f2ddeaface
Merge remote-tracking branch 'origin/5.8.x'
2022-10-17 15:01:30 -06:00
cfb7c87dfd
Merge remote-tracking branch 'origin/5.7.x' into 5.8.x
2022-10-17 15:00:40 -06:00
6b25307339
Merge remote-tracking branch 'origin/5.6.x' into 5.7.x
2022-10-17 14:57:39 -06:00
89c815032c
Fix Index Out of Bounds
2022-10-17 14:52:03 -06:00
4ba8f8bfe0
Update What's New
...
Closes gh-12024
2022-10-13 20:08:31 -06:00
f4cc27c375
Change Default for (Server)AuthenticationEntryPointFailureHandler
...
Closes gh-9429
2022-10-13 20:03:03 -06:00
d6356415f9
Polish whats-new.adoc
2022-10-13 13:42:04 -05:00
74e0616451
Update What's New for 6.0
2022-10-13 13:42:04 -05:00
5a55987d6e
Add links to reference in What's New for 5.8
...
Issue gh-4001
Issue gh-11959
2022-10-13 12:52:01 -05:00
59c4538798
Update What's New
...
Closes gh-12021
2022-10-13 10:13:20 -06:00
fe96a62dfc
Document Observability Support
...
Issue gh-10964
2022-10-12 20:32:25 -06:00
bf1e622751
Update What's New in 6.0 for PasswordEncoders
...
Issue gh-11985
2022-10-12 08:27:46 -04:00
716aa6df5c
Merge branch '5.8.x'
2022-10-12 07:43:26 -04:00
ffbcaca24a
Update reference for PasswordEncoders
...
Issue gh-10506
2022-10-12 07:32:30 -04:00
c5e35bf32e
Merge branch '5.8.x'
...
Closes gh-11978
2022-10-10 09:24:50 -03:00
4b6fed0667
Add static factory method to AntPathRequestMather and RegexRequestMatcher
...
Closes gh-11938
2022-10-10 09:24:15 -03:00
27059ced87
Default X-Xss-Protection header value to "0"
...
Closes gh-9631
2022-10-07 17:42:55 -05:00
6753f9745e
Merge branch '5.8.x'
...
# Conflicts:
# config/src/test/kotlin/org/springframework/security/config/web/server/ServerCsrfDslTests.kt
# docs/modules/ROOT/pages/reactive/exploits/csrf.adoc
2022-10-07 17:29:07 -05:00
f462134e87
Add reactive support for BREACH
...
Closes gh-11959
2022-10-07 16:34:17 -05:00
398f5dee7f
Remove deprecated RequestMatcher methods from Java Configuration
...
Closes gh-11939
2022-10-07 15:26:46 -03:00
9fd195d419
Default to shouldFilterAllDispatcherTypes=true in XML
...
Closes gh-11970
2022-10-07 11:46:20 -03:00
146d3269bc
Merge branch '5.8.x'
...
Closes gh-11971
2022-10-07 10:28:14 -03:00
f3321c256c
Add XML support for shouldFilterAllDispatcherTypes
...
Closes gh-11492
2022-10-07 10:20:32 -03:00
12b9f2e196
use-authorization-manager defaults to true
...
Closes gh-11929
2022-10-06 08:12:46 -06:00
c4d23f2b49
Use MvcRequestMatcher by default if Spring MVC is present
...
Closes gh-11899
2022-10-06 09:12:04 -03:00
8b490de08d
Merge branch '5.8.x'
...
# Conflicts:
# docs/modules/ROOT/pages/servlet/exploits/csrf.adoc
2022-10-05 14:46:15 -05:00
dce1c30522
Add support for BREACH
...
Closes gh-4001
2022-10-05 14:21:13 -05:00
22cbd2c42e
Merge branch '5.8.x'
...
Closes gh-11957
2022-10-05 14:00:13 -05:00
a5cc1f0b60
Merge branch '5.7.x' into 5.8.x
...
Closes gh-11956
2022-10-05 13:58:44 -05:00
37dd896d4b
Merge branch '5.6.x' into 5.7.x
...
Closes gh-11955
2022-10-05 13:57:25 -05:00
e0843aabb1
automatically manage docs version (with collector)
2022-10-05 13:56:22 -05:00
c1fcf275d9
Update What's New for 5.8
...
Issue gh-11952
2022-10-05 13:48:18 -05:00
38a7bbd2eb
Merge branch '5.8.x'
2022-10-05 13:20:12 -03:00
ace8caa182
Remove mvcMatchers usage from docs
...
Issue gh-11347
2022-10-05 13:19:37 -03:00
35f7e46d05
Remove WebSecurityConfigurerAdapter
...
Closes gh-10902
2022-10-04 15:13:04 -03:00
5de6da890b
Merge branch '5.8.x'
...
Closes gh-dry-run
2022-10-04 11:18:00 -05:00
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
...
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
7c3cc1e386
Merge branch '5.8.x'
2022-10-03 14:29:51 -05:00
0e215a21ad
Add X-Xss-Protection headerValue to XML config
...
Issue gh-9631
2022-10-03 14:29:34 -05:00
ad2abd39dc
Merge branch '5.8.x'
...
Closes gh-11347 in 6.0.x
Closes gh-11945
2022-10-03 16:02:18 -03:00
039e0328e1
Simplify Java Configuration RequestMatcher Usage
...
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity
Closes gh-11347
Closes gh-9159
2022-10-03 15:55:20 -03:00
bf59d7c374
Update What's New for 5.8
2022-10-03 10:05:25 -05:00
43a1f8249c
Update What's New for 6.0
2022-09-29 15:57:48 -05:00
4d62621094
Merge branch '5.8.x'
2022-09-29 14:09:21 -05:00
7b1158ddb7
Merge branch '5.7.x' into 5.8.x
2022-09-29 14:09:10 -05:00
70c61dc1dd
Merge branch '5.6.x' into 5.7.x
2022-09-29 14:08:17 -05:00
c44230ba24
switch to offical Antora plugin for Gradle
...
- lock version to latest release of Antora 3.1
- rename properties on extension block
- use Node.js version provided by plugin
- remove package.json file
- assign environment variables using environments property on extension block
- use single quotes where possible in build script
- use default setting for log format
2022-09-29 14:05:09 -05:00
6c6aedf772
Update What's New for 6.0
2022-09-26 10:07:50 -05:00
181ee7410b
Change default authority for oauth2Login()
...
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.
* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER
Documentation has been updated to include this implementation detail.
Closes gh-7856
2022-09-26 10:06:31 -05:00
c0e784b16d
Update What's New for 6.0
2022-09-26 09:48:52 -05:00
Josh Cummings
Steve Riesenberg
Joe Grandja
Marcus Da Coregio
Daniel Garnier-Moiroux
Rob Winch
Dan Allen