Commit Graph

18109 Commits

Author SHA1 Message Date
Joe Grandja
e3c39f02bc Add documentation for DPoP support
Closes gh-17072
2025-05-09 16:02:14 -04:00
Rob Winch
3110f3679a Merge branch '6.4.x' into 6.5.x
- Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4

Closes gh-17069
2025-05-07 10:01:39 -05:00
dependabot[bot]
8fcf181ff0 Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.3 to 2.18.4.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.3...jackson-bom-2.18.4)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-07 03:30:49 +00:00
Josh Cummings
1ec084886a Revert "Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0"
This reverts commit 226e81d7f5.

Given that we are in the RC phase, we do not want to do minor version
upgrades
2025-05-06 16:55:22 -06:00
Josh Cummings
211b1b7285 Update Method Security Migration Steps 2025-05-06 16:44:20 -06:00
Josh Cummings
84db5bb312 Add Cookie Customizer Migration Steps 2025-05-06 16:43:04 -06:00
Josh Cummings
74a25c3fc1 Add shouldFilterAllDispatcherTypes Migration Steps 2025-05-06 16:40:10 -06:00
Josh Cummings
084990736e Move Opaque Token Migration Steps 2025-05-06 16:39:16 -06:00
Josh Cummings
c6bba38458 Update SAML 2.0 Migration Steps 2025-05-06 16:38:32 -06:00
Josh Cummings
45b453f59b Add ACL Migration Steps 2025-05-06 16:38:19 -06:00
Max Batischev
66e614cb0b WebAuthnConfigurer Code Cleanup
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-05-06 15:20:08 -05:00
Max Batischev
421fcaee12 Add Assertions To WebAuthnConfigurer
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-05-06 15:20:08 -05:00
Josh Cummings
184cd96ee6 Don't Update Minor Versions During RC Phase 2025-05-06 11:56:41 -06:00
Zhoudong
6624e302ac Favor Spring Framework NonNull over Reactor NonNull
Signed-off-by: Zhoudong <jearton@users.noreply.github.com>
2025-05-06 10:52:05 -06:00
dependabot[bot]
dd0b26a992 Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-06 10:15:39 -06:00
dependabot[bot]
0c7e43a462 Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-06 10:15:28 -06:00
Rob Winch
9b79b99150 Merge branch '6.4.x'
- Correct method name in logout.adoc

Closes gh-17049
2025-05-06 10:24:14 -05:00
Rob Winch
63d79a97db Merge branch '6.3.x' into 6.4.x
- Correct method name in logout.adoc

Closes gh-17048
2025-05-06 10:23:58 -05:00
Tran Ngoc Nhan
505fe3abed Correct method name
Closes gh-17031

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-05-06 10:17:29 -05:00
Josh Cummings
1a9f62dce4 Merge branch '6.4.x' 2025-05-05 16:00:59 -06:00
Josh Cummings
0220e471bb Move Serialization Samples
To make SpringSecurityCoreVersionSerializableTests more manageable,
this commit moves the sample class constructions to a separate file.
In this way, the tests file only changes when serialization tests are
added. When classes are introduced, they can be added to SerializationSamples,
separating the two concerns
2025-05-05 15:51:10 -06:00
Josh Cummings
12a18c3792 Polish Serialization Tests
If Instancio fails to instatiate the class sample, it will
now also delete the serialized sample file. Otherwise, it will
leave a zero-byte file on the filesystem, confusing future test runs
2025-05-05 15:39:33 -06:00
Josh Cummings
d04f7071c2 Add Missing Serialization Samples
Closes gh-17038
2025-05-05 15:34:24 -06:00
Josh Cummings
8726e547d5 Add Serialization Samples for 6.5
Issue gh-16221
2025-05-05 15:31:51 -06:00
Josh Cummings
2949b5d5a4 Regenerate Incorrect Serialization Files
Given that these classes each have a consistent serialization UID
across minor versions, but that the 6.5.x serialized version is using a
different UID, these serialized files were likely generated in error.
As such, this commit replaces the serialized files with correct ones.

Issue gh-16432
2025-05-05 15:30:15 -06:00
Josh Cummings
34a9f57aa6 Merge branch '6.4.x' 2025-05-05 15:29:44 -06:00
Josh Cummings
c3c2bcd6b7 Ignore Serialization in Test Components
Since we don't need to ensure the serializability of test components
across versions, we can ignore missing version UIDs when those
test components aren't about testing Java serialization.

Issue gh-17038
2025-05-05 15:09:50 -06:00
Josh Cummings
39fdceab59 Add Missing Serializable Samples
Issue gh-17038
2025-05-05 15:09:50 -06:00
Josh Cummings
65d53beff8 Polish Serialization Tests
- Error when public, non-ignored, serializable file is missing a sample
- Provide mechanism for creating an InstancioApi from scratch

Issue gh-17038
2025-05-05 15:09:49 -06:00
Josh Cummings
34afa64c0c Add Current-Version Deserialization Test
We should test that serialized files from the current minor version
can be deserialized. This ensures that serializations remain
deserializable in patch releases.

Issue gh-3737
2025-05-05 15:09:43 -06:00
Rob Winch
74e6bf2d11 Merge branch '6.4.x'
- remove update-dependabot action
2025-05-05 13:36:15 -05:00
Rob Winch
b5e1c3770b Merge branch '6.3.x' into 6.4.x
- remove update-dependabot action
2025-05-05 13:36:01 -05:00
Rob Winch
9710492619 remove update-dependabot action 2025-05-05 13:34:16 -05:00
Rob Winch
d4a0f8bbe8 Merge branch '6.4.x'
- Use pull-request: write for gradlew updates
2025-05-05 13:24:32 -05:00
Rob Winch
6dc8cd1f60 Merge branch '6.3.x' into 6.4.x
- Use pull-request: write for gradlew updates
2025-05-05 13:23:35 -05:00
Rob Winch
9436796973 Use pull-request: write for gradlew updates
Explicitly provide the permissions required for updating the Gradle
wrapper
2025-05-05 11:49:08 -05:00
Josh Cummings
df640f22dc Merge branch '6.4.x' 2025-05-02 15:59:13 -06:00
Josh Cummings
92160fa26f Merge branch '6.3.x' into 6.4.x
Closes gh-17034
2025-05-02 15:58:58 -06:00
Josh Cummings
51239359ed Fix ClearSiteData Code Snippet
Closes gh-16948
2025-05-02 15:57:31 -06:00
Rob Winch
5c92d90e36 Align Dependabot PRs with CONTRIBUTING
Previously Dependabot was setup to submit PRs to every branch.
However, this does not align with the contributing guidelines which
state to only submit a PR on the oldest branch so that merge forward
strategy can be used.

This changes the dependabot configuration to better align with our
contributing guidelines:

- PRs for github actions are submitted against the oldest branch since
  all branches will need updated using a merge forward stategy. Merging a
  github action will require us to merge forward manually and preserve
  the changes in the oldest branch to pickup the github actions update.
- Java dependencieds are submitted against each branch since they will
  need to merge -s ours to preserve the correct major.minor semantics.
  Merging a java dependency will now require us to do the merging manually.
2025-05-02 15:04:20 -05:00
Josh Cummings
aa338e9b0d Merge branch '6.4.x' 2025-05-02 10:58:22 -06:00
Josh Cummings
57fc29e614 Merge branch '6.3.x' into 6.4.x
Closes gh-17032
2025-05-02 10:57:55 -06:00
Josh Cummings
e48f26e51e Propagate StrictFirewallRequest Wrapper
Closes gh-16978
2025-05-02 10:57:07 -06:00
Rob Winch
084408c22c Merge branch '6.4.x'
- codeql uses ubuntu-latest
2025-05-02 11:50:08 -05:00
Rob Winch
a26a64d213 Merge branch '6.3.x' into 6.4.x
- codeql uses ubuntu-latest
2025-05-02 11:49:50 -05:00
Rob Winch
3b7e3a6c5c codeql uses ubuntu-latest 2025-05-02 11:49:41 -05:00
Rob Winch
9bf1212420 Merge branch '6.4.x'
- rm mark-duplicate-dependabot-prs.yml
2025-05-02 11:26:59 -05:00
Rob Winch
fa533ea5e2 Merge branch '6.3.x' into 6.4.x
- rm mark-duplicate-dependabot-prs.yml
2025-05-02 11:26:47 -05:00
Rob Winch
a04025c114 rm mark-duplicate-dependabot-prs.yml 2025-05-02 11:26:41 -05:00
Rob Winch
771fe108b3 Merge branch '6.4.x'
- Remove automerge forward
2025-05-02 11:24:28 -05:00