67b15be917
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20
...
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback ) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases )
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20 )
---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
dependency-version: 1.5.20
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-10-20 03:18:21 +00:00
217a29e6ba
Bump org.springframework.data:spring-data-bom
...
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom ) from 2024.1.10 to 2024.1.11.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases )
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.10...2024.1.11 )
---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
dependency-version: 2024.1.11
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-10-20 03:12:54 +00:00
b2d6380633
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20
...
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback ) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases )
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20 )
---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
dependency-version: 1.5.20
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-10-20 03:12:45 +00:00
9dc27bee03
Link to gh-18077
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
2025-10-19 17:03:19 -05:00
a181733365
Encapsulate GenericHttpMessageConverterAdapter
...
This will allow its removal in gh-18073
2025-10-19 17:03:19 -05:00
51e8f8f1c6
Deprecate WebAuthnAuthenticationFilter.setConverter(GenericHttpMessageConverter)
...
This makes sense given that Framework's new Jackson support is a
SmartHttpMessageConverter. Additionally,
GenericHttpMessageConverterAdapter is now package private to encapsulate
it.
Issue gh-18073
2025-10-19 17:03:19 -05:00
d309f1887e
Remove Extra Blank Line from CoreJacksonModule
2025-10-19 17:03:19 -05:00
5e851e0b26
Remove JdbcOAuth2AuthorizationService.Mapper
...
- We should not introduce an unnecessary public API
- It would need to be removed when Jackson 2 support was removed, but
was required to configure Jackson 3 support
- There are already existing interfaces that could be used
- OAuth2AuthorizationRowMapper & OAuth2AuthorizationParametersMapper had
unnecessary breaking changes by removing getter/setter for ObjectMapper
- To prevent NoClassDefFoundErrors all optional (Jackson) dependencies
need to be on different classes & we wish to preserve the existing
accessors for ObjectMapper which is this uses subclasses
- With added TestAuthenticationTokenMixin support, no need to explicitly
add it in tests
2025-10-19 17:03:19 -05:00
803936cfbe
JacksonDelegate uses SecurityJacksonModules
2025-10-19 17:03:19 -05:00
50568da1e5
Add Jackson 3 TestingAuthenticationToken Support
...
Without this many of the tests fail when using Jackson 3
2025-10-19 17:03:19 -05:00
8f8a25533a
Refine documentation for Jackson 3
...
This commit refines the documentation by:
- Updating Jackson documentation for Jackson 3
- Removing the outdated documentation in servlet
- Adding migration guidelines
Closes gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2025-10-19 17:03:19 -05:00
137f8fd670
Add support for JacksonJsonHttpMessageConverter
...
This commit introduces classpath checks and instantiation of
JacksonJsonHttpMessageConverter (based on Jackson 3) leveraging
a new GenericHttpMessageConverterAdapter which allows to adapt
SmartHttpMessageConverter to GenericHttpMessageConverter.
See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2025-10-19 17:03:19 -05:00
702a177e25
Add webauthn Jackson 3 support and deprecate Jackson 2 one
...
Since this module was already using the jackson sub-package for Jackson 2
support, both Jackson 2 and Jackson 3 support lives in the same subpackage
and the former package-private classes has been renamed with a Jackson2
qualifier.
See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2025-10-19 17:03:19 -05:00
48854c3ac9
Deprecate Jackson 2 support
...
This commit does not cover webauthn which is a special case (uses
jackson sub-package for Jackson 2 support) which will be handled in
a distinct commit.
See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2025-10-19 17:03:19 -05:00
65a14d6c6d
Add Jackson 3 support
...
This commit adds support for Jackson 3 which has the following
major differences with the Jackson 2 one:
- jackson subpackage instead of jackson2
- Jackson type prefix instead of Jackson2
- JsonMapper instead of ObjectMapper
- For configuration, JsonMapper.Builder instead of ObjectMapper
since the latter is now immutable
- Remove custom support for unmodifiable collections
- Use safe default typing via a PolymorphicTypeValidator
Jackson 3 changes compared to Jackson 2 are documented in
https://cowtowncoder.medium.com/jackson-3-0-0-ga-released-1f669cda529a
and
https://github.com/FasterXML/jackson/blob/main/jackson3/MIGRATING_TO_JACKSON_3.md .
This commit does not cover webauthn which is a special case (uses
jackson sub-package for Jackson 2 support) which will be handled in
a distinct commit.
See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2025-10-19 17:03:19 -05:00
916a687b29
Add Jackson 3 BOM
...
See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2025-10-19 17:03:19 -05:00
762fcbb516
Add .kotlin/ to .gitignore
...
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2025-10-19 17:03:19 -05:00
fc795a81d4
PAR uses requested scopes on consent
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Has been cancelled
Details
Issue https://github.com/spring-projects/spring-authorization-server/pull/2182
2025-10-17 16:14:31 -04:00
4bc319883b
Address Nullability
2025-10-17 14:03:15 -06:00
cb7a6292b7
Bump io.spring.nullability:io.spring.nullability.gradle.plugin
...
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin ) from 0.0.5 to 0.0.6.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases )
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.5...v0.0.6 )
---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
dependency-version: 0.0.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-10-17 14:03:15 -06:00
bbf6a4e786
Merge branch '6.5.x'
2025-10-17 13:50:05 -06:00
ba2619cb8a
Merge remote-tracking branch 'origin/6.4.x' into 6.5.x
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled
Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled
Details
CI / Build (17, windows-latest) (push) Has been cancelled
Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled
Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled
Details
CI / Check Samples (push) Has been cancelled
Details
Deploy Docs / build (push) Has been cancelled
Details
CI / Deploy Artifacts (push) Has been cancelled
Details
CI / Deploy Docs (push) Has been cancelled
Details
CI / Deploy Schema (push) Has been cancelled
Details
CI / Perform Release (push) Has been cancelled
Details
CI / Send Notification (push) Has been cancelled
Details
2025-10-17 13:49:54 -06:00
43c53c3b78
Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12
...
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled
Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled
Details
CI / Build (17, windows-latest) (push) Has been cancelled
Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled
Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled
Details
CI / Check Samples (push) Has been cancelled
Details
Deploy Docs / build (push) Has been cancelled
Details
CI / Deploy Artifacts (push) Has been cancelled
Details
CI / Deploy Docs (push) Has been cancelled
Details
CI / Deploy Schema (push) Has been cancelled
Details
CI / Perform Release (push) Has been cancelled
Details
CI / Send Notification (push) Has been cancelled
Details
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework ) from 6.2.11 to 6.2.12.
- [Release notes](https://github.com/spring-projects/spring-framework/releases )
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.11...v6.2.12 )
---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
dependency-version: 6.2.12
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-10-17 13:48:50 -06:00
b1e16cd147
Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15
...
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap ) from 3.2.14 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases )
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt )
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.14...3.2.15 )
---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
dependency-version: 3.2.15
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-10-17 13:48:30 -06:00
9961e6d56c
Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12
...
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework ) from 6.2.11 to 6.2.12.
- [Release notes](https://github.com/spring-projects/spring-framework/releases )
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.11...v6.2.12 )
---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
dependency-version: 6.2.12
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-10-17 13:48:13 -06:00
cbad2ff5ca
Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15
...
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap ) from 3.2.14 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases )
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt )
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.14...3.2.15 )
---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
dependency-version: 3.2.15
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-10-17 13:47:56 -06:00
63c8b0faa3
Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.15
...
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap ) from 3.2.13 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases )
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt )
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.13...3.2.15 )
---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
dependency-version: 3.2.15
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-10-17 13:46:16 -06:00
a435175723
Clean Up Generic Typing in Builder
...
Issue gh-17997
2025-10-17 11:13:00 -06:00
4b810a8971
Disallow usage of the openid scope in device authorization requests
...
Issue https://github.com/spring-projects/spring-authorization-server/pull/2177
2025-10-17 11:41:30 -04:00
0d261e9c32
Remove setOidcUserMapper() in OidcUserService and OidcReactiveOAuth2UserService
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Closes gh-18060
2025-10-16 16:29:52 -04:00
c5e141ad07
Change JavaDoc to FactorGrantedAuthority
...
Issue gh-18030
2025-10-16 14:00:43 -06:00
ba42b9c4cc
Update Documentation for All-Factor Propagation
...
Issue gh-18000
2025-10-16 13:41:46 -06:00
b1a50a25b6
Check If toBuilder Is Implemented
...
Since RC1 is right around the corner, let's change the API
footprint as little as possible by using reflection to check
if a class has declared toBuilder themselves. If they have, we
can assume that that class's builder will produce that class.
Issue gh-18052
2025-10-16 13:41:45 -06:00
4281f6b00b
Prevent Duplicate Authorities
...
Issue gh-17981
2025-10-16 13:41:45 -06:00
0fcef6dca2
Add Missing Mock Configuration
2025-10-16 13:41:45 -06:00
2e7cdd7b14
Revert "Merge branch 'builder-enhancements'"
...
This reverts commit 95644fb73cfbf7bb3be1
2025-10-16 13:41:45 -06:00
cefc0cddec
Propagate All Missing Factors
...
Closes gh-18000
2025-10-16 13:41:45 -06:00
af1de950ae
Align setRetrieveUserInfo() between OidcUserService and OidcReactiveOAuth2UserService
...
Closes gh-18057
2025-10-16 15:12:10 -04:00
7f29585df4
Remove OidcUserService.setAccessibleScopes()
...
Closes gh-18056
2025-10-16 15:12:10 -04:00
2eb5da3764
Deprecate CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
The member is public, so we need to deprecate it rather than remove it.
Issue gh-18035
Closes gh-18058
2025-10-16 14:03:19 -05:00
f5d33457dc
Fix-typos
...
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-10-16 14:03:19 -05:00
938a5a7c77
Fix typo in AuthenticationProvider Javadoc
...
Signed-off-by: parthokr <partho.kr@proton.me>
2025-10-16 13:54:00 -05:00
f03213383e
Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12
...
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer ) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases )
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12 )
---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
dependency-version: 1.14.12
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-10-16 12:54:46 -05:00
fc2b1f9923
Merge branch '6.5.x'
2025-10-16 12:53:33 -05:00
dee33b5337
Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled
Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled
Details
CI / Build (17, windows-latest) (push) Has been cancelled
Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled
Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled
Details
CI / Check Samples (push) Has been cancelled
Details
Deploy Docs / build (push) Has been cancelled
Details
CI / Deploy Artifacts (push) Has been cancelled
Details
CI / Deploy Docs (push) Has been cancelled
Details
CI / Deploy Schema (push) Has been cancelled
Details
CI / Perform Release (push) Has been cancelled
Details
CI / Send Notification (push) Has been cancelled
Details
2025-10-16 12:52:50 -05:00
9f936015ff
Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12
2025-10-16 12:52:46 -05:00
79dfbe14c2
Merge branch '6.4.x' into 6.5.x
2025-10-16 12:52:34 -05:00
b75f2582c4
Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled
Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled
Details
CI / Build (17, windows-latest) (push) Has been cancelled
Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled
Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled
Details
CI / Check Samples (push) Has been cancelled
Details
Deploy Docs / build (push) Has been cancelled
Details
CI / Deploy Artifacts (push) Has been cancelled
Details
CI / Deploy Docs (push) Has been cancelled
Details
CI / Deploy Schema (push) Has been cancelled
Details
CI / Perform Release (push) Has been cancelled
Details
CI / Send Notification (push) Has been cancelled
Details
2025-10-16 12:51:41 -05:00
67c3ceb611
Fix NullAway error
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Related https://github.com/spring-projects/spring-framework/pull/35629
2025-10-15 14:53:06 -04:00
95644fb73c
Merge branch 'builder-enhancements'
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Issue gh-18052
Issue gh-18053
2025-10-15 12:02:41 -06:00
dependabot[bot]
Rob Winch
Sébastien Deleuze
Joe Grandja
Josh Cummings
Tran Ngoc Nhan
parthokr