spring-projects/spring-security
 Watch   
 Star   
 Fork   
1 days ago
spring-security

6.4.11

🔨 Dependency Upgrades

  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17921
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17909
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17918
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17905
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #17917
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #17907
  • Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #17919
  • Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #17906
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17920
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17908
1 days ago
spring-security

6.5.5

🔨 Dependency Upgrades

  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17922
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17911
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17923
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17910
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #17924
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #17913
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #17925
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #17912
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17926
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17914
3 days ago
spring-security

7.0.0-M3

⏪ Breaking Changes

  • Remove PortResolver #17524
  • Support Expression Templates by Default #17763

⭐ New Features

  • Add discoverJwsAlgorithms() in NimbusJwtDecoder #17788
  • Add AuthorizationManagerFactory #17673
  • Add Builders for all Authentication implementations #17861
  • Add OneTimeTokenAuthentication #17799
  • Add option to disable anonymous authentication in RSocketSecurity #17159
  • Add password4j implementation of PasswordEncoder #17825
  • Add SecurityAssertions #17844
  • Align NimbusJwtDecoder HTTP timeout defaults with Nimbus by setting to 500ms #17669
  • Allow multiple ServerLogoutHandler instances in ServerHttpSecurity #17381
  • Allow specifying a ServerAuthenticationConverter for x509() #17382
  • AuthenticatedMatcher#withRoles should only check roles #17843
  • Change @Bean method signature to return RsaKeyConversionServicePostProcessor instead of BeanFactoryPostProcessor #17672
  • Enable Null checking in spring-security-cas via JSpecify #17826
  • Enable Null checking in spring-security-data via JSpecify #17789
  • Enable Null checking in spring-security-messaging via JSpecify #17817
  • Enable Null checking in spring-security-rsocket via JSpecify #17827
  • Enable Null checking in spring-security-taglibs via JSpecify #17828
  • Enable Null checking in spring-security-test via JSpecify #17840
  • Enable Null checking in spring-security-webauthn via JSpecify #17839
  • Integrate Spring Authorization Server #17880
  • Move Access API to Separate Module #17847
  • Move Spring Security Kerberos Extension into Spring Security #17879
  • Propagate Authorities From Previous Authentications #17862
  • Remove PortResolver #15971
  • Remove redundant code in document #17813
  • RequestMatchers should implement equals and hashCode #17842
  • SpringTestContext should register a WebTestClient Bean #17780
  • Support @ClientRegistrationId at Class Level #17838
  • Support Modular Spring Security Configuration #16258

🪲 Bug Fixes

  • APIs should Use Supplier<? extends @Nullable Authentication> #17814
  • AuthorizationManager should allow null Authentication #17795

🔨 Dependency Upgrades

  • Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17872
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17834
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17856
  • Bump io.projectreactor:reactor-bom from 2025.0.0-M6 to 2025.0.0-M7 #17866
  • Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.2 to 0.0.3 #17765
  • Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.3 to 0.0.4 #17776
  • Bump org-opensaml5 from 5.1.5 to 5.1.6 #17809
  • Bump org.jetbrains.kotlin:kotlin-bom from 2.2.0 to 2.2.20 #17871
  • Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 2.2.0 to 2.2.20 #17873
  • Bump org.springframework.data:spring-data-bom from 2025.1.0-M5 to 2025.1.0-M6 #17888
  • Bump org.springframework:spring-framework-bom from 7.0.0-M8 to 7.0.0-M9 #17876

🔩 Build Updates

  • Bump @antora/atlas-extension from 1.0.0-alpha.2 to 1.0.0-alpha.5 in /docs #17886
  • Fix misleading variable name in authentication filter #17751
  • Remove unused import #17750

❤️ Contributors

Thank you to all the contributors who worked on this release:

@bbudano, @blake-bauman, @frido37, @jaehwan02, @jzheaux, @kse-music, @mehrdadbozorgmehr, @ngocnhan-tran1996, @quaff, @sjohnr, and @therepanic

3 days ago
spring-security

6.5.4

⭐ New Features

  • Update servlet test method docs to use include-code #17749

🪲 Bug Fixes

  • Annonation Scanning Should Fallback to Object when Parameter Matching #17899
  • Fix double-slash when basePath is root #17841
  • Fix traceId discrepancy in case error in servlet web #17796
  • Reference should advise avoiding post-authorization on writes #17798

🔨 Dependency Upgrades

  • Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17893
  • Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17874
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17895
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17854
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17836
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17894
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17858
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17767
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17766
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17759
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #17853
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #17837
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #17896
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #17897
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17855
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17791
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17771
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17758
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17773

❤️ Contributors

Thank you to all the contributors who worked on this release:

@jkuhel and @therepanic

3 days ago
spring-security

6.4.10

🪲 Bug Fixes

  • Annonation Scanning Should Fallback to Object when Parameter Matching #17898
  • Fix traceId discrepancy in case error in servlet web #17134
  • Reference should advise avoiding post-authorization on writes #17797
  • Remove MockWebServer from JwtIssuerAuthenticationManagerResolverTests #17869

🔨 Dependency Upgrades

  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17792
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17778
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17769
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17892
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17857
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17777
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17768
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17755
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final #17851
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final #17835
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #17890
  • Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #17891
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17889
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17877
  • Update to nimbus-jose-jwt:9.37.4 #17875

❤️ Contributors

Thank you to all the contributors who worked on this release:

@nkonev

2025-08-19 02:39:45
spring-security

7.0.0-M2

⭐ New Features

  • Add ExpressionTemplateValueProvider #17448
  • Add META-INF/LICENSE.txt to published jars #17640
  • Add OAuth2User to OidcUser Conversion Params #17626
  • Apply missing diamond operators #17310
  • Clarify instructional nature when when withDefaultPasswordEncoder is used in documentation #17624
  • Correct @NonNull and @Nullable package name #17512
  • Enable Null checking in spring-security-core via JSpecify #17534
  • Enable Null checking in spring-security-crypto via JSpecify #17533
  • Extract spring-security-webauthn #17586
  • Improve authoritiesClaimName validation in JwtGrantedAuthoritiesConverter #17247
  • Improve Spring Boot's integration with PathPatternRequestMatcher.Builder #17746
  • Make stricter IP format check in IpAddressMatcher #17500
  • Polish document #17654
  • Polish ExpressionTemplateValueProvider JavaDoc #17666
  • Remove OpenSAML 4 support #17707
  • Replace "shameless coverage code" in SecurityNamespaceHandlerTests with meaningful tests #17689
  • Simplify error message for unsupported Security XSD versions #17488
  • Use 2004-present Copyright #17635

🪲 Bug Fixes

  • AuthorizationManager null safety annotation on generic type is incorrectly specified #17667
  • OpenSamlAssertingPartyDetails Should Be Serializable #17728

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2 #17589
  • Bump com.nimbusds:oauth2-oidc-sdk from 11.26 to 11.26.1 #17644
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17700
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17681
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17657
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17697
  • Bump io.projectreactor:reactor-bom from 2025.0.0-M5 to 2025.0.0-M6 #17703
  • Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #17619
  • Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #17590
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17725
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17620
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17588
  • Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.1 to 0.0.2 #17591
  • Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #17743
  • Bump org-opensaml5 from 5.1.2 to 5.1.5 #17734
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17691
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17679
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17670
  • Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17618
  • Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17587
  • Bump org.hibernate.orm:hibernate-core from 7.0.6.Final to 7.0.8.Final #17649
  • Bump org.hibernate.orm:hibernate-core from 7.0.8.Final to 7.0.10.Final #17693
  • Bump org.hibernate.orm:hibernate-core from 7.0.8.Final to 7.0.10.Final #17678
  • Bump org.hibernate.orm:hibernate-core from 7.0.8.Final to 7.0.9.Final #17658
  • Bump org.jetbrains.kotlin:kotlin-bom from 2.2.0 to 2.2.10 #17721
  • Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 2.2.0 to 2.2.10 #17719
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2 #17648
  • Bump org.springframework.data:spring-data-bom from 2025.1.0-M4 to 2025.1.0-M5 #17740
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17722
  • Bump org.springframework:spring-framework-bom from 7.0.0-M7 to 7.0.0-M8 #17724
  • Support UnboundID LDAP SDK 7.0 #14772

🔩 Build Updates

  • Bump @antora/collector-extension from 1.0.1 to 1.0.2 in /docs #17712
  • Bump @springio/antora-extensions from 1.14.6 to 1.14.7 in /docs #17564
  • Bump antora from 3.2.0-alpha.8 to 3.2.0-alpha.9 in /docs #17714
  • Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2 #17617
  • Update to UnboundID 7.0.3 #17730

❤️ Contributors

Thank you to all the contributors who worked on this release:

@DeepDhamala, @chanbinme, @mheath, @ml054, @ngocnhan-tran1996, @seongm1n, and @therepanic

2025-08-19 01:37:38
spring-security

6.5.3

⭐ New Features

  • Add META-INF/LICENSE.txt to published jars #17639
  • Update Angular documentation links in csrf.adoc #17653
  • Update Shibboleth Repository URL #17637
  • Use 2004-present Copyright #17634

🪲 Bug Fixes

  • Add Missing Navigation in Preparing for 7.0 Guide #17731
  • DPoP authentication throws JwtDecoderFactory ClassNotFoundException #17249
  • OpenSamlAssertingPartyDetails Should Be Serializable #17727
  • Use final values in equals and hashCode #17621

🔨 Dependency Upgrades

  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17739
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17690
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17684
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17661
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17615
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17599
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17737
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17701
  • Bump io.mockk:mockk from 1.14.4 to 1.14.5 #17614
  • Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #17647
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17733
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17711
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17612
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17598
  • Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #17742
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17613
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17595
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17760
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17692
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17683
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17671
  • Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17616
  • Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17597
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final #17646
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final #17660
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17694
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17685
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2 #17650
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17645
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17757
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17651
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17596
  • Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #17735

❤️ Contributors

Thank you to all the contributors who worked on this release:

@codingtim

2025-08-19 01:37:33
spring-security

6.4.9

⭐ New Features

  • Add META-INF/LICENSE.txt to published jars #17638
  • Update Angular documentation links in csrf.adoc #17652
  • Update Shibboleth Repository URL #17636
  • Use 2004-present Copyright #17633

🪲 Bug Fixes

  • OpenSamlAssertingPartyDetails Should Be Serializable #17622

🔨 Dependency Upgrades

  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17611
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17604
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17756
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17699
  • Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #17643
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17741
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17717
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17609
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17603
  • Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #17736
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17607
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17602
  • Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17641
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final #17630
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final #17659
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17695
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17680
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17696
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17682
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17642
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17600
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.9 #17738
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17745
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17610
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17601
  • Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #17744
2025-07-22 02:34:22
spring-security

6.4.8

🪲 Bug Fixes

  • <websocket-message-broker> should pick up a bean named csrfChannelInterceptor #17494
  • Fix securityContextRepository() initialization in oauth2Login() DSL #17502
  • Support add nested security configurers during builder initialization #17020

🔨 Dependency Upgrades

  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17464
  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17433
  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17413
  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17393
  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17370
  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17348
  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17336
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17576
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17548
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17519
  • Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #17463
  • Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #17431
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17574
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17551
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17529
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17373
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17339
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17281
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17273
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final #17465
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final #17435
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final #17409
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final #17392
  • Bump org.hibernate.orm:hibernate-core from 6.6.19.Final to 6.6.20.Final #17490
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.21.Final #17550
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.21.Final #17521
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final #17575
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17480
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17434
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17405
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17390
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17366
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17350
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17282
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17272
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17577
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17462
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17432
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17418
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17391
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17372
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17347
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17278
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17274
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17461
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17410
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17394
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17368
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17340
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17280
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17271
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17578
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17549

❤️ Contributors

Thank you to all the contributors who worked on this release:

@kse-music and @marcusdacoregio

2025-07-22 02:34:18
spring-security

6.5.2

🪲 Bug Fixes

  • <websocket-message-broker> should pick up a bean named csrfChannelInterceptor #17495
  • Add 7.0 Migration Steps for Messaging PathPattern Usage #17509
  • EnableReactiveMethodSecurity should not import Servlet configuration #17545
  • Fix equals and hashCode in PathPatternRequestMatcher to include HTTP method #17337
  • Fix securityContextRepository() initialization in oauth2Login() DSL #17557
  • OAuth2Login DSL should support post-processing AuthenticationProvider implementations #17176
  • Websocket XML config should pick up PathPatternMessageMatcher.Builder #17508

🔨 Dependency Upgrades

  • Bump com.webauthn4j:webauthn4j-core from 0.29.3.RELEASE to 0.29.4.RELEASE #17483
  • Bump com.webauthn4j:webauthn4j-core from 0.29.3.RELEASE to 0.29.4.RELEASE #17444
  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17470
  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17441
  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17398
  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17375
  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17354
  • Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17335
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17570
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17554
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17520
  • Bump io.mockk:mockk from 1.14.2 to 1.14.4 #17467
  • Bump io.mockk:mockk from 1.14.2 to 1.14.4 #17407
  • Bump io.mockk:mockk from 1.14.2 to 1.14.4 #17376
  • Bump io.mockk:mockk from 1.14.2 to 1.14.4 #17349
  • Bump io.mockk:mockk from 1.14.4 to 1.14.5 #17572
  • Bump io.mockk:mockk from 1.14.4 to 1.14.5 #17556
  • Bump io.mockk:mockk from 1.14.4 to 1.14.5 #17539
  • Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #17469
  • Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #17445
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17555
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17528
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17377
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17353
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17279
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17261
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final #17408
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final #17403
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.20.Final #17491
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.21.Final #17552
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.21.Final #17522
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final #17571
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17466
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17443
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17404
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17374
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17352
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17276
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17270
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17569
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17468
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17442
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17406
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17401
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17277
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17264
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17481
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17411
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17395
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17378
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17355
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17275
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17268
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17568
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17553

❤️ Contributors

Thank you to all the contributors who worked on this release:

@fkowal and @therepanic