Bump spring-security.version from 5.7.6 to 5.8.2 #2014

dependabot · 2023-02-24T02:57:18Z

Bumps spring-security.version from 5.7.6 to 5.8.2.
Updates spring-security-core from 5.7.6 to 5.8.2

Release notes

Sourced from spring-security-core's releases.

5.8.2

⭐ New Features

Add XorCsrfChannelInterceptor #12562

Document @EnableWebFluxSecurity requiring @Configuration in 6.0.0 #12434

fix unclosed block in docs #12553

Improve documentation on what changed in the default behaviour in version 6 vs 5.7 #12462

Spring Security 6.0 Migration Guide Should Mention @Configuration Meta-Annotation Removal From Configuration Annotations #12486

🪲 Bug Fixes

AuthorizationManager method security documentation should use AnnotationMatchingPointcut #12516

DefaultSavedRequest.doesRequestMatch does not work, when matchingRequestParameterName is set #12665

Document XMLObject retreival for Asserting Party metadata #12693

Jackson serialization of DefaultSaml2AuthenticatedPrincipal: LinkedMultiValueMap is not in the allowlist #12458

NimbusJwtDecoder unknown KID scenario is not correctly tested #12494

NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard #12686

SwitchUserFilter not working in Spring Security 6 #12510

Wrong name of the filter in the SecurityContextHolderFilter diagram #12526

🔨 Dependency Upgrades

Update blockhound to 1.0.7.RELEASE #12719

Update hibernate-entitymanager to 5.6.15.Final #12722

Update io.projectreactor to 2020.0.28 #12717

Update io.spring.nohttp to 0.0.11 #12720

Update jackson-bom to 2.13.5 #12714

Update jackson-databind to 2.13.5 #12715

Update jackson-datatype-jsr310 to 2.13.5 #12716

Update junit-bom to 5.9.2 #12723

Update org.aspectj to 1.9.19 #12721

Update org.junit.jupiter to 5.9.2 #12724

Update org.springframework to 5.3.25 #12725

Update org.springframework.data to 2021.2.8 #12739

Update org.springframework.data to 2021.2.8 #12726

Update reactor-netty to 1.0.28 #12718

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

@sjohnr

5.8.1

⭐ New Features

Add EnableWebSecurity migration steps to 5.8 guide #12334

Replace deprecated set-state set-output GitHub Action's commands #12298

🪲 Bug Fixes

... (truncated)

Commits

ce46f06 Release 5.8.2
a93cc3f Merge branch '5.7.x' into 5.8.x
2fcf48a Update org.springframework.data to 2021.2.8
0398d86 Update org.springframework to 5.3.25
c9112df Update hibernate-entitymanager to 5.6.15.Final
4156766 Update org.aspectj to 1.9.19
f125785 Update io.spring.nohttp to 0.0.11
4643c0d Update blockhound to 1.0.7.RELEASE
d2d82b5 Update io.projectreactor to 2020.0.28
d4d03ea Update jackson-bom to 2.13.5
Additional commits viewable in compare view

Updates spring-security-config from 5.7.6 to 5.8.2

Release notes

Sourced from spring-security-config's releases.

5.8.2

⭐ New Features

Add XorCsrfChannelInterceptor #12562

Document @EnableWebFluxSecurity requiring @Configuration in 6.0.0 #12434

fix unclosed block in docs #12553

Improve documentation on what changed in the default behaviour in version 6 vs 5.7 #12462

Spring Security 6.0 Migration Guide Should Mention @Configuration Meta-Annotation Removal From Configuration Annotations #12486

🪲 Bug Fixes

AuthorizationManager method security documentation should use AnnotationMatchingPointcut #12516

DefaultSavedRequest.doesRequestMatch does not work, when matchingRequestParameterName is set #12665

Document XMLObject retreival for Asserting Party metadata #12693

Jackson serialization of DefaultSaml2AuthenticatedPrincipal: LinkedMultiValueMap is not in the allowlist #12458

NimbusJwtDecoder unknown KID scenario is not correctly tested #12494

NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard #12686

SwitchUserFilter not working in Spring Security 6 #12510

Wrong name of the filter in the SecurityContextHolderFilter diagram #12526

🔨 Dependency Upgrades

Update blockhound to 1.0.7.RELEASE #12719

Update hibernate-entitymanager to 5.6.15.Final #12722

Update io.projectreactor to 2020.0.28 #12717

Update io.spring.nohttp to 0.0.11 #12720

Update jackson-bom to 2.13.5 #12714

Update jackson-databind to 2.13.5 #12715

Update jackson-datatype-jsr310 to 2.13.5 #12716

Update junit-bom to 5.9.2 #12723

Update org.aspectj to 1.9.19 #12721

Update org.junit.jupiter to 5.9.2 #12724

Update org.springframework to 5.3.25 #12725

Update org.springframework.data to 2021.2.8 #12739

Update org.springframework.data to 2021.2.8 #12726

Update reactor-netty to 1.0.28 #12718

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

@sjohnr

5.8.1

⭐ New Features

Add EnableWebSecurity migration steps to 5.8 guide #12334

Replace deprecated set-state set-output GitHub Action's commands #12298

🪲 Bug Fixes

... (truncated)

Commits

ce46f06 Release 5.8.2
a93cc3f Merge branch '5.7.x' into 5.8.x
2fcf48a Update org.springframework.data to 2021.2.8
0398d86 Update org.springframework to 5.3.25
c9112df Update hibernate-entitymanager to 5.6.15.Final
4156766 Update org.aspectj to 1.9.19
f125785 Update io.spring.nohttp to 0.0.11
4643c0d Update blockhound to 1.0.7.RELEASE
d2d82b5 Update io.projectreactor to 2020.0.28
d4d03ea Update jackson-bom to 2.13.5
Additional commits viewable in compare view

Updates spring-security-web from 5.7.6 to 5.8.2

Release notes

Sourced from spring-security-web's releases.

5.8.2

⭐ New Features

Add XorCsrfChannelInterceptor #12562

Document @EnableWebFluxSecurity requiring @Configuration in 6.0.0 #12434

fix unclosed block in docs #12553

Improve documentation on what changed in the default behaviour in version 6 vs 5.7 #12462

Spring Security 6.0 Migration Guide Should Mention @Configuration Meta-Annotation Removal From Configuration Annotations #12486

🪲 Bug Fixes

AuthorizationManager method security documentation should use AnnotationMatchingPointcut #12516

DefaultSavedRequest.doesRequestMatch does not work, when matchingRequestParameterName is set #12665

Document XMLObject retreival for Asserting Party metadata #12693

Jackson serialization of DefaultSaml2AuthenticatedPrincipal: LinkedMultiValueMap is not in the allowlist #12458

NimbusJwtDecoder unknown KID scenario is not correctly tested #12494

NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard #12686

SwitchUserFilter not working in Spring Security 6 #12510

Wrong name of the filter in the SecurityContextHolderFilter diagram #12526

🔨 Dependency Upgrades

Update blockhound to 1.0.7.RELEASE #12719

Update hibernate-entitymanager to 5.6.15.Final #12722

Update io.projectreactor to 2020.0.28 #12717

Update io.spring.nohttp to 0.0.11 #12720

Update jackson-bom to 2.13.5 #12714

Update jackson-databind to 2.13.5 #12715

Update jackson-datatype-jsr310 to 2.13.5 #12716

Update junit-bom to 5.9.2 #12723

Update org.aspectj to 1.9.19 #12721

Update org.junit.jupiter to 5.9.2 #12724

Update org.springframework to 5.3.25 #12725

Update org.springframework.data to 2021.2.8 #12739

Update org.springframework.data to 2021.2.8 #12726

Update reactor-netty to 1.0.28 #12718

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

@sjohnr

5.8.1

⭐ New Features

Add EnableWebSecurity migration steps to 5.8 guide #12334

Replace deprecated set-state set-output GitHub Action's commands #12298

🪲 Bug Fixes

... (truncated)

Commits

ce46f06 Release 5.8.2
a93cc3f Merge branch '5.7.x' into 5.8.x
2fcf48a Update org.springframework.data to 2021.2.8
0398d86 Update org.springframework to 5.3.25
c9112df Update hibernate-entitymanager to 5.6.15.Final
4156766 Update org.aspectj to 1.9.19
f125785 Update io.spring.nohttp to 0.0.11
4643c0d Update blockhound to 1.0.7.RELEASE
d2d82b5 Update io.projectreactor to 2020.0.28
d4d03ea Update jackson-bom to 2.13.5
Additional commits viewable in compare view

Updates spring-security-crypto from 5.7.6 to 5.8.2

Release notes

Sourced from spring-security-crypto's releases.

5.8.2

⭐ New Features

Add XorCsrfChannelInterceptor #12562

Document @EnableWebFluxSecurity requiring @Configuration in 6.0.0 #12434

fix unclosed block in docs #12553

Improve documentation on what changed in the default behaviour in version 6 vs 5.7 #12462

Spring Security 6.0 Migration Guide Should Mention @Configuration Meta-Annotation Removal From Configuration Annotations #12486

🪲 Bug Fixes

AuthorizationManager method security documentation should use AnnotationMatchingPointcut #12516

DefaultSavedRequest.doesRequestMatch does not work, when matchingRequestParameterName is set #12665

Document XMLObject retreival for Asserting Party metadata #12693

Jackson serialization of DefaultSaml2AuthenticatedPrincipal: LinkedMultiValueMap is not in the allowlist #12458

NimbusJwtDecoder unknown KID scenario is not correctly tested #12494

NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard #12686

SwitchUserFilter not working in Spring Security 6 #12510

Wrong name of the filter in the SecurityContextHolderFilter diagram #12526

🔨 Dependency Upgrades

Update blockhound to 1.0.7.RELEASE #12719

Update hibernate-entitymanager to 5.6.15.Final #12722

Update io.projectreactor to 2020.0.28 #12717

Update io.spring.nohttp to 0.0.11 #12720

Update jackson-bom to 2.13.5 #12714

Update jackson-databind to 2.13.5 #12715

Update jackson-datatype-jsr310 to 2.13.5 #12716

Update junit-bom to 5.9.2 #12723

Update org.aspectj to 1.9.19 #12721

Update org.junit.jupiter to 5.9.2 #12724

Update org.springframework to 5.3.25 #12725

Update org.springframework.data to 2021.2.8 #12739

Update org.springframework.data to 2021.2.8 #12726

Update reactor-netty to 1.0.28 #12718

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

@sjohnr

5.8.1

⭐ New Features

Add EnableWebSecurity migration steps to 5.8 guide #12334

Replace deprecated set-state set-output GitHub Action's commands #12298

🪲 Bug Fixes

... (truncated)

Commits

ce46f06 Release 5.8.2
a93cc3f Merge branch '5.7.x' into 5.8.x
2fcf48a Update org.springframework.data to 2021.2.8
0398d86 Update org.springframework to 5.3.25
c9112df Update hibernate-entitymanager to 5.6.15.Final
4156766 Update org.aspectj to 1.9.19
f125785 Update io.spring.nohttp to 0.0.11
4643c0d Update blockhound to 1.0.7.RELEASE
d2d82b5 Update io.projectreactor to 2020.0.28
d4d03ea Update jackson-bom to 2.13.5
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

github-actions · 2023-02-24T03:43:42Z

Unit Test Results

2 529 tests ±0 2 528 ✔️ ±0 25m 20s ⏱️ +12s
  221 suites ±0       1 💤 ±0
  221 files ±0       0 ❌ ±0

Results for commit 185a73c. ± Comparison against base commit 433eed6.

♻️ This comment has been updated with latest results.

Bumps `spring-security.version` from 5.7.6 to 5.8.2. Updates `spring-security-core` from 5.7.6 to 5.8.2 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.7.6...5.8.2) Updates `spring-security-config` from 5.7.6 to 5.8.2 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.7.6...5.8.2) Updates `spring-security-web` from 5.7.6 to 5.8.2 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.7.6...5.8.2) Updates `spring-security-crypto` from 5.7.6 to 5.8.2 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.7.6...5.8.2) --- updated-dependencies: - dependency-name: org.springframework.security:spring-security-core dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.security:spring-security-config dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.security:spring-security-web dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.security:spring-security-crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

sonarcloud · 2023-02-24T10:15:41Z

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

dependabot bot requested review from a team, roesslerj and mfromme February 24, 2023 02:57

dependabot bot added the dependencies Pull requests that update a dependency file label Feb 24, 2023

dependabot bot force-pushed the dependabot/maven/spring-security.version-5.8.2 branch 2 times, most recently from ed6a1bc to 4f51b8d Compare February 24, 2023 08:42

dependabot bot force-pushed the dependabot/maven/spring-security.version-5.8.2 branch from 4f51b8d to 185a73c Compare February 24, 2023 09:29

hilmarf enabled auto-merge (squash) February 24, 2023 10:21

hilmarf approved these changes Feb 24, 2023

View reviewed changes

hilmarf merged commit bf89ad0 into main Feb 24, 2023

hilmarf deleted the dependabot/maven/spring-security.version-5.8.2 branch February 24, 2023 10:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump spring-security.version from 5.7.6 to 5.8.2 #2014

Bump spring-security.version from 5.7.6 to 5.8.2 #2014

dependabot bot commented on behalf of github Feb 24, 2023 •

edited

Loading

github-actions bot commented Feb 24, 2023 •

edited

Loading

sonarcloud bot commented Feb 24, 2023

Bump spring-security.version from 5.7.6 to 5.8.2 #2014

Bump spring-security.version from 5.7.6 to 5.8.2 #2014

Conversation

dependabot bot commented on behalf of github Feb 24, 2023 • edited Loading

5.8.2

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

5.8.1

⭐ New Features

🪲 Bug Fixes

5.8.2

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

5.8.1

⭐ New Features

🪲 Bug Fixes

5.8.2

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

5.8.1

⭐ New Features

🪲 Bug Fixes

5.8.2

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

5.8.1

⭐ New Features

🪲 Bug Fixes

github-actions bot commented Feb 24, 2023 • edited Loading

Unit Test Results

sonarcloud bot commented Feb 24, 2023

dependabot bot commented on behalf of github Feb 24, 2023 •

edited

Loading

github-actions bot commented Feb 24, 2023 •

edited

Loading