j-to-z bot deployed to preview September 1, 2025 13:20 Active

renovate bot force-pushed the renovate/spring-security branch from b14be46 to af26df0 Compare September 4, 2025 11:15

hmcts-jenkins-j-to-z bot deployed to preview September 4, 2025 11:18 Active

renovate bot force-pushed the renovate/spring-security branch from af26df0 to 7d147d9 Compare September 9, 2025 11:41

hmcts-jenkins-j-to-z bot deployed to preview September 9, 2025 11:45 Active

renovate bot force-pushed the renovate/spring-security branch from 7d147d9 to 27c53ea Compare September 9, 2025 15:13

hmcts-jenkins-j-to-z bot deployed to preview September 9, 2025 15:17 Active

renovate bot force-pushed the renovate/spring-security branch 2 times, most recently from 8b7bc02 to 8653516 Compare September 16, 2025 02:36

renovate bot changed the title ~~Update spring security to v6.5.3~~ Update spring security to v6.5.4 Sep 16, 2025

hmcts-jenkins-j-to-z bot deployed to preview September 16, 2025 02:42 Active

renovate bot force-pushed the renovate/spring-security branch from 8653516 to 689e8f6 Compare September 17, 2025 16:54

renovate bot changed the title ~~Update spring security to v6.5.4~~ Update spring security to v6.5.5 Sep 17, 2025

hmcts-jenkins-j-to-z bot deployed to preview September 17, 2025 16:57 Active

Update spring security to v6.5.6

148a610

renovate bot force-pushed the renovate/spring-security branch from 689e8f6 to 148a610 Compare October 20, 2025 23:37

renovate bot changed the title ~~Update spring security to v6.5.5~~ Update spring security to v6.5.6 Oct 20, 2025

hmcts-jenkins-j-to-z bot deployed to preview October 21, 2025 05:56 Active

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update spring security to v6.5.6 #291

Update spring security to v6.5.6 #291

Uh oh!

renovate bot commented Jul 11, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Update spring security to v6.5.6 #291

Are you sure you want to change the base?

Update spring security to v6.5.6 #291

Uh oh!

Conversation

renovate bot commented Jul 11, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

🔨 Dependency Upgrades

🔨 Dependency Upgrades

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

❤️ Contributors

🔨 Dependency Upgrades

🔨 Dependency Upgrades

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented Jul 11, 2025 •

edited

Loading