Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update spring security to v6.4.2 #2662

Merged
merged 1 commit into from
Dec 16, 2024
Merged

Update spring security to v6.4.2 #2662

merged 1 commit into from
Dec 16, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 16, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.springframework.security:spring-security-web (source) 6.4.1 -> 6.4.2 age adoption passing confidence
org.springframework.security:spring-security-core (source) 6.4.1 -> 6.4.2 age adoption passing confidence
org.springframework.security:spring-security-config (source) 6.4.1 -> 6.4.2 age adoption passing confidence

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-web)

v6.4.2

Compare Source

⭐ New Features

  • Add 6.4 Sample Serializations for Serializable classes #​16274
  • Add @inheritDoc to sessionIdChanged method #​16216
  • Fix typo in oauth2 resource server documentation #​16053
  • Fixed confusing phrasing in the docs for a better clarity. #​16169
  • Improve AuthorizationManager configuration error messages #​16194
  • Polish #​16148
  • Use Documentation Tags for Maven and Gradle in Getting Started #​16234
  • webauthn: add webdriver test #​15969

🪲 Bug Fixes

  • Add Deprecated ObjectPostProcessor constructor #​16212
  • Add RuntimeHints for webauthn Javascript resource #​16159
  • Always return current ClientRegistration in loadAuthorizedClient #​16139
  • Avoid requesting an unnecessary attestation statement when creating a webauthn credential #​16252
  • Breaking Change after upgrading to 6.4.1 via Spring Boot 3.4.0 #​16174
  • CI is not using the correct secret for Develocity #​16263
  • Dark mode rendering issue with images on CSRF and Method Security pages #​16176
  • DefaultSaml2AuthenticatedPrincipal does not define serialVersionUID #​16163
  • Delay initialization AuthenticationProvider in Global Authentication #​16147
  • Fix Documentation Typos #​16054
  • Fix OAuth2 documentation: Correct OAuth2ClientHttpRequestInterceptor usage #​16172
  • Fix Typo in 'What's New' Documentation #​16183
  • Fix WebAuthnWebdriverTests #​16279
  • Fix: Correct OpenSAML 5.x Documentation #​16195
  • Issue when using @AuthenticationPrincipal on interfaces #​16177
  • Mutate breaks functionality of StrictFirewallHttpHeaders with recently modified HttpHeaders#writabeHttpHeaders #​16261
  • Remove duplicate cache in AuthenticationPrincipalArgumentResolver、and CurrentSecurityContextArgumentResolver #​16202
  • Resolve ObjectPostProcessor collisions between RSocket and WebFlux security configuration #​16161
  • Restore @AuthenticationPrincipal/@CurrentSecurityContext Interface Support #​16245
  • Restore Servlet 5 Compatiblity for CookieCsrfTokenRepository #​16220
  • Spelling error in opensaml.adoc #​16146
  • Update document regarding PublicKeyCredentialCreationOptions.attestation value #​16264
  • Verification Options do not Return Saved Transports for Credentials #​16084

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.1 to 2.18.2 #​16184
  • Bump com.webauthn4j:webauthn4j-core from 0.28.2.RELEASE to 0.28.3.RELEASE #​16203
  • Bump io.micrometer:micrometer-observation from 1.14.1 to 1.14.2 #​16255
  • Bump io.projectreactor:reactor-bom from 2023.0.12 to 2023.0.13 #​16256
  • Bump org.gradle.wrapper-upgrade from 0.11.4 to 0.12 #​16209
  • Bump org.gretty:gretty from 4.1.5 to 4.1.6 #​16247
  • Bump org.hibernate.orm:hibernate-core from 6.6.2.Final to 6.6.3.Final #​16145
  • Bump org.htmlunit:htmlunit from 4.6.0 to 4.7.0 #​16205
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.22 to 4.33.23 #​16180
  • Bump org.seleniumhq.selenium:htmlunit3-driver from 4.26.0 to 4.27.0 #​16204
  • Bump org.seleniumhq.selenium:selenium-java from 4.26.0 to 4.27.0 #​16167
  • Bump org.springframework.data:spring-data-bom from 2024.1.0 to 2024.1.1 #​16290
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.8 to 3.2.10 #​16270
  • Bump org.springframework:spring-framework-bom from 6.2.0 to 6.2.1 #​16271

🔩 Build Updates

  • Bump @antora/collector-extension from 1.0.0 to 1.0.1 in /docs #​16239
  • Bump antora from 3.2.0-alpha.6 to 3.2.0-alpha.8 in /docs #​16237
  • Bump gradle/gradle-build-action from 2 to 3 #​16278
  • Remove 5.8.x and 6.2.x dependabot configuration #​16268
  • Remove 5.8.x from Auto Merge Forward Dependabot PRs #​15770

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​12OneTwo12, @​Kehrlann, @​MuhammadNFadhil, @​OrangeDog, @​Spikhalskiy, @​dependabot[bot], @​harpreets789, @​kse-music, @​martin-tarjanyi, @​ngocnhan-tran1996, and @​ynojima

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@hazendaz hazendaz merged commit 4f81287 into master Dec 16, 2024
18 of 20 checks passed
@renovate renovate bot deleted the renovate/spring-security branch December 16, 2024 20:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@hazendaz