Update all non-major maven dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
org.apache.maven.shared:maven-filtering (source)	3.2.0 -> 3.4.0
org.yaml:snakeyaml	2.0 -> 2.5
org.openapitools:jackson-databind-nullable	0.2.2 -> 0.2.7
com.google.guava:guava	32.0.0-jre -> 32.1.3-jre
net.javacrumbs.shedlock:shedlock-provider-jdbc-template (source)	4.34.0 -> 4.48.0
net.javacrumbs.shedlock:shedlock-spring (source)	4.34.0 -> 4.48.0
org.keycloak:keycloak-spring-security-adapter (source)	17.0.0 -> 17.0.1
org.keycloak:keycloak-admin-client (source)	17.0.0 -> 17.0.1
org.springframework.security:spring-security-config (source)	5.6.12 -> 5.8.16
org.springframework.security:spring-security-web (source)	5.6.12 -> 5.7.13

GitHub Vulnerability Alerts

CVE-2024-38821

Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.

For this to impact an application, all of the following must be true:

• It must be a WebFlux application
• It must be using Spring's static resources support
• It must have a non-permitAll authorization rule applied to the static resources support

---

Release Notes

OpenAPITools/jackson-databind-nullable (org.openapitools:jackson-databind-nullable)

v0.2.7: released

Compare Source

What's Changed

• Update parent and dependencies by @​Til7701 in #​61
• 0.2.7 release by @​wing328 in #​63
• update pom.xml to use central publishing maven plugin, add workflow by @​wing328 in #​66

New Contributors

• @​Til7701 made their first contribution in #​61

Full Changelog: OpenAPITools/jackson-databind-nullable@v0.2.6...v0.2.7

v0.2.6: released

Compare Source

What's Changed

• Fix broken unwrap bean validation and adapt tests by @​MelleD in #​50

New Contributors

• @​MelleD made their first contribution in #​50

Full Changelog: OpenAPITools/jackson-databind-nullable@v0.2.5...v0.2.6

v0.2.5: released

Compare Source

What's Changed

• Add support for Collection<JsonNullable> in the JsonNullableValueExtractor by @​tofi86 in #​35
• minor optimizations and simplifications to JsonNullable by @​bratkartoffel in #​43
• Add support for jakarta-validation by @​bratkartoffel in #​42
• Add "Automatic-Module-Name" to manifest, fix usage as java 9+ module by @​bratkartoffel in #​41

New Contributors

• @​tofi86 made their first contribution in #​35
• @​bratkartoffel made their first contribution in #​43

Full Changelog: OpenAPITools/jackson-databind-nullable@v0.2.4...v0.2.5

v0.2.4: released

Compare Source

What's Changed

• Fix CVE-2022-42003 by @​animalet in #​37

New Contributors

• @​animalet made their first contribution in #​37

Full Changelog: OpenAPITools/jackson-databind-nullable@v0.2.3...v0.2.4

v0.2.3: released

Compare Source

What's Changed

• jackson-base 2.13.3, add getAbsentValue by @​julianladisch in #​32

lukas-krecan/ShedLock (net.javacrumbs.shedlock:shedlock-provider-jdbc-template)

v4.48.0

• RedisLockProvider made extensible (thanks @​shubhajyoti-bagchi-groww)
• Dependency updates

v4.47.0

• #​1800 Enable lower case for database type when using usingDbTime() (thanks @​yuagu1)

v4.46.0

• JedisLockProvider (version 3) supports extending (thanks @​shotmk)

v4.45.0

• JedisLockProvider supports extending (thanks @​shotmk)

v4.44.0

• Insert ignore for MySQL 8a4ae7a

v4.43.0

• Better logging in JdbcTemplateProvider
• Dependency updates

v4.42.0

• Deprecate old Couchbase lock provider
• Dependency updates

v4.41.0

• Couchbase collection support (thanks @​mesuutt)
• Dependency updates

v4.40.0

• Fixed caching issues when the app is started by the DB does not exist yet (#​1129)
• Dependency updates

v4.39.0

• Introduced elasticsearch8 LockProvider and deperecated the orignal one (thanks @​MarAra)
• Dependency updates

v4.38.0

• ReactiveRedisLockProvider added (thanks @​ericwcc)
• Dependency updates

v4.37.0

• OpenSearch provider (thanks @​Pinny3)
• Fix wrong reference to reactive Mongo in BOM #​1048
• Dependency updates

v4.36.0

• shedlock-bom module added
• Dependency updates

v4.35.0

• Neo4j allows to specify database thanks @​SergeyPlatonov
• Dependency updates

keycloak/keycloak (org.keycloak:keycloak-spring-security-adapter)

v17.0.1

Compare Source

spring-projects/spring-security (org.springframework.security:spring-security-config)

v5.8.16

Compare Source

⭐ New Features

• Support ServerExchangeRejectedHandler @Bean #​15976

🪲 Bug Fixes

• Catch base64 decode exception #​15914
• Support ServerWebExchangeFirewall @Bean #​15977

🔨 Dependency Upgrades

• Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #​16030
• Bump org.springframework.ldap:spring-ldap-core from 2.4.2 to 2.4.4 #​16094

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-beta.4 to 1.0.0-beta.5 in /docs #​16114
• Update Antora UI Spring to v0.4.17 #​15933

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​kse-music
• @​github-actions[bot]
• @​dependabot[bot]

v5.8.15

Compare Source

⭐ New Features

• Address unnecessary method invocation in AbstractRequestMatcherRegistry #​15718
• The SecuredAuthorizationManager can now find @Secured annotations on … #​15014

🪲 Bug Fixes

• Disabling credentials erasure on custom AuthenticationManager is not working #​15683
• Methods annotated with @PostFilter are processed twice by PostFilterAuthorizationMethodInterceptor #​15624
• SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #​15749
• The additionalParameters array parameter of OAuth2AuthorizationRequest causes the authorizationRequestUri to be incorrect #​15533

🔨 Dependency Upgrades

• Bump io.projectreactor.tools:blockhound from 1.0.9.RELEASE to 1.0.10.RELEASE #​15928
• Bump org-eclipse-jetty from 9.4.55.v20240627 to 9.4.56.v20240826 #​15730
• Bump org.springframework.ldap:spring-ldap-core from 2.4.1 to 2.4.2 #​15941

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-beta.2 to 1.0.0-beta.3 in /docs #​15908
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.13 to 1.0.0-alpha.14 in /docs #​15837
• Migrate slack notifications to GChat #​15503
• Release 5.8.15 #​15963

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​chenzhenjia
• @​tugjg
• @​abimael-turing
• @​dependabot[bot]

v5.8.14

Compare Source

⭐ New Features

• Document the role of CredentialsContainer #​15319

🪲 Bug Fixes

• Clarify url Parameter Usage in AD Provider Constructor #​15409
• Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' #​15363

🔨 Dependency Upgrades

• Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 #​15375
• Bump io.projectreactor.netty:reactor-netty from 1.0.46 to 1.0.47 #​15391
• Bump io.projectreactor.netty:reactor-netty from 1.0.47 to 1.0.48 #​15606
• Bump io.projectreactor:reactor-bom from 2020.0.45 to 2020.0.46 #​15390
• Bump io.projectreactor:reactor-bom from 2020.0.46 to 2020.0.47 #​15604
• Bump org-eclipse-jetty from 9.4.54.v20240208 to 9.4.55.v20240627 #​15360
• Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.2 #​15291
• Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 #​15335
• Bump org.springframework:spring-framework-bom from 5.3.37 to 5.3.39 #​15615

🔩 Build Updates

• Automate check of expected branch version #​15226
• Bump @antora/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs #​15447
• Bump @antora/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs #​15484
• Bump @antora/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs #​15558
• Bump @antora/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs #​15633
• Bump @springio/antora-extensions from 1.11.1 to 1.12.0 in /docs #​15417
• Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs #​15523
• Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs #​15559
• Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs #​15632
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs #​15416
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs #​15524
• Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs #​15330
• Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs #​15481
• Bump com.gradle.develocity from 3.17.5 to 3.17.6 #​15463

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​Haarolean
• @​dependabot[bot]

v5.8.13

Compare Source

⭐ New Features

• doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #​14779
• Enhance Logging in RequestMatcherDelegatingAuthorizationManage #​14837
• Improve PasswordEncoder Error Messaging #​14951
• InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #​14880
• Mention all required dependencies in LDAP documentation #​15235
• Remove useBase64 parameter #​14862

🪲 Bug Fixes

• AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #​13849
• Always Use Request-Level ServletContext to Evaluate Request Matcher Paths #​15195
• Assert WebSession is not null #​14977
• Conditionally Add Conventions Plugin #​15152
• DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext #​14418
• Fix Java example in multitenanci.adoc #​15146
• LDIF file on official documentation breaks the startup process #​15089
• Link to article with remember-me-persistent-token strategy is broken #​14358
• ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #​14931
• Resolving invalid CSRF token values is not consistent #​15184
• Restore Build Scan Capability #​15120
• Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #​14855

🔨 Dependency Upgrades

• Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 #​15074
• Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 #​15231
• Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE #​14923
• Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 #​15073
• Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 #​15230
• Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #​15191
• Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 #​15085
• Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 #​15135
• Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 #​15253
• Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 #​14938

🔩 Build Updates

• Attach Antora Docs to Pull Requests #​14992
• Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #​15160
• Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #​15140
• Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #​15001
• Bump com.gradle.develocity from 3.17.2 to 3.17.4 #​15099
• Bump com.gradle.develocity from 3.17.4 to 3.17.5 #​15240
• Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #​14959
• Consider Adding a Build Updates section to the release changelog #​14485
• Migrate to com.gradle.develocity plugin #​15021
• Update Gradle Enterprise plugin to 3.17.2 #​15020

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​caio-henrique
• @​jzheaux
• @​dukbong
• @​Harsh4902
• @​abimael-turing
• @​dependabot[bot]
• @​sheriumair
• @​paschm

v5.8.12

Compare Source

🪲 Bug Fixes

• Conditional check for data-source-ref is incorrect #​14742

🔨 Dependency Upgrades

• Bump io.projectreactor.netty:reactor-netty from 1.0.43 to 1.0.44 #​14878
• Bump io.projectreactor:reactor-bom from 2020.0.42 to 2020.0.43 #​14877
• Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 #​14822
• Bump org.springframework:spring-framework-bom from 5.3.33 to 5.3.34 #​14891

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​dependabot[bot]
• @​sheriumair

v5.8.11

Compare Source

🪲 Bug Fixes

• Allow tab in HTTP header values. #​14590
• Check for null Authentication #​14664
• PostAuthorize Method Interceptors Should Use Order from AuthorizationInterceptorsOrder #​14720
• Remove duplicate setSecurityContextHolderStrategy #​14603
• Spring security's ServerLogoutHandler order problem. #​14379

🔨 Dependency Upgrades

• Bump io.projectreactor.netty:reactor-netty from 1.0.41 to 1.0.43 #​14730
• Bump io.projectreactor:reactor-bom from 2020.0.41 to 2020.0.42 #​14729
• Bump org.springframework:spring-framework-bom from 5.3.32 to 5.3.33 #​14759

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​chbecker2
• @​kse-music
• @​dependabot[bot]

v5.8.10

Compare Source

⭐ New Features

• Updated broken documentation link in javadocs #​14329

🪲 Bug Fixes

• Fix security filter sort in javadoc #​14552
• ReactiveMethodSecurityConfiguration is initialized prematurely when the context contains a BeanPostProcessor #​11596
• Saml2 LogoutFilter Should Come Before Common LogoutFilter #​14549

🔨 Dependency Upgrades

• Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 #​14584
• Bump gradle/gradle-build-action from 2 to 3 #​14505
• Bump io-spring-javaformat from 0.0.40 to 0.0.41 #​14438
• Bump io.projectreactor.netty:reactor-netty from 1.0.40 to 1.0.41 #​14432
• Bump io.projectreactor:reactor-bom from 2020.0.39 to 2020.0.40 #​14431
• Bump io.projectreactor:reactor-bom from 2020.0.40 to 2020.0.41 #​14614
• Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 #​14464
• Bump org-aspectj from 1.9.20.1 to 1.9.21.1 #​14607
• Bump org-eclipse-jetty from 9.4.53.v20231009 to 9.4.54.v20240208 #​14608
• Bump org.springframework:spring-framework-bom from 5.3.31 to 5.3.32 #​14622
• Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 #​14506
• Bump spring-io/spring-github-workflows from eaf17a1 to 1e8b058 #​14585

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​kse-music
• @​geirhe
• @​aspan
• @​dependabot[bot]

v5.8.9

Compare Source

⭐ New Features

• Document that Shibboleth Repository is Required for SAML Support #​14286
• OAuth2 Resource Server is exposing server information. #​13730
• Resolve RequestMatcher at request-time #​14078
• Update Java Config Spring MVC documentation #​14220

🪲 Bug Fixes

• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #​13625
• Authentication not propagated correctly after migrating to SB3 #​12877
• Authorization does not show up on Features section #​14099
• Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #​13718
• Fix caching error state in ReactiveRemoteJWKSource #​13976
• fix wrong document about "jws-algorithms" #​14252
• Improve error message when ServletRegistration API is unavailable #​14221
• References to WebFlux docs do not link to them #​14100
• relay_state should not be included in signing calculation when it is null #​13913
• Security configuration is failed to be initialized in a Servlet 6.0 container #​13794
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #​13644
• X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #​11948
• XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #​12483

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #​14313
• Bump actions/setup-java from 3 to 4 #​14307
• Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 #​14240
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #​14301
• Bump io-spring-javaformat from 0.0.39 to 0.0.40 #​14153
• Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 #​14143
• Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 #​14290
• Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 #​14142
• Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 #​14291
• Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 #​14170
• Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 #​14154
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #​14303
• Bump spring-io/spring-gradle-build-action from 1 to 2 #​14308

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​dongelci
• @​dependabot[bot]

v5.8.8

Compare Source

⭐ New Features

• Document how to publish an AuthenticationManager @Bean without WebSecurityConfigurerAdapter #​11926
• Use Gradle's Version Catalog #​13868

🪲 Bug Fixes

• Fix snapshot_tests on CI workflow #​13876
• fix corrupted saml2 metadata once special characters are present #​13777
• Saml-Metadata with special characters is corrupted #​13776
• Saml2LogoutRequestMixin relayState property should be binding #​12539

🔨 Dependency Upgrades

• Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 #​13982
• Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 #​13927
• Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 #​13890
• Bump com.gradle.enterprise from 3.11.1 to 3.11.4 #​13928
• Bump io.projectreactor.netty:reactor-netty from 1.0.35 to 1.0.36 #​13885
• Bump io.projectreactor.netty:reactor-netty from 1.0.36 to 1.0.38 #​13998
• Bump io.projectreactor:reactor-bom from 2020.0.35 to 2020.0.36 #​13944
• Bump io.projectreactor:reactor-bom from 2020.0.36 to 2020.0.37 #​13997
• Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 #​13925
• Bump org-aspectj from 1.9.20 to 1.9.20.1 #​13893
• Bump org-eclipse-jetty from 9.4.51.v20230217 to 9.4.52.v20230823 #​13909
• Bump org-eclipse-jetty from 9.4.52.v20230823 to 9.4.53.v20231009 #​13996
• Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.17.2 #​13926
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 #​13954
• Bump org.springframework.data:spring-data-bom from 2021.2.15 to 2021.2.16 #​13907
• Bump org.springframework.data:spring-data-bom from 2021.2.16 to 2021.2.17 #​14018
• Bump org.springframework:spring-framework-bom from 5.3.29 to 5.3.30 #​13908

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​JannickWeisshaupt
• @​erichaagdev
• @​dependabot[bot]

v5.8.7

Compare Source

⭐ New Features

• Automate spring-security.xsd #​13823

🪲 Bug Fixes

• CookieRequestCache ignores user Locale #​13792
• Default Security Configuration adds WWW-Authenticate Twice #​13737
• OAuth2AuthenticationExceptionMixin doesn't work in JDK 17 #​11893
• Saml2AuthenticationExceptionMixin doesn't work in JDK 17 #​13804

v5.8.6

Compare Source

⭐ New Features

• Closes #​11450 - Add Java beans configuration for Remmember Me Docs #​13570
• Dependencies are resolved from appropriate repositories #​13582
• requestMatchers servlet validation error should include information about servlet paths #​13667
• requestMatchers should not count servlets without mappings #​13666

🪲 Bug Fixes

• Fix Bearer Token RestTemplate Support example #​13434
• Referrer Header is set in Reactive Web Applications by default, although doc says it is not. #​13561
• The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered #​13572

🔨 Dependency Upgrades

• Update io.projectreactor to 2020.0.35 #​13702
• Update org.aspectj to 1.9.20 #​13704
• Update org.springframework.data to 2021.2.15 #​13705
• Update reactor-netty to 1.0.35 #​13703

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​erichaagdev
• @​petrovskimario
• @​daniel-shuy

v5.8.5

Compare Source

⭐ New Features

• Improve RequestMatcher Validation #​13551
• Improve Security Filters Documentation #​8167

🪲 Bug Fixes

• Optimize Querying of RequestCache -> continue parameter #​13438
• Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration #​13417
• Use default PathPatternParser instance #​13462

🔨 Dependency Upgrades

• Update io.projectreactor to 2020.0.34 #​13513
• Update org.springframework to 5.3.29 #​13515
• Update org.springframework.data to 2021.2.14 #​13516
• Update reactor-netty to 1.0.34 #​13514

v5.8.4

Compare Source

⭐ New Features

• Convert to Asciidoctor Tabs #​13405
• Mention that authorizeHttpRequests does not support GrantedAuthorityDefaults #​13227
• mockOAuth2Login() does not work in collaboration with Spring Cloud Gateway and TokenRelayGatewayFilter #​13252
• Use Antora name of security #​13329

🪲 Bug Fixes

• Additional filters registered when using Custom DSL #​13280
• AffirmativeBased vs. AuthorizationManagers.anyOf(...) documentation #​13069
• AuthorizationAnnotationUtils.findUniqueAnnotation broken for synthetic methods #​13132
• Clarify that Kotlin DSL needs an import #​13101
• Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository #​13191
• Fix Antora Warnings #​13292
• Fix code snippets in Authorize HttpServletRequest #​11522
• Fix constant value in XContentTypeOptionsServerHttpHeadersWriter #​13219
• Fix Documentation Title #​13316
• Fix legacy-websocket-configuration cross-reference #​12969
• Fix typo in authorization.adoc #​13135
• http://www.springframework.org/schema/security/spring-security.xsd returns 404 #​13207
• Links between migration docs are out of date #​12675
• Proxy Server section is not linked in nav #​13322
• RememberMeAuthenticationFilter does not use SecurityContextRepository configured in HttpSecurity #​13104
• SAML 2.0 HTTP Redirect Binding query params may appear in any order #​12963
• SAML login fails in Internet Explorer 11 #​13106
• Spring Security 6 combined with AspectJ weaving of spring-security-aspects executes PreAuthorize twice #​13160

🔨 Dependency Upgrades

• Address CVE-2023-1370 #​13146
• Update com.nimbusds to 9.43.3 #​13374
• Update hsqldb to 2.7.2 #​13388
• Update io.projectreactor to 2020.0.33 #​13377
• Update io.rsocket to 1.1.4 #​13383
• Update io.spring.javaformat to 0.0.39 #​13386
• Update junit-bom to 5.9.3 #​13391
• Update org.junit.jupiter to 5.9.3 #​13393
• Update org.springframework to 5.3.28 #​13395
• Update org.springframework.data to 2021.2.13 #​13397
• Update reactor-netty to 1.0.33 #​13380

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​LeovR
• @​lukaszmigdalek
• @​fredbalves86
• @​daisuzz

v5.8.3

Compare Source

⭐ New Features

• Clarify documentation code snippet(s) (unclear where static imported methods come from) #​12991
• Document 5.8 Migration for DefaultMethodSecurityExpressionHandler #​12356
• Documentation should mention that an empty SecurityContext should also be saved #​12906
• Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist #​12928
• Fixed test in DefaultLoginPageGeneratingFilterTests #​12694

🪲 Bug Fixes

• Bug in documentation of Storing the Authentication manually #​12850
• DaoAuthenticationProvider is not usable on RHEL 8.7 with enfo

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.38%. Comparing base (6ec707b) to head (ac5e475).
Report is 15 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff              @@
##             master      #59      +/-   ##
============================================
+ Coverage     81.27%   81.38%   +0.10%     
- Complexity      242      244       +2     
============================================
  Files            35       35              
  Lines           860      865       +5     
  Branches         40       41       +1     
============================================
+ Hits            699      704       +5     
  Misses          134      134              
  Partials         27       27              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.