root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 18 Packages Projects Releases Wiki Activity
19,841 Commits 47 Branches 367 Tags 124 MiB
Commit Graph

19841 Commits

Author SHA1 Message Date
Josh Cummings 4daf089e46 Merge remote-tracking branch 'origin/6.5.x'
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
Deploy Docs / build (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
2025-10-28 12:08:53 -06:00
namest504 6501e97ece Fix sensitive case in JwtTypeValidator
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details 
Closes gh-18092

Signed-off-by: namest504 <namest504@gmail.com>
 2025-10-28 12:08:29 -06:00
dependabot[bot] ee49c18ce2
Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.33.Final to 6.6.34.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.34/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.33...6.6.34)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.34.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-28 03:20:26 +00:00
dependabot[bot] f0afca7610
Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.4.1 to 2.18.5.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.4.1...jackson-bom-2.18.5)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-28 03:19:44 +00:00
dependabot[bot] 8b0689cbb8
Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.33.Final to 6.6.34.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.34/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.33...6.6.34)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.34.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-28 03:15:58 +00:00
dependabot[bot] 28e158d1cb
Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.4.1 to 2.18.5.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.4.1...jackson-bom-2.18.5)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-28 03:15:38 +00:00
Josh Cummings 3a84894bf4 Revert "Add AuthorizationProxyMixin"
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details 
This reverts commit 743817fc15.
 2025-10-27 17:30:44 -06:00
Joe Grandja 90855aa128 Missing response_type in POST authorization request returns invalid_request
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
Deploy Docs / build (push) Has been cancelled Details
Update Antora UI Spring / Update on Supported Branches (6.2.x) (push) Has been cancelled Details
Update Antora UI Spring / Update on Supported Branches (6.3.x) (push) Has been cancelled Details
Update Antora UI Spring / Update on Supported Branches (main) (push) Has been cancelled Details
Update Antora UI Spring / Update on docs-build (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
Clean build artifacts / main (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Release Scheduler / Dispatch scheduled releases (6.3.x) (push) Has been cancelled Details
Release Scheduler / Dispatch scheduled releases (6.4.x) (push) Has been cancelled Details
Release Scheduler / Dispatch scheduled releases (6.5.x) (push) Has been cancelled Details
Release Scheduler / Dispatch scheduled releases (main) (push) Has been cancelled Details 
Issue https://github.com/spring-projects/spring-authorization-server/issues/2226
 2025-10-24 05:55:45 -04:00
dependabot[bot] 36f1f2ca4f
Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 2.2.20 to 2.2.21 
Bumps [org.jetbrains.kotlin:kotlin-gradle-plugin](https://github.com/JetBrains/kotlin) from 2.2.20 to 2.2.21.
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/v2.2.21/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v2.2.20...v2.2.21)

---
updated-dependencies:
- dependency-name: org.jetbrains.kotlin:kotlin-gradle-plugin
  dependency-version: 2.2.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-24 03:11:20 +00:00
dependabot[bot] 46b6744b42
Bump org.jetbrains.kotlin:kotlin-bom from 2.2.20 to 2.2.21 
Bumps [org.jetbrains.kotlin:kotlin-bom](https://github.com/JetBrains/kotlin) from 2.2.20 to 2.2.21.
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/v2.2.21/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v2.2.20...v2.2.21)

---
updated-dependencies:
- dependency-name: org.jetbrains.kotlin:kotlin-bom
  dependency-version: 2.2.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-24 03:09:22 +00:00
dependabot[bot] 9f7e92d6f2 Bump tools.jackson:jackson-bom from 3.0.0 to 3.0.1
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details 
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 3.0.0 to 3.0.1.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.0.0...jackson-bom-3.0.1)

---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-23 09:33:13 -05:00
Josh Cummings 727f0e27d6 Merge branch '6.5.x'
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Has been cancelled Details
2025-10-20 17:42:52 -06:00
Josh Cummings f548aaf5c5 Merge branch '6.4.x' into 6.5.x
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
2025-10-20 17:42:25 -06:00
Josh Cummings 743817fc15 Add AuthorizationProxyMixin 
This commit adds Jackson configuration specific to
authorization proxies created by Spring Security

Closes gh-18077
 2025-10-20 17:16:21 -06:00
Josh Cummings fb701e4615 Merge remote-tracking branch 'origin/6.5.x' 2025-10-20 17:10:05 -06:00
Josh Cummings 1c112005fa Don't Attempt to Generate Token Without Valid Token Request 
Closes gh-18088

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2025-10-20 17:09:43 -06:00
Marcus Hert da Coregio e0a71eb00e Fix GenerateOneTimeTokenRequestResolver ignored if username param not present 
Signed-off-by: Marcus Hert da Coregio <marcusdacoregio@gmail.com>
 2025-10-20 17:09:43 -06:00
Josh Cummings 69d28dc35b Merge branch '6.5.x' 2025-10-20 17:07:34 -06:00
Josh Cummings 42ddaba870 Next Development Version 2025-10-20 17:07:18 -06:00
Josh Cummings da46ba2619 Update Password Samples for Nullability 
Issue gh-16226
 2025-10-20 17:04:22 -06:00
Josh Cummings a406f5fe2d Merge remote-tracking branch 'origin/6.5.x' 2025-10-20 16:46:49 -06:00
Himanshu Pareek dcb4e47cd5 Add Include-Code to the Password Storage page
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details 
References gh-16226

Signed-off-by: Himanshu Pareek <himanshupareekiit01@gmail.com>
 2025-10-20 16:35:23 -06:00
Rob Winch 82f87cf2b6
Next Development Version
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
2025-10-20 16:55:17 -05:00
Josh Cummings 0a2f55d485 Clarify Nullability in Granted Authority Lambda
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details 
Issue gh-17999
 2025-10-20 15:22:24 -06:00
Andrey Litvitski 9b61533db2 Mark `GrantedAuthority#getAuthority` as `@Nullable` 
Closes: gh-17999

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-10-20 15:22:24 -06:00
Josh Cummings eb43830260 Polish JavaDoc 
1. Removed comment about not changing field name in a
serialized object as this is true for all fields in a
Java-serialize POJO
2. Added example value for the constructor that demonstrates
the relationship between a role and an authority

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2025-10-20 15:18:11 -06:00
Yanming Zhou b55c28cf25 Polish SimpleGrantedAuthority 
1. Add Javadoc to state that role is prefixed.
2. Rename constructor argument from `role` to `authority` for better readability.

Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-10-20 15:18:11 -06:00
Simon Von 0927bed66a 📔 Documentation 
1. Correct the org.springframework.security.config.annotation.web.LogoutDsl's property description

Signed-off-by: Simon Von <g1672943850@gmail.com>
 2025-10-20 15:17:32 -06:00
Josh Cummings 9ed446e6f5 Next Development Version 2025-10-20 15:15:57 -06:00
github-actions[bot] d5e6da5aba Release 7.0.0-RC1
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details
2025-10-20 17:32:34 +00:00
Rob Winch 4d2bd30c75
Update to Reactor 2025.0.0-RC1 
Closes gh-18087
 2025-10-20 12:31:09 -05:00
Rob Winch 5acad99852
Revert "Release 7.0.0-RC1" 
This reverts commit e616688f56.
 2025-10-20 12:29:58 -05:00
github-actions[bot] e616688f56 Release 7.0.0-RC1 2025-10-20 17:26:08 +00:00
github-actions[bot] 56a23d9ddc Release 6.5.6
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details
2025-10-20 17:17:40 +00:00
github-actions[bot] dc5aed9b5f Release 6.4.12
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details
2025-10-20 17:17:37 +00:00
Josh Cummings 9c7b34a48b Favor Relative Redirects by Default 
Closes gh-16300
 2025-10-20 10:25:17 -06:00
Josh Cummings d5d7fd414d Update What's New 2025-10-20 10:25:17 -06:00
Rob Winch 491a3e8f68
Update to Spring LDAP 4.0.0-RC1 
Closes gh-18086
 2025-10-20 09:35:15 -05:00
Rob Winch 43d20ea91f
Update to Spring Data 2025.1.0-RC1 
Closes gh-18085
 2025-10-20 09:35:14 -05:00
Rob Winch 24241d0384
Update to Spring Framework 7.0.0-RC1 
Closes gh-18084
 2025-10-20 09:35:14 -05:00
dependabot[bot] cb8c2b090c Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 09:17:01 -05:00
Rob Winch e94de4d0e3
Merge branch '6.5.x' 2025-10-20 09:16:23 -05:00
Rob Winch cb994aad6c
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 2025-10-20 09:15:32 -05:00
Rob Winch 6f6ee0c060
Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 2025-10-20 09:15:30 -05:00
Rob Winch 9cecc2cf09
Merge branch '6.4.x' into 6.5.x 2025-10-20 09:15:18 -05:00
Rob Winch f19c9c8625
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 2025-10-20 09:14:31 -05:00
Rob Winch 95abf61c88
Refine Jackson 3 format description 2025-10-20 09:11:22 -05:00
Joe Grandja 22cbb13f7d Add comments to SQL-scripts to ensure robust timezone handling 
Issue https://github.com/spring-projects/spring-authorization-server/pull/2217
 2025-10-20 07:12:50 -04:00
Joe Grandja fc8b6b5863 Return PAR endpoint metadata only when enabled 
Issue https://github.com/spring-projects/spring-authorization-server/issues/2219
 2025-10-20 06:06:24 -04:00
dependabot[bot] 8b89e31e3d
Bump org.springframework.data:spring-data-bom 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.10 to 2024.1.11.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.10...2024.1.11)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:18:26 +00:00