Skip to content

Update spring security to v6.5.11#806

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/spring-security
Open

Update spring security to v6.5.11#806
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/spring-security

Conversation

@renovate

@renovate renovate Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
org.springframework.security:spring-security-crypto (source) 6.4.136.5.11 age confidence
org.springframework.security:spring-security-web (source) 6.4.136.5.11 age confidence
org.springframework.security:spring-security-config (source) 6.4.136.5.11 age confidence
org.springframework.security:spring-security-core (source) 6.4.136.5.11 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-crypto)

v6.5.11

Compare Source

🪲 Bug Fixes

  • FormPostRedirectStrategy should not emit percent-encoded values into hidden form inputs #​19136

🔨 Dependency Upgrades

  • Bump antora from 3.2.0-alpha.11 to 3.2.0-alpha.12 in /docs #​19185
  • Bump ch.qos.logback:logback-classic from 1.5.32 to 1.5.34 #​19299
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.6 to 2.18.7 #​19129
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.7 to 2.18.8 #​19297
  • Bump gradle-wrapper from 8.14.4 to 8.14.5 #​19159
  • Bump org-bouncycastle from 1.80 to 1.80.2 #​19204
  • Bump org.apache.maven:maven-resolver-provider from 3.9.15 to 3.9.16 #​19205
  • Bump org.hibernate.orm:hibernate-core from 6.6.49.Final to 6.6.50.Final #​19150
  • Bump org.hibernate.orm:hibernate-core from 6.6.50.Final to 6.6.51.Final #​19213
  • Bump org.hibernate.orm:hibernate-core from 6.6.51.Final to 6.6.53.Final #​19300
  • Bump org.slf4j:slf4j-api from 2.0.17 to 2.0.18 #​19173
  • Bump org.springframework:spring-framework-bom from 6.2.18 to 6.2.19 #​19293
  • Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #​19124
  • Bump spring-io/spring-release-actions from 0.0.4 to 0.0.5 #​19183
  • Update micrometer-bom to 1.15.12 #​19302
  • Update to Micrometer 1.15.11 #​19224
  • Update to reactor-bom 2024.0.18 #​19301

🔩 Build Updates

v6.5.10

Compare Source

⭐ New Features
  • Add CredentialRecordOwnerAuthorizationManager #​19004
  • Add XML Based shouldWriteHeadersEagerly tests #​19017
  • Clarify Session Management Persistence Documentation #​18345
  • Update FilterChainProxy#getFilters(String) javadoc #​18258
🪲 Bug Fixes
  • Add equals and hashcode to HttpMethodRequestMatcher #​18914
  • auth_time validation fails when SSO session is renewed #​18839
  • Fallback defaultTargetUrl if refererHeader is empty #​18806
  • Fix HttpSessionRequestCache#getMatchingRequest query string parsing #​16914
  • Fix documentation for Custom Authorization Manager #​18362
  • Improve serialVersionUID check in tests #​18474
  • Merge Handle null value in OnCommittedResponseWrapper header methods #​18989
  • OAuth2 client sessionManagement ineffective with DefaultOidcUser #​18622
🔨 Dependency Upgrades
  • Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #​19055
  • Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #​18956
  • Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #​19031
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #​18952
  • Bump actions/upload-artifact from 7.0.0 to 7.0.1 #​19094
  • Bump io.projectreactor:reactor-bom from 2024.0.16 to 2024.0.17 #​19078
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.14 to 1.0.15 #​18916
  • Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #​19108
  • Bump org.hibernate.orm:hibernate-core from 6.6.44.Final to 6.6.45.Final #​18966
  • Bump org.hibernate.orm:hibernate-core from 6.6.45.Final to 6.6.47.Final #​19046
  • Bump org.hibernate.orm:hibernate-core from 6.6.47.Final to 6.6.48.Final #​19064
  • Bump org.hibernate.orm:hibernate-core from 6.6.48.Final to 6.6.49.Final #​19110
  • Bump org.springframework:spring-framework-bom from 6.2.17 to 6.2.18 #​19109
  • Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #​19093
  • Bump spring-io/spring-security-release-tools from 1.0.14 to 1.0.15 #​18954
  • Bump spring-io/spring-security-release-tools/.github/workflows/build.yml from 1.0.14 to 1.0.15 #​18955
  • Bump spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml from 1.0.14 to 1.0.15 #​18949
  • Bump spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml from 1.0.14 to 1.0.15 #​18950
  • Bump spring-io/spring-security-release-tools/.github/workflows/perform-release.yml from 1.0.14 to 1.0.15 #​18995
  • Bump spring-io/spring-security-release-tools/.github/workflows/test.yml from 1.0.14 to 1.0.15 #​18951
  • Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #​18994
  • Update to spring-security-release-tools 1.0.15 #​18910
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kehrlann, @​as1605, @​johnycho, @​ngocnhan-tran1996, @​rwinch, and @​sankranty

v6.5.9

Compare Source

⭐ New Features
🪲 Bug Fixes
  • Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #​18544
  • saveAuthenticationRequest should read relayState from authenticationRequest #​18872
  • Add Missing OnCommitedResponseWrapper Header Overrides #​18798
  • Clarify Resource Server startup expectations #​18518
  • Correct Reference to Clear-Site-Data Directive enum #​18273
  • Fix CookieRequestCache parameters #​18857
  • Fix Flaky Crypto Tests #​18841
  • Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs #​18896
🔨 Dependency Upgrades
  • Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs #​18854
  • Bump actions/upload-artifact from 6.0.0 to 7.0.0 #​18809
  • Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 #​18749
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 #​18779
  • Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 #​18876
  • Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 #​18750
  • Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 #​18791
  • Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 #​18860
  • Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 #​18886
  • Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final #​18780
  • Bump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final #​18829
  • Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 #​18903
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Hann244, @​Khyojae, @​ghusta, @​itsmevichu, @​qihaiyan, @​rwinch, @​therepanic, and @​ziqin

v6.5.8

Compare Source

⭐ New Features
  • Add @FunctionalInterface to RequestMatcher #​18337
  • Spring Security 7 should provide migration path from request-matcher="ant" #​18211
  • Stop deploying JavaDoc outside of Antora #​18199
🪲 Bug Fixes
  • Add Missing Migration Pages to Navigation #​18313
  • Create SHA-1 MessageDigest for every new check request in Compromised Password Checker #​18235
  • Fix typo in "Preparing for 7.0" in reference to PathPatternRequestMatcher #​18336
  • Fix typo in AnnotationTemplateExpressionDefaults documentation #​18176
  • Fix typos in documentation depenendencies->dependencies #​18208
🔨 Dependency Upgrades
  • Bump @antora/atlas-extension from 1.0.0-alpha.2 to 1.0.0-alpha.5 in /docs #​18675
  • Bump @antora/collector-extension from 1.0.1 to 1.0.2 in /docs #​18677
  • Bump @springio/antora-extensions from 1.14.4 to 1.14.7 in /docs #​18676
  • Bump antora from 3.2.0-alpha.8 to 3.2.0-alpha.11 in /docs #​18679
  • Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 #​18192
  • Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 #​18321
  • Bump ch.qos.logback:logback-classic from 1.5.22 to 1.5.24 #​18387
  • Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25 #​18525
  • Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 #​18591
  • Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 #​18631
  • Bump ch.qos.logback:logback-classic from 1.5.27 to 1.5.28 #​18678
  • Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 #​18710
  • Bump gradle-wrapper from 8.14 to 8.14.4 #​18704
  • Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 #​18703
  • Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 #​18279
  • Bump io.mockk:mockk from 1.14.6 to 1.14.7 #​18275
  • Bump io.projectreactor:reactor-bom from 2024.0.12 to 2024.0.13 #​18293
  • Bump io.projectreactor:reactor-bom from 2024.0.13 to 2024.0.14 #​18495
  • Bump io.projectreactor:reactor-bom from 2024.0.14 to 2024.0.15 #​18716
  • Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 #​18535
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.13 to 1.0.14 #​18724
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 #​18670
  • Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 #​18292
  • Bump org-aspectj from 1.9.25 to 1.9.25.1 #​18329
  • Bump org.apache.maven:maven-resolver-provider from 3.9.11 to 3.9.12 #​18352
  • Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 #​18590
  • Bump org.hibernate.orm:hibernate-core from 6.6.34.Final to 6.6.36.Final #​18193
  • Bump org.hibernate.orm:hibernate-core from 6.6.36.Final to 6.6.38.Final #​18241
  • Bump org.hibernate.orm:hibernate-core from 6.6.38.Final to 6.6.39.Final #​18308
  • Bump org.hibernate.orm:hibernate-core from 6.6.39.Final to 6.6.40.Final #​18351
  • Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final #​18524
  • Bump org.hibernate.orm:hibernate-core from 6.6.41.Final to 6.6.42.Final #​18632
  • Bump org.springframework.data:spring-data-bom from 2024.1.12 to 2024.1.13 #​18320
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.15 to 3.2.16 #​18322
  • Bump org.springframework:spring-framework-bom from 6.2.13 to 6.2.14 #​18206
  • Bump org.springframework:spring-framework-bom from 6.2.14 to 6.2.15 #​18323
  • Bump org.springframework:spring-framework-bom from 6.2.15 to 6.2.16 #​18731
  • Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22 #​18649
  • Update Antora UI Spring to v0.4.25 #​18402
🔩 Build Updates
  • Remove unnecessary Gradle wrapper from buildSrc #​18692
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​garvit-joshi, @​ghusta, @​kucoll, and @​rwinch

v6.5.7

Compare Source

⭐ New Features
  • Add Include-Code for the Password Storage page #​18054
  • Default WebAuthnConfigurer#rpName to rpId #​18131
  • Document effects of disabling CORS #​18129
🪲 Bug Fixes
  • typ values should not be case-sensitive in JwtTypeValidator #​18101
  • BCryptPasswordEncoderTests should password limit of 72 bytes #​18136
  • Fix GenerateOneTimeTokenRequestResolver ignored if username param not present #​18074
  • GenerateOneTimeTokenFilter should not attempt to generate a token with a null token request #​18088
🔨 Dependency Upgrades
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #​18110
  • Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #​18149
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #​18141
  • Bump org-aspectj from 1.9.24 to 1.9.25 #​18142
  • Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #​18111
  • Update to Reactor 2024.0.12 #​18181
  • Update to Spring Data 2024.1.12 #​18182
  • Update to Spring Framework 6.2.13 #​18180
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​himanshu-pareek, @​marcusdacoregio, and @​namest504

v6.5.6

Compare Source

🔨 Dependency Upgrades
  • Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 #​18082
  • Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17930
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17929
  • Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 #​18045
  • Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 #​17950
  • Bump org.gretty:gretty from 4.1.7 to 4.1.10 #​17945
  • Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final #​18039
  • Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 #​18083
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 #​18067
  • Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #​18068

v6.5.5

Compare Source

🔨 Dependency Upgrades
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17922
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17911
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17923
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17910
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17924
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17913
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17925
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17912
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17926
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17914

v6.5.4

Compare Source

⭐ New Features
  • Update servlet test method docs to use include-code #​17749
🪲 Bug Fixes
  • Annonation Scanning Should Fallback to Object when Parameter Matching #​17899
  • Fix double-slash when basePath is root #​17841
  • Fix traceId discrepancy in case error in servlet web #​17796
  • Reference should advise avoiding post-authorization on writes #​17798
🔨 Dependency Upgrades
  • Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17893
  • Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17874
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17895
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17854
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17836
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17894
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17858
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17767
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17766
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17759
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #​17853
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #​17837
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17896
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17897
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17855
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17791
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17771
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17758
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #​17773
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​jkuhel and @​therepanic

v6.5.3

Compare Source

⭐ New Features
  • Add META-INF/LICENSE.txt to published jars #​17639
  • Update Angular documentation links in csrf.adoc #​17653
  • Update Shibboleth Repository URL #​17637
  • Use 2004-present Copyright #​17634
🪲 Bug Fixes
  • Add Missing Navigation in Preparing for 7.0 Guide #​17731
  • DPoP authentication throws JwtDecoderFactory ClassNotFoundException #​17249
  • OpenSamlAssertingPartyDetails Should Be Serializable #​17727
  • Use final values in equals and hashCode #​17621
🔨 Dependency Upgrades
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17739
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17690
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17684
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17661
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #​17615
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #​17599
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17737
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17701
  • Bump io.mockk:mockk from 1.14.4 to 1.14.5 #​17614
  • Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #​17647
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #​17733
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #​17711
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #​17612
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #​17598
  • Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #​17742
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17613
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17595
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17760
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17692
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17683
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17671
  • Bump org.gretty:gretty from 4.1.6 to 4.1.7 #​17616
  • Bump org.gretty:gretty from 4.1.6 to 4.1.7 #​17597
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final #​17646
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final #​17660
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #​17694
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #​17685
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2 #​17650
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #​17645
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #​17757
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #​17651
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #​17596
  • Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #​17735
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​codingtim

v6.5.2

Compare Source

🪲 Bug Fixes
  • <websocket-message-broker> should pick up a bean named csrfChannelInterceptor #​17495
  • Add 7.0 Migration Steps for Messaging PathPattern Usage #​17509
  • EnableReactiveMethodSecurity should not import Servlet configuration #​17545
  • Fix equals and hashCode in PathPatternRequestMatcher to include HTTP method #​17337
  • Fix securityContextRepository() initialization in oauth2Login() DSL #​17557
  • OAuth2Login DSL should support post-processing AuthenticationProvider implementations #​17176
  • Websocket XML config should pick up PathPatternMessageMatcher.Builder #​17508
🔨 Dependency Upgrades
  • Bump com.webauthn4j:webauthn4j-core from 0.29.3.RELEASE to 0.29.4.RELEASE #​17444
  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 [#​17470](#​17470
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 [#​17570](#​17570
  • Bump io.mockk:mockk from 1.14.2 to 1.14.4 #​17467
  • Bump io.mockk:mockk from 1.14.4 to 1.14.5 #​17572
  • Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #​17469
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17555
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.20.Final #​17491
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final #​17571
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #​17466
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #​17569
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #​17468
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #​17481
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #​17568
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​fkowal and @​therepanic

v6.5.1

Compare Source

⭐ New Features
  • Create demonstration of include-code usage #​17161
  • Setup include-code extension for docs #​17160
🪲 Bug Fixes
  • ClearSiteDataHeaderWriter log is misleading #​17166
  • Fix to allow multiple AuthenticationFilter instances to process each request #​17216
  • Inconsistent constructor declaration on bean with name '_reactiveMethodSecurityConfiguration' #​17210
  • OAuth2ResourceServer using authenticationManagerResolver results in tokenAuthenticationManager cannot be null while startup #​17172
  • Publishing a default TargetVisitor should not override Spring MVC support #​17189
  • Use HttpStatus in back-channel logout filters #​17157
🔨 Dependency Upgrades
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #​17233
  • Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE #​17192
  • Bump io-spring-javaformat from 0.0.43 to 0.0.45 #​17152
  • Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #​17220
  • Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #​17232
  • Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #​17204
  • Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #​17214
  • Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #​17184
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #​17256
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #​17257
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #​17239
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #​17238
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​evgeniycheban

v6.5.0

Compare Source

⭐ New Features
  • Add documentation for DPoP support #​17072
  • Add logging to CsrfTokenRequestHandler implementations #​16994
  • Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter #​16806
  • Bump Gradle Wrapper from 8.13 to 8.14 #​17018
  • ClientRegistrations.fromIssuerLocation does not include failure information #​17015
  • Fix Typo In SubjectDnX509PrincipalExtractorTests #​16997
  • Implement internal cache in JtiClaimValidator #​17107
  • Polish javadoc #​16924
  • Remove unused classes #​16935
  • Replace NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in Documentation #​16962
  • RequestHeaderAuthenticationFilter creates a session even if not configured to do so #​17147
🪲 Bug Fixes
  • Add FunctionalInterface To X509PrincipalExtractor #​16952
  • Change NonNull import from reactor to spring #​16571
  • Fix DPoP jkt claim to be JWK SHA-256 thumbprint #​17080
  • Minor error in the Handling Logouts documentation #​17049
  • SecurityAnnotationScanner's method comparison should use .equals #​17145
  • Use proper configuration key in Opaque Token documentation #​17014
🔨 Dependency Upgrades
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #​17069
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 #​16995
  • Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 #​16990
  • Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to 0.29.1.RELEASE #​17024
  • Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to 0.29.2.RELEASE #​17095
  • Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #​17096
  • Bump io.mockk:mockk from 1.14.0 to 1.14.2 #​17019
  • Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #​17111
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #​17040
  • Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #​17088
  • Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #​16761
  • Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #​17089
  • Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #​17105
  • Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 #​17037
  • Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #​16981
  • Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 #​17137
  • Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #​17124
🔩 Build Updates
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dkowis, @​franticticktick, @​hammadirshad, @​jearton, @​ngocnhan-tran1996, @​quaff, and @​yybmion


Configuration

📅 Schedule: (in timezone Europe/London)

  • Branch creation
    • Between 04:00 PM and 07:59 PM, Monday through Friday (* 16-19 * * 1-5)
  • Automerge
    • Between 02:00 PM and 06:59 PM, Monday through Thursday (* 14-18 * * 1-4)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot enabled auto-merge (squash) June 25, 2026 18:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants