search

NLCR / CZIDLO

CZech IDentification and LOcalization Tool
4 stars 0 forks source link

Bump spring-security-core from 5.2.4.RELEASE to 5.2.11.RELEASE in /web-common #237

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 3 years ago

Bumps spring-security-core from 5.2.4.RELEASE to 5.2.11.RELEASE.

Release notes

Sourced from spring-security-core's releases.

5.2.11.RELEASE

:star: New Features

  • Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository #9921

:beetle: Bug Fixes

  • Disabling logout keeps LogoutPageGeneratingWebFilter registered at /logout #9948
  • Adding filters relative to custom ones is broken #9910
  • SEC-3139: Anonymous authentication token not passed to Controller #9893
  • Clarify quick start section in README #9888
  • RSocket and WebClient with Security refCount: 0 #9873
  • URL encode client credentials #9866
  • Client credentials not correctly encoded in Basic Auth #9863
  • Docs should state default value for Resource Server validation clock skew is 60 seconds #9851
  • DefaultSpringSecurityContextSource can't handle spaces in baseDn #9809
  • OAuth2ErrorResponseErrorHandler throws IllegalArgumentException for a nonstandard HTTP status code response #9804
  • docs.af.pivotal.io->docs-ip.spring.io #9688
  • WebFlux httpBasic() should match on XHR requests #9665
  • HttpSecurity.addFilter* with same Filter in Different Position Places in Incorrect Location #9645
  • oauth2Login() generates authorization links for "client_credentials" grant type #9639

:hammer: Dependency Upgrades

  • Update to Spring LDAP Core 2.3.4.RELEASE #9968
  • Update to org.slf4j 1.7.31 #9967
  • Update to HSQLDB 2.5.2 #9966
  • Update to hibernate-entitymanager 5.4.32.Final #9965
  • Update to Jetty 9.4.42.v20210604 #9964
  • Update to embedded Apache Tomcat 9.0.48 #9963
  • Update to embedded Tomcat websocket 8.5.68 #9962
  • Update ehcache to 2.10.9.2 #9961
  • Update to jaxb-impl 2.3.4 #9960
  • Update to RSocket 1.0.5 #9959
  • Update to Spring Framework 5.2.15.RELEASE #9958
  • Update to Reactor Dysprosium-SR20 #9957
  • Upgrade to nohttp 0.0.8 #9956

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

5.2.10.RELEASE

:beetle: Bug Fixes

  • Add null check in CsrfFilter and CsrfWebFilter #9594

:hammer: Dependency Upgrades

... (truncated)

Commits
  • 560fb35 Relase 5.2.11.RELEASE
  • 6753e1d Update to Spring LDAP Core 2.3.4.RELEASE
  • 703f1f1 Update to org.slf4j 1.7.31
  • f0d2086 Update to HSQLDB 2.5.2
  • dc73870 Update to hibernate-entitymanager 5.4.32.Final
  • c193a06 Update to Jetty 9.4.42.v20210604
  • 3e27f6a Update to embedded Apache Tomcat 9.0.48
  • 4314c33 Update to embedded Tomcat websocket 8.5.68
  • c87c5eb Update ehcache to 2.10.9.2
  • 613ec13 Update to jaxb-impl 2.3.4
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/NLCR/CZIDLO/network/alerts).
dependabot[bot] commented 2 years ago

Superseded by #244.