Skip to content

fix(deps): update dependency org.springframework.security:spring-security-bom to v5.8.0

Jednotné přihlášení test requested to merge renovate/spring-security into main

This MR contains the following updates:

Package Type Update Change
org.springframework.security:spring-security-bom (source) import minor 5.7.5 -> 5.8.0

Release Notes

spring-projects/spring-security

v5.8.0

Compare Source

New Features

  • Add Kotlin example showing integration with WebTestClient #​11611
  • Add MethodExpressionAuthorizationManager #​11502
  • Add Polish localization to error messages from ExceptionTranslationFi… #​12201
  • Add support AuthorizationManager + #​11503
  • AnonymousAuthenticationFilter should cache its Supplier #​11900
  • CookieServerCsrfTokenRepository doesn't support setting MaxAge #​11441
  • DefaultFilterChainValidator should check AuthorizationFilter #​11473
  • Deprecate Resource Owner Password Credentials grant #​11591
  • Document Configure Default CsrfToken BREACH Protection #​12107
  • Document Defer load CsrfToken #​12105
  • Document DelegatingSecurityContextRepository #​12069
  • Document deprecations in oauth2-client #​12193
  • Document how to opt-in for SHA256 in RememberMe #​12097
  • Document how to use the new requestMatchers and securityMatchers #​12100
  • Document Migration to SecurityContextHolderFilter #​12098
  • Document new oauth2Login() authority defaults #​12188
  • Document reactive CSRF migration steps #​12226
  • Document Saved Requests Spring Security 6 Migration #​12089
  • Document Update to 5.8 for Migration Guide #​12196
  • Fix Javadoc in EnableWebSocketSecurity #​12211
  • Improve deprecation notice in WebSecurityConfigurerAdapter #​12261
  • InterceptMethodsBeanDefinitionDecorator should allow using AuthorizationManager #​11469
  • Migration guide for CAS support removal #​12240
  • Preparation and Migration Guides should point to each other #​12093
  • Preparation Guide should follow Reference Manual standards #​12096
  • Preparation Guide should show opt-out steps after opt-in steps #​12104
  • Provide guide for migrating from FilterSecurityInterceptor to AuthorizationFilter #​11337
  • Register FilterChainProxy for All Dispatcher Types Migration Steps #​12186
  • SAML: OpenSaml4AuthenticationProvider.createDefaultAssertionValidator() should make it easier to add ValidationContext static parameters #​11675
  • trigger partial docs build on push (5.8.x) #​12195

🐞 Bug Fixes

  • AuthenticationServiceException propagation flag is unconfigurable in 5.8 #​12132
  • CsrfAuthenticationStrategy does not check for existing token #​12236
  • CsrfAuthenticationStrategy does not regenerate CsrfToken with CookieCsrfTokenRepository #​12141
  • fix deploy docs workflow (5.8.x) #​12197
  • Fix saganCreateRelease saganDeleteRelease Required Permissions #​11424
  • Incorrect scope map fix #​12206
  • IpAddressServerWebExchangeMatcher throws NullPointerException with framework forward-headers-strategy #​12076
  • org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute" #​11604
  • SAML logout: Incorrect log messages #​12209
  • Saml2MetadataFilter response should configure writer to UTF-8 #​12222
  • SEC-2839: SecurityNamespaceHandler - related to SEC-1455 #​12126
  • SecurityContextRepository.loadContext(HttpServletRequest) cache result #​11391
  • Spring Security Bcrypt with strength/log rounds = 31 results in 'Bad number of rounds' error although 31 should be ok #​11483
  • Update the RP-initiated Logout links #​12122

🔨 Dependency Upgrades

  • Change gradle.plugin.org.gretty:gretty:3.0.1 to org.gretty:gretty:3.0.9 #​12154
  • Update aspectj-plugin to 6.5.0.3 #​11583
  • Update assertj-core to 3.23.1 #​11572
  • Update com.nimbusds to 9.38.1 #​11570
  • Update Gradle to 7.5.1 #​12158
  • Update hibernate-entitymanager to 5.6.10.Final #​11578
  • Update hibernate-entitymanager to 5.6.14.Final #​12245
  • Update hsqldb to 2.7.1 #​12246
  • Update htmlunit to 2.63.0 #​11575
  • Update htmlunit-driver to 2.63.0 #​11580
  • Update io.projectreactor to 2020.0.21 #​11567
  • Update io.projectreactor to 2020.0.25 #​12243
  • Update io.spring.javaformat to 0.0.34 #​11573
  • Update jackson-bom to 2.13.3 #​11574
  • Update jsonassert to 1.5.1 #​11581
  • Update junit-bom to 5.9.0-RC1 #​11571
  • Update mockk to 1.12.4 #​11568
  • Update org.eclipse.jetty to 9.4.48.v20220622 #​11576
  • Update org.jetbrains.kotlin to 1.7.10 #​11582
  • Update org.jetbrains.kotlin to 1.7.21 #​12247
  • Update org.jetbrains.kotlinx to 1.6.4 #​11566
  • Update org.springframework to 5.3.22 #​11569
  • Update org.springframework to 5.3.24 #​12248
  • Update org.springframework.data to 2021.2.2 #​11579
  • Update org.springframework.data to 2021.2.6 #​12249
  • Update reactor-netty to 1.0.25 #​12244
  • Update spring-ldap-core to 2.4.1 #​11577

Contributors

We'd like to thank all the contributors who worked on this release!

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Merge request reports