spring-security
spring-security copied to clipboard
spring-projects
Spring Security
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.12 to 2024.1.13. Release notes Sourced from org.springframework.data:spring-data-bom's releases. 2024.1.13 :shipit: Participating Modules Spring Data BOM 2024.1.13 Spring Data Build 3.4.13 Spring Data Cassandra 4.4.13 Spring Data...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.38.Final to 6.6.39.Final. Release notes Sourced from org.hibernate.orm:hibernate-core's releases. Release 6.6.39 Hibernate ORM 6.6.39.Final released Today, we published a new release of Hibernate ORM 6.6: 6.6.39.Final. You...
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.15 to 3.2.16. Release notes Sourced from org.springframework.ldap:spring-ldap-core's releases. 3.2.16 Dependency Upgrades Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #1271 Bump org.aspectj:aspectjweaver from 1.9.24 to 1.9.25 #1270 Bump...
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 4.0.0 to 4.0.1. Release notes Sourced from org.springframework.ldap:spring-ldap-core's releases. 4.0.1 New Features Stop deploying JavaDoc outside of Antora #1298 Dependency Upgrades Bump org.springframework.security:spring-security-bom from 6.5.6 to 6.5.7...
closes #18234 .
`HaveIBeenPwnedRestApiPasswordChecker` stores a single `MessageDigest` instance as a field and reuses it across all invocations of `check()`. Since `MessageDigest` is not thread-safe, concurrent calls can produce incorrect hash values. **To...
**Expected Behavior** 3 sources to validate JWT signature: 1. issuer-uri 2. jwk-set-uri 3. public-key-location No IssuerUriCondition, no KeyValueCondition Each source creates JWT Decoder bean, when more than one is created,...
Document how the switch to Jackson 3 is a breaking change. For example, users with custom Security classes that are mapped with Jackson 2 may need to update to Jackson...
**Describe the bug** I am upgrading Spring boot from 3.3.5 to 3.5.8. This is incrementing Spring security from 6.3.4 to 6.5.7. The introspection credentials in the Basic Auth header are...
Given that ArchUnit is open-source, it may be a better fit for [capturing package tangles](https://github.com/spring-projects/spring-framework/blob/a4c72c8fcf71a52b35558cf70c8f1d605153d8d9/buildSrc/src/main/java/org/springframework/build/architecture/ArchitectureRules.java#L30). We may be able to use it in the same way that Spring Framework does....
