Skip to content

Update spring security to v6.5.2 #780

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 24, 2025
Merged

Update spring security to v6.5.2 #780

merged 1 commit into from
Jul 24, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jul 22, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
org.springframework.security:spring-security-test (source) 6.5.0 -> 6.5.2 age confidence
org.springframework.security:spring-security-core (source) 6.5.0 -> 6.5.2 age confidence

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-test)

v6.5.2

Compare Source

🪲 Bug Fixes
  • <websocket-message-broker> should pick up a bean named csrfChannelInterceptor #​17495
  • Add 7.0 Migration Steps for Messaging PathPattern Usage #​17509
  • EnableReactiveMethodSecurity should not import Servlet configuration #​17545
  • Fix equals and hashCode in PathPatternRequestMatcher to include HTTP method #​17337
  • Fix securityContextRepository() initialization in oauth2Login() DSL #​17557
  • OAuth2Login DSL should support post-processing AuthenticationProvider implementations #​17176
  • Websocket XML config should pick up PathPatternMessageMatcher.Builder #​17508
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​fkowal and @​therepanic

v6.5.1

Compare Source

⭐ New Features
  • Create demonstration of include-code usage #​17161
  • Setup include-code extension for docs #​17160
🪲 Bug Fixes
  • ClearSiteDataHeaderWriter log is misleading #​17166
  • Fix to allow multiple AuthenticationFilter instances to process each request #​17216
  • Inconsistent constructor declaration on bean with name '_reactiveMethodSecurityConfiguration' #​17210
  • OAuth2ResourceServer using authenticationManagerResolver results in tokenAuthenticationManager cannot be null while startup #​17172
  • Publishing a default TargetVisitor should not override Spring MVC support #​17189
  • Use HttpStatus in back-channel logout filters #​17157
🔨 Dependency Upgrades
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #​17233
  • Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE #​17192
  • Bump io-spring-javaformat from 0.0.43 to 0.0.45 #​17152
  • Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #​17220
  • Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #​17232
  • Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #​17204
  • Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #​17214
  • Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #​17184
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #​17256
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #​17257
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #​17239
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #​17238
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​evgeniycheban

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jul 22, 2025
@hmcts-jenkins-j-to-z hmcts-jenkins-j-to-z bot deployed to preview July 22, 2025 06:07 Active
@renovate renovate bot force-pushed the renovate/spring-security branch 2 times, most recently from 0d7461c to 95678e8 Compare July 23, 2025 19:02
@renovate renovate bot force-pushed the renovate/spring-security branch from 95678e8 to eba9fb6 Compare July 24, 2025 16:00
@hmcts-jenkins-j-to-z hmcts-jenkins-j-to-z bot deployed to preview July 24, 2025 16:05 Active
@renovate renovate bot merged commit 449872b into master Jul 24, 2025
4 checks passed
@renovate renovate bot deleted the renovate/spring-security branch July 24, 2025 16:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

@renovate-approve-2 renovate-approve-2[bot] renovate-approve-2[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ns:pcq prd:pcq rel:pcq-loader-pr-780

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants