Update dependency org.springframework.security:spring-security-test to v6.5.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
org.springframework.security:spring-security-test (source)	6.3.4 -> 6.5.1

---

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-test)

v6.5.1

Compare Source

⭐ New Features

• Create demonstration of include-code usage #​17161
• Setup include-code extension for docs #​17160

🪲 Bug Fixes

• ClearSiteDataHeaderWriter log is misleading #​17166
• Fix to allow multiple AuthenticationFilter instances to process each request #​17216
• Inconsistent constructor declaration on bean with name '_reactiveMethodSecurityConfiguration' #​17210
• OAuth2ResourceServer using authenticationManagerResolver results in tokenAuthenticationManager cannot be null while startup #​17172
• Publishing a default TargetVisitor should not override Spring MVC support #​17189
• Use HttpStatus in back-channel logout filters #​17157

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #​17233
• Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE #​17192
• Bump io-spring-javaformat from 0.0.43 to 0.0.45 #​17152
• Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #​17220
• Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #​17232
• Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #​17204
• Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #​17214
• Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #​17184
• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #​17256
• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #​17257
• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #​17239
• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #​17238

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​evgeniycheban

v6.5.0

Compare Source

⭐ New Features

• Add documentation for DPoP support #​17072
• Add logging to CsrfTokenRequestHandler implementations #​16994
• Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter #​16806
• Bump Gradle Wrapper from 8.13 to 8.14 #​17018
• ClientRegistrations.fromIssuerLocation does not include failure information #​17015
• Fix Typo In SubjectDnX509PrincipalExtractorTests #​16997
• Implement internal cache in JtiClaimValidator #​17107
• Polish javadoc #​16924
• Remove unused classes #​16935
• Replace NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in Documentation #​16962
• RequestHeaderAuthenticationFilter creates a session even if not configured to do so #​17147

🪲 Bug Fixes

• Add FunctionalInterface To X509PrincipalExtractor #​16952
• Change NonNull import from reactor to spring #​16571
• Fix DPoP jkt claim to be JWK SHA-256 thumbprint #​17080
• Minor error in the Handling Logouts documentation #​17049
• SecurityAnnotationScanner's method comparison should use .equals #​17145
• Use proper configuration key in Opaque Token documentation #​17014

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #​17069
• Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 #​16995
• Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 #​16990
• Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to 0.29.1.RELEASE #​17024
• Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to 0.29.2.RELEASE #​17095
• Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #​17096
• Bump io.mockk:mockk from 1.14.0 to 1.14.2 #​17019
• Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #​17111
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #​17040
• Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #​17088
• Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #​16761
• Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #​17089
• Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #​17105
• Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 #​17037
• Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #​16981
• Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 #​17137
• Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #​17124

🔩 Build Updates

• Release 6.5.0 #​17138

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dkowis, @​franticticktick, @​hammadirshad, @​jearton, @​ngocnhan-tran1996, @​quaff, and @​yybmion

v6.4.7

Compare Source

🪲 Bug Fixes

• ClearSiteDataHeaderWriter log is misleading #​17165
• Fix inconsistent constructor declaration for ReactiveAuthorizationManagerMethodSecurityConfiguration #​17197
• Fix to allow multiple AuthenticationFilter instances to process each request #​17215
• Use HttpStatus in back-channel logout filters #​17156

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #​17229
• Bump io-spring-javaformat from 0.0.43 to 0.0.45 #​17148
• Bump io-spring-javaformat from 0.0.45 to 0.0.46 #​17199
• Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #​17221
• Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #​17230
• Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #​17206
• Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #​17212
• Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #​17183
• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #​17253
• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #​17254
• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #​17237
• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #​17236

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​damable-nuvolex

v6.4.6

Compare Source

⭐ New Features

• Bump Gradle Wrapper from 8.13 to 8.14 #​17017
• ClientRegistrations.fromIssuerLocation does not include failure information #​17016
• RequestHeaderAuthenticationFilter creates a session even if not configured to do so #​17146

🪲 Bug Fixes

• Clear Site Data references non-existent constructor #​17034
• Ensure Serializable Components Have Serialization Sample #​17038
• Minor error in the Handling Logouts documentation #​17048
• NPE in BaseOpenSamlAuthenticationProvider #​17008
• SecurityAnnotationScanner's method comparison should use .equals #​17143
• StrictFirewallServerWebExchange should still protect when request is mutated #​17032
• Use proper configuration key in Opaque Token documentation #​17013

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #​17065
• Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #​17094
• Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #​17110
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #​17042
• Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #​17086
• Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #​17087
• Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #​17103
• Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #​16983
• Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #​17121

🔩 Build Updates

• Release Security 6.4.6 #​17139

v6.4.5

Compare Source

⭐ New Features

• Add link to docs zip file to the reference #​16799
• Fix attribute name in http.adoc #​16784
• Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc #​16783

🪲 Bug Fixes

• [Docs] Broken link on Spring MVC Test Integration page #​16785
• ServerBearerTokenAuthenticationConverter validates parameters when not enabled #​16901
• Clarify WebInvocationPrivilegeEvaluator JavaDoc #​16782
• CookieServerCsrfTokenRepository.withHttpOnlyFalse() ineffective if setCookieCustomizer() is used #​16862
• Correct closing tag in default PassKey HTML form #​16601
• Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity #​16606
• OpenSaml support should preserve encrypted elements for further analysis #​16367
• Sorting in AuthorizationAdvisorProxyFactory should be thread-safe #​16837
• WebFlux reference links to Servlet docs #​16786
• XML config does not apply request-handler-ref to CsrfAuthenticationStrategy #​16844

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.17 to 1.5.18 #​16767
• Bump io.micrometer:micrometer-observation from 1.14.5 to 1.14.6 #​16938
• Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17 #​16944
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 #​16919
• Bump org-aspectj from 1.9.22.1 to 1.9.24 #​16928
• Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #​16758
• Bump org.hibernate.orm:hibernate-core from 6.6.12.Final to 6.6.13.Final #​16895
• Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12 #​16960
• Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6 #​16959

🔩 Build Updates

• Bump spring-io/spring-doc-actions from 0.0.19 to 0.0.20 #​16894
• Release 6.4.5 #​16972

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​AB-xdev, @​Borghii, and @​dependabot[bot]

v6.4.4

Compare Source

🪲 Bug Fixes

• Add testRuntimeOnly junit-platform-launcher #​16756
• Align Method Traversal Algorithm with Spring Framework #​16751
• Disable Flaky WebAuthnWebDriverTests #​16753
• Fix @PostResult example in method-security doc #​16628
• Grammar Fixes in OAuth 2.0 JavaDoc #​16619

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.17 #​16649
• Bump com.fasterxml.jackson:jackson-bom from 2.18.2 to 2.18.3 #​16692
• Bump com.webauthn4j:webauthn4j-core from 0.28.5.RELEASE to 0.28.6.RELEASE #​16691
• Bump io.micrometer:micrometer-observation from 1.14.4 to 1.14.5 #​16715
• Bump io.mockk:mockk from 1.13.16 to 1.13.17 #​16675
• Bump io.projectreactor:reactor-bom from 2023.0.15 to 2023.0.16 #​16725
• Bump org.hibernate.orm:hibernate-core from 6.6.10.Final to 6.6.11.Final #​16748
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.23 to 4.33.24 #​16669
• Bump org.slf4j:slf4j-api from 2.0.16 to 2.0.17 #​16650
• Bump org.springframework.data:spring-data-bom from 2024.1.3 to 2024.1.4 #​16749
• Bump org.springframework:spring-framework-bom from 6.2.3 to 6.2.4 #​16733

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kuba15, @​dependabot[bot], and @​pat-mccusker

v6.4.3

Compare Source

⭐ New Features

• Add Support disableDefaultRegistrationPage to WebAuthnDsl #​16395

🪲 Bug Fixes

• withValue used incorrectly #​16527
• Fix for JdbcOneTimeTokenService cleanupExpiredTokens failing with PostgreSQL #​16344
• Fix GenerateOneTimeTokenWebFilter double publish of chain.filter(...) #​16459
• Fix Kotlin DSL webAuthn { } #​16338
• Fix loader has changed while resolving nodes in WebAuthnWebDriverTests #​16463
• Fix logoutRequestRepository not set on Saml2RelyingPartyInitiatedLogoutSuccessHandler #​16310
• Implement Serializable for WebAuthnAuthentication #​16285
• Make AuthorizationDecision Serializable #​16544
• Make PublicKeyCredentialRequestOptions Serializable Backport #​16584
• Make Saml2AuthenticationToken Serializable #​16287
• Make WebAuthnAuthentication Serializable #​16273
• Make WebAuthnAuthenticationRequestToken Serializable #​16602
• Make WebAuthnAuthenticationTokenRequest Serializable #​16481
• Misconfigured OAuth2LoginAuthenticationFilter when combining OAuth2 login and OAuth2 client configuration #​16466
• OTT Should Use non-static member to capture the last OneTimeToken #​16471
• webauthn js should ensure allowCredentials[].id is an ArrayBuffer #​16440

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16 #​16364
• Bump com.nimbusds:oauth2-oidc-sdk from 9.43.5 to 9.43.6 #​16598
• Bump com.webauthn4j:webauthn4j-core from 0.28.4.RELEASE to 0.28.5.RELEASE #​16523
• Bump io.micrometer:micrometer-observation from 1.14.3 to 1.14.4 #​16565
• Bump io.mockk:mockk from 1.13.14 to 1.13.16 #​16399
• Bump io.projectreactor:reactor-bom from 2023.0.14 to 2023.0.15 #​16576
• Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 #​16534
• Bump org.hibernate.orm:hibernate-core from 6.6.7.Final to 6.6.8.Final #​16610
• Bump org.junit:junit-bom from 5.11.3 to 5.11.4 #​16292
• Bump org.springframework.data:spring-data-bom from 2024.1.2 to 2024.1.3 #​16611
• Bump org.springframework.ldap:spring-ldap-core from 3.2.10 to 3.2.11 #​16597
• Bump org.springframework:spring-framework-bom from 6.2.2 to 6.2.3 #​16599
• Update to oauth2-oidc-sdk 9.43.5 #​16583

🔩 Build Updates

• Add TestBytes #​16461
• Troubleshoot missing GChat notifications #​16424

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kehrlann, @​NeoTraveler, @​dependabot[bot], @​franticticktick, @​making, and @​ngocnhan-tran1996

v6.4.2

Compare Source

⭐ New Features

• Add 6.4 Sample Serializations for Serializable classes #​16274
• Add @inheritDoc to sessionIdChanged method #​16216
• Fix typo in oauth2 resource server documentation #​16053
• Fixed confusing phrasing in the docs for a better clarity. #​16169
• Improve AuthorizationManager configuration error messages #​16194
• Polish #​16148
• Use Documentation Tags for Maven and Gradle in Getting Started #​16234
• Add WebDriver WebAuthn test #​15969

🪲 Bug Fixes

• Add Deprecated ObjectPostProcessor constructor #​16212
• Add RuntimeHints for webauthn Javascript resource #​16159
• Always return current ClientRegistration in loadAuthorizedClient #​16139
• Avoid requesting an unnecessary attestation statement when creating a webauthn credential #​16252
• CI is not using the correct secret for Develocity #​16263
• Dark mode rendering issue with images on CSRF and Method Security pages #​16176
• DefaultSaml2AuthenticatedPrincipal should define a serialVersionUID #​16163
• Delay initialization of AuthenticationProvider in Global Authentication #​16147
• Fix Documentation Typos #​16054
• Correct OAuth2ClientHttpRequestInterceptor Usage Documentation #​16172
• Fix Typo in 'What's New' Documentation #​16183
• Fix WebAuthnWebdriverTests #​16279
• Correct OpenSAML 5.x Documentation #​16195
• Issue when using @AuthenticationPrincipal on interfaces #​16177
• Mutate breaks functionality of StrictFirewallHttpHeaders with recently modified HttpHeaders#writabeHttpHeaders #​16261
• Remove duplicate cache in AuthenticationPrincipalArgumentResolverand CurrentSecurityContextArgumentResolver #​16202
• Resolve ObjectPostProcessor collisions between RSocket and WebFlux security configuration #​16161
• Restore @AuthenticationPrincipal/@CurrentSecurityContext Interface Support #​16245
• Restore Servlet 5 Compatiblity for CookieCsrfTokenRepository #​16220
• Spelling error in opensaml.adoc #​16146
• Update document regarding PublicKeyCredentialCreationOptions.attestation value #​16264
• Verification Options Should Return Saved Transports for Credentials #​16084

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.1 to 2.18.2 #​16184
• Bump com.webauthn4j:webauthn4j-core from 0.28.2.RELEASE to 0.28.3.RELEASE #​16203
• Bump io.micrometer:micrometer-observation from 1.14.1 to 1.14.2 #​16255
• Bump io.projectreactor:reactor-bom from 2023.0.12 to 2023.0.13 #​16256
• Bump org.gradle.wrapper-upgrade from 0.11.4 to 0.12 #​16209
• Bump org.gretty:gretty from 4.1.5 to 4.1.6 #​16247
• Bump org.hibernate.orm:hibernate-core from 6.6.2.Final to 6.6.3.Final #​16145
• Bump org.htmlunit:htmlunit from 4.6.0 to 4.7.0 #​16205
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.22 to 4.33.23 #​16180
• Bump org.seleniumhq.selenium:htmlunit3-driver from 4.26.0 to 4.27.0 #​16204
• Bump org.seleniumhq.selenium:selenium-java from 4.26.0 to 4.27.0 #​16167
• Bump org.springframework.data:spring-data-bom from 2024.1.0 to 2024.1.1 #​16290
• Bump org.springframework.ldap:spring-ldap-core from 3.2.8 to 3.2.10 #​16270
• Bump org.springframework:spring-framework-bom from 6.2.0 to 6.2.1 #​16271

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0 to 1.0.1 in /docs #​16239
• Bump antora from 3.2.0-alpha.6 to 3.2.0-alpha.8 in /docs #​16237
• Bump gradle/gradle-build-action from 2 to 3 #​16278
• Remove 5.8.x and 6.2.x dependabot configuration #​16268
• Remove 5.8.x from Auto Merge Forward Dependabot PRs #​15770

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​12OneTwo12, @​Kehrlann, @​MuhammadNFadhil, @​OrangeDog, @​Spikhalskiy, @​dependabot[bot], @​harpreets789, @​kse-music, @​martin-tarjanyi, @​ngocnhan-tran1996, and @​ynojima

v6.4.1

Compare Source

🪲 Bug Fixes

• Documentation images should render clearly in both light and dark mode #​16132
• Fix conflicting bean names between @EnableWebSecurity and @EnableWebSocketSecurity #​16113

🔩 Build Updates

• Update Antora UI Spring to v0.4.18 #​16112

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​github-actions[bot] and @​ngocnhan-tran1996

v6.4.0

Compare Source

⭐ New Features

• Add @FunctionalInterface to AuthorizationEventPublisher #​15934
• Add DefaultResourcesFilter.webauthn() #​15970
• Add deprecation notice for missing leading slashes #​16020
• Code Cleanup #​15996
• Document passkeys dependencies #​16107
• Factor out some common object mocking in tests #​15396
• Fix saml2 authentication guide docs #​16017
• Improve documentation about CredentialsContainer #​15554
• Improve Documentation on Adding a Custom Security Filter #​15893
• Improve Error Message for Conflicting Filter Chains #​15992
• Make it easier to determine where a filter chain has been defined #​15874
• OIDC logout not working for JPA/JDBC OAuth2AuthorizationService because DefaultSaml2AuthenticatedPrincipal does not implement equality #​15346
• Polish JdbcOneTimeTokenService #​15997
• relying-party-registration doesn't allow placeholders in xml #​14645
• Remove unnecessary parentheses and add static final field MockPortResolver#getServerPort #​15875
• Support ServerExchangeRejectedHandler @Bean #​16063

🪲 Bug Fixes

• An empty-string bearer token should result in an appropriate HTTP status code #​16037
• AuthorizeReturnObject AOT support should register proxied class as well #​16106
• Correct class name reference in WebFilterChainProxy JavaDoc #​16004
• Fix typo javadoc some classes #​16022
• Initialize OpenSAML in OpenSamlAssertingPartyMetadataRepository #​16055
• IpAddressMatcher null pointer exception #​16104
• OpenSamlAssertingPartyMetadataRepository should initialize OpenSAML #​16042
• Support ServerWebExchangeFirewall @Bean #​15999
• UniqueSecurityAnnotationScanner throws ConcurrentModificationException #​15906

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 #​16005
• Bump com.fasterxml.jackson:jackson-bom from 2.18.0 to 2.18.1 #​16007
• Bump com.webauthn4j:webauthn4j-core from 0.28.1.RELEASE to 0.28.2.RELEASE #​16122
• Bump io.freefair.gradle:aspectj-plugin from 8.10.2 to 8.11 #​16123
• Bump io.micrometer:micrometer-observation from 1.14.0 to 1.14.1 #​16121
• Bump io.projectreactor:reactor-bom from 2023.0.11 to 2023.0.12 #​16079
• Bump org-bouncycastle from 1.78.1 to 1.79 #​16010
• Bump org.hibernate.orm:hibernate-core from 6.6.1.Final to 6.6.2.Final #​16048
• Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #​16028
• Bump org.htmlunit:htmlunit from 4.5.0 to 4.6.0 #​16044
• Bump org.junit:junit-bom from 5.11.2 to 5.11.3 #​15968
• Bump org.seleniumhq.selenium:htmlunit3-driver from 4.25.0 to 4.26.0 #​16043
• Bump org.seleniumhq.selenium:selenium-java from 4.25.0 to 4.26.0 #​16018
• Bump org.springframework.data:spring-data-bom from 2024.0.5 to 2024.1.0 #​16124
• Bump org.springframework.ldap:spring-ldap-core from 3.2.7 to 3.2.8 #​16097
• Bump org.springframework:spring-framework-bom from 6.2.0-RC3 to 6.2.0 #​16096

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-beta.4 to 1.0.0-beta.5 in /docs #​16115
• Update Antora UI Spring to v0.4.17 #​15929

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Chu3laMan, @​Kehrlann, @​Limm-jk, @​dcolazin, @​dependabot[bot], @​franticticktick, @​github-actions[bot], @​gzhao9, @​ig-jinwoo, @​jzheaux, @​kse-music, @​ngocnhan-tran1996, and @​nomoreFt

v6.3.10

Compare Source

⭐ New Features

• Add SAML 2.0 migration guide from Spring Security SAML Extension #​17076
• Advise overriding equals() and hashCode() in UserDetails implementations #​17141
• Bump Gradle Wrapper from 8.13 to 8.14 #​16999

🪲 Bug Fixes

• Clear Site Data references non-existent constructor #​16948
• ClearSiteDataHeaderWriter log is misleading #​17126
• ClientRegistrations#fromIssuerLocation should not swallow 4xx exception messages #​16993
• Correct method name in document #​17044
• Fix IllegalArgumentException message for unknown Argon2 types #​16971
• Fix to allow multiple AuthenticationFilter instances to process each request #​17186
• Improve AbstractPreAuthenticatedProcessingFilter docs #​16985
• Remove duplicate lines from X.509 documentation #​17010
• StrictFirewallServerWebExchange should still protect when request is mutated #​16978
• Update the docs to use assertingparty instead of identityprovider to close #​12810 #​17081
• Use HttpStatus in back-channel logout filters #​17128
• Use proper configuration key in Opaque Token documentation #​17005

🔨 Dependency Upgrades

• Bump io-spring-javaformat from 0.0.43 to 0.0.45 #​17151
• Bump io-spring-javaformat from 0.0.45 to 0.0.46 #​17198
• Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #​17101
• Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #​17231
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #​17039
• Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #​17085
• Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #​17211
• Bump org.springframework.data:spring-data-bom from 2024.0.10 to 2024.0.11 #​16982
• Bump org.springframework.data:spring-data-bom from 2024.0.11 to 2024.0.12 #​17135
• Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13 #​17255
• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #​17241
• Bump org.springframework:spring-framework-bom from 6.1.19 to 6.1.20 #​17122
• Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21 #​17240
• Update to io.spring.gradle:spring-security-release-plugin:1.0.5 #​16975

🔩 Build Updates

• Release 6.3.10 #​17140

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Gurunathan16, @​danilopiazza, @​evgeniycheban, @​joaquinjsb, @​m0rk4, @​ngocnhan-tran1996, @​quaff, @​rntrp, @​ronodhirSoumik, @​snowykte0426, and @​therepanic

v6.3.9

Compare Source

⭐ New Features

• Add link to docs zip file to the reference #​16798
• Clarify WebInvocationPrivilegeEvaluator JavaDoc #​16548
• Fix attribute name in http.adoc #​16776
• Fix Spring Framework reference link #​16718
• Fix WebFlux authentication reference link #​16719
• Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc #​16555

🪲 Bug Fixes

• Do not validate parameters in ServerBearerTokenAuthenticationConverter and DefaultBearerTokenResolver if not enabled #​16039
• Fix the request matcher patterns in the documentation #​16713
• setCookieCustomizer should not reset withHttpOnlyFalse httpOnly setting #​16822
• Sorting in AuthorizationAdvisorProxyFactory should be thread-safe #​16834
• Use correct message prompt in AuthorizeReturnObjectMethodInterceptor constructor #​16829
• XML config does not apply request-handler-ref to CsrfAuthenticationStrategy #​16801

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.17 to 1.5.18 #​16769
• Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17 #​16942
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 #​16916
• Bump org-aspectj from 1.9.22.1 to 1.9.24 #​16927
• Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #​16759
• Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12 #​16957
• Bump org.springframework:spring-framework-bom from 6.1.18 to 6.1.19 #​16958

🔩 Build Updates

• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.16 to 1.0.0-alpha.17 in /docs #​16809
• Release 6.3.9 #​16973

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Bragolgirith, @​dependabot[bot], @​jonah1und1, @​kse-music, and @​ngocnhan-tran1996

v6.3.8

Compare Source

🪲 Bug Fixes

• Add testRuntimeOnly junit-platform-launcher #​16755
• Fix typo security-api-url attribute in faq.adoc #​16633
• Security SpEL Expressions Should Propagate AuthorizationDeniedException from Proxied Objects #​16697

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.17 #​16651
• Bump io.mockk:mockk from 1.13.16 to 1.13.17 #​16676
• Bump io.projectreactor:reactor-bom from 2023.0.15 to 2023.0.16 #​16724
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.23 to 4.33.24 #​16670
• Bump org.slf4j:slf4j-api from 2.0.16 to 2.0.17 #​16652
• Bump org.springframework.data:spring-data-bom from 2024.0.9 to 2024.0.10 #​16747
• Bump org.springframework:spring-framework-bom from 6.1.17 to 6.1.18 #​16735

🔩 Build Updates

• Bump @springio/antora-extensions from 1.14.2 to 1.14.4 in /docs #​16637

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dependabot[bot] and @​ngocnhan-tran1996

v6.3.7

Compare Source

⭐ New Features

• Improve Stability of S101 CI Task #​16482

🪲 Bug Fixes

• Fix logoutRequestRepository not set on Saml2RelyingPartyInitiatedLogoutSuccessHandler #​16093
• Misconfigured OAuth2LoginAuthenticationFilter when combining OAuth2 login and OAuth2 client configuration #​16105

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16 #​16363
• Bump com.nimbusds:oauth2-oidc-sdk from 9.43.5 to 9.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.