Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency org.springframework.security:spring-security-web to v5 #12

Open
wants to merge 1 commit into
base: vp-rem
Choose a base branch
from
Open

Update dependency org.springframework.security:spring-security-web to v5 #12

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Apr 17, 2023
edited
Loading

This PR contains the following updates:

Package Type Update Change
org.springframework.security:spring-security-web (source) compile major 4.0.1.RELEASE -> 5.7.13

By merging this PR, the issue #24 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
Critical Critical 9.8 CVE-2022-22978

Reachable
Critical Critical 9.1 CVE-2024-38821

Reachable
High High 8.8 CVE-2021-22112

Reachable
High High 8.2 CVE-2024-22257

Reachable
High High 7.5 CVE-2016-9879

Reachable
High High 7.3 CVE-2019-11272

Reachable
Medium Medium 6.3 WS-2017-3767

Reachable
Medium Medium 5.9 WS-2016-7107

Reachable
Medium Medium 5.9 WS-2020-0293

Reachable

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-web)

v5.7.13

Compare Source

v5.7.12

Compare Source

🪲 Bug Fixes

v5.7.11

Compare Source

⭐ New Features

v5.7.10

Compare Source

🪲 Bug Fixes

  • Use default PathPatternParser instance #​13461

🔨 Dependency Upgrades

  • Update io.projectreactor to 2020.0.34 #​13509
  • Update org.springframework to 5.3.29 #​13511
  • Update org.springframework.data to 2021.2.14 #​13512
  • Update reactor-netty to 1.0.34 #​13510

v5.7.9

Compare Source

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

  • Update io.projectreactor to 2020.0.33 #​13373
  • Update io.rsocket to 1.1.4 #​13379
  • Update org.springframework to 5.3.28 #​13382
  • Update org.springframework.data to 2021.2.13 #​13385
  • Update reactor-netty to 1.0.33 #​13376

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.7.8

Compare Source

⭐ New Features

  • Clarify documentation code snippet(s) (unclear where static imported methods come from) #​6597
  • Document relationship between registrationId, EntityID, and resolving a relying party #​12764

🪲 Bug Fixes

  • Add test to SimpleUrlAuthenticationSuccessHandlerTests #​12740
  • Avoid NPE in FilterInvocation #​12922
  • EntityId ignored in xml relying-party-registration #​11898
  • Fix a javadoc typo in ReactiveAuthorizationManager #​12998
  • Fix a javadoc typo in ReactiveAuthorizationManager #​12978
  • Fix typo in SessionManagementConfigurer javadoc #​12820
  • Missing spring-security-oauth2 xsds after release #​12804
  • NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed #​12960
  • RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present #​12664
  • SwitchUserFilter should use HttpSessionSecurityContextRepository by default #​12834

🔨 Dependency Upgrades

  • Update blockhound to 1.0.8.RELEASE #​13016
  • Update io.projectreactor to 2020.0.31 #​13014
  • Update logback-classic to 1.2.12 #​13013
  • Update org.eclipse.jetty to 9.4.51.v20230217 #​13017
  • Update org.springframework to 5.3.27 #​13018
  • Update org.springframework.data to 2021.2.11 #​13019
  • Update reactor-netty to 1.0.31 #​13015

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.7.7

Compare Source

⭐ New Features

  • chore: Use cache in continuous-integration-workflow.yml #​12503
  • fix unclosed block in docs #​12542

🪲 Bug Fixes

  • AuthorizationManager method security documentation should use AnnotationMatchingPointcut #​11095
  • Document XMLObject retreival for Asserting Party metadata #​12667
  • Fix typo in OAuth 2.0 testing docs #​12437
  • Jackson serialization of DefaultSaml2AuthenticatedPrincipal: LinkedMultiValueMap is not in the allowlist #​11785
  • NimbusJwtDecoder unknown KID scenario is not correctly tested #​12238
  • NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard #​12637
  • SwitchUserFilter not working in Spring Security 6 #​12504
  • Wrong name of the filter in the SecurityContextHolderFilter diagram #​11800

🔨 Dependency Upgrades

  • Update blockhound to 1.0.7.RELEASE #​12733
  • Update hibernate-entitymanager to 5.6.15.Final #​12736
  • Update io.projectreactor to 2020.0.28 #​12732
  • Update io.spring.nohttp to 0.0.11 #​12734
  • Update jackson-bom to 2.13.5 #​12731
  • Update org.aspectj to 1.9.19 #​12735
  • Update org.springframework to 5.3.25 #​12737
  • Update org.springframework.data to 2021.2.8 #​12738

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.7.6

Compare Source

⭐ New Features

  • Improve deprecation notice in WebSecurityConfigurerAdapter #​12260
  • Replace deprecated set-state set-output GitHub Action's commands #​12297

🪲 Bug Fixes

  • DefaultLdapAuthoritiesPopulator throws NullPointerException #​12407
  • Fix AuthorizationFilter diagram in docs #​12285
  • Incorrect scope map fix #​12205
  • SAML logout: Incorrect log messages #​12208
  • Saml2MetadataFilter response should configure writer to UTF-8 #​12221
  • SEC-2839: SecurityNamespaceHandler - related to SEC-1455 #​12125
  • Update the RP-initiated Logout links #​12121

🔨 Dependency Upgrades

  • Change gradle.plugin.org.gretty:gretty:3.0.1 to org.gretty:gretty:3.0.9 #​12153
  • Update Gradle to 7.5.1 #​12157
  • Update hibernate-entitymanager to 5.6.14.Final #​12397
  • Update httpclient to 4.5.14 #​12395
  • Update io.projectreactor to 2020.0.26 #​12393
  • Update jackson-bom to 2.13.4.20221013 #​12391
  • Update jackson-databind to 2.13.4.2 #​12392
  • Update org.eclipse.jetty to 9.4.50.v20221201 #​12396
  • Update org.springframework to 5.3.24 #​12398
  • Update org.springframework.data to 2021.2.6 #​12399
  • Update reactor-netty to 1.0.26 #​12394

v5.7.5

Compare Source

🪲 Bug Fixes

  • Fix AuthorizationFilter incorrectly extending OncePerRequestFilter #​12113
  • Fix scope mapping #​12112
  • IpAddressServerWebExchangeMatcher throws NullPointerException with framework forward-headers-strategy #​11888

v5.7.4

Compare Source

⭐ New Features

  • automatically manage docs version (with collector) #​11955

🪲 Bug Fixes

  • AuthenticationEventPublisher bean is not picked up if no UserDetailsService bean #​11729
  • Build fails with missing project property cloneOutputDirectory #​11979
  • GitHubMilestoneApiTests due_on Should Use LocalDate #​11707
  • HttpSecurity Bean does not set DefaultAuthenticationEventPublisher #​11727
  • NamespaceLdapAuthenticationProviderTests Should Use Dynamic Port #​11711
  • RemoteJwkSet is not refreshed when encountering an unknown KID #​11723
  • RequestRejectedHandler does not reliable prevent Internal Server Error #​11744

🔨 Dependency Upgrades

  • Update Gradle Enterprise plugin to 3.11.1 #​11830
  • Update hibernate-entitymanager to 5.6.10.Final #​11745
  • Update hibernate-entitymanager to 5.6.12.Final #​12016
  • Update io.projectreactor to 2020.0.22 #​11743
  • Update io.projectreactor to 2020.0.24 #​12012
  • Update io.rsocket to 1.1.3 #​12014
  • Update jackson-bom to 2.13.4.20221012 #​12008
  • Update jackson-databind to 2.13.4.1 #​12009
  • Update jackson-datatype-jsr310 to 2.13.4 #​12010
  • Update jsonassert to 1.5.1 #​11741
  • Update mockk to 1.12.8 #​12011
  • Update org.eclipse.jetty to 9.4.48.v20220622 #​11740
  • Update org.eclipse.jetty to 9.4.49.v20220914 #​12015
  • Update org.springframework to 5.3.22 #​11739
  • Update org.springframework to 5.3.23 #​12017
  • Update org.springframework.data to 2021.1.6 #​11742
  • Update org.springframework.data to 2021.2.4 #​12018
  • Update reactor-netty to 1.0.24 #​12013

v5.7.3

Compare Source

⭐ New Features

  • Add Kotlin example showing integration with WebTestClient #​9998
  • Set permissions for GitHub actions #​11642
  • Update javadoc of EnableWebSecurity to reflect deprecation of WebSecurityConfigurerAdapter #​11650

🪲 Bug Fixes

  • Add Deprecated annotation to WebSecurity#securityInterceptor #​11637
  • Check saganCreateRelease saganDeleteRelease Required Permissions #​11425
  • org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute" #​11605
  • RequestAttributeSecurityContextRepository.loadContext(HttpServletRequest) should never return null SecurityContext #​11606
  • RequestRejectedHandler does not reliable prevent Internal Server Error #​11672
  • Sources and javadocs missing in latest snapshots #​11628
  • Spring Security Bcrypt with strength/log rounds = 31 results in 'Bad number of rounds' error although 31 should be ok #​11484
  • Update javadoc of HttpSecurity, WebSecurityConfiguration and WebSecurity to reflect deprecation of WebSecurityConfigurerAdapter #​11651

🔨 Dependency Upgrades

  • Update hibernate-entitymanager to 5.6.10.Final #​11694
  • Update io.projectreactor to 2020.0.22 #​11691
  • Update jsonassert to 1.5.1 #​11696
  • Update mockk to 1.12.5 #​11690
  • Update org.eclipse.jetty to 9.4.48.v20220622 #​11693
  • Update org.jetbrains.kotlinx to 1.6.4 #​11695
  • Update org.springframework to 5.3.22 #​11697
  • Update org.springframework.data to 2021.2.2 #​11698

v5.7.2

Compare Source

⭐ New Features

  • Consider updating testing examples to use JUnit Jupiter #​11293

🪲 Bug Fixes

  • Some Security Expressions cause NPE when used within @Query #​11289
  • CsrfWebFilter null save content-type check #​11341
  • Docs example uses access(String) with authorizeHttpRequests() #​11296
  • Fix typo in BasicLookupStrategy Javadoc #​11339
  • KeyInfo missing in AuthnRequest when using OpenSaml4AuthenticationRequestResolver #​11358
  • OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #​11384
  • SAML request encoding: on redirect binding, base64 encoded message contains CRLF #​11284
  • SecurityContextRepository.loadContext(HttpServletRequest) cache result #​11390
  • Should SAML metadata EntityDescriptor tag have the md: prefix? #​11311
  • Update opaque-token.adoc #​11303

🔨 Dependency Upgrades

  • Update aspectj-plugin to 6.4.3.1 #​11402
  • Update hibernate-entitymanager to 5.6.9.Final #​11405
  • Update io.projectreactor to 2020.0.20 #​11403
  • Update jackson-bom to 2.13.3 #​11399
  • Update jackson-databind to 2.13.3 #​11400
  • Update jackson-datatype-jsr310 to 2.13.3 #​11401
  • Update org.jetbrains.kotlinx to 1.6.3 #​11406
  • Update org.opensaml:opensaml-core4 to 4.1.1 #​11410
  • Update org.springframework to 5.3.21 #​11407
  • Update org.springframework.data to 2021.2.1 #​11408
  • Update reactor-netty to 1.0.20 #​11404
  • Update spring-ldap-core to 2.4.1 #​11409

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.7.1

Compare Source

🪲 Bug Fixes

  • StrictHttpFirewall incorrectly rejects valid CJKV characters #​11266

v5.7.0

Compare Source

⭐ New Features

  • Check Samples should run against the current artifacts #​11199
  • Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager#isAuthorized #​11188
  • Remember me should detect UserDetailsService bean #​11170
  • WebSessionServerSecurityContextRepository provides Mono.cache option #​8422
  • X509 should detect UserDetailsService bean #​11174

🪲 Bug Fixes

  • @EnableMethodSecurity doesn't resolve annotations on interfaces through a Proxy #​11177
  • Add shouldFilterAllDispatcherTypes to Kotlin DSL #​11153
  • Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator #​11165
  • Multiple .requestMatchers().mvcMatchers() override previous one #​11185

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.6.12

Compare Source

🪲 Bug Fixes

  • Use default PathPatternParser instance #​13460

🔨 Dependency Upgrades

  • Update io.projectreactor to 2020.0.34 #​13505
  • Update org.springframework to 5.3.29 #​13508
  • Update reactor-netty to 1.0.34 #​13506

v5.6.11

Compare Source

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

  • Update blockhound to 1.0.8.RELEASE #​13390
  • Update hibernate-entitymanager to 5.6.15.Final #​13400
  • Update io.projectreactor to 2020.0.33 #​13387
  • Update io.rsocket to 1.1.4 #​13392
  • Update io.spring.nohttp to 0.0.11 #​13394
  • Update jackson-bom to 2.13.5 #​13375
  • Update jackson-databind to 2.13.5 #​13378
  • Update jackson-datatype-jsr310 to 2.13.5 #​13381
  • Update logback-classic to 1.2.12 #​13372
  • Update mockk to 1.12.8 #​13384
  • Update org.antora.gradle.plugin to 1.0.0 #​13396
  • Update org.aspectj to 1.9.19 #​13398
  • Update org.eclipse.jetty to 9.4.51.v20230217 #​13399
  • Update org.springframework to 5.3.28 #​13401
  • Update reactor-netty to 1.0.33 #​13389

v5.6.10

Compare Source

⭐ New Features

  • Replace deprecated set-state set-output GitHub Action's commands #​12032
  • update generateAntora task to make prereleases unique #​12083

🪲 Bug Fixes

  • DefaultLdapAuthoritiesPopulator throws NullPointerException #​12090
  • docs: fix realm typo #​12120
  • Fix AuthorizationFilter diagram in docs #​12274
  • Fix typo in DefaultLoginPageConfigurer Javadoc #​12311
  • Fix typo on opaque-token.adoc #​12114
  • Fix: Replace tenantRepository with tenants #​12269
  • Incorrect scope map fix #​12144
  • OAuth 2.0 Resource Server Multi-tenancy - documentation improvement #​12295
  • Outdated example in Javadoc of UrlAuthorizationConfigurer #​11487
  • Saml2MetadataFilter response should configure writer to UTF-8 #​12026
  • SEC-2839: SecurityNamespaceHandler - related to SEC-1455 #​3065
  • Update the RP-initiated Logout links #​12081

🔨 Dependency Upgrades

  • Change gradle.plugin.org.gretty:gretty:3.0.1 to org.gretty:gretty:3.0.9 #​12152
  • Update Gradle to 7.5.1 #​11779
  • Update hibernate-entitymanager to 5.6.14.Final #​12388
  • Update httpclient to 4.5.14 #​12386
  • Update io.projectreactor to 2020.0.26 #​12384
  • Update jackson-bom to 2.13.4.20221013 #​12381
  • Update jackson-databind to 2.13.4.2 #​12382
  • Update mockk to 1.12.8 #​12383
  • Update org.eclipse.jetty to 9.4.50.v20221201 #​12387
  • Update org.springframework to 5.3.24 #​12389
  • Update org.springframework.data to 2021.1.10 #​12390
  • Update reactor-netty to 1.0.26 #​12385

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.6.9

Compare Source

🪲 Bug Fixes

  • Fix AuthorizationFilter incorrectly extending OncePerRequestFilter #​12102
  • Fix scope mapping #​12101

v5.6.8

Compare Source

⭐ New Features

  • automatically manage docs version (with collector) #​11943

🪲 Bug Fixes

  • Add rncToXsd task description to CONTRIBUTING.adoc #​11935
  • AuthenticationEventPublisher bean is not picked up if no UserDetailsService bean #​11730
  • Build fails with missing project property cloneOutputDirectory #​11969
  • GitHubMilestoneApiTests due_on Should Use LocalDate #​11708
  • HttpSecurity Bean does not set DefaultAuthenticationEventPublisher #​11728
  • NamespaceLdapAuthenticationProviderTests Should Use Dynamic Port #​11712
  • RemoteJwkSet is not refreshed when encountering an unknown KID #​11724
  • Updated reference to architecture page #​11778

🔨 Dependency Upgrades

  • Update Gradle Enterprise plugin to 3.11.1 #​11827
  • Update hibernate-entitymanager to 5.6.12.Final #​12005
  • Update io.projectreactor to 2020.0.24 #​12001
  • Update io.rsocket to 1.1.3 #​12003
  • Update jackson-bom to 2.13.4.20221012 #​11997
  • Update jackson-databind to 2.13.4.1 #​11998
  • Update jackson-datatype-jsr310 to 2.13.4 #​11999
  • Update mockk to 1.12.8 #​12000
  • Update org.eclipse.jetty to 9.4.49.v20220914 #​12004
  • Update org.springframework to 5.3.23 #​12006
  • Update org.springframework.data to 2021.1.8 #​12007
  • Update reactor-netty to 1.0.24 #​12002

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v5.6.7

Compare Source

⭐ New Features

  • Add Kotlin example showing integration with WebTestClient #​11612
  • Set permissions for GitHub actions #​11644

🪲 Bug Fixes

  • Add Deprecated annotation to WebSecurity#securityInterceptor #​11636
  • Fix saganCreateRelease saganDeleteRelease Required Permissions #​11426
  • org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute" #​11608
  • RequestRejectedHandler does not reliable prevent Internal Server Error #​11673
  • Sources and javadocs missing in latest snapshots #​11629
  • Spring Security Bcrypt with strength/log rounds = 31 results in 'Bad number of rounds' error although 31 should be ok #​11485

🔨 Dependency Upgrades

  • Update hibernate-entitymanager to 5.6.10.Final #​11683
  • Update io.projectreactor to 2020.0.22 #​11680
  • Update jsonassert to 1.5.1 #​11684
  • Update mockk to 1.12.5 #​11679
  • Update org.eclipse.jetty to 9.4.48.v20220622 #​11682
  • Update org.springframework to 5.3.22 #​11685
  • Update org.springframework.data to 2021.1.6 #​11686
  • Update reactor-netty to 1.0.22 #​11681

v5.6.6

Compare Source

⭐ New Features

  • Consider updating testing examples to use JUnit Jupiter #​11292

🪲 Bug Fixes

  • CsrfWebFilter null save content-type check #​11342
  • Docs example uses access(String) with authorizeHttpRequests() #​11297
  • Fix typo in BasicLookupStrategy Javadoc #​11340
  • OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #​11385
  • SAML request encoding: on redirect binding, base64 encoded message contains CRLF #​11285
  • Should SAML metadata EntityDescriptor tag have the md: prefix? #​11310
  • Some Security Expressions cause NPE when used within @Query #​11290

🔨 Dependency Upgrades

  • Update hibernate-entitymanager to 5.6.9.Final #​11416
  • Update io.projectreactor to 2020.0.20 #​11414
  • Update jackson-bom to 2.13.3 #​11411
  • Update jackson-databind to 2.13.3 #​11412
  • Update jackson-datatype-jsr310 to 2.13.3 #​11413
  • Update org.opensaml:opensaml-core4 to 4.1.1 #​11420
  • Update org.springframework to 5.3.21 #​11417
  • Update org.springframework.data to 2021.1.5 #​11418
  • Update reactor-netty to 1.0.20 #​11415
  • Update spring-ldap-core to 2.3.8.RELEASE #​11419

v5.6.5

Compare Source

🪲 Bug Fixes

  • StrictHttpFirewall incorrectly rejects valid CJKV characters #​11267

v5.6.4

Compare Source

⭐ New Features

  • Check Samples should run against the current artifacts #​11200

🪲 Bug Fixes

  • Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator #​11166
  • Multiple .requestMatchers().mvcMatchers() override previous one #​11186

🔨 Dependency Upgrades

v5.6.3

Compare Source

🪲 Bug Fixes

  • AuthorizationManagerWebInvocationPrivilegeEvaluator should grant access when AuthorizationManager abstains #​10951
  • Change HashSet to LinkedHashSet for RelyingPartyRegistration credentials #​10916
  • Fix saml2 authentication-requests documentation #​11047
  • Remove "Hi servlet/authentication/architecture there" from docs #​10963

🔨 Dependency Upgrades

  • Update hibernate-entitymanager to 5.6.8.Final #​11124
  • Update io.projectreactor to 2020.0.18 #​11119
  • Update io.rsocket to 1.1.2 #​11121
  • Update jackson-bom to 2.13.2.20220328 #​11115
  • Update jackson-databind to 2.13.2.2 #​11116
  • Update jackson-datatype-jsr310 to 2.13.2 #​11117
  • Update logback-classic to 1.2.11 #​11114
  • Update mockk to 1.12.3 #​11118
  • Update org.aspectj to 1.9.9.1 #​11122
  • Update org.eclipse.jetty to 9.4.46.v20220331 #​11123
  • Update org.springframework to 5.3.19 #​11125
  • Update org.springframework.data to 2021.1.3 #​11126
  • Update reactor-netty to 1.0.18 #​11120
  • Update spring-ldap-core to 2.3.7.RELEASE #​11127

v5.6.2

Compare Source

⏪ Breaking Changes

  • Saml2 metadata includes SingleLogoutService even if saml2 logout is disabled / not configured #​10734

⭐ New Features

  • Document Authorize HTTP Requests for Reactive Security #​10801
  • Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator #​10682

🪲 Bug Fixes

  • add Kotlin examples for Spring Data Integration of servlet application #​10848
  • commons-logging:commons-logging is a transitive dependency of some modules #​10772
  • Do not rely on javax. group ids #​10770
  • Fix broken link to SAML2 login example #​10806
  • Getting Spring Security Reference Docs have a error #​10796
  • Make source code compatible with JDK 8 #​10699
  • Replace StringUtils class of oauth2-oidc-sdk completely #​10824
  • RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext #​10792
  • WebInvocationPrivilegeEvaluator Bean should support multiple SecurityFilterChains #​10680

🔨 Dependency Upgrades

  • Update hibernate-entitymanager to 5.6.5.Final #​10873
  • Update io.projectreactor to 2020.0.16 #​10867
  • Update io.spring.javaformat to 0.0.31 #​10870
  • Update logback-classic to 1.2.10 #​10865
  • Update mockk to 1.12.2 #​10866
  • Update org.aspectj to 1.9.8 #​10871
  • Update org.eclipse.jetty to 9.4.45.v20220203 #​10872
  • Update org.slf4j to 1.7.36 #​10874
  • Update org.springframework to 5.3.16 #​10875
  • Update org.springframework.data to 2021.1.2 #​10876
  • Update r2dbc-h2 to 0.8.5.RELEASE #​10869
  • Update reactor-netty to 1.0.16 #​10868
  • Update spring-ldap-core to 2.3.6.RELEASE #​10877

v5.6.1

Compare Source

⭐ New Features

  • Document authentication helper method in WebClient integration #​10468
  • Document authentication helper method in WebClient integration for Servlet Environments #​10120
  • Document parameters converter in oauth2 client servlet docs #​10469
  • Document parameters converter in oauth2 client servlet docs #​10467

🪲 Bug Fixes

  • AuthorityAuthorizationManager incorrectly compares GrantedAuthority #​10595
  • clockSkew Javadoc is not consistent with implementation #​10535
  • Invalid_request failures in JwtTokenValidators are always turned into invalid_token errors #​10560
  • Kotlin DSL examples in reactive oauth2 docs call build twice #​10591
  • StaticServerHttpHeadersWriter should work with case-insensitive header names #​10581

🔨 Dependency Upgrades

  • Update cas-client-core to 3.6.4 #​10654
  • Update hibernate-entitymanager to 5.6.3.Final #​10653
  • Update io

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Apr 17, 2023
@mend-for-github-com mend-for-github-com bot changed the title Update dependency org.springframework.security:spring-security-web to v5 Update dependency org.springframework.security:spring-security-web to v5 - autoclosed Apr 20, 2023
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/org.springframework.security-spring-security-web-5.x branch April 20, 2023 00:06
@mend-for-github-com mend-for-github-com bot changed the title Update dependency org.springframework.security:spring-security-web to v5 - autoclosed Update dependency org.springframework.security:spring-security-web to v5 Apr 20, 2023
@mend-for-github-com mend-for-github-com bot reopened this Apr 20, 2023
@mend-for-github-com mend-for-github-com bot restored the whitesource-remediate/org.springframework.security-spring-security-web-5.x branch April 20, 2023 09:28
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/org.springframework.security-spring-security-web-5.x branch from bb4b4f7 to d2e569f Compare January 8, 2024 06:18
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/org.springframework.security-spring-security-web-5.x branch from d2e569f to 144c852 Compare April 6, 2024 12:19
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/org.springframework.security-spring-security-web-5.x branch from 144c852 to 4d72d79 Compare October 23, 2024 18:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants