Sourced from org.springframework.security:spring-security-bom's releases.

6.5.2

🪲 Bug Fixes

• <websocket-message-broker> should pick up a bean named csrfChannelInterceptor #17495
• Add 7.0 Migration Steps for Messaging PathPattern Usage #17509
• EnableReactiveMethodSecurity should not import Servlet configuration #17545
• Fix equals and hashCode in PathPatternRequestMatcher to include HTTP method #17337
• Fix securityContextRepository() initialization in oauth2Login() DSL #17557
• OAuth2Login DSL should support post-processing AuthenticationProvider implementations #17176
• Websocket XML config should pick up PathPatternMessageMatcher.Builder #17508

🔨 Dependency Upgrades

• Bump com.webauthn4j:webauthn4j-core from 0.29.3.RELEASE to 0.29.4.RELEASE #17444
• Bump io-spring-javaformat from 0.0.46 to 0.0.47 [#17470](spring-projects/spring-security#17470
• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 [#17570](spring-projects/spring-security#17570
• Bump io.mockk:mockk from 1.14.2 to 1.14.4 #17467
• Bump io.mockk:mockk from 1.14.4 to 1.14.5 #17572
• Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #17469
• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17555
• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.20.Final #17491
• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final #17571
• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17466
• Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17569
• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17468
• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17481
• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17568

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​fkowal and @​therepanic

• 3512fc7 Release 6.5.2
• 90584ef Merge branch '6.4.x' into 6.5.x
• 7b60636 Fix samples branch
• e38c059 Fix samples branch
• 80ccb9b Merge branch '6.4.x' into 6.5.x
• 829af96 Use Meaningful Configurer Names in Test
• fca704e Fix getConfigurersInInitializing Semantics
• ea9dd27 Support add nested security configurers during builder initialization
• 409f845 Merge branch '6.4.x' into 6.5.x
• 258aa66 Merge branch '6.3.x' into 6.4.x
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)