ojbc / main

This is the source code repository for the Open Justice Broker Consortium (OJBC).
http://www.ojbc.org
Other
9 stars 10 forks source link

Bump spring-security-core from 3.1.7.RELEASE to 4.2.17.RELEASE in /web/ojb-web-portal #10

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 4 years ago

Bumps spring-security-core from 3.1.7.RELEASE to 4.2.17.RELEASE.

Release notes

Sourced from spring-security-core's releases.

4.2.17.RELEASE

:star: New Features

  • HTTP Host header attack #8639

:beetle: Bug Fixes

  • Fix AntPathRequestMatcher Javadoc #8530
  • Document NoOpPasswordEncoder will not be removed #8525
  • Spring Security BOM 4.2.14.RELEASE is missing #7975

4.2.16.RELEASE

:beetle: Bug Fixes

  • Fix Javadoc punctuation #8486
  • Add ROLE_INFRASTRUCTURE to infrastructure beans #8442
  • SEC-2664: ActiveDirectoryLdapAuthenticationProvider should wrap communication exceptions in InternalAuthenticationServiceException #8433
  • Fix example in javadoc of FilterChainProxy #8355

4.2.15.RELEASE

:star: New Features

  • SwitchUserFilter vulnerable to CSRF #8226
  • Update Encryptors documentation for standard and stronger #8219
  • Typo 'properites' -> 'properties' in documentation #8102

:beetle: Bug Fixes

  • HttpServletRequest.logout() not functioning #8244
  • Spring Security BOM 4.2.14.RELEASE is missing #7975

:hammer: Dependency Upgrades

  • Update to jackson-databind:2.8.11.6 #8273
  • Update to appengine:1.9.79 #8272
  • Update to spring-io-plugin:0.0.8.RELEASE #8271
  • Update to nekohtml:1.9.22 #8270
  • Update to thymeleaf-layout-dialect:2.0.5 #8269
  • Update to httpclient:4.2.6 #8268
  • Update to taglibs-standard-jstlel:1.2.5 #8267
  • Update to Jetty 8.1.22.v20160922 #8266
  • Update to Tomcat 7.0.103 #8265
  • Update to asciidoctor-gradle-plugin:1.5.7 #8264
  • Update to Groovy 2.4.19 #8263
  • Update to spring-boot-gradle-plugin:1.5.22.RELEASE #8262

4.2.14.RELEASE

:star: New Features

  • Build 4.2.x on Jenkins #7940
... (truncated)
Commits
  • 54b2887 Release 4.2.17.RELEASE
  • 692ac21 Polish setAllowedHostnames
  • e4e7363 Add support for allowedHostnames in StrictHttpFirewall
  • 75e2483 uploadArchives dependsOn mavenBom
  • 3ae6cdf Update AntPathRequestMatcher.java
  • a9c8b35 Document NoOpPasswordEncoder will not be removed
  • da9eca2 Next Development Version
  • c7e18db Stop clearing artifacts
  • 9c181c5 Revert "uploadArchives.dependsOn mavenBom"
  • 7b61962 Release 4.2.16.RELEASE
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ojbc/main/network/alerts).
dependabot[bot] commented 4 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.