search

marcinogo / robot

2 stars 3 forks source link

Bump spring-security-core from 5.3.3.RELEASE to 5.3.10.RELEASE #334

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 3 years ago

Bumps spring-security-core from 5.3.3.RELEASE to 5.3.10.RELEASE.

Release notes

Sourced from spring-security-core's releases.

5.3.10.RELEASE

:star: New Features

  • Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository #9915

:beetle: Bug Fixes

  • Disabling logout keeps LogoutPageGeneratingWebFilter registered at /logout #9945
  • Using the SecurityMockServerConfigurers.java requires the com.nimbusds oauth2-oidc-sdk on the classpath #9932
  • Adding filters relative to custom ones is broken #9909
  • SEC-3139: Anonymous authentication token not passed to Controller #9892
  • Clarify quick start section in README #9887
  • RSocket and WebClient with Security refCount: 0 #9872
  • Client credentials not correctly encoded in Basic Auth #9862
  • Docs should state default value for Resource Server validation clock skew is 60 seconds #9850
  • OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #9821
  • DefaultSpringSecurityContextSource can't handle spaces in baseDn #9808
  • OAuth2ErrorResponseErrorHandler throws IllegalArgumentException for a nonstandard HTTP status code response #9803
  • NPE in HttpSessionSecurityContextRepository.isTransientAuthentication #9799
  • docs.af.pivotal.io->docs-ip.spring.io #9687
  • Buffer LEAK detected by ResourceLeakDetector in AuthenticationPayloadExchangeConverter #9682
  • WebFlux httpBasic() should match on XHR requests #9664
  • HttpSecurity.addFilter* with same Filter in Different Position Places in Incorrect Location #9644
  • oauth2Login() generates authorization links for "client_credentials" grant type #9638

5.3.9.RELEASE

:beetle: Bug Fixes

  • Add null check in CsrfFilter and CsrfWebFilter #9593

:hammer: Dependency Upgrades

  • Update to Spring Boot 2.2.13 #9614

5.3.8.RELEASE

This release fixes a problem with the release of 5.3.7.

:star: New Features

  • Improve HttpSessionSecurityContextSessionRepository Performance #9391
  • Improve HttpSessionSecurityContextSessionRepository Performance #9389
  • Migrate SAML 2.0 Samples to Use PCFOne #9370
  • Resolve artifacts from Maven Central first #9368
  • Use constant time comparisons for CSRF tokens #9358

:beetle: Bug Fixes

  • Fix the 5.3.7.RELEASE
  • OAuth2ResourceServerSpecTests and OAuth2WebClientControllerTests fail #9427
  • CurrentSecurityContextArgumentResolver should configure BeanResolver #9405

... (truncated)

Commits
  • 01c1c19 Release 5.3.10.RELEASE
  • eb300c7 Lock Dependencies
  • 442c9cb Disable default logout page when logout disabled
  • 7cf538c Replace StringUtils from oauth2-oidc-sdk
  • b6ae112 Commit missing compile fix from cherry-pick conflict
  • ee9c8e2 Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRep...
  • e16b88c Fix Adding Filter Relative to Custom Filter
  • 0ad2d90 Anonymous Authentication Argument Resolution Docs
  • ba9b4d8 Fix Getting Started Link
  • b189e03 PayloadInterceptorRSocket retains all payloads
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/marcinogo/robot/network/alerts).
dependabot[bot] commented 2 years ago

Superseded by #345.