Skip to content

Update spring security to v6.5.5 - autoclosed #1158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Update spring security to v6.5.5 - autoclosed #1158

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jul 29, 2025
edited
Loading

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

This PR contains the following updates:

Package Change Age Confidence
org.springframework.security:spring-security-web (source) 6.5.0 -> 6.5.5 age confidence
org.springframework.security:spring-security-test (source) 6.5.0 -> 6.5.5 age confidence

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-web)

v6.5.5

Compare Source

🔨 Dependency Upgrades

  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17922
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17911
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17923
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17910
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17924
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17913
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17925
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17912
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17926
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17914

v6.5.4

Compare Source

⭐ New Features
  • Update servlet test method docs to use include-code #​17749
🪲 Bug Fixes
  • Annonation Scanning Should Fallback to Object when Parameter Matching #​17899
  • Fix double-slash when basePath is root #​17841
  • Fix traceId discrepancy in case error in servlet web #​17796
  • Reference should advise avoiding post-authorization on writes #​17798
🔨 Dependency Upgrades
  • Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17893
  • Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17874
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17895
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17854
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17836
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17894
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17858
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17767
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17766
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17759
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #​17853
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #​17837
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17896
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17897
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17855
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17791
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17771
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17758
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #​17773
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​jkuhel and @​therepanic

v6.5.3

Compare Source

⭐ New Features

  • Add META-INF/LICENSE.txt to published jars #​17639
  • Update Angular documentation links in csrf.adoc #​17653
  • Update Shibboleth Repository URL #​17637
  • Use 2004-present Copyright #​17634

🪲 Bug Fixes

  • Add Missing Navigation in Preparing for 7.0 Guide #​17731
  • DPoP authentication throws JwtDecoderFactory ClassNotFoundException #​17249
  • OpenSamlAssertingPartyDetails Should Be Serializable #​17727
  • Use final values in equals and hashCode #​17621

🔨 Dependency Upgrades

  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17739
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17690
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17684
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17661
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #​17615
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #​17599
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17737
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17701
  • Bump io.mockk:mockk from 1.14.4 to 1.14.5 #​17614
  • Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #​17647
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #​17733
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #​17711
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #​17612
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #​17598
  • Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #​17742
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17613
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17595
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17760
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17692
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17683
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17671
  • Bump org.gretty:gretty from 4.1.6 to 4.1.7 #​17616
  • Bump org.gretty:gretty from 4.1.6 to 4.1.7 #​17597
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final #​17646
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final #​17660
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #​17694
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #​17685
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2 #​17650
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #​17645
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #​17757
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #​17651
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #​17596
  • Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #​17735

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​codingtim

v6.5.2

Compare Source

🪲 Bug Fixes

  • <websocket-message-broker> should pick up a bean named csrfChannelInterceptor #​17495
  • Add 7.0 Migration Steps for Messaging PathPattern Usage #​17509
  • EnableReactiveMethodSecurity should not import Servlet configuration #​17545
  • Fix equals and hashCode in PathPatternRequestMatcher to include HTTP method #​17337
  • Fix securityContextRepository() initialization in oauth2Login() DSL #​17557
  • OAuth2Login DSL should support post-processing AuthenticationProvider implementations #​17176
  • Websocket XML config should pick up PathPatternMessageMatcher.Builder #​17508

🔨 Dependency Upgrades

  • Bump com.webauthn4j:webauthn4j-core from 0.29.3.RELEASE to 0.29.4.RELEASE #​17444
  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 [#​17470](#​17470
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 [#​17570](#​17570
  • Bump io.mockk:mockk from 1.14.2 to 1.14.4 #​17467
  • Bump io.mockk:mockk from 1.14.4 to 1.14.5 #​17572
  • Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #​17469
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17555
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.20.Final #​17491
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final #​17571
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #​17466
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #​17569
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #​17468
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #​17481
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #​17568

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​fkowal and @​therepanic

v6.5.1

Compare Source

⭐ New Features
  • Create demonstration of include-code usage #​17161
  • Setup include-code extension for docs #​17160
🪲 Bug Fixes
  • ClearSiteDataHeaderWriter log is misleading #​17166
  • Fix to allow multiple AuthenticationFilter instances to process each request #​17216
  • Inconsistent constructor declaration on bean with name '_reactiveMethodSecurityConfiguration' #​17210
  • OAuth2ResourceServer using authenticationManagerResolver results in tokenAuthenticationManager cannot be null while startup #​17172
  • Publishing a default TargetVisitor should not override Spring MVC support #​17189
  • Use HttpStatus in back-channel logout filters #​17157
🔨 Dependency Upgrades
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #​17233
  • Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE #​17192
  • Bump io-spring-javaformat from 0.0.43 to 0.0.45 #​17152
  • Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #​17220
  • Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #​17232
  • Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #​17204
  • Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #​17214
  • Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #​17184
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #​17256
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #​17257
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #​17239
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #​17238
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​evgeniycheban

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner July 29, 2025 08:14
@renovate renovate bot enabled auto-merge (squash) July 29, 2025 08:14
renovate-approve[bot]
renovate-approve bot previously approved these changes Jul 29, 2025
View reviewed changes
renovate-approve-2[bot]
renovate-approve-2 bot previously approved these changes Jul 29, 2025
View reviewed changes
@renovate renovate bot force-pushed the renovate/spring-security branch from a207dea to dffe0be Compare July 29, 2025 09:10
@renovate renovate bot force-pushed the renovate/spring-security branch from dffe0be to 06b44e7 Compare July 29, 2025 13:20
@renovate renovate bot force-pushed the renovate/spring-security branch from 06b44e7 to acd18e1 Compare July 31, 2025 14:26
@renovate renovate bot force-pushed the renovate/spring-security branch from acd18e1 to 3ef5797 Compare August 4, 2025 14:08
@renovate renovate bot force-pushed the renovate/spring-security branch from 3ef5797 to a278489 Compare August 5, 2025 10:29
@renovate renovate bot force-pushed the renovate/spring-security branch from a278489 to b73a48d Compare August 5, 2025 15:35
@renovate renovate bot force-pushed the renovate/spring-security branch from b73a48d to 48f5623 Compare August 6, 2025 10:11
@renovate renovate bot force-pushed the renovate/spring-security branch from 48f5623 to d9154c8 Compare August 6, 2025 12:54
@renovate renovate bot force-pushed the renovate/spring-security branch from d9154c8 to 67adef2 Compare August 6, 2025 14:08
@renovate renovate bot force-pushed the renovate/spring-security branch from 67adef2 to 035313f Compare August 6, 2025 14:24
@renovate renovate bot force-pushed the renovate/spring-security branch from 2255a16 to d3110b7 Compare September 29, 2025 10:39
@renovate renovate bot force-pushed the renovate/spring-security branch from d3110b7 to 63bb919 Compare September 29, 2025 12:24
@renovate renovate bot force-pushed the renovate/spring-security branch from 63bb919 to 495cb55 Compare September 29, 2025 17:58
@renovate renovate bot force-pushed the renovate/spring-security branch 3 times, most recently from f4f65ea to e106b09 Compare September 29, 2025 18:22
@hmcts-jenkins-cnp
Copy link
Contributor

Plan Result (stg)

Plan: 0 to add, 2 to change, 0 to destroy.
  • Update
    • module.pre-api-exception-alert[0].azurerm_resource_group_template_deployment.custom_alert[0]
    • module.pre_b2c_product[0].azurerm_api_management_product.product
Change Result (Click me) 
  # module.pre-api-exception-alert[0].azurerm_resource_group_template_deployment.custom_alert[0] will be updated in-place
  ~ resource "azurerm_resource_group_template_deployment" "custom_alert" {
        id                       = "/subscriptions/74dacd4f-a248-45bb-a2f0-af700dc4cf68/resourceGroups/pre-stg/providers/Microsoft.Resources/deployments/PRE_API_exception"
        name                     = "PRE_API_exception"
        tags                     = {}
      ~ template_content         = jsonencode(
          ~ {
              ~ parameters     = {
                  ~ actionGroupName          = {
                      ~ type = "String" -> "string"
                    }
                  ~ actionGroupRg            = {
                      ~ type = "String" -> "string"
                    }
                  ~ alertDesc                = {
                      ~ type = "String" -> "string"
                    }
                  ~ alertName                = {
                      ~ type = "String" -> "string"
                    }
                  ~ appInsightsName          = {
                      ~ type = "String" -> "string"
                    }
                  ~ appInsightsQuery         = {
                      ~ type = "String" -> "string"
                    }
                  ~ commonTags               = {
                      ~ type = "String" -> "string"
                    }
                  ~ customEmailSubject       = {
                      ~ type = "String" -> "string"
                    }
                  ~ frequencyInMinutes       = {
                      ~ type         = "String" -> "string"
                        # (1 unchanged attribute hidden)
                    }
                  ~ location                 = {
                      ~ type = "String" -> "string"
                    }
                  ~ severityLevel            = {
                      ~ type         = "String" -> "string"
                        # (1 unchanged attribute hidden)
                    }
                  ~ timeWindowInMinutes      = {
                      ~ type         = "String" -> "string"
                        # (1 unchanged attribute hidden)
                    }
                  ~ triggerThreshold         = {
                      ~ type = "String" -> "string"
                    }
                  ~ triggerThresholdOperator = {
                      ~ type          = "String" -> "string"
                        # (2 unchanged attributes hidden)
                    }
                }
                # (4 unchanged attributes hidden)
            }
        )
        # (6 unchanged attributes hidden)
    }

  # module.pre_b2c_product[0].azurerm_api_management_product.product will be updated in-place
  ~ resource "azurerm_api_management_product" "product" {
        id                    = "/subscriptions/74dacd4f-a248-45bb-a2f0-af700dc4cf68/resourceGroups/ss-stg-network-rg/providers/Microsoft.ApiManagement/service/sds-api-mgmt-stg/products/pre-api-b2c"
      ~ subscriptions_limit   = 0 -> 20
        # (9 unchanged attributes hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

@hmcts-jenkins-cnp
Copy link
Contributor

Plan Result (prod)

Plan: 0 to add, 2 to change, 0 to destroy.
  • Update
    • module.pre-api-exception-alert[0].azurerm_resource_group_template_deployment.custom_alert[0]
    • module.pre-api-liveness-alert[0].azurerm_resource_group_template_deployment.custom_alert[0]
Change Result (Click me) 
  # module.pre-api-exception-alert[0].azurerm_resource_group_template_deployment.custom_alert[0] will be updated in-place
  ~ resource "azurerm_resource_group_template_deployment" "custom_alert" {
        id                       = "/subscriptions/5ca62022-6aa2-4cee-aaa7-e7536c8d566c/resourceGroups/pre-prod/providers/Microsoft.Resources/deployments/PRE_API_exception"
        name                     = "PRE_API_exception"
        tags                     = {}
      ~ template_content         = jsonencode(
          ~ {
              ~ parameters     = {
                  ~ actionGroupName          = {
                      ~ type = "String" -> "string"
                    }
                  ~ actionGroupRg            = {
                      ~ type = "String" -> "string"
                    }
                  ~ alertDesc                = {
                      ~ type = "String" -> "string"
                    }
                  ~ alertName                = {
                      ~ type = "String" -> "string"
                    }
                  ~ appInsightsName          = {
                      ~ type = "String" -> "string"
                    }
                  ~ appInsightsQuery         = {
                      ~ type = "String" -> "string"
                    }
                  ~ commonTags               = {
                      ~ type = "String" -> "string"
                    }
                  ~ customEmailSubject       = {
                      ~ type = "String" -> "string"
                    }
                  ~ frequencyInMinutes       = {
                      ~ type         = "String" -> "string"
                        # (1 unchanged attribute hidden)
                    }
                  ~ location                 = {
                      ~ type = "String" -> "string"
                    }
                  ~ severityLevel            = {
                      ~ type         = "String" -> "string"
                        # (1 unchanged attribute hidden)
                    }
                  ~ timeWindowInMinutes      = {
                      ~ type         = "String" -> "string"
                        # (1 unchanged attribute hidden)
                    }
                  ~ triggerThreshold         = {
                      ~ type = "String" -> "string"
                    }
                  ~ triggerThresholdOperator = {
                      ~ type          = "String" -> "string"
                        # (2 unchanged attributes hidden)
                    }
                }
                # (4 unchanged attributes hidden)
            }
        )
        # (6 unchanged attributes hidden)
    }

  # module.pre-api-liveness-alert[0].azurerm_resource_group_template_deployment.custom_alert[0] will be updated in-place
  ~ resource "azurerm_resource_group_template_deployment" "custom_alert" {
        id                       = "/subscriptions/5ca62022-6aa2-4cee-aaa7-e7536c8d566c/resourceGroups/pre-prod/providers/Microsoft.Resources/deployments/PRE_API_liveness"
        name                     = "PRE_API_liveness"
        tags                     = {}
      ~ template_content         = jsonencode(
          ~ {
              ~ parameters     = {
                  ~ actionGroupName          = {
                      ~ type = "String" -> "string"
                    }
                  ~ actionGroupRg            = {
                      ~ type = "String" -> "string"
                    }
                  ~ alertDesc                = {
                      ~ type = "String" -> "string"
                    }
                  ~ alertName                = {
                      ~ type = "String" -> "string"
                    }
                  ~ appInsightsName          = {
                      ~ type = "String" -> "string"
                    }
                  ~ appInsightsQuery         = {
                      ~ type = "String" -> "string"
                    }
                  ~ commonTags               = {
                      ~ type = "String" -> "string"
                    }
                  ~ customEmailSubject       = {
                      ~ type = "String" -> "string"
                    }
                  ~ frequencyInMinutes       = {
                      ~ type         = "String" -> "string"
                        # (1 unchanged attribute hidden)
                    }
                  ~ location                 = {
                      ~ type = "String" -> "string"
                    }
                  ~ severityLevel            = {
                      ~ type         = "String" -> "string"
                        # (1 unchanged attribute hidden)
                    }
                  ~ timeWindowInMinutes      = {
                      ~ type         = "String" -> "string"
                        # (1 unchanged attribute hidden)
                    }
                  ~ triggerThreshold         = {
                      ~ type = "String" -> "string"
                    }
                  ~ triggerThresholdOperator = {
                      ~ type          = "String" -> "string"
                        # (2 unchanged attributes hidden)
                    }
                }
                # (4 unchanged attributes hidden)
            }
        )
        # (6 unchanged attributes hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

@renovate renovate bot force-pushed the renovate/spring-security branch 3 times, most recently from cf9ae0c to 1ee2401 Compare September 29, 2025 18:30
@renovate renovate bot force-pushed the renovate/spring-security branch from 1ee2401 to 360082c Compare September 29, 2025 18:46
@renovate renovate bot force-pushed the renovate/spring-security branch from 360082c to 3b386e1 Compare September 29, 2025 19:11
@renovate renovate bot force-pushed the renovate/spring-security branch from 3b386e1 to cdc4ecf Compare October 1, 2025 14:58
@renovate renovate bot changed the title Update spring security to v6.5.5 Update spring security to v6.5.5 - autoclosed Oct 1, 2025
@renovate renovate bot closed this Oct 1, 2025
auto-merge was automatically disabled October 1, 2025 18:55

Pull request was closed

@renovate renovate bot deleted the renovate/spring-security branch October 1, 2025 18:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] left review comments

@renovate-approve-2 renovate-approve-2[bot] renovate-approve-2[bot] left review comments

@lydiaralphgov lydiaralphgov lydiaralphgov left review comments

Assignees

No one assigned

Labels

dependencies ns:pre prd:pre prod/add-or-update rel:pre-api-pr-1158 stg/add-or-update

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lydiaralphgov