Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency org.springframework.security:spring-security-core to v6.3.5 [security] #1381

Merged
merged 1 commit into from
Jan 14, 2025
Merged

fix(deps): update dependency org.springframework.security:spring-security-core to v6.3.5 [security] #1381

merged 1 commit into from
Jan 14, 2025
+1 −1

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 10, 2025
edited by github-actions bot
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.springframework.security:spring-security-core (source) 6.3.4 -> 6.3.5 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-38827

The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-core)

v6.3.5

Compare Source

⭐ New Features
  • Support ServerExchangeRejectedHandler @Bean #​16062
  • Supporting logout+jwt for back-channel logout with spring-webflux #​15702
🪲 Bug Fixes
  • Align DelegatingAuthenticationConverter Constructors #​15949
  • An empty-string bearer token should result in an appropriate HTTP status code #​16036
  • IpAddressMatcher null pointer exception #​15527
  • RequestMatcherDelegatingAuthorizationManager should be post-processable #​15981
  • Support ServerWebExchangeFirewall @Bean #​15991
  • Unhandled exception in CookieRequestCache results in 500 Internal Server Error #​15986
  • Update logout.adoc: Fix Customizing Logout Success Example #​15956
🔨 Dependency Upgrades
  • Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 #​16006
  • Bump com.fasterxml.jackson:jackson-bom from 2.17.2 to 2.17.3 #​16032
  • Bump io.micrometer:micrometer-observation from 1.12.12 to 1.12.13 #​16126
  • Bump io.projectreactor:reactor-bom from 2023.0.11 to 2023.0.12 #​16082
  • Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #​16033
  • Bump org.springframework.data:spring-data-bom from 2024.0.5 to 2024.0.6 #​16125
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.7 to 3.2.8 #​16102
  • Bump org.springframework:spring-framework-bom from 6.1.14 to 6.1.15 #​16101
🔩 Build Updates
  • Bump @antora/collector-extension from 1.0.0-beta.4 to 1.0.0-beta.5 in /docs #​16117
  • Update Antora UI Spring to v0.4.17 #​15930
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​asimuleo, @​dependabot[bot], @​github-actions[bot], and @​kse-music

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Thanks for the PR!

Deployments, as required, will be available below:
Any successful deployments (not always required) will be available here

Please create PRs in draft mode. Mark as ready to enable:

After merge, new images are deployed in:

@renovate renovate bot enabled auto-merge (squash) January 10, 2025 17:23
@github-actions GitHub Actions
Copy link
Contributor

Overall Project NaN% NaN% 🍏

There is no coverage information present for the Files changed

@renovate renovate bot force-pushed the renovate/maven-org.springframework.security-spring-security-core-vulnerability branch from 394f0e7 to e20796b Compare January 14, 2025 22:27
@github-actions GitHub Actions
Copy link
Contributor

Overall Project NaN% NaN% 🍏

There is no coverage information present for the Files changed

@renovate renovate bot force-pushed the renovate/maven-org.springframework.security-spring-security-core-vulnerability branch from e20796b to cec5e55 Compare January 14, 2025 23:11
@github-actions GitHub Actions
Copy link
Contributor

Overall Project NaN% NaN% 🍏

There is no coverage information present for the Files changed

@renovate renovate bot merged commit dee12ef into main Jan 14, 2025
30 of 32 checks passed
@renovate renovate bot deleted the renovate/maven-org.springframework.security-spring-security-core-vulnerability branch January 14, 2025 23:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulushcgcj paulushcgcj paulushcgcj approved these changes

@mamartinezmejia mamartinezmejia Awaiting requested review from mamartinezmejia mamartinezmejia is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@paulushcgcj