Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump spring.security.version from 3.2.5.RELEASE to 5.2.2.RELEASE #849

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 3, 2020

Bumps spring.security.version from 3.2.5.RELEASE to 5.2.2.RELEASE.

Updates spring-security-config from 3.2.5.RELEASE to 5.2.2.RELEASE

Release notes

Sourced from spring-security-config's releases.

5.2.2.RELEASE

⭐ New Features

  • Don't cache requests with Accept: text/event-stream by default. #7744
  • Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7717
  • Remove redundant validation for redirect-uri #7707
  • Polish oauth2-client Error-handling Tests #7647
  • Remove unnecessary code in SecurityExpressionRoot #7635
  • Extract HTTPS Documentation #7626
  • Remove unnecessary code in SecurityExpressionRoot #7601
  • Make jwks_uri optional for RFC 8414 and required for OpenID Connect #7573

🪲 Bug Fixes

  • Form login requiresAuthenticationMatcher is not used in WebFlux #7867
  • Form Login authenticationFailureHandler is not used in ServerHttpSecurity #7866
  • BasicAuthenticationFilter ignores credentials charset #7859
  • Default LDIF file not picked up in LDAP "unboundid" mode #7852
  • Incorrect LDIF file example in LDAP documentation #7849
  • Use the custom ServerRequestCache that the user configures #7753
  • RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7751
  • Disabling logout in WebFlux does nothing #7742
  • Saml2Authentication isn't serializable #7739
  • Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7738
  • CompositeServerHttpHeadersWriter Should Execute Sequentially #7732
  • DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7729
  • DelegatingServerLogoutHandler Should Execute Sequentially #7725
  • WebFlux oauth2Login returns 500 when bad client credentials #7703
  • Correctly configure authorization requests repository for OAuth2 login #7690
  • Correctly configure authorization requests repository for OAuth2 login #7689
  • DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7684
  • Update @​MessageMapping to match input/output cardinality #7669
  • Add http and https spring.schema mappings #7623
  • Avoid toString in favor of getName in order to extract sid #6354

🔨 Dependency Upgrades

  • Update to Spring Boot 2.2.4 #7909
  • Update to org.slf4j 1.7.30 #7908
  • Update to org.powermock 2.0.5 #7907
  • Update to hibernate-validator 6.1.2.Final #7906
  • Update to hibernate-entitymanager 5.4.10.Final #7905
  • Update to org.aspectj 1.9.5 #7904
  • Update to httpclient 4.5.11 #7903
  • Update to commons-codec 1.14 #7899
  • Update to com.squareup.okhttp3 3.14.6 #7898
  • Update to Jackson 2.10.2 #7897
  • Update to Reactor Dysprosium SR4 #7896
  • Update to Spring Data Moore SR3 #7895
  • Update to Spring Framework 5.2.3 #7894
... (truncated)
Commits
  • 9a2b71d Release 5.2.2.RELEASE
  • c4ccc96 Polish Error Messages for OpaqueTokenIntrospectors
  • 6c31021 Update to Spring Boot 2.2.4
  • a5b6b9a Update to org.slf4j 1.7.30
  • 9e69102 Update to org.powermock 2.0.5
  • ea809b0 Update to hibernate-validator 6.1.2.Final
  • 8054239 Update to hibernate-entitymanager 5.4.10.Final
  • 4648619 Update to org.aspectj 1.9.5
  • 00b08bc Update to httpclient 4.5.11
  • 6e0fbfc Update to commons-codec 1.14
  • Additional commits viewable in compare view

Updates spring-security-core from 3.2.5.RELEASE to 5.2.2.RELEASE

Release notes

Sourced from spring-security-core's releases.

5.2.2.RELEASE

⭐ New Features

  • Don't cache requests with Accept: text/event-stream by default. #7744
  • Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7717
  • Remove redundant validation for redirect-uri #7707
  • Polish oauth2-client Error-handling Tests #7647
  • Remove unnecessary code in SecurityExpressionRoot #7635
  • Extract HTTPS Documentation #7626
  • Remove unnecessary code in SecurityExpressionRoot #7601
  • Make jwks_uri optional for RFC 8414 and required for OpenID Connect #7573

🪲 Bug Fixes

  • Form login requiresAuthenticationMatcher is not used in WebFlux #7867
  • Form Login authenticationFailureHandler is not used in ServerHttpSecurity #7866
  • BasicAuthenticationFilter ignores credentials charset #7859
  • Default LDIF file not picked up in LDAP "unboundid" mode #7852
  • Incorrect LDIF file example in LDAP documentation #7849
  • Use the custom ServerRequestCache that the user configures #7753
  • RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7751
  • Disabling logout in WebFlux does nothing #7742
  • Saml2Authentication isn't serializable #7739
  • Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7738
  • CompositeServerHttpHeadersWriter Should Execute Sequentially #7732
  • DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7729
  • DelegatingServerLogoutHandler Should Execute Sequentially #7725
  • WebFlux oauth2Login returns 500 when bad client credentials #7703
  • Correctly configure authorization requests repository for OAuth2 login #7690
  • Correctly configure authorization requests repository for OAuth2 login #7689
  • DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7684
  • Update @​MessageMapping to match input/output cardinality #7669
  • Add http and https spring.schema mappings #7623
  • Avoid toString in favor of getName in order to extract sid #6354

🔨 Dependency Upgrades

  • Update to Spring Boot 2.2.4 #7909
  • Update to org.slf4j 1.7.30 #7908
  • Update to org.powermock 2.0.5 #7907
  • Update to hibernate-validator 6.1.2.Final #7906
  • Update to hibernate-entitymanager 5.4.10.Final #7905
  • Update to org.aspectj 1.9.5 #7904
  • Update to httpclient 4.5.11 #7903
  • Update to commons-codec 1.14 #7899
  • Update to com.squareup.okhttp3 3.14.6 #7898
  • Update to Jackson 2.10.2 #7897
  • Update to Reactor Dysprosium SR4 #7896
  • Update to Spring Data Moore SR3 #7895
  • Update to Spring Framework 5.2.3 #7894
... (truncated)
Commits
  • 9a2b71d Release 5.2.2.RELEASE
  • c4ccc96 Polish Error Messages for OpaqueTokenIntrospectors
  • 6c31021 Update to Spring Boot 2.2.4
  • a5b6b9a Update to org.slf4j 1.7.30
  • 9e69102 Update to org.powermock 2.0.5
  • ea809b0 Update to hibernate-validator 6.1.2.Final
  • 8054239 Update to hibernate-entitymanager 5.4.10.Final
  • 4648619 Update to org.aspectj 1.9.5
  • 00b08bc Update to httpclient 4.5.11
  • 6e0fbfc Update to commons-codec 1.14
  • Additional commits viewable in compare view

Updates spring-security-web from 3.2.5.RELEASE to 5.2.2.RELEASE

Release notes

Sourced from spring-security-web's releases.

5.2.2.RELEASE

⭐ New Features

  • Don't cache requests with Accept: text/event-stream by default. #7744
  • Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7717
  • Remove redundant validation for redirect-uri #7707
  • Polish oauth2-client Error-handling Tests #7647
  • Remove unnecessary code in SecurityExpressionRoot #7635
  • Extract HTTPS Documentation #7626
  • Remove unnecessary code in SecurityExpressionRoot #7601
  • Make jwks_uri optional for RFC 8414 and required for OpenID Connect #7573

🪲 Bug Fixes

  • Form login requiresAuthenticationMatcher is not used in WebFlux #7867
  • Form Login authenticationFailureHandler is not used in ServerHttpSecurity #7866
  • BasicAuthenticationFilter ignores credentials charset #7859
  • Default LDIF file not picked up in LDAP "unboundid" mode #7852
  • Incorrect LDIF file example in LDAP documentation #7849
  • Use the custom ServerRequestCache that the user configures #7753
  • RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7751
  • Disabling logout in WebFlux does nothing #7742
  • Saml2Authentication isn't serializable #7739
  • Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7738
  • CompositeServerHttpHeadersWriter Should Execute Sequentially #7732
  • DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7729
  • DelegatingServerLogoutHandler Should Execute Sequentially #7725
  • WebFlux oauth2Login returns 500 when bad client credentials #7703
  • Correctly configure authorization requests repository for OAuth2 login #7690
  • Correctly configure authorization requests repository for OAuth2 login #7689
  • DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7684
  • Update @​MessageMapping to match input/output cardinality #7669
  • Add http and https spring.schema mappings #7623
  • Avoid toString in favor of getName in order to extract sid #6354

🔨 Dependency Upgrades

  • Update to Spring Boot 2.2.4 #7909
  • Update to org.slf4j 1.7.30 #7908
  • Update to org.powermock 2.0.5 #7907
  • Update to hibernate-validator 6.1.2.Final #7906
  • Update to hibernate-entitymanager 5.4.10.Final #7905
  • Update to org.aspectj 1.9.5 #7904
  • Update to httpclient 4.5.11 #7903
  • Update to commons-codec 1.14 #7899
  • Update to com.squareup.okhttp3 3.14.6 #7898
  • Update to Jackson 2.10.2 #7897
  • Update to Reactor Dysprosium SR4 #7896
  • Update to Spring Data Moore SR3 #7895
  • Update to Spring Framework 5.2.3 #7894
... (truncated)
Commits
  • 9a2b71d Release 5.2.2.RELEASE
  • c4ccc96 Polish Error Messages for OpaqueTokenIntrospectors
  • 6c31021 Update to Spring Boot 2.2.4
  • a5b6b9a Update to org.slf4j 1.7.30
  • 9e69102 Update to org.powermock 2.0.5
  • ea809b0 Update to hibernate-validator 6.1.2.Final
  • 8054239 Update to hibernate-entitymanager 5.4.10.Final
  • 4648619 Update to org.aspectj 1.9.5
  • 00b08bc Update to httpclient 4.5.11
  • 6e0fbfc Update to commons-codec 1.14
  • Additional commits viewable in compare view

Updates spring-security-taglibs from 3.2.5.RELEASE to 5.2.2.RELEASE

Release notes

Sourced from spring-security-taglibs's releases.

5.2.2.RELEASE

⭐ New Features

  • Don't cache requests with Accept: text/event-stream by default. #7744
  • Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7717
  • Remove redundant validation for redirect-uri #7707
  • Polish oauth2-client Error-handling Tests #7647
  • Remove unnecessary code in SecurityExpressionRoot #7635
  • Extract HTTPS Documentation #7626
  • Remove unnecessary code in SecurityExpressionRoot #7601
  • Make jwks_uri optional for RFC 8414 and required for OpenID Connect #7573

🪲 Bug Fixes

  • Form login requiresAuthenticationMatcher is not used in WebFlux #7867
  • Form Login authenticationFailureHandler is not used in ServerHttpSecurity #7866
  • BasicAuthenticationFilter ignores credentials charset #7859
  • Default LDIF file not picked up in LDAP "unboundid" mode #7852
  • Incorrect LDIF file example in LDAP documentation #7849
  • Use the custom ServerRequestCache that the user configures #7753
  • RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7751
  • Disabling logout in WebFlux does nothing #7742
  • Saml2Authentication isn't serializable #7739
  • Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7738
  • CompositeServerHttpHeadersWriter Should Execute Sequentially #7732
  • DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7729
  • DelegatingServerLogoutHandler Should Execute Sequentially #7725
  • WebFlux oauth2Login returns 500 when bad client credentials #7703
  • Correctly configure authorization requests repository for OAuth2 login #7690
  • Correctly configure authorization requests repository for OAuth2 login #7689
  • DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7684
  • Update @​MessageMapping to match input/output cardinality #7669
  • Add http and https spring.schema mappings #7623
  • Avoid toString in favor of getName in order to extract sid #6354

🔨 Dependency Upgrades

  • Update to Spring Boot 2.2.4 #7909
  • Update to org.slf4j 1.7.30 #7908
  • Update to org.powermock 2.0.5 #7907
  • Update to hibernate-validator 6.1.2.Final #7906
  • Update to hibernate-entitymanager 5.4.10.Final #7905
  • Update to org.aspectj 1.9.5 #7904
  • Update to httpclient 4.5.11 #7903
  • Update to commons-codec 1.14 #7899
  • Update to com.squareup.okhttp3 3.14.6 #7898
  • Update to Jackson 2.10.2 #7897
  • Update to Reactor Dysprosium SR4 #7896
  • Update to Spring Data Moore SR3 #7895
  • Update to Spring Framework 5.2.3 #7894
... (truncated)
Commits
  • 9a2b71d Release 5.2.2.RELEASE
  • c4ccc96 Polish Error Messages for OpaqueTokenIntrospectors
  • 6c31021 Update to Spring Boot 2.2.4
  • a5b6b9a Update to org.slf4j 1.7.30
  • 9e69102 Update to org.powermock 2.0.5
  • ea809b0 Update to hibernate-validator 6.1.2.Final
  • 8054239 Update to hibernate-entitymanager 5.4.10.Final
  • 4648619 Update to org.aspectj 1.9.5
  • 00b08bc Update to httpclient 4.5.11
  • 6e0fbfc Update to commons-codec 1.14
  • Additional commits viewable in compare view

Updates spring-security-aspects from 3.2.5.RELEASE to 5.2.2.RELEASE

Release notes

Sourced from spring-security-aspects's releases.

5.2.2.RELEASE

⭐ New Features

  • Don't cache requests with Accept: text/event-stream by default. #7744
  • Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7717
  • Remove redundant validation for redirect-uri #7707
  • Polish oauth2-client Error-handling Tests #7647
  • Remove unnecessary code in SecurityExpressionRoot #7635
  • Extract HTTPS Documentation #7626
  • Remove unnecessary code in SecurityExpressionRoot #7601
  • Make jwks_uri optional for RFC 8414 and required for OpenID Connect #7573

🪲 Bug Fixes

  • Form login requiresAuthenticationMatcher is not used in WebFlux #7867
  • Form Login authenticationFailureHandler is not used in ServerHttpSecurity #7866
  • BasicAuthenticationFilter ignores credentials charset #7859
  • Default LDIF file not picked up in LDAP "unboundid" mode #7852
  • Incorrect LDIF file example in LDAP documentation #7849
  • Use the custom ServerRequestCache that the user configures #7753
  • RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7751
  • Disabling logout in WebFlux does nothing #7742
  • Saml2Authentication isn't serializable #7739
  • Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7738
  • CompositeServerHttpHeadersWriter Should Execute Sequentially #7732
  • DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7729
  • DelegatingServerLogoutHandler Should Execute Sequentially #7725
  • WebFlux oauth2Login returns 500 when bad client credentials #7703
  • Correctly configure authorization requests repository for OAuth2 login #7690
  • Correctly configure authorization requests repository for OAuth2 login #7689
  • DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7684
  • Update @​MessageMapping to match input/output cardinality #7669
  • Add http and https spring.schema mappings #7623
  • Avoid toString in favor of getName in order to extract sid #6354

🔨 Dependency Upgrades

  • Update to Spring Boot 2.2.4 #7909
  • Update to org.slf4j 1.7.30 #7908
  • Update to org.powermock 2.0.5 #7907
  • Update to hibernate-validator 6.1.2.Final #7906
  • Update to hibernate-entitymanager 5.4.10.Final #7905
  • Update to org.aspectj 1.9.5 #7904
  • Update to httpclient 4.5.11 #7903
  • Update to commons-codec 1.14 #7899
  • Update to com.squareup.okhttp3 3.14.6 #7898
  • Update to Jackson 2.10.2 #7897
  • Update to Reactor Dysprosium SR4 #7896
  • Update to Spring Data Moore SR3 #7895
  • Update to Spring Framework 5.2.3 #7894
... (truncated)
Commits
  • 9a2b71d Release 5.2.2.RELEASE
  • c4ccc96 Polish Error Messages for OpaqueTokenIntrospectors
  • 6c31021 Update to Spring Boot 2.2.4
  • a5b6b9a Update to org.slf4j 1.7.30
  • 9e69102 Update to org.powermock 2.0.5
  • ea809b0 Update to hibernate-validator 6.1.2.Final
  • 8054239 Update to hibernate-entitymanager 5.4.10.Final
  • 4648619 Update to org.aspectj 1.9.5
  • 00b08bc Update to httpclient 4.5.11
  • 6e0fbfc Update to commons-codec 1.14
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps `spring.security.version` from 3.2.5.RELEASE to 5.2.2.RELEASE.

Updates `spring-security-config` from 3.2.5.RELEASE to 5.2.2.RELEASE
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Commits](spring-projects/spring-security@3.2.5.RELEASE...5.2.2.RELEASE)

Updates `spring-security-core` from 3.2.5.RELEASE to 5.2.2.RELEASE
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Commits](spring-projects/spring-security@3.2.5.RELEASE...5.2.2.RELEASE)

Updates `spring-security-web` from 3.2.5.RELEASE to 5.2.2.RELEASE
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Commits](spring-projects/spring-security@3.2.5.RELEASE...5.2.2.RELEASE)

Updates `spring-security-taglibs` from 3.2.5.RELEASE to 5.2.2.RELEASE
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Commits](spring-projects/spring-security@3.2.5.RELEASE...5.2.2.RELEASE)

Updates `spring-security-aspects` from 3.2.5.RELEASE to 5.2.2.RELEASE
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Commits](spring-projects/spring-security@3.2.5.RELEASE...5.2.2.RELEASE)

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Mar 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants