search

corona-warn-app / cwa-server

Backend implementation for the Apple/Google exposure notification API.
https://www.coronawarn.app/
Apache License 2.0
1.92k stars 386 forks source link

Bump spring-security.version from 5.8.2 to 5.8.3 #2056

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps spring-security.version from 5.8.2 to 5.8.3. Updates spring-security-core from 5.8.2 to 5.8.3

Release notes

Sourced from spring-security-core's releases.

5.8.3

:star: New Features

  • Clarify documentation code snippet(s) (unclear where static imported methods come from) #12991
  • Document 5.8 Migration for DefaultMethodSecurityExpressionHandler #12356
  • Documentation should mention that an empty SecurityContext should also be saved #12906
  • Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist #12928
  • Fixed test in DefaultLoginPageGeneratingFilterTests #12694

:beetle: Bug Fixes

  • Bug in documentation of Storing the Authentication manually #12850
  • DaoAuthenticationProvider is not usable on RHEL 8.7 with enforced FIPS mode #12873
  • EntityId ignored in xml relying-party-registration #12776
  • Fix .access(...) parameter #12676
  • Fix a javadoc typo in ReactiveAuthorizationManager #12999
  • Fix a javadoc typo in ReactiveAuthorizationManager #12982
  • Fix ID of WebSocket Authorization section #12872
  • HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support #12314
  • JdkSerializationRedisSerializer is not able to serialize Saml2LogoutRequest because of a lambda encoder #12472
  • Missing spring-security-oauth2 xsds after release #12805
  • NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed #13004
  • RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present #13054
  • Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver #12935
  • SecurityWebApplicationInitializer.getSecurityDispatcherTypes example is wrong in migration guide #12939
  • SwitchUserFilter should use HttpSessionSecurityContextRepository by default #12835

:hammer: Dependency Upgrades

  • Update blockhound to 1.0.8.RELEASE #13024
  • Update io.projectreactor to 2020.0.31 #13022
  • Update io.spring.javaformat to 0.0.38 #13025
  • Update logback-classic to 1.2.12 #13021
  • Update org.eclipse.jetty to 9.4.51.v20230217 #13026
  • Update org.springframework to 5.3.27 #13027
  • Update org.springframework.data to 2021.2.10 #13028
  • Update org.springframework.data to 2021.2.11 #13029
  • Update reactor-netty to 1.0.31 #13023

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

Commits
  • e75b210 Release 5.8.3
  • 6cf8c53 Merge branch '5.7.x' into 5.8.x
  • 2d52fb8 Clear Repository on Logout
  • e9ee2ce Update org.springframework.data to 2021.2.11
  • 15dc917 Update org.springframework.data to 2021.2.10
  • 46368f0 Update org.springframework to 5.3.27
  • 0448e28 Update org.eclipse.jetty to 9.4.51.v20230217
  • 7571ab9 Update io.spring.javaformat to 0.0.38
  • 8566bbc Update blockhound to 1.0.8.RELEASE
  • 609d5a7 Update io.projectreactor to 2020.0.31
  • Additional commits viewable in compare view


Updates spring-security-config from 5.8.2 to 5.8.3

Release notes

Sourced from spring-security-config's releases.

5.8.3

:star: New Features

  • Clarify documentation code snippet(s) (unclear where static imported methods come from) #12991
  • Document 5.8 Migration for DefaultMethodSecurityExpressionHandler #12356
  • Documentation should mention that an empty SecurityContext should also be saved #12906
  • Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist #12928
  • Fixed test in DefaultLoginPageGeneratingFilterTests #12694

:beetle: Bug Fixes

  • Bug in documentation of Storing the Authentication manually #12850
  • DaoAuthenticationProvider is not usable on RHEL 8.7 with enforced FIPS mode #12873
  • EntityId ignored in xml relying-party-registration #12776
  • Fix .access(...) parameter #12676
  • Fix a javadoc typo in ReactiveAuthorizationManager #12999
  • Fix a javadoc typo in ReactiveAuthorizationManager #12982
  • Fix ID of WebSocket Authorization section #12872
  • HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support #12314
  • JdkSerializationRedisSerializer is not able to serialize Saml2LogoutRequest because of a lambda encoder #12472
  • Missing spring-security-oauth2 xsds after release #12805
  • NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed #13004
  • RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present #13054
  • Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver #12935
  • SecurityWebApplicationInitializer.getSecurityDispatcherTypes example is wrong in migration guide #12939
  • SwitchUserFilter should use HttpSessionSecurityContextRepository by default #12835

:hammer: Dependency Upgrades

  • Update blockhound to 1.0.8.RELEASE #13024
  • Update io.projectreactor to 2020.0.31 #13022
  • Update io.spring.javaformat to 0.0.38 #13025
  • Update logback-classic to 1.2.12 #13021
  • Update org.eclipse.jetty to 9.4.51.v20230217 #13026
  • Update org.springframework to 5.3.27 #13027
  • Update org.springframework.data to 2021.2.10 #13028
  • Update org.springframework.data to 2021.2.11 #13029
  • Update reactor-netty to 1.0.31 #13023

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

Commits
  • e75b210 Release 5.8.3
  • 6cf8c53 Merge branch '5.7.x' into 5.8.x
  • 2d52fb8 Clear Repository on Logout
  • e9ee2ce Update org.springframework.data to 2021.2.11
  • 15dc917 Update org.springframework.data to 2021.2.10
  • 46368f0 Update org.springframework to 5.3.27
  • 0448e28 Update org.eclipse.jetty to 9.4.51.v20230217
  • 7571ab9 Update io.spring.javaformat to 0.0.38
  • 8566bbc Update blockhound to 1.0.8.RELEASE
  • 609d5a7 Update io.projectreactor to 2020.0.31
  • Additional commits viewable in compare view


Updates spring-security-web from 5.8.2 to 5.8.3

Release notes

Sourced from spring-security-web's releases.

5.8.3

:star: New Features

  • Clarify documentation code snippet(s) (unclear where static imported methods come from) #12991
  • Document 5.8 Migration for DefaultMethodSecurityExpressionHandler #12356
  • Documentation should mention that an empty SecurityContext should also be saved #12906
  • Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist #12928
  • Fixed test in DefaultLoginPageGeneratingFilterTests #12694

:beetle: Bug Fixes

  • Bug in documentation of Storing the Authentication manually #12850
  • DaoAuthenticationProvider is not usable on RHEL 8.7 with enforced FIPS mode #12873
  • EntityId ignored in xml relying-party-registration #12776
  • Fix .access(...) parameter #12676
  • Fix a javadoc typo in ReactiveAuthorizationManager #12999
  • Fix a javadoc typo in ReactiveAuthorizationManager #12982
  • Fix ID of WebSocket Authorization section #12872
  • HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support #12314
  • JdkSerializationRedisSerializer is not able to serialize Saml2LogoutRequest because of a lambda encoder #12472
  • Missing spring-security-oauth2 xsds after release #12805
  • NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed #13004
  • RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present #13054
  • Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver #12935
  • SecurityWebApplicationInitializer.getSecurityDispatcherTypes example is wrong in migration guide #12939
  • SwitchUserFilter should use HttpSessionSecurityContextRepository by default #12835

:hammer: Dependency Upgrades

  • Update blockhound to 1.0.8.RELEASE #13024
  • Update io.projectreactor to 2020.0.31 #13022
  • Update io.spring.javaformat to 0.0.38 #13025
  • Update logback-classic to 1.2.12 #13021
  • Update org.eclipse.jetty to 9.4.51.v20230217 #13026
  • Update org.springframework to 5.3.27 #13027
  • Update org.springframework.data to 2021.2.10 #13028
  • Update org.springframework.data to 2021.2.11 #13029
  • Update reactor-netty to 1.0.31 #13023

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

Commits
  • e75b210 Release 5.8.3
  • 6cf8c53 Merge branch '5.7.x' into 5.8.x
  • 2d52fb8 Clear Repository on Logout
  • e9ee2ce Update org.springframework.data to 2021.2.11
  • 15dc917 Update org.springframework.data to 2021.2.10
  • 46368f0 Update org.springframework to 5.3.27
  • 0448e28 Update org.eclipse.jetty to 9.4.51.v20230217
  • 7571ab9 Update io.spring.javaformat to 0.0.38
  • 8566bbc Update blockhound to 1.0.8.RELEASE
  • 609d5a7 Update io.projectreactor to 2020.0.31
  • Additional commits viewable in compare view


Updates spring-security-crypto from 5.8.2 to 5.8.3

Release notes

Sourced from spring-security-crypto's releases.

5.8.3

:star: New Features

  • Clarify documentation code snippet(s) (unclear where static imported methods come from) #12991
  • Document 5.8 Migration for DefaultMethodSecurityExpressionHandler #12356
  • Documentation should mention that an empty SecurityContext should also be saved #12906
  • Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist #12928
  • Fixed test in DefaultLoginPageGeneratingFilterTests #12694

:beetle: Bug Fixes

  • Bug in documentation of Storing the Authentication manually #12850
  • DaoAuthenticationProvider is not usable on RHEL 8.7 with enforced FIPS mode #12873
  • EntityId ignored in xml relying-party-registration #12776
  • Fix .access(...) parameter #12676
  • Fix a javadoc typo in ReactiveAuthorizationManager #12999
  • Fix a javadoc typo in ReactiveAuthorizationManager #12982
  • Fix ID of WebSocket Authorization section #12872
  • HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support #12314
  • JdkSerializationRedisSerializer is not able to serialize Saml2LogoutRequest because of a lambda encoder #12472
  • Missing spring-security-oauth2 xsds after release #12805
  • NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed #13004
  • RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present #13054
  • Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver #12935
  • SecurityWebApplicationInitializer.getSecurityDispatcherTypes example is wrong in migration guide #12939
  • SwitchUserFilter should use HttpSessionSecurityContextRepository by default #12835

:hammer: Dependency Upgrades

  • Update blockhound to 1.0.8.RELEASE #13024
  • Update io.projectreactor to 2020.0.31 #13022
  • Update io.spring.javaformat to 0.0.38 #13025
  • Update logback-classic to 1.2.12 #13021
  • Update org.eclipse.jetty to 9.4.51.v20230217 #13026
  • Update org.springframework to 5.3.27 #13027
  • Update org.springframework.data to 2021.2.10 #13028
  • Update org.springframework.data to 2021.2.11 #13029
  • Update reactor-netty to 1.0.31 #13023

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

Commits
  • e75b210 Release 5.8.3
  • 6cf8c53 Merge branch '5.7.x' into 5.8.x
  • 2d52fb8 Clear Repository on Logout
  • e9ee2ce Update org.springframework.data to 2021.2.11
  • 15dc917 Update org.springframework.data to 2021.2.10
  • 46368f0 Update org.springframework to 5.3.27
  • 0448e28 Update org.eclipse.jetty to 9.4.51.v20230217
  • 7571ab9 Update io.spring.javaformat to 0.0.38
  • 8566bbc Update blockhound to 1.0.8.RELEASE
  • 609d5a7 Update io.projectreactor to 2020.0.31
  • Additional commits viewable in compare view


Updates spring-security-test from 5.8.2 to 5.8.3

Release notes

Sourced from spring-security-test's releases.

5.8.3

:star: New Features

  • Clarify documentation code snippet(s) (unclear where static imported methods come from) #12991
  • Document 5.8 Migration for DefaultMethodSecurityExpressionHandler #12356
  • Documentation should mention that an empty SecurityContext should also be saved #12906
  • Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist #12928
  • Fixed test in DefaultLoginPageGeneratingFilterTests #12694

:beetle: Bug Fixes

  • Bug in documentation of Storing the Authentication manually #12850
  • DaoAuthenticationProvider is not usable on RHEL 8.7 with enforced FIPS mode #12873
  • EntityId ignored in xml relying-party-registration #12776
  • Fix .access(...) parameter #12676
  • Fix a javadoc typo in ReactiveAuthorizationManager #12999
  • Fix a javadoc typo in ReactiveAuthorizationManager #12982
  • Fix ID of WebSocket Authorization section #12872
  • HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support #12314
  • JdkSerializationRedisSerializer is not able to serialize Saml2LogoutRequest because of a lambda encoder #12472
  • Missing spring-security-oauth2 xsds after release #12805
  • NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed #13004
  • RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present #13054
  • Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver #12935
  • SecurityWebApplicationInitializer.getSecurityDispatcherTypes example is wrong in migration guide #12939
  • SwitchUserFilter should use HttpSessionSecurityContextRepository by default #12835

:hammer: Dependency Upgrades

  • Update blockhound to 1.0.8.RELEASE #13024
  • Update io.projectreactor to 2020.0.31 #13022
  • Update io.spring.javaformat to 0.0.38 #13025
  • Update logback-classic to 1.2.12 #13021
  • Update org.eclipse.jetty to 9.4.51.v20230217 #13026
  • Update org.springframework to 5.3.27 #13027
  • Update org.springframework.data to 2021.2.10 #13028
  • Update org.springframework.data to 2021.2.11 #13029
  • Update reactor-netty to 1.0.31 #13023

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

Commits
  • e75b210 Release 5.8.3
  • 6cf8c53 Merge branch '5.7.x' into 5.8.x
  • 2d52fb8 Clear Repository on Logout
  • e9ee2ce Update org.springframework.data to 2021.2.11
  • 15dc917 Update org.springframework.data to 2021.2.10
  • 46368f0 Update org.springframework to 5.3.27
  • 0448e28 Update org.eclipse.jetty to 9.4.51.v20230217
  • 7571ab9 Update io.spring.javaformat to 0.0.38
  • 8566bbc Update blockhound to 1.0.8.RELEASE
  • 609d5a7 Update io.projectreactor to 2020.0.31
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

github-actions[bot] commented 1 year ago

Unit Test Results

2 400 tests   - 3   2 398 :heavy_check_mark:  - 4   24m 53s :stopwatch: +31s    195 suites ±0          2 :zzz: +1     195 files   ±0          0 :x: ±0 

Results for commit 3c82ce1b. ± Comparison against base commit 15a1f34b.