Bump org.springframework.security:spring-security-bom from 6.3.3 to 6.3.4 #1785

dependabot · 2024-10-21T20:03:33Z

Bumps org.springframework.security:spring-security-bom from 6.3.3 to 6.3.4.

Release notes

Sourced from org.springframework.security:spring-security-bom's releases.

6.3.4

🪲 Bug Fixes

Annotation expression template processing should not fail on Class parameter types #15711

Disabling credentials erasure on custom AuthenticationManager is not working #15808

Documentation inconsistency in AuthorizationManager's verify method return type #15822

Methods annotated with @PostFilter are processed twice by PostFilterAuthorizationMethodInterceptor #15676

OidcBackChannelLogoutTokenValidator should not construct when missing OIDC Provider Issuer #15868

SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #15767

The additionalParameters array parameter of OAuth2AuthorizationRequest causes the authorizationRequestUri to be incorrect #15829

🔨 Dependency Upgrades

Bump ch.qos.logback:logback-classic from 1.5.10 to 1.5.11 #15926

Bump io.micrometer:micrometer-observation from 1.12.10 to 1.12.11 #15917

Bump io.mockk:mockk from 1.13.12 to 1.13.13 #15897

Bump io.projectreactor:reactor-bom from 2023.0.10 to 2023.0.11 #15925

Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.1 to 3.0.2 #15694

Bump org-eclipse-jetty from 11.0.23 to 11.0.24 #15731

Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.21 to 4.33.22 #15761

Bump org.junit:junit-bom from 5.10.4 to 5.10.5 #15883

Bump org.springframework.data:spring-data-bom from 2024.0.4 to 2024.0.5 #15958

Bump org.springframework.ldap:spring-ldap-core from 3.2.6 to 3.2.7 #15944

Bump org.springframework:spring-framework-bom from 6.1.13 to 6.1.14 #15945

🔩 Build Updates

Bump @antora/collector-extension from 1.0.0-beta.2 to 1.0.0-beta.3 in /docs #15907

Bump @springio/asciidoctor-extensions from 1.0.0-alpha.13 to 1.0.0-alpha.14 in /docs #15836

Migrate slack notifications to GChat #15668

Release 6.3.4 #15964

Update eclipse/vscode configuration to use -parameters #15681

❤️ Contributors

Thank you to all the contributors who worked on this release:

@dependabot[bot] and @kse-music

Commits

51c06a5 Release 6.3.4
1528c42 Merge branch '6.2.x' into 6.3.x
0e257b5 Add Firewall for WebFlux
bf77213 Merge branch '6.2.x' into 6.3.x
ee5e11a Bump org.springframework.data:spring-data-bom
29e8c8e Bump org.springframework.data:spring-data-bom from 2024.0.4 to 2024.0.5
dbff977 Merge branch '6.2.x' into 6.3.x
a504b2f Merge branch '5.8.x' into 6.2.x
52438b4 Bump org.springframework:spring-framework-bom from 6.1.13 to 6.1.14
028dd45 Bump org.springframework:spring-framework-bom from 6.1.13 to 6.1.14
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [org.springframework.security:spring-security-bom](https://github.com/spring-projects/spring-security) from 6.3.3 to 6.3.4. - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.3.3...6.3.4) --- updated-dependencies: - dependency-name: org.springframework.security:spring-security-bom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the type: dependency-upgrade A dependency upgrade label Oct 21, 2024

jgrandja self-assigned this Oct 21, 2024

jgrandja added this to the 1.3.3 milestone Oct 21, 2024

jgrandja merged commit 9682940 into 1.3.x Oct 21, 2024
8 checks passed

dependabot bot deleted the dependabot/gradle/1.3.x/org.springframework.security-spring-security-bom-6.3.4 branch October 21, 2024 20:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump org.springframework.security:spring-security-bom from 6.3.3 to 6.3.4 #1785

Bump org.springframework.security:spring-security-bom from 6.3.3 to 6.3.4 #1785

dependabot bot commented on behalf of github Oct 21, 2024

Bump org.springframework.security:spring-security-bom from 6.3.3 to 6.3.4 #1785

Bump org.springframework.security:spring-security-bom from 6.3.3 to 6.3.4 #1785

Conversation

dependabot bot commented on behalf of github Oct 21, 2024

6.3.4

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

❤️ Contributors