Update dependency org.springframework.security:spring-security-test to v6

[mend-for-github-com]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework.security:spring-security-test (source)	5.4.5 -> 6.3.3

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-test)

v6.3.3

Compare Source

🪲 Bug Fixes

• ObservationRegistry is never post-processed #​15658

🔨 Dependency Upgrades

• Bump org-eclipse-jetty from 11.0.22 to 11.0.23 #​15664

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dependabot[bot]

v6.3.2

Compare Source

⭐ New Features

• ActiveDirectoryLdapAuthenticationProvider does not implement support for multiple urls #​15495
• Document the role of CredentialsContainer #​15321
• OIDC Backchannel Logout should allow logout tokens having typ header of logout+jwt #​15410

🪲 Bug Fixes

• A broken link in Spring Security reference #​15297
• Documentation for ServletBearerExchangeFilterFunction incomplete or incorrect #​15460
• EnableMethodSecurity should publish only one bean of each AuthorizationAdvisor #​15592
• Fix Compromised Password Checker Docs Sample Not Working #​15305
• Fix for #​15172 introduces significant performance degredation #​15324
• Pre/PostAuthorize should not ignore HandleAuthorizationDenied#handlerClass when ApplicationContext is not provided #​15535
• Update prerequisites documentation with Java 17 #​15340
• Use Correct Meta-Annotation in Kotlin Sample #​15472
• Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' #​15440

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.6 to 1.5.7 #​15619
• Bump com.fasterxml.jackson:jackson-bom from 2.17.1 to 2.17.2 #​15374
• Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 #​15373
• Bump io.micrometer:micrometer-observation from 1.12.7 to 1.12.8 #​15383
• Bump io.micrometer:micrometer-observation from 1.12.8 to 1.12.9 #​15581
• Bump io.mockk:mockk from 1.13.11 to 1.13.12 #​15430
• Bump io.projectreactor:reactor-bom from 2023.0.7 to 2023.0.8 #​15388
• Bump io.projectreactor:reactor-bom from 2023.0.8 to 2023.0.9 #​15597
• Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.0 to 3.0.1 #​15582
• Bump org-apache-maven-resolver from 1.9.20 to 1.9.21 #​15372
• Bump org-apache-maven-resolver from 1.9.21 to 1.9.22 #​15545
• Bump org-eclipse-jetty from 11.0.21 to 11.0.22 #​15356
• Bump org.apache.maven:maven-resolver-provider from 3.9.7 to 3.9.8 #​15268
• Bump org.apache.maven:maven-resolver-provider from 3.9.8 to 3.9.9 #​15642
• Bump org.gretty:gretty from 4.1.4 to 4.1.5 #​15431
• Bump org.hibernate.orm:hibernate-core from 6.4.9.Final to 6.4.10.Final #​15530
• Bump org.jetbrains.kotlin:kotlin-bom from 1.9.24 to 1.9.25 #​15456
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.24 to 1.9.25 #​15455
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.19 to 4.33.20 #​15267
• Bump org.junit:junit-bom from 5.10.2 to 5.10.3 #​15315
• Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 #​15336
• Bump org.slf4j:slf4j-api from 2.0.13 to 2.0.14 #​15529
• Bump org.slf4j:slf4j-api from 2.0.14 to 2.0.15 #​15546
• Bump org.slf4j:slf4j-api from 2.0.15 to 2.0.16 #​15571
• Bump org.springframework.data:spring-data-bom from 2024.0.1 to 2024.0.2 #​15421
• Bump org.springframework.data:spring-data-bom from 2024.0.2 to 2024.0.3 #​15643
• Bump org.springframework.ldap:spring-ldap-core from 3.2.4 to 3.2.6 #​15620
• Bump org.springframework:spring-framework-bom from 6.1.10 to 6.1.11 #​15402
• Bump org.springframework:spring-framework-bom from 6.1.11 to 6.1.12 #​15613
• Bump org.springframework:spring-framework-bom from 6.1.9 to 6.1.10 #​15279

🔩 Build Updates

• Automate check of expected branch version #​15310
• Bump @antora/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs #​15449
• Bump @antora/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs #​15482
• Bump @antora/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs #​15560
• Bump @antora/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs #​15637
• Bump @springio/antora-extensions from 1.11.1 to 1.12.0 in /docs #​15418
• Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs #​15517
• Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs #​15561
• Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs #​15636
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs #​15419
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs #​15515
• Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs #​15329
• Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs #​15480
• Bump com.gradle.develocity from 3.17.5 to 3.17.6 #​15464
• Bump io-spring-javaformat from 0.0.42 to 0.0.43 #​15650
• Fix typos and formatting in documentation #​15380
• Migrate slack notifications to GChat #​15505
• Use explicit types instead of var #​15537

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kehrlann, @​dependabot[bot], and @​tahakorkem

v6.3.1

Compare Source

⭐ New Features

• Clarify the behavior of Concurrent Session Management when an IdP is involved #​15071
• Mention all required dependencies in LDAP documentation #​15245
• Minor docs fix #​15144

🪲 Bug Fixes

• AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #​15211
• Assert WebSession is not null #​15179
• DispatcherServletDelegatingRequestMatcher causes errors when running tests with MockMvc #​15197
• Documentation clarification after #​12783 has been closed is needed. #​15208
• Fix Java example in multitenanci.adoc #​15151
• Fix Kotlin example in authorize-http-requests.adoc #​15129
• Incorrect documentation for OIDC Back-Channel Logout #​15212
• IpAddressMatcher.matches(String address) still accepts URLs #​15172
• LDIF file on official documentation breaks the startup process #​15167
• Link to article with remember-me-persistent-token strategy is broken #​15149
• OpenSaml4AssertionValidator is not respecting clock skew settings #​15183
• Resolving invalid CSRF token values is not consistent #​15186
• spring-security/docs/modules/ROOT/pages/servlet/authorization /method-security #​15143
• SpringOpaqueTokenIntrospector does not add scopes as granted authorities properly #​15165

🔨 Dependency Upgrades

• Bump io.micrometer:micrometer-observation from 1.12.6 to 1.12.7 #​15225
• Bump io.projectreactor:reactor-bom from 2023.0.6 to 2023.0.7 #​15229
• Bump org.apache.directory.shared:shared-ldap from 0.9.15 to 0.9.19 #​15161
• Bump org.apache.maven:maven-resolver-provider from 3.9.6 to 3.9.7 #​15168
• Bump org.gretty:gretty from 4.1.3 to 4.1.4 #​15133
• Bump org.hibernate.orm:hibernate-core from 6.4.8.Final to 6.4.9.Final #​15228
• Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #​15193
• Bump org.springframework.data:spring-data-bom from 2024.0.0 to 2024.0.1 #​15260
• Bump org.springframework.ldap:spring-ldap-core from 3.2.3 to 3.2.4 #​15251
• Bump org.springframework:spring-framework-bom from 6.1.7 to 6.1.8 #​15134
• Bump org.springframework:spring-framework-bom from 6.1.8 to 6.1.9 #​15252

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #​15159
• Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #​15141
• Bump com.gradle.develocity from 3.17.4 to 3.17.5 #​15239
• Bump gradle/gradle-build-action from 2 to 3 #​15157
• Bump io-spring-javaformat from 0.0.41 to 0.0.42 #​15219
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.15 to 4.33.16 #​15176
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.16 to 4.33.17 #​15218
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.17 to 4.33.19 #​15261
• Bump spring-io/spring-doc-actions from 17ed79e to 5a57bcc #​15139

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dependabot[bot] and @​theHacker

v6.3.0

Compare Source

⭐ New Features

• Add getters to OAuth2AuthorizedClientId #​13648
• Add timeout defaults to JwtDecoders #​14890
• doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #​15065
• Improve logging for Global Authentication #​14711
• Minor docs fix #​15043
• Minor Documentation update on import needed for using Kotlin DSL #​14969
• OAuth2 Client Authentication docs are incomplete #​14982
• Proofread CasAuthenticationFilter documentation #​14883
• Replace "Spring Boot 2.x" with "Spring Boot" #​14919
• Simplify Disabling application/x-www-form-urlencoded Encoding Client ID and Secret #​14859
• Support Specifying Identifier for relying-party-registrations Element #​14487
• Update What's New in 6.3 #​14918

🪲 Bug Fixes

• Do Not Invalidate Current Session When Its Registered #​15066
• Fix MethodAuthorizationDeniedPostProcessor does not exist in java doc #​14955
• fix docs error in AuthenticatedReactiveAuthorizationManager #​14979
• OIDC Logout section is not shown in the navbar #​15113
• Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #​14996

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.5 to 1.5.6 #​14926
• Bump com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.17.1 #​15010
• Bump com.gradle.develocity from 3.17.2 to 3.17.3 #​15051
• Bump com.gradle.develocity from 3.17.3 to 3.17.4 #​15104
• Bump io.micrometer:micrometer-observation from 1.12.5 to 1.12.6 #​15068
• Bump io.mockk:mockk from 1.13.10 to 1.13.11 #​15086
• Bump io.projectreactor:reactor-bom from 2023.0.5 to 2023.0.6 #​15076
• Bump org-apache-maven-resolver from 1.9.18 to 1.9.19 #​14940
• Bump org-apache-maven-resolver from 1.9.19 to 1.9.20 #​14987
• Bump org-aspectj from 1.9.22 to 1.9.22.1 #​15052
• Bump org-bouncycastle from 1.78 to 1.78.1 #​14929
• Bump org-eclipse-jetty from 11.0.20 to 11.0.21 #​15087
• Bump org.hibernate.orm:hibernate-core from 6.4.4.Final to 6.4.5.Final #​14948
• Bump org.hibernate.orm:hibernate-core from 6.4.5.Final to 6.4.6.Final #​14952
• Bump org.hibernate.orm:hibernate-core from 6.4.6.Final to 6.4.7.Final #​14962
• Bump org.hibernate.orm:hibernate-core from 6.4.7.Final to 6.4.8.Final #​14980
• Bump org.jetbrains.kotlin:kotlin-bom from 1.9.23 to 1.9.24 #​15025
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.23 to 1.9.24 #​15026
• Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.8.0 to 1.8.1 #​15053
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.13 to 4.33.15 #​14945
• Bump org.springframework.data:spring-data-bom from 2024.0.0-RC1 to 2024.0.0 #​15103
• Bump org.springframework:spring-framework-bom from 6.1.6 to 6.1.7 #​15088

🔩 Build Updates

• Attach Antora Docs to Pull Requests #​15061
• Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.12 #​14986
• Bump com.github.spullara.mustache.java:compiler from 0.9.12 to 0.9.13 #​14999
• Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #​14963
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.2 to 1.0.3 #​14928
• Consider Adding a Build Updates section to the release changelog #​15039

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Crain-32, @​Kehrlann, @​MrJovanovic13, @​ch4mpy, @​dependabot[bot], @​joaquinjsb, @​kse-music, @​madorb, @​rishiraj88, and @​vvaadd

v6.2.6

Compare Source

⭐ New Features

• ActiveDirectoryLdapAuthenticationProvider does not implement support for multiple urls #​15494
• Document the role of CredentialsContainer #​15320
• OIDC Backchannel Logout should allow logout tokens having typ header of logout+jwt #​15277

🪲 Bug Fixes

• A broken link in Spring Security reference #​15288
• Correct HttpSessionCsrfTokenRepository Documentation #​15392
• Documentation for ServletBearerExchangeFilterFunction incomplete or incorrect #​15459
• Restrict automatic CORS configuration to UrlBasedCorsConfigurationSource #​15444
• Update prerequisites documentation with Java 17 #​15323
• Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' #​15439

🔨 Dependency Upgrades

• Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 #​15376
• Bump io.micrometer:micrometer-observation from 1.12.7 to 1.12.8 #​15381
• Bump io.micrometer:micrometer-observation from 1.12.8 to 1.12.9 #​15588
• Bump io.mockk:mockk from 1.13.11 to 1.13.12 #​15427
• Bump io.projectreactor:reactor-bom from 2023.0.7 to 2023.0.8 #​15389
• Bump io.projectreactor:reactor-bom from 2023.0.8 to 2023.0.9 #​15599
• Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.0 to 3.0.1 #​15589
• Bump org-apache-maven-resolver from 1.9.20 to 1.9.21 #​15377
• Bump org-apache-maven-resolver from 1.9.21 to 1.9.22 #​15543
• Bump org-eclipse-jetty from 11.0.21 to 11.0.22 #​15358
• Bump org.apache.maven:maven-resolver-provider from 3.9.7 to 3.9.8 #​15271
• Bump org.apache.maven:maven-resolver-provider from 3.9.8 to 3.9.9 #​15645
• Bump org.jetbrains.kotlin:kotlin-bom from 1.9.24 to 1.9.25 #​15452
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.24 to 1.9.25 #​15451
• Bump org.junit:junit-bom from 5.10.2 to 5.10.3 #​15314
• Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 #​15333
• Bump org.slf4j:slf4j-api from 2.0.13 to 2.0.14 #​15528
• Bump org.slf4j:slf4j-api from 2.0.14 to 2.0.15 #​15544
• Bump org.slf4j:slf4j-api from 2.0.15 to 2.0.16 #​15570
• Bump org.springframework.data:spring-data-bom from 2023.1.7 to 2023.1.8 #​15422
• Bump org.springframework.data:spring-data-bom from 2023.1.8 to 2023.1.9 #​15644
• Bump org.springframework.ldap:spring-ldap-core from 3.2.4 to 3.2.6 #​15618
• Bump org.springframework:spring-framework-bom from 6.1.10 to 6.1.11 #​15404
• Bump org.springframework:spring-framework-bom from 6.1.11 to 6.1.12 #​15614
• Bump org.springframework:spring-framework-bom from 6.1.9 to 6.1.10 #​15280

🔩 Build Updates

• Automate check of expected branch version #​15309
• Bump @antora/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs #​15445
• Bump @antora/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs #​15488
• Bump @antora/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs #​15563
• Bump @antora/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs #​15639
• Bump @springio/antora-extensions from 1.11.1 to 1.12.0 in /docs #​15415
• Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs #​15516
• Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs #​15562
• Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs #​15638
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs #​15414
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs #​15518
• Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs #​15328
• Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs #​15489
• Bump com.gradle.develocity from 3.17.5 to 3.17.6 #​15465
• Bump io-spring-javaformat from 0.0.42 to 0.0.43 #​15649
• Migrate slack notifications to GChat #​15504

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Junhyunny, @​Kehrlann, @​OLibutzki, @​arey, @​baezzys, and @​dependabot[bot]

v6.2.5

Compare Source

⭐ New Features

• doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #​15063
• Enhance Logging in RequestMatcherDelegatingAuthorizationManage #​14922
• InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #​14974
• Mention all required dependencies in LDAP documentation #​15244

🪲 Bug Fixes

• Assert WebSession is not null #​15178
• AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #​15210
• DispatcherServletDelegatingRequestMatcher causes errors when running tests with MockMvc #​15196
• Fix Java example in multitenanci.adoc #​15150
• Incorrect documentation for OIDC Back-Channel Logout #​15198
• InMemoryUserDetailsManager Setting User Roles in Official Documentation Example Causes Error #​14972
• LDIF file on official documentation breaks the startup process #​15166
• Link to article with remember-me-persistent-token strategy is broken #​15148
• OIDC Logout section is not shown in the navbar #​15112
• OpenSaml4AssertionValidator is not respecting clock skew settings #​15022
• ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #​14958
• Resolving invalid CSRF token values is not consistent #​15185
• spring-security/docs/modules/ROOT/pages/servlet/authorization /method-security #​15045
• Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #​14995

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.17.1 #​15011
• Bump io.micrometer:micrometer-observation from 1.12.5 to 1.12.6 #​15069
• Bump io.micrometer:micrometer-observation from 1.12.6 to 1.12.7 #​15224
• Bump io.mockk:mockk from 1.13.10 to 1.13.11 #​15079
• Bump io.projectreactor:reactor-bom from 2023.0.5 to 2023.0.6 #​15075
• Bump io.projectreactor:reactor-bom from 2023.0.6 to 2023.0.7 #​15232
• Bump org-apache-maven-resolver from 1.9.18 to 1.9.19 #​14939
• Bump org-apache-maven-resolver from 1.9.19 to 1.9.20 #​15031
• Bump org-aspectj from 1.9.22 to 1.9.22.1 #​15049
• Bump org-eclipse-jetty from 11.0.20 to 11.0.21 #​15080
• Bump org.apache.maven:maven-resolver-provider from 3.9.6 to 3.9.7 #​15170
• Bump org.hibernate.orm:hibernate-core from 6.4.4.Final to 6.4.5.Final #​14949
• Bump org.hibernate.orm:hibernate-core from 6.4.5.Final to 6.4.6.Final #​14953
• Bump org.hibernate.orm:hibernate-core from 6.4.6.Final to 6.4.7.Final #​14960
• Bump org.hibernate.orm:hibernate-core from 6.4.7.Final to 6.4.8.Final #​14981
• Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #​15192
• Bump org.jetbrains.kotlin:kotlin-bom from 1.9.23 to 1.9.24 #​15024
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.23 to 1.9.24 #​15023
• Bump org.opensaml:opensaml-core4 from 4.3.1 to 4.3.2 #​14947
• Bump org.springframework.data:spring-data-bom from 2023.1.5 to 2023.1.6 #​15101
• Bump org.springframework.data:spring-data-bom from 2023.1.6 to 2023.1.7 #​15262
• Bump org.springframework.ldap:spring-ldap-core from 3.2.3 to 3.2.4 #​15248
• Bump org.springframework:spring-framework-bom from 6.1.6 to 6.1.7 #​15081
• Bump org.springframework:spring-framework-bom from 6.1.7 to 6.1.8 #​15132
• Bump org.springframework:spring-framework-bom from 6.1.8 to 6.1.9 #​15247
• Update to OAuth2 OIDC SDK 9.43.4 #​14920
• Upgrade nimbus-jose-jwt to version 9.37.3 #​14836

🔩 Build Updates

• Attach Antora Docs to Pull Requests #​15060
• Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #​15163
• Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #​15142
• Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #​15032
• Bump com.gradle.develocity from 3.17.2 to 3.17.3 #​15050
• Bump com.gradle.develocity from 3.17.3 to 3.17.4 #​15102
• Bump com.gradle.develocity from 3.17.4 to 3.17.5 #​15241
• Bump io-spring-javaformat from 0.0.41 to 0.0.42 #​15216
• Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #​14961
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.2 to 1.0.3 #​14924
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.13 to 4.33.15 #​14950
• Consider Adding a Build Updates section to the release changelog #​15038

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dependabot[bot]

v6.2.4

Compare Source

🪲 Bug Fixes

• SpaCsrfTokenRequestHandler(Kotlin) documented in csrf-integration-javascript-spa causes NullPointerException #​14805
• Address AuthorizationObservationConvention Package Tangle #​14795
• bug org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector introspect method error #​14848
• Transactional annotation breaks AOT for native image #​14865

🔨 Dependency Upgrades

• Bump io.micrometer:micrometer-observation from 1.12.4 to 1.12.5 #​14867
• Bump io.projectreactor:reactor-bom from 2023.0.4 to 2023.0.5 #​14873
• Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 #​14821
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.1 to 1.0.2 #​14786
• Bump org-aspectj from 1.9.21.2 to 1.9.22 #​14798
• Bump org.slf4j:slf4j-api from 2.0.12 to 2.0.13 #​14907
• Bump org.springframework.data:spring-data-bom from 2023.1.4 to 2023.1.5 #​14908
• Bump org.springframework.ldap:spring-ldap-core from 3.2.2 to 3.2.3 #​14896
• Bump org.springframework:spring-framework-bom from 6.1.5 to 6.1.6 #​14895
• Update org.opensaml:opensaml-core4 to 4.3.1 #​14850

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dependabot[bot]

v6.2.3

Compare Source

⭐ New Features

• Structure101 Plugin Should Ignore Deprecated Files #​14640

🪲 Bug Fixes

• Check for null Authentication #​14666
• Fix Package Tangle in CAS #​14641
• LogoutConfigurer#createLogoutFilter sets the SecurityContextHolderStrategy twice #​14648
• ObservationTextHandler class is not defined in a reactive context #​14653
• PostAuthorize Method Interceptors Should Use Order from AuthorizationInterceptorsOrder #​14723
• Spring security's ServerLogoutHandler order problem. #​14682

🔨 Dependency Upgrades

• Bump io.micrometer:micrometer-observation from 1.12.3 to 1.12.4 #​14719
• Bump io.mockk:mockk from 1.13.9 to 1.13.10 #​14661
• Bump io.projectreactor:reactor-bom from 2023.0.3 to 2023.0.4 #​14726
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.1 to 4.0.2 #​14705
• Bump org-aspectj from 1.9.21.1 to 1.9.21.2 #​14734
• Bump org.jetbrains.kotlin:kotlin-bom from 1.9.22 to 1.9.23 #​14706
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.22 to 1.9.23 #​14704
• Bump org.springframework.data:spring-data-bom from 2023.1.3 to 2023.1.4 #​14770
• Bump org.springframework:spring-framework-bom from 6.1.4 to 6.1.5 #​14757

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dependabot[bot]

v6.2.2

Compare Source

⭐ New Features

• Configuration examples in docs are out of date #​14392

🪲 Bug Fixes

• "Span wasn't started - an observation must be started (not only created)" (Micrometer) due to observation handling in Spring Security Web? #​14568
• HandlerMappingIntrospectorRequestTransformer is registered twice in AOT #​14367
• OAuth2AuthorizationExchange is not serializable #​14405
• WebTestUtilsTestRuntimeHints should implement RuntimeHintsRegistrar #​14468
• Application context fails to load: Couldn't find FilterChainProxy #​14380
• Back-Channel Logout should use localhost for internal logout request #​14553
• Cannot configure SecurityContextRepository in CasAuthenticationFilter #​14536
• Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #​14348
• fix typo in anonymous.adoc #​14424
• fix: typo in Authentication Architecture ProviderManager #​14448
• Missing native-image reflection hint for HandlerMappingIntrospectorCachFilterFactoryBean #​14377
• Missing native-image reflection hint for CsrfTokenRequestAttributeHandler$SupplierCsrfToken #​14470
• ReactiveMethodSecurityConfiguration is initialized prematurely when the context contains a BeanPostProcessor #​14350
• SAML relying party logout filter is always ordered last #​14551
• Spring Security 6.2 defaults to InMemoryOidcSessionRegistry causing memory leaks in distributed systems with external session storage #​14558
• Test using @WithMockUser fails with 401 UNAUTHORIZED with 3.2 #​14207
• Typo: Update authorize-http-requests.adoc #​14563
• Unexpected Exception Handling in NimbusReactiveJwtDecoder decode Method #​14496
• X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #​14346

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.15.3 to 2.15.4 #​14617
• Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 #​14582
• Bump Gradle Wrapper from 8.5 to 8.6 #​14547
• Bump gradle/gradle-build-action from 2 to 3 #​14503
• Bump io-spring-javaformat from 0.0.40 to 0.0.41 #​14439
• Bump io.micrometer:micrometer-observation from 1.12.1 to 1.12.2 #​14429
• Bump io.micrometer:micrometer-observation from 1.12.2 to 1.12.3 #​14589
• Bump io.mockk:mockk from 1.13.8 to 1.13.9 #​14412
• Bump io.projectreactor:reactor-bom from 2023.0.1 to 2023.0.2 #​14430
• Bump io.projectreactor:reactor-bom from 2023.0.2 to 2023.0.3 #​14612
• Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 #​14463
• Bump org-aspectj from 1.9.21 to 1.9.21.1 #​14605
• Bump org-eclipse-jetty from 11.0.18 to 11.0.19 #​14354
• Bump org-eclipse-jetty from 11.0.19 to 11.0.20 #​14518
• Bump org.apereo.cas.client:cas-client-core from 4.0.3 to 4.0.4 #​14440
• Bump org.jetbrains.kotlin:kotlin-bom from 1.9.21 to 1.9.22 #​14364
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.21 to 1.9.22 #​14363
• Bump org.junit:junit-bom from 5.10.1 to 5.10.2 #​14543
• Bump org.slf4j:slf4j-api from 2.0.10 to 2.0.11 #​14422
• Bump org.slf4j:slf4j-api from 2.0.11 to 2.0.12 #​14554
• Bump org.slf4j:slf4j-api from 2.0.9 to 2.0.10 #​14387
• Bump org.springframework.data:spring-data-bom from 2023.1.1 to 2023.1.2 #​14455
• Bump org.springframework.data:spring-data-bom from 2023.1.2 to 2023.1.3 #​14624
• Bump org.springframework.ldap:spring-ldap-core from 3.2.1 to 3.2.2 #​14616
• Bump org.springframework:spring-framework-bom from 6.1.2 to 6.1.3 #​14454
• Bump org.springframework:spring-framework-bom from 6.1.3 to 6.1.4 #​14615
• Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 #​14504
• Bump spring-io/spring-github-workflows from eaf17a1 to 1e8b058 #​14583

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Amitmahato, @​andreasbuechel, @​boulce, and @​dependabot[bot]

v6.2.1

Compare Source

⭐ New Features

• docs: make XML and Java/Kotlin consistent with AspectJExpressionPointcut #​14219
• Document that Shibboleth Repository is Required for SAML Support #​14295
• Integrate HandlerMappingIntrospector Caching #​14332
• OAuth2 Resource Server is exposing server information. #​14278

🪲 Bug Fixes

• Update Java Config Spring MVC documentation #​14234
• add missing [tabs] fix typo in docs #​14208
• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #​14267
• Correct What's New in 6.2 reference to forServletPattern #​14200
• Fix typo in getClaimAsMap docstring #​14183
• Fix typo in the 'Authorizing Requests' example #​14169
• fix wrong document about "jws-algorithms" #​14280
• Improve error message when ServletRegistration API is unavailable #​14232
• Update Javadoc Comments in AuthorizationEvent Class #​14175
• Fix typo in architecture.adoc #​14254
• Fixing link in authentication/architecture.adoc #​13593

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #​14323
• Bump actions/setup-java from 3 to 4 #​14320
• Bump ch.qos.logback:logback-classic from 1.4.11 to 1.4.13 #​14213
• Bump ch.qos.logback:logback-classic from 1.4.13 to 1.4.14 #​14239
• Bump com.unboundid:unboundid-ldapsdk from 6.0.10 to 6.0.11 #​14223
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #​14328
• Bump Gradle Wrapper from 8.4 to 8.5 #​14222
• Bump io.micrometer:micrometer-observation from 1.12.0 to 1.12.1 #​14284
• Bump io.projectreactor:reactor-bom from 2023.0.0 to 2023.0.1 #​14289
• Bump org-apache-maven-resolver from 1.9.16 to 1.9.17 #​14184
• Bum

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box