spring-projects/spring-security (org.springframework.security:spring-security-test)
### [`v6.3.3`](https://togithub.com/spring-projects/spring-security/releases/tag/6.3.3)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.3.2...6.3.3)
#### :beetle: Bug Fixes
- ObservationRegistry is never post-processed [#15658](https://togithub.com/spring-projects/spring-security/issues/15658)
#### :hammer: Dependency Upgrades
- Bump org-eclipse-jetty from 11.0.22 to 11.0.23 [#15664](https://togithub.com/spring-projects/spring-security/pull/15664)
#### :heart: Contributors
Thank you to all the contributors who worked on this release:
[@dependabot](https://togithub.com/dependabot)\[bot]
### [`v6.3.2`](https://togithub.com/spring-projects/spring-security/compare/6.3.1...6.3.2)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.3.1...6.3.2)
### [`v6.3.1`](https://togithub.com/spring-projects/spring-security/releases/tag/6.3.1)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.3.0...6.3.1)
##### :star: New Features
- Clarify the behavior of Concurrent Session Management when an IdP is involved [#15071](https://togithub.com/spring-projects/spring-security/issues/15071)
- Mention all required dependencies in LDAP documentation [#15245](https://togithub.com/spring-projects/spring-security/issues/15245)
- Minor docs fix [#15144](https://togithub.com/spring-projects/spring-security/issues/15144)
##### :beetle: Bug Fixes
- AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc [#15211](https://togithub.com/spring-projects/spring-security/issues/15211)
- Assert WebSession is not null [#15179](https://togithub.com/spring-projects/spring-security/issues/15179)
- DispatcherServletDelegatingRequestMatcher causes errors when running tests with MockMvc [#15197](https://togithub.com/spring-projects/spring-security/issues/15197)
- Documentation clarification after [#12783](https://togithub.com/spring-projects/spring-security/issues/12783) has been closed is needed. [#15208](https://togithub.com/spring-projects/spring-security/issues/15208)
- Fix Java example in multitenanci.adoc [#15151](https://togithub.com/spring-projects/spring-security/issues/15151)
- Fix Kotlin example in authorize-http-requests.adoc [#15129](https://togithub.com/spring-projects/spring-security/pull/15129)
- Incorrect documentation for OIDC Back-Channel Logout [#15212](https://togithub.com/spring-projects/spring-security/issues/15212)
- IpAddressMatcher.matches(String address) still accepts URLs [#15172](https://togithub.com/spring-projects/spring-security/issues/15172)
- LDIF file on official documentation breaks the startup process [#15167](https://togithub.com/spring-projects/spring-security/issues/15167)
- Link to article with remember-me-persistent-token strategy is broken [#15149](https://togithub.com/spring-projects/spring-security/issues/15149)
- OpenSaml4AssertionValidator is not respecting clock skew settings [#15183](https://togithub.com/spring-projects/spring-security/issues/15183)
- Resolving invalid CSRF token values is not consistent [#15186](https://togithub.com/spring-projects/spring-security/issues/15186)
- spring-security/docs/modules/ROOT/pages/servlet/authorization /method-security [#15143](https://togithub.com/spring-projects/spring-security/issues/15143)
- SpringOpaqueTokenIntrospector does not add scopes as granted authorities properly [#15165](https://togithub.com/spring-projects/spring-security/issues/15165)
##### :hammer: Dependency Upgrades
- Bump io.micrometer:micrometer-observation from 1.12.6 to 1.12.7 [#15225](https://togithub.com/spring-projects/spring-security/pull/15225)
- Bump io.projectreactor:reactor-bom from 2023.0.6 to 2023.0.7 [#15229](https://togithub.com/spring-projects/spring-security/pull/15229)
- Bump org.apache.directory.shared:shared-ldap from 0.9.15 to 0.9.19 [#15161](https://togithub.com/spring-projects/spring-security/pull/15161)
- Bump org.apache.maven:maven-resolver-provider from 3.9.6 to 3.9.7 [#15168](https://togithub.com/spring-projects/spring-security/pull/15168)
- Bump org.gretty:gretty from 4.1.3 to 4.1.4 [#15133](https://togithub.com/spring-projects/spring-security/pull/15133)
- Bump org.hibernate.orm:hibernate-core from 6.4.8.Final to 6.4.9.Final [#15228](https://togithub.com/spring-projects/spring-security/pull/15228)
- Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 [#15193](https://togithub.com/spring-projects/spring-security/pull/15193)
- Bump org.springframework.data:spring-data-bom from 2024.0.0 to 2024.0.1 [#15260](https://togithub.com/spring-projects/spring-security/pull/15260)
- Bump org.springframework.ldap:spring-ldap-core from 3.2.3 to 3.2.4 [#15251](https://togithub.com/spring-projects/spring-security/pull/15251)
- Bump org.springframework:spring-framework-bom from 6.1.7 to 6.1.8 [#15134](https://togithub.com/spring-projects/spring-security/pull/15134)
- Bump org.springframework:spring-framework-bom from 6.1.8 to 6.1.9 [#15252](https://togithub.com/spring-projects/spring-security/pull/15252)
##### :nut_and_bolt: Build Updates
- Bump `@antora`/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs [#15159](https://togithub.com/spring-projects/spring-security/pull/15159)
- Bump `@springio`/antora-extensions from 1.10.0 to 1.11.1 in /docs [#15141](https://togithub.com/spring-projects/spring-security/pull/15141)
- Bump com.gradle.develocity from 3.17.4 to 3.17.5 [#15239](https://togithub.com/spring-projects/spring-security/pull/15239)
- Bump gradle/gradle-build-action from 2 to 3 [#15157](https://togithub.com/spring-projects/spring-security/pull/15157)
- Bump io-spring-javaformat from 0.0.41 to 0.0.42 [#15219](https://togithub.com/spring-projects/spring-security/pull/15219)
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.15 to 4.33.16 [#15176](https://togithub.com/spring-projects/spring-security/pull/15176)
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.16 to 4.33.17 [#15218](https://togithub.com/spring-projects/spring-security/pull/15218)
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.17 to 4.33.19 [#15261](https://togithub.com/spring-projects/spring-security/pull/15261)
- Bump spring-io/spring-doc-actions from [`17ed79e`](https://togithub.com/spring-projects/spring-security/commit/17ed79ea5fbd65813c69ef1062a024d4a37ff0ca) to [`5a57bcc`](https://togithub.com/spring-projects/spring-security/commit/5a57bcc6a0da2a1474136cf29571b277850432bc) [#15139](https://togithub.com/spring-projects/spring-security/pull/15139)
##### :heart: Contributors
Thank you to all the contributors who worked on this release:
[@dependabot](https://togithub.com/dependabot)\[bot] and [@theHacker](https://togithub.com/theHacker)
### [`v6.3.0`](https://togithub.com/spring-projects/spring-security/releases/tag/6.3.0)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.2.6...6.3.0)
#### :star: New Features
- Add getters to `OAuth2AuthorizedClientId` [#13648](https://togithub.com/spring-projects/spring-security/pull/13648)
- Add timeout defaults to JwtDecoders [#14890](https://togithub.com/spring-projects/spring-security/pull/14890)
- doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean [#15065](https://togithub.com/spring-projects/spring-security/issues/15065)
- Improve logging for Global Authentication [#14711](https://togithub.com/spring-projects/spring-security/pull/14711)
- Minor docs fix [#15043](https://togithub.com/spring-projects/spring-security/pull/15043)
- Minor Documentation update on import needed for using Kotlin DSL [#14969](https://togithub.com/spring-projects/spring-security/pull/14969)
- OAuth2 Client Authentication docs are incomplete [#14982](https://togithub.com/spring-projects/spring-security/issues/14982)
- Proofread CasAuthenticationFilter documentation [#14883](https://togithub.com/spring-projects/spring-security/pull/14883)
- Replace "Spring Boot 2.x" with "Spring Boot" [#14919](https://togithub.com/spring-projects/spring-security/pull/14919)
- Simplify Disabling application/x-www-form-urlencoded Encoding Client ID and Secret [#14859](https://togithub.com/spring-projects/spring-security/pull/14859)
- Support Specifying Identifier for relying-party-registrations Element [#14487](https://togithub.com/spring-projects/spring-security/issues/14487)
- Update What's New in 6.3 [#14918](https://togithub.com/spring-projects/spring-security/issues/14918)
#### :beetle: Bug Fixes
- Do Not Invalidate Current Session When Its Registered [#15066](https://togithub.com/spring-projects/spring-security/pull/15066)
- Fix MethodAuthorizationDeniedPostProcessor does not exist in java doc [#14955](https://togithub.com/spring-projects/spring-security/pull/14955)
- fix docs error in AuthenticatedReactiveAuthorizationManager [#14979](https://togithub.com/spring-projects/spring-security/pull/14979)
- OIDC Logout section is not shown in the navbar [#15113](https://togithub.com/spring-projects/spring-security/issues/15113)
- Wrong information for RequestCacheAwareFilter in the Spring Security documentation. [#14996](https://togithub.com/spring-projects/spring-security/issues/14996)
#### :hammer: Dependency Upgrades
- Bump ch.qos.logback:logback-classic from 1.5.5 to 1.5.6 [#14926](https://togithub.com/spring-projects/spring-security/pull/14926)
- Bump com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.17.1 [#15010](https://togithub.com/spring-projects/spring-security/pull/15010)
- Bump com.gradle.develocity from 3.17.2 to 3.17.3 [#15051](https://togithub.com/spring-projects/spring-security/pull/15051)
- Bump com.gradle.develocity from 3.17.3 to 3.17.4 [#15104](https://togithub.com/spring-projects/spring-security/pull/15104)
- Bump io.micrometer:micrometer-observation from 1.12.5 to 1.12.6 [#15068](https://togithub.com/spring-projects/spring-security/pull/15068)
- Bump io.mockk:mockk from 1.13.10 to 1.13.11 [#15086](https://togithub.com/spring-projects/spring-security/pull/15086)
- Bump io.projectreactor:reactor-bom from 2023.0.5 to 2023.0.6 [#15076](https://togithub.com/spring-projects/spring-security/pull/15076)
- Bump org-apache-maven-resolver from 1.9.18 to 1.9.19 [#14940](https://togithub.com/spring-projects/spring-security/pull/14940)
- Bump org-apache-maven-resolver from 1.9.19 to 1.9.20 [#14987](https://togithub.com/spring-projects/spring-security/pull/14987)
- Bump org-aspectj from 1.9.22 to 1.9.22.1 [#15052](https://togithub.com/spring-projects/spring-security/pull/15052)
- Bump org-bouncycastle from 1.78 to 1.78.1 [#14929](https://togithub.com/spring-projects/spring-security/pull/14929)
- Bump org-eclipse-jetty from 11.0.20 to 11.0.21 [#15087](https://togithub.com/spring-projects/spring-security/pull/15087)
- Bump org.hibernate.orm:hibernate-core from 6.4.4.Final to 6.4.5.Final [#14948](https://togithub.com/spring-projects/spring-security/pull/14948)
- Bump org.hibernate.orm:hibernate-core from 6.4.5.Final to 6.4.6.Final [#14952](https://togithub.com/spring-projects/spring-security/pull/14952)
- Bump org.hibernate.orm:hibernate-core from 6.4.6.Final to 6.4.7.Final [#14962](https://togithub.com/spring-projects/spring-security/pull/14962)
- Bump org.hibernate.orm:hibernate-core from 6.4.7.Final to 6.4.8.Final [#14980](https://togithub.com/spring-projects/spring-security/pull/14980)
- Bump org.jetbrains.kotlin:kotlin-bom from 1.9.23 to 1.9.24 [#15025](https://togithub.com/spring-projects/spring-security/pull/15025)
- Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.23 to 1.9.24 [#15026](https://togithub.com/spring-projects/spring-security/pull/15026)
- Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.8.0 to 1.8.1 [#15053](https://togithub.com/spring-projects/spring-security/pull/15053)
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.13 to 4.33.15 [#14945](https://togithub.com/spring-projects/spring-security/pull/14945)
- Bump org.springframework.data:spring-data-bom from 2024.0.0-RC1 to 2024.0.0 [#15103](https://togithub.com/spring-projects/spring-security/pull/15103)
- Bump org.springframework:spring-framework-bom from 6.1.6 to 6.1.7 [#15088](https://togithub.com/spring-projects/spring-security/pull/15088)
#### :nut_and_bolt: Build Updates
- Attach Antora Docs to Pull Requests [#15061](https://togithub.com/spring-projects/spring-security/issues/15061)
- Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.12 [#14986](https://togithub.com/spring-projects/spring-security/pull/14986)
- Bump com.github.spullara.mustache.java:compiler from 0.9.12 to 0.9.13 [#14999](https://togithub.com/spring-projects/spring-security/pull/14999)
- Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 [#14963](https://togithub.com/spring-projects/spring-security/pull/14963)
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.2 to 1.0.3 [#14928](https://togithub.com/spring-projects/spring-security/pull/14928)
- Consider Adding a Build Updates section to the release changelog [#15039](https://togithub.com/spring-projects/spring-security/issues/15039)
#### :heart: Contributors
Thank you to all the contributors who worked on this release:
[@Crain-32](https://togithub.com/Crain-32), [@Kehrlann](https://togithub.com/Kehrlann), [@MrJovanovic13](https://togithub.com/MrJovanovic13), [@ch4mpy](https://togithub.com/ch4mpy), [@dependabot](https://togithub.com/dependabot)\[bot], [@joaquinjsb](https://togithub.com/joaquinjsb), [@kse-music](https://togithub.com/kse-music), [@madorb](https://togithub.com/madorb), [@rishiraj88](https://togithub.com/rishiraj88), and [@vvaadd](https://togithub.com/vvaadd)
### [`v6.2.6`](https://togithub.com/spring-projects/spring-security/releases/tag/6.2.6)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.2.5...6.2.6)
##### :star: New Features
- ActiveDirectoryLdapAuthenticationProvider does not implement support for multiple urls [#15494](https://togithub.com/spring-projects/spring-security/issues/15494)
- Document the role of `CredentialsContainer` [#15320](https://togithub.com/spring-projects/spring-security/issues/15320)
- OIDC Backchannel Logout should allow logout tokens having typ header of logout+jwt [#15277](https://togithub.com/spring-projects/spring-security/pull/15277)
##### :beetle: Bug Fixes
- A broken link in Spring Security reference [#15288](https://togithub.com/spring-projects/spring-security/issues/15288)
- Correct HttpSessionCsrfTokenRepository Documentation [#15392](https://togithub.com/spring-projects/spring-security/pull/15392)
- Documentation for ServletBearerExchangeFilterFunction incomplete or incorrect [#15459](https://togithub.com/spring-projects/spring-security/issues/15459)
- Restrict automatic CORS configuration to UrlBasedCorsConfigurationSource [#15444](https://togithub.com/spring-projects/spring-security/pull/15444)
- Update prerequisites documentation with Java 17 [#15323](https://togithub.com/spring-projects/spring-security/pull/15323)
- Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' [#15439](https://togithub.com/spring-projects/spring-security/issues/15439)
##### :hammer: Dependency Upgrades
- Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 [#15376](https://togithub.com/spring-projects/spring-security/pull/15376)
- Bump io.micrometer:micrometer-observation from 1.12.7 to 1.12.8 [#15381](https://togithub.com/spring-projects/spring-security/pull/15381)
- Bump io.micrometer:micrometer-observation from 1.12.8 to 1.12.9 [#15588](https://togithub.com/spring-projects/spring-security/pull/15588)
- Bump io.mockk:mockk from 1.13.11 to 1.13.12 [#15427](https://togithub.com/spring-projects/spring-security/pull/15427)
- Bump io.projectreactor:reactor-bom from 2023.0.7 to 2023.0.8 [#15389](https://togithub.com/spring-projects/spring-security/pull/15389)
- Bump io.projectreactor:reactor-bom from 2023.0.8 to 2023.0.9 [#15599](https://togithub.com/spring-projects/spring-security/pull/15599)
- Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.0 to 3.0.1 [#15589](https://togithub.com/spring-projects/spring-security/pull/15589)
- Bump org-apache-maven-resolver from 1.9.20 to 1.9.21 [#15377](https://togithub.com/spring-projects/spring-security/pull/15377)
- Bump org-apache-maven-resolver from 1.9.21 to 1.9.22 [#15543](https://togithub.com/spring-projects/spring-security/pull/15543)
- Bump org-eclipse-jetty from 11.0.21 to 11.0.22 [#15358](https://togithub.com/spring-projects/spring-security/pull/15358)
- Bump org.apache.maven:maven-resolver-provider from 3.9.7 to 3.9.8 [#15271](https://togithub.com/spring-projects/spring-security/pull/15271)
- Bump org.apache.maven:maven-resolver-provider from 3.9.8 to 3.9.9 [#15645](https://togithub.com/spring-projects/spring-security/pull/15645)
- Bump org.jetbrains.kotlin:kotlin-bom from 1.9.24 to 1.9.25 [#15452](https://togithub.com/spring-projects/spring-security/pull/15452)
- Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.24 to 1.9.25 [#15451](https://togithub.com/spring-projects/spring-security/pull/15451)
- Bump org.junit:junit-bom from 5.10.2 to 5.10.3 [#15314](https://togithub.com/spring-projects/spring-security/pull/15314)
- Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 [#15333](https://togithub.com/spring-projects/spring-security/pull/15333)
- Bump org.slf4j:slf4j-api from 2.0.13 to 2.0.14 [#15528](https://togithub.com/spring-projects/spring-security/pull/15528)
- Bump org.slf4j:slf4j-api from 2.0.14 to 2.0.15 [#15544](https://togithub.com/spring-projects/spring-security/pull/15544)
- Bump org.slf4j:slf4j-api from 2.0.15 to 2.0.16 [#15570](https://togithub.com/spring-projects/spring-security/pull/15570)
- Bump org.springframework.data:spring-data-bom from 2023.1.7 to 2023.1.8 [#15422](https://togithub.com/spring-projects/spring-security/pull/15422)
- Bump org.springframework.data:spring-data-bom from 2023.1.8 to 2023.1.9 [#15644](https://togithub.com/spring-projects/spring-security/pull/15644)
- Bump org.springframework.ldap:spring-ldap-core from 3.2.4 to 3.2.6 [#15618](https://togithub.com/spring-projects/spring-security/pull/15618)
- Bump org.springframework:spring-framework-bom from 6.1.10 to 6.1.11 [#15404](https://togithub.com/spring-projects/spring-security/pull/15404)
- Bump org.springframework:spring-framework-bom from 6.1.11 to 6.1.12 [#15614](https://togithub.com/spring-projects/spring-security/pull/15614)
- Bump org.springframework:spring-framework-bom from 6.1.9 to 6.1.10 [#15280](https://togithub.com/spring-projects/spring-security/pull/15280)
##### :nut_and_bolt: Build Updates
- Automate check of expected branch version [#15309](https://togithub.com/spring-projects/spring-security/issues/15309)
- Bump `@antora`/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs [#15445](https://togithub.com/spring-projects/spring-security/pull/15445)
- Bump `@antora`/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs [#15488](https://togithub.com/spring-projects/spring-security/pull/15488)
- Bump `@antora`/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs [#15563](https://togithub.com/spring-projects/spring-security/pull/15563)
- Bump `@antora`/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs [#15639](https://togithub.com/spring-projects/spring-security/pull/15639)
- Bump `@springio`/antora-extensions from 1.11.1 to 1.12.0 in /docs [#15415](https://togithub.com/spring-projects/spring-security/pull/15415)
- Bump `@springio`/antora-extensions from 1.12.0 to 1.13.0 in /docs [#15516](https://togithub.com/spring-projects/spring-security/pull/15516)
- Bump `@springio`/antora-extensions from 1.13.0 to 1.13.1 in /docs [#15562](https://togithub.com/spring-projects/spring-security/pull/15562)
- Bump `@springio`/antora-extensions from 1.13.1 to 1.14.2 in /docs [#15638](https://togithub.com/spring-projects/spring-security/pull/15638)
- Bump `@springio`/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs [#15414](https://togithub.com/spring-projects/spring-security/pull/15414)
- Bump `@springio`/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs [#15518](https://togithub.com/spring-projects/spring-security/pull/15518)
- Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs [#15328](https://togithub.com/spring-projects/spring-security/pull/15328)
- Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs [#15489](https://togithub.com/spring-projects/spring-security/pull/15489)
- Bump com.gradle.develocity from 3.17.5 to 3.17.6 [#15465](https://togithub.com/spring-projects/spring-security/pull/15465)
- Bump io-spring-javaformat from 0.0.42 to 0.0.43 [#15649](https://togithub.com/spring-projects/spring-security/pull/15649)
- Migrate slack notifications to GChat [#15504](https://togithub.com/spring-projects/spring-security/issues/15504)
##### :heart: Contributors
Thank you to all the contributors who worked on this release:
[@Junhyunny](https://togithub.com/Junhyunny), [@Kehrlann](https://togithub.com/Kehrlann), [@OLibutzki](https://togithub.com/OLibutzki), [@arey](https://togithub.com/arey), [@baezzys](https://togithub.com/baezzys), and [@dependabot](https://togithub.com/dependabot)\[bot]
### [`v6.2.5`](https://togithub.com/spring-projects/spring-security/releases/tag/6.2.5)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.2.4...6.2.5)
##### :star: New Features
- doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean [#15063](https://togithub.com/spring-projects/spring-security/issues/15063)
- Enhance Logging in RequestMatcherDelegatingAuthorizationManage [#14922](https://togithub.com/spring-projects/spring-security/issues/14922)
- InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified [#14974](https://togithub.com/spring-projects/spring-security/issues/14974)
- Mention all required dependencies in LDAP documentation [#15244](https://togithub.com/spring-projects/spring-security/issues/15244)
##### :beetle: Bug Fixes
- Assert WebSession is not null [#15178](https://togithub.com/spring-projects/spring-security/issues/15178)
- AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc [#15210](https://togithub.com/spring-projects/spring-security/issues/15210)
- DispatcherServletDelegatingRequestMatcher causes errors when running tests with MockMvc [#15196](https://togithub.com/spring-projects/spring-security/issues/15196)
- Fix Java example in multitenanci.adoc [#15150](https://togithub.com/spring-projects/spring-security/issues/15150)
- Incorrect documentation for OIDC Back-Channel Logout [#15198](https://togithub.com/spring-projects/spring-security/issues/15198)
- InMemoryUserDetailsManager Setting User Roles in Official Documentation Example Causes Error [#14972](https://togithub.com/spring-projects/spring-security/issues/14972)
- LDIF file on official documentation breaks the startup process [#15166](https://togithub.com/spring-projects/spring-security/issues/15166)
- Link to article with remember-me-persistent-token strategy is broken [#15148](https://togithub.com/spring-projects/spring-security/issues/15148)
- OIDC Logout section is not shown in the navbar [#15112](https://togithub.com/spring-projects/spring-security/issues/15112)
- OpenSaml4AssertionValidator is not respecting clock skew settings [#15022](https://togithub.com/spring-projects/spring-security/issues/15022)
- ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class [#14958](https://togithub.com/spring-projects/spring-security/issues/14958)
- Resolving invalid CSRF token values is not consistent [#15185](https://togithub.com/spring-projects/spring-security/issues/15185)
- spring-security/docs/modules/ROOT/pages/servlet/authorization /method-security [#15045](https://togithub.com/spring-projects/spring-security/issues/15045)
- Wrong information for RequestCacheAwareFilter in the Spring Security documentation. [#14995](https://togithub.com/spring-projects/spring-security/issues/14995)
##### :hammer: Dependency Upgrades
- Bump com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.17.1 [#15011](https://togithub.com/spring-projects/spring-security/pull/15011)
- Bump io.micrometer:micrometer-observation from 1.12.5 to 1.12.6 [#15069](https://togithub.com/spring-projects/spring-security/pull/15069)
- Bump io.micrometer:micrometer-observation from 1.12.6 to 1.12.7 [#15224](https://togithub.com/spring-projects/spring-security/pull/15224)
- Bump io.mockk:mockk from 1.13.10 to 1.13.11 [#15079](https://togithub.com/spring-projects/spring-security/pull/15079)
- Bump io.projectreactor:reactor-bom from 2023.0.5 to 2023.0.6 [#15075](https://togithub.com/spring-projects/spring-security/pull/15075)
- Bump io.projectreactor:reactor-bom from 2023.0.6 to 2023.0.7 [#15232](https://togithub.com/spring-projects/spring-security/pull/15232)
- Bump org-apache-maven-resolver from 1.9.18 to 1.9.19 [#14939](https://togithub.com/spring-projects/spring-security/pull/14939)
- Bump org-apache-maven-resolver from 1.9.19 to 1.9.20 [#15031](https://togithub.com/spring-projects/spring-security/pull/15031)
- Bump org-aspectj from 1.9.22 to 1.9.22.1 [#15049](https://togithub.com/spring-projects/spring-security/pull/15049)
- Bump org-eclipse-jetty from 11.0.20 to 11.0.21 [#15080](https://togithub.com/spring-projects/spring-security/pull/15080)
- Bump org.apache.maven:maven-resolver-provider from 3.9.6 to 3.9.7 [#15170](https://togithub.com/spring-projects/spring-security/pull/15170)
- Bump org.hibernate.orm:hibernate-core from 6.4.4.Final to 6.4.5.Final [#14949](https://togithub.com/spring-projects/spring-security/pull/14949)
- Bump org.hibernate.orm:hibernate-core from 6.4.5.Final to 6.4.6.Final [#14953](https://togithub.com/spring-projects/spring-security/pull/14953)
- Bump org.hibernate.orm:hibernate-core from 6.4.6.Final to 6.4.7.Final [#14960](https://togithub.com/spring-projects/spring-security/pull/14960)
- Bump org.hibernate.orm:hibernate-core from 6.4.7.Final to 6.4.8.Final [#14981](https://togithub.com/spring-projects/spring-security/pull/14981)
- Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 [#15192](https://togithub.com/spring-projects/spring-security/pull/15192)
- Bump org.jetbrains.kotlin:kotlin-bom from 1.9.23 to 1.9.24 [#15024](https://togithub.com/spring-projects/spring-security/pull/15024)
- Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.23 to 1.9.24 [#15023](https://togithub.com/spring-projects/spring-security/pull/15023)
- Bump org.opensaml:opensaml-core4 from 4.3.1 to 4.3.2 [#14947](https://togithub.com/spring-projects/spring-security/issues/14947)
- Bump org.springframework.data:spring-data-bom from 2023.1.5 to 2023.1.6 [#15101](https://togithub.com/spring-projects/spring-security/pull/15101)
- Bump org.springframework.data:spring-data-bom from 2023.1.6 to 2023.1.7 [#15262](https://togithub.com/spring-projects/spring-security/pull/15262)
- Bump org.springframework.ldap:spring-ldap-core from 3.2.3 to 3.2.4 [#15248](https://togithub.com/spring-projects/spring-security/pull/15248)
- Bump org.springframework:spring-framework-bom from 6.1.6 to 6.1.7 [#15081](https://togithub.com/spring-projects/spring-security/pull/15081)
- Bump org.springframework:spring-framework-bom from 6.1.7 to 6.1.8 [#15132](https://togithub.com/spring-projects/spring-security/pull/15132)
- Bump org.springframework:spring-framework-bom from 6.1.8 to 6.1.9 [#15247](https://togithub.com/spring-projects/spring-security/pull/15247)
- Update to OAuth2 OIDC SDK 9.43.4 [#14920](https://togithub.com/spring-projects/spring-security/issues/14920)
- Upgrade nimbus-jose-jwt to version 9.37.3 [#14836](https://togithub.com/spring-projects/spring-security/issues/14836)
##### :nut_and_bolt: Build Updates
- Attach Antora Docs to Pull Requests [#15060](https://togithub.com/spring-projects/spring-security/issues/15060)
- Bump `@antora`/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs [#15163](https://togithub.com/spring-projects/spring-security/pull/15163)
- Bump `@springio`/antora-extensions from 1.10.0 to 1.11.1 in /docs [#15142](https://togithub.com/spring-projects/spring-security/pull/15142)
- Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 [#15032](https://togithub.com/spring-projects/spring-security/pull/15032)
- Bump com.gradle.develocity from 3.17.2 to 3.17.3 [#15050](https://togithub.com/spring-projects/spring-security/pull/15050)
- Bump com.gradle.develocity from 3.17.3 to 3.17.4 [#15102](https://togithub.com/spring-projects/spring-security/pull/15102)
- Bump com.gradle.develocity from 3.17.4 to 3.17.5 [#15241](https://togithub.com/spring-projects/spring-security/pull/15241)
- Bump io-spring-javaformat from 0.0.41 to 0.0.42 [#15216](https://togithub.com/spring-projects/spring-security/pull/15216)
- Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 [#14961](https://togithub.com/spring-projects/spring-security/pull/14961)
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.2 to 1.0.3 [#14924](https://togithub.com/spring-projects/spring-security/pull/14924)
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.13 to 4.33.15 [#14950](https://togithub.com/spring-projects/spring-security/pull/14950)
- Consider Adding a Build Updates section to the release changelog [#15038](https://togithub.com/spring-projects/spring-security/issues/15038)
##### :heart: Contributors
Thank you to all the contributors who worked on this release:
[@dependabot](https://togithub.com/dependabot)\[bot]
### [`v6.2.4`](https://togithub.com/spring-projects/spring-security/releases/tag/6.2.4)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.2.3...6.2.4)
#### :beetle: Bug Fixes
- SpaCsrfTokenRequestHandler(Kotlin) documented in csrf-integration-javascript-spa causes NullPointerException [#14805](https://togithub.com/spring-projects/spring-security/issues/14805)
- Address AuthorizationObservationConvention Package Tangle [#14795](https://togithub.com/spring-projects/spring-security/issues/14795)
- bug org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector introspect method error [#14848](https://togithub.com/spring-projects/spring-security/issues/14848)
- Transactional annotation breaks AOT for native image [#14865](https://togithub.com/spring-projects/spring-security/issues/14865)
#### :hammer: Dependency Upgrades
- Bump io.micrometer:micrometer-observation from 1.12.4 to 1.12.5 [#14867](https://togithub.com/spring-projects/spring-security/pull/14867)
- Bump io.projectreactor:reactor-bom from 2023.0.4 to 2023.0.5 [#14873](https://togithub.com/spring-projects/spring-security/pull/14873)
- Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 [#14821](https://togithub.com/spring-projects/spring-security/pull/14821)
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.1 to 1.0.2 [#14786](https://togithub.com/spring-projects/spring-security/pull/14786)
- Bump org-aspectj from 1.9.21.2 to 1.9.22 [#14798](https://togithub.com/spring-projects/spring-security/pull/14798)
- Bump org.slf4j:slf4j-api from 2.0.12 to 2.0.13 [#14907](https://togithub.com/spring-projects/spring-security/pull/14907)
- Bump org.springframework.data:spring-data-bom from 2023.1.4 to 2023.1.5 [#14908](https://togithub.com/spring-projects/spring-security/pull/14908)
- Bump org.springframework.ldap:spring-ldap-core from 3.2.2 to 3.2.3 [#14896](https://togithub.com/spring-projects/spring-security/pull/14896)
- Bump org.springframework:spring-framework-bom from 6.1.5 to 6.1.6 [#14895](https://togithub.com/spring-projects/spring-security/pull/14895)
- Update org.opensaml:opensaml-core4 to 4.3.1 [#14850](https://togithub.com/spring-projects/spring-security/issues/14850)
#### :heart: Contributors
Thank you to all the contributors who worked on this release:
[@dependabot](https://togithub.com/dependabot)\[bot]
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
6.2.3->6.3.3Release Notes
spring-projects/spring-security (org.springframework.security:spring-security-test)
### [`v6.3.3`](https://togithub.com/spring-projects/spring-security/releases/tag/6.3.3) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.3.2...6.3.3) #### :beetle: Bug Fixes - ObservationRegistry is never post-processed [#15658](https://togithub.com/spring-projects/spring-security/issues/15658) #### :hammer: Dependency Upgrades - Bump org-eclipse-jetty from 11.0.22 to 11.0.23 [#15664](https://togithub.com/spring-projects/spring-security/pull/15664) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@dependabot](https://togithub.com/dependabot)\[bot] ### [`v6.3.2`](https://togithub.com/spring-projects/spring-security/compare/6.3.1...6.3.2) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.3.1...6.3.2) ### [`v6.3.1`](https://togithub.com/spring-projects/spring-security/releases/tag/6.3.1) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.3.0...6.3.1) ##### :star: New Features - Clarify the behavior of Concurrent Session Management when an IdP is involved [#15071](https://togithub.com/spring-projects/spring-security/issues/15071) - Mention all required dependencies in LDAP documentation [#15245](https://togithub.com/spring-projects/spring-security/issues/15245) - Minor docs fix [#15144](https://togithub.com/spring-projects/spring-security/issues/15144) ##### :beetle: Bug Fixes - AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc [#15211](https://togithub.com/spring-projects/spring-security/issues/15211) - Assert WebSession is not null [#15179](https://togithub.com/spring-projects/spring-security/issues/15179) - DispatcherServletDelegatingRequestMatcher causes errors when running tests with MockMvc [#15197](https://togithub.com/spring-projects/spring-security/issues/15197) - Documentation clarification after [#12783](https://togithub.com/spring-projects/spring-security/issues/12783) has been closed is needed. [#15208](https://togithub.com/spring-projects/spring-security/issues/15208) - Fix Java example in multitenanci.adoc [#15151](https://togithub.com/spring-projects/spring-security/issues/15151) - Fix Kotlin example in authorize-http-requests.adoc [#15129](https://togithub.com/spring-projects/spring-security/pull/15129) - Incorrect documentation for OIDC Back-Channel Logout [#15212](https://togithub.com/spring-projects/spring-security/issues/15212) - IpAddressMatcher.matches(String address) still accepts URLs [#15172](https://togithub.com/spring-projects/spring-security/issues/15172) - LDIF file on official documentation breaks the startup process [#15167](https://togithub.com/spring-projects/spring-security/issues/15167) - Link to article with remember-me-persistent-token strategy is broken [#15149](https://togithub.com/spring-projects/spring-security/issues/15149) - OpenSaml4AssertionValidator is not respecting clock skew settings [#15183](https://togithub.com/spring-projects/spring-security/issues/15183) - Resolving invalid CSRF token values is not consistent [#15186](https://togithub.com/spring-projects/spring-security/issues/15186) - spring-security/docs/modules/ROOT/pages/servlet/authorization /method-security [#15143](https://togithub.com/spring-projects/spring-security/issues/15143) - SpringOpaqueTokenIntrospector does not add scopes as granted authorities properly [#15165](https://togithub.com/spring-projects/spring-security/issues/15165) ##### :hammer: Dependency Upgrades - Bump io.micrometer:micrometer-observation from 1.12.6 to 1.12.7 [#15225](https://togithub.com/spring-projects/spring-security/pull/15225) - Bump io.projectreactor:reactor-bom from 2023.0.6 to 2023.0.7 [#15229](https://togithub.com/spring-projects/spring-security/pull/15229) - Bump org.apache.directory.shared:shared-ldap from 0.9.15 to 0.9.19 [#15161](https://togithub.com/spring-projects/spring-security/pull/15161) - Bump org.apache.maven:maven-resolver-provider from 3.9.6 to 3.9.7 [#15168](https://togithub.com/spring-projects/spring-security/pull/15168) - Bump org.gretty:gretty from 4.1.3 to 4.1.4 [#15133](https://togithub.com/spring-projects/spring-security/pull/15133) - Bump org.hibernate.orm:hibernate-core from 6.4.8.Final to 6.4.9.Final [#15228](https://togithub.com/spring-projects/spring-security/pull/15228) - Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 [#15193](https://togithub.com/spring-projects/spring-security/pull/15193) - Bump org.springframework.data:spring-data-bom from 2024.0.0 to 2024.0.1 [#15260](https://togithub.com/spring-projects/spring-security/pull/15260) - Bump org.springframework.ldap:spring-ldap-core from 3.2.3 to 3.2.4 [#15251](https://togithub.com/spring-projects/spring-security/pull/15251) - Bump org.springframework:spring-framework-bom from 6.1.7 to 6.1.8 [#15134](https://togithub.com/spring-projects/spring-security/pull/15134) - Bump org.springframework:spring-framework-bom from 6.1.8 to 6.1.9 [#15252](https://togithub.com/spring-projects/spring-security/pull/15252) ##### :nut_and_bolt: Build Updates - Bump `@antora`/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs [#15159](https://togithub.com/spring-projects/spring-security/pull/15159) - Bump `@springio`/antora-extensions from 1.10.0 to 1.11.1 in /docs [#15141](https://togithub.com/spring-projects/spring-security/pull/15141) - Bump com.gradle.develocity from 3.17.4 to 3.17.5 [#15239](https://togithub.com/spring-projects/spring-security/pull/15239) - Bump gradle/gradle-build-action from 2 to 3 [#15157](https://togithub.com/spring-projects/spring-security/pull/15157) - Bump io-spring-javaformat from 0.0.41 to 0.0.42 [#15219](https://togithub.com/spring-projects/spring-security/pull/15219) - Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.15 to 4.33.16 [#15176](https://togithub.com/spring-projects/spring-security/pull/15176) - Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.16 to 4.33.17 [#15218](https://togithub.com/spring-projects/spring-security/pull/15218) - Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.17 to 4.33.19 [#15261](https://togithub.com/spring-projects/spring-security/pull/15261) - Bump spring-io/spring-doc-actions from [`17ed79e`](https://togithub.com/spring-projects/spring-security/commit/17ed79ea5fbd65813c69ef1062a024d4a37ff0ca) to [`5a57bcc`](https://togithub.com/spring-projects/spring-security/commit/5a57bcc6a0da2a1474136cf29571b277850432bc) [#15139](https://togithub.com/spring-projects/spring-security/pull/15139) ##### :heart: Contributors Thank you to all the contributors who worked on this release: [@dependabot](https://togithub.com/dependabot)\[bot] and [@theHacker](https://togithub.com/theHacker) ### [`v6.3.0`](https://togithub.com/spring-projects/spring-security/releases/tag/6.3.0) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.2.6...6.3.0) #### :star: New Features - Add getters to `OAuth2AuthorizedClientId` [#13648](https://togithub.com/spring-projects/spring-security/pull/13648) - Add timeout defaults to JwtDecoders [#14890](https://togithub.com/spring-projects/spring-security/pull/14890) - doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean [#15065](https://togithub.com/spring-projects/spring-security/issues/15065) - Improve logging for Global Authentication [#14711](https://togithub.com/spring-projects/spring-security/pull/14711) - Minor docs fix [#15043](https://togithub.com/spring-projects/spring-security/pull/15043) - Minor Documentation update on import needed for using Kotlin DSL [#14969](https://togithub.com/spring-projects/spring-security/pull/14969) - OAuth2 Client Authentication docs are incomplete [#14982](https://togithub.com/spring-projects/spring-security/issues/14982) - Proofread CasAuthenticationFilter documentation [#14883](https://togithub.com/spring-projects/spring-security/pull/14883) - Replace "Spring Boot 2.x" with "Spring Boot" [#14919](https://togithub.com/spring-projects/spring-security/pull/14919) - Simplify Disabling application/x-www-form-urlencoded Encoding Client ID and Secret [#14859](https://togithub.com/spring-projects/spring-security/pull/14859) - Support Specifying Identifier for relying-party-registrations Element [#14487](https://togithub.com/spring-projects/spring-security/issues/14487) - Update What's New in 6.3 [#14918](https://togithub.com/spring-projects/spring-security/issues/14918) #### :beetle: Bug Fixes - Do Not Invalidate Current Session When Its Registered [#15066](https://togithub.com/spring-projects/spring-security/pull/15066) - Fix MethodAuthorizationDeniedPostProcessor does not exist in java doc [#14955](https://togithub.com/spring-projects/spring-security/pull/14955) - fix docs error in AuthenticatedReactiveAuthorizationManager [#14979](https://togithub.com/spring-projects/spring-security/pull/14979) - OIDC Logout section is not shown in the navbar [#15113](https://togithub.com/spring-projects/spring-security/issues/15113) - Wrong information for RequestCacheAwareFilter in the Spring Security documentation. [#14996](https://togithub.com/spring-projects/spring-security/issues/14996) #### :hammer: Dependency Upgrades - Bump ch.qos.logback:logback-classic from 1.5.5 to 1.5.6 [#14926](https://togithub.com/spring-projects/spring-security/pull/14926) - Bump com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.17.1 [#15010](https://togithub.com/spring-projects/spring-security/pull/15010) - Bump com.gradle.develocity from 3.17.2 to 3.17.3 [#15051](https://togithub.com/spring-projects/spring-security/pull/15051) - Bump com.gradle.develocity from 3.17.3 to 3.17.4 [#15104](https://togithub.com/spring-projects/spring-security/pull/15104) - Bump io.micrometer:micrometer-observation from 1.12.5 to 1.12.6 [#15068](https://togithub.com/spring-projects/spring-security/pull/15068) - Bump io.mockk:mockk from 1.13.10 to 1.13.11 [#15086](https://togithub.com/spring-projects/spring-security/pull/15086) - Bump io.projectreactor:reactor-bom from 2023.0.5 to 2023.0.6 [#15076](https://togithub.com/spring-projects/spring-security/pull/15076) - Bump org-apache-maven-resolver from 1.9.18 to 1.9.19 [#14940](https://togithub.com/spring-projects/spring-security/pull/14940) - Bump org-apache-maven-resolver from 1.9.19 to 1.9.20 [#14987](https://togithub.com/spring-projects/spring-security/pull/14987) - Bump org-aspectj from 1.9.22 to 1.9.22.1 [#15052](https://togithub.com/spring-projects/spring-security/pull/15052) - Bump org-bouncycastle from 1.78 to 1.78.1 [#14929](https://togithub.com/spring-projects/spring-security/pull/14929) - Bump org-eclipse-jetty from 11.0.20 to 11.0.21 [#15087](https://togithub.com/spring-projects/spring-security/pull/15087) - Bump org.hibernate.orm:hibernate-core from 6.4.4.Final to 6.4.5.Final [#14948](https://togithub.com/spring-projects/spring-security/pull/14948) - Bump org.hibernate.orm:hibernate-core from 6.4.5.Final to 6.4.6.Final [#14952](https://togithub.com/spring-projects/spring-security/pull/14952) - Bump org.hibernate.orm:hibernate-core from 6.4.6.Final to 6.4.7.Final [#14962](https://togithub.com/spring-projects/spring-security/pull/14962) - Bump org.hibernate.orm:hibernate-core from 6.4.7.Final to 6.4.8.Final [#14980](https://togithub.com/spring-projects/spring-security/pull/14980) - Bump org.jetbrains.kotlin:kotlin-bom from 1.9.23 to 1.9.24 [#15025](https://togithub.com/spring-projects/spring-security/pull/15025) - Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.23 to 1.9.24 [#15026](https://togithub.com/spring-projects/spring-security/pull/15026) - Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.8.0 to 1.8.1 [#15053](https://togithub.com/spring-projects/spring-security/pull/15053) - Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.13 to 4.33.15 [#14945](https://togithub.com/spring-projects/spring-security/pull/14945) - Bump org.springframework.data:spring-data-bom from 2024.0.0-RC1 to 2024.0.0 [#15103](https://togithub.com/spring-projects/spring-security/pull/15103) - Bump org.springframework:spring-framework-bom from 6.1.6 to 6.1.7 [#15088](https://togithub.com/spring-projects/spring-security/pull/15088) #### :nut_and_bolt: Build Updates - Attach Antora Docs to Pull Requests [#15061](https://togithub.com/spring-projects/spring-security/issues/15061) - Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.12 [#14986](https://togithub.com/spring-projects/spring-security/pull/14986) - Bump com.github.spullara.mustache.java:compiler from 0.9.12 to 0.9.13 [#14999](https://togithub.com/spring-projects/spring-security/pull/14999) - Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 [#14963](https://togithub.com/spring-projects/spring-security/pull/14963) - Bump io.spring.gradle:spring-security-release-plugin from 1.0.2 to 1.0.3 [#14928](https://togithub.com/spring-projects/spring-security/pull/14928) - Consider Adding a Build Updates section to the release changelog [#15039](https://togithub.com/spring-projects/spring-security/issues/15039) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@Crain-32](https://togithub.com/Crain-32), [@Kehrlann](https://togithub.com/Kehrlann), [@MrJovanovic13](https://togithub.com/MrJovanovic13), [@ch4mpy](https://togithub.com/ch4mpy), [@dependabot](https://togithub.com/dependabot)\[bot], [@joaquinjsb](https://togithub.com/joaquinjsb), [@kse-music](https://togithub.com/kse-music), [@madorb](https://togithub.com/madorb), [@rishiraj88](https://togithub.com/rishiraj88), and [@vvaadd](https://togithub.com/vvaadd) ### [`v6.2.6`](https://togithub.com/spring-projects/spring-security/releases/tag/6.2.6) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.2.5...6.2.6) ##### :star: New Features - ActiveDirectoryLdapAuthenticationProvider does not implement support for multiple urls [#15494](https://togithub.com/spring-projects/spring-security/issues/15494) - Document the role of `CredentialsContainer` [#15320](https://togithub.com/spring-projects/spring-security/issues/15320) - OIDC Backchannel Logout should allow logout tokens having typ header of logout+jwt [#15277](https://togithub.com/spring-projects/spring-security/pull/15277) ##### :beetle: Bug Fixes - A broken link in Spring Security reference [#15288](https://togithub.com/spring-projects/spring-security/issues/15288) - Correct HttpSessionCsrfTokenRepository Documentation [#15392](https://togithub.com/spring-projects/spring-security/pull/15392) - Documentation for ServletBearerExchangeFilterFunction incomplete or incorrect [#15459](https://togithub.com/spring-projects/spring-security/issues/15459) - Restrict automatic CORS configuration to UrlBasedCorsConfigurationSource [#15444](https://togithub.com/spring-projects/spring-security/pull/15444) - Update prerequisites documentation with Java 17 [#15323](https://togithub.com/spring-projects/spring-security/pull/15323) - Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' [#15439](https://togithub.com/spring-projects/spring-security/issues/15439) ##### :hammer: Dependency Upgrades - Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 [#15376](https://togithub.com/spring-projects/spring-security/pull/15376) - Bump io.micrometer:micrometer-observation from 1.12.7 to 1.12.8 [#15381](https://togithub.com/spring-projects/spring-security/pull/15381) - Bump io.micrometer:micrometer-observation from 1.12.8 to 1.12.9 [#15588](https://togithub.com/spring-projects/spring-security/pull/15588) - Bump io.mockk:mockk from 1.13.11 to 1.13.12 [#15427](https://togithub.com/spring-projects/spring-security/pull/15427) - Bump io.projectreactor:reactor-bom from 2023.0.7 to 2023.0.8 [#15389](https://togithub.com/spring-projects/spring-security/pull/15389) - Bump io.projectreactor:reactor-bom from 2023.0.8 to 2023.0.9 [#15599](https://togithub.com/spring-projects/spring-security/pull/15599) - Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.0 to 3.0.1 [#15589](https://togithub.com/spring-projects/spring-security/pull/15589) - Bump org-apache-maven-resolver from 1.9.20 to 1.9.21 [#15377](https://togithub.com/spring-projects/spring-security/pull/15377) - Bump org-apache-maven-resolver from 1.9.21 to 1.9.22 [#15543](https://togithub.com/spring-projects/spring-security/pull/15543) - Bump org-eclipse-jetty from 11.0.21 to 11.0.22 [#15358](https://togithub.com/spring-projects/spring-security/pull/15358) - Bump org.apache.maven:maven-resolver-provider from 3.9.7 to 3.9.8 [#15271](https://togithub.com/spring-projects/spring-security/pull/15271) - Bump org.apache.maven:maven-resolver-provider from 3.9.8 to 3.9.9 [#15645](https://togithub.com/spring-projects/spring-security/pull/15645) - Bump org.jetbrains.kotlin:kotlin-bom from 1.9.24 to 1.9.25 [#15452](https://togithub.com/spring-projects/spring-security/pull/15452) - Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.24 to 1.9.25 [#15451](https://togithub.com/spring-projects/spring-security/pull/15451) - Bump org.junit:junit-bom from 5.10.2 to 5.10.3 [#15314](https://togithub.com/spring-projects/spring-security/pull/15314) - Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 [#15333](https://togithub.com/spring-projects/spring-security/pull/15333) - Bump org.slf4j:slf4j-api from 2.0.13 to 2.0.14 [#15528](https://togithub.com/spring-projects/spring-security/pull/15528) - Bump org.slf4j:slf4j-api from 2.0.14 to 2.0.15 [#15544](https://togithub.com/spring-projects/spring-security/pull/15544) - Bump org.slf4j:slf4j-api from 2.0.15 to 2.0.16 [#15570](https://togithub.com/spring-projects/spring-security/pull/15570) - Bump org.springframework.data:spring-data-bom from 2023.1.7 to 2023.1.8 [#15422](https://togithub.com/spring-projects/spring-security/pull/15422) - Bump org.springframework.data:spring-data-bom from 2023.1.8 to 2023.1.9 [#15644](https://togithub.com/spring-projects/spring-security/pull/15644) - Bump org.springframework.ldap:spring-ldap-core from 3.2.4 to 3.2.6 [#15618](https://togithub.com/spring-projects/spring-security/pull/15618) - Bump org.springframework:spring-framework-bom from 6.1.10 to 6.1.11 [#15404](https://togithub.com/spring-projects/spring-security/pull/15404) - Bump org.springframework:spring-framework-bom from 6.1.11 to 6.1.12 [#15614](https://togithub.com/spring-projects/spring-security/pull/15614) - Bump org.springframework:spring-framework-bom from 6.1.9 to 6.1.10 [#15280](https://togithub.com/spring-projects/spring-security/pull/15280) ##### :nut_and_bolt: Build Updates - Automate check of expected branch version [#15309](https://togithub.com/spring-projects/spring-security/issues/15309) - Bump `@antora`/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs [#15445](https://togithub.com/spring-projects/spring-security/pull/15445) - Bump `@antora`/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs [#15488](https://togithub.com/spring-projects/spring-security/pull/15488) - Bump `@antora`/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs [#15563](https://togithub.com/spring-projects/spring-security/pull/15563) - Bump `@antora`/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs [#15639](https://togithub.com/spring-projects/spring-security/pull/15639) - Bump `@springio`/antora-extensions from 1.11.1 to 1.12.0 in /docs [#15415](https://togithub.com/spring-projects/spring-security/pull/15415) - Bump `@springio`/antora-extensions from 1.12.0 to 1.13.0 in /docs [#15516](https://togithub.com/spring-projects/spring-security/pull/15516) - Bump `@springio`/antora-extensions from 1.13.0 to 1.13.1 in /docs [#15562](https://togithub.com/spring-projects/spring-security/pull/15562) - Bump `@springio`/antora-extensions from 1.13.1 to 1.14.2 in /docs [#15638](https://togithub.com/spring-projects/spring-security/pull/15638) - Bump `@springio`/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs [#15414](https://togithub.com/spring-projects/spring-security/pull/15414) - Bump `@springio`/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs [#15518](https://togithub.com/spring-projects/spring-security/pull/15518) - Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs [#15328](https://togithub.com/spring-projects/spring-security/pull/15328) - Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs [#15489](https://togithub.com/spring-projects/spring-security/pull/15489) - Bump com.gradle.develocity from 3.17.5 to 3.17.6 [#15465](https://togithub.com/spring-projects/spring-security/pull/15465) - Bump io-spring-javaformat from 0.0.42 to 0.0.43 [#15649](https://togithub.com/spring-projects/spring-security/pull/15649) - Migrate slack notifications to GChat [#15504](https://togithub.com/spring-projects/spring-security/issues/15504) ##### :heart: Contributors Thank you to all the contributors who worked on this release: [@Junhyunny](https://togithub.com/Junhyunny), [@Kehrlann](https://togithub.com/Kehrlann), [@OLibutzki](https://togithub.com/OLibutzki), [@arey](https://togithub.com/arey), [@baezzys](https://togithub.com/baezzys), and [@dependabot](https://togithub.com/dependabot)\[bot] ### [`v6.2.5`](https://togithub.com/spring-projects/spring-security/releases/tag/6.2.5) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.2.4...6.2.5) ##### :star: New Features - doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean [#15063](https://togithub.com/spring-projects/spring-security/issues/15063) - Enhance Logging in RequestMatcherDelegatingAuthorizationManage [#14922](https://togithub.com/spring-projects/spring-security/issues/14922) - InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified [#14974](https://togithub.com/spring-projects/spring-security/issues/14974) - Mention all required dependencies in LDAP documentation [#15244](https://togithub.com/spring-projects/spring-security/issues/15244) ##### :beetle: Bug Fixes - Assert WebSession is not null [#15178](https://togithub.com/spring-projects/spring-security/issues/15178) - AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc [#15210](https://togithub.com/spring-projects/spring-security/issues/15210) - DispatcherServletDelegatingRequestMatcher causes errors when running tests with MockMvc [#15196](https://togithub.com/spring-projects/spring-security/issues/15196) - Fix Java example in multitenanci.adoc [#15150](https://togithub.com/spring-projects/spring-security/issues/15150) - Incorrect documentation for OIDC Back-Channel Logout [#15198](https://togithub.com/spring-projects/spring-security/issues/15198) - InMemoryUserDetailsManager Setting User Roles in Official Documentation Example Causes Error [#14972](https://togithub.com/spring-projects/spring-security/issues/14972) - LDIF file on official documentation breaks the startup process [#15166](https://togithub.com/spring-projects/spring-security/issues/15166) - Link to article with remember-me-persistent-token strategy is broken [#15148](https://togithub.com/spring-projects/spring-security/issues/15148) - OIDC Logout section is not shown in the navbar [#15112](https://togithub.com/spring-projects/spring-security/issues/15112) - OpenSaml4AssertionValidator is not respecting clock skew settings [#15022](https://togithub.com/spring-projects/spring-security/issues/15022) - ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class [#14958](https://togithub.com/spring-projects/spring-security/issues/14958) - Resolving invalid CSRF token values is not consistent [#15185](https://togithub.com/spring-projects/spring-security/issues/15185) - spring-security/docs/modules/ROOT/pages/servlet/authorization /method-security [#15045](https://togithub.com/spring-projects/spring-security/issues/15045) - Wrong information for RequestCacheAwareFilter in the Spring Security documentation. [#14995](https://togithub.com/spring-projects/spring-security/issues/14995) ##### :hammer: Dependency Upgrades - Bump com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.17.1 [#15011](https://togithub.com/spring-projects/spring-security/pull/15011) - Bump io.micrometer:micrometer-observation from 1.12.5 to 1.12.6 [#15069](https://togithub.com/spring-projects/spring-security/pull/15069) - Bump io.micrometer:micrometer-observation from 1.12.6 to 1.12.7 [#15224](https://togithub.com/spring-projects/spring-security/pull/15224) - Bump io.mockk:mockk from 1.13.10 to 1.13.11 [#15079](https://togithub.com/spring-projects/spring-security/pull/15079) - Bump io.projectreactor:reactor-bom from 2023.0.5 to 2023.0.6 [#15075](https://togithub.com/spring-projects/spring-security/pull/15075) - Bump io.projectreactor:reactor-bom from 2023.0.6 to 2023.0.7 [#15232](https://togithub.com/spring-projects/spring-security/pull/15232) - Bump org-apache-maven-resolver from 1.9.18 to 1.9.19 [#14939](https://togithub.com/spring-projects/spring-security/pull/14939) - Bump org-apache-maven-resolver from 1.9.19 to 1.9.20 [#15031](https://togithub.com/spring-projects/spring-security/pull/15031) - Bump org-aspectj from 1.9.22 to 1.9.22.1 [#15049](https://togithub.com/spring-projects/spring-security/pull/15049) - Bump org-eclipse-jetty from 11.0.20 to 11.0.21 [#15080](https://togithub.com/spring-projects/spring-security/pull/15080) - Bump org.apache.maven:maven-resolver-provider from 3.9.6 to 3.9.7 [#15170](https://togithub.com/spring-projects/spring-security/pull/15170) - Bump org.hibernate.orm:hibernate-core from 6.4.4.Final to 6.4.5.Final [#14949](https://togithub.com/spring-projects/spring-security/pull/14949) - Bump org.hibernate.orm:hibernate-core from 6.4.5.Final to 6.4.6.Final [#14953](https://togithub.com/spring-projects/spring-security/pull/14953) - Bump org.hibernate.orm:hibernate-core from 6.4.6.Final to 6.4.7.Final [#14960](https://togithub.com/spring-projects/spring-security/pull/14960) - Bump org.hibernate.orm:hibernate-core from 6.4.7.Final to 6.4.8.Final [#14981](https://togithub.com/spring-projects/spring-security/pull/14981) - Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 [#15192](https://togithub.com/spring-projects/spring-security/pull/15192) - Bump org.jetbrains.kotlin:kotlin-bom from 1.9.23 to 1.9.24 [#15024](https://togithub.com/spring-projects/spring-security/pull/15024) - Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.23 to 1.9.24 [#15023](https://togithub.com/spring-projects/spring-security/pull/15023) - Bump org.opensaml:opensaml-core4 from 4.3.1 to 4.3.2 [#14947](https://togithub.com/spring-projects/spring-security/issues/14947) - Bump org.springframework.data:spring-data-bom from 2023.1.5 to 2023.1.6 [#15101](https://togithub.com/spring-projects/spring-security/pull/15101) - Bump org.springframework.data:spring-data-bom from 2023.1.6 to 2023.1.7 [#15262](https://togithub.com/spring-projects/spring-security/pull/15262) - Bump org.springframework.ldap:spring-ldap-core from 3.2.3 to 3.2.4 [#15248](https://togithub.com/spring-projects/spring-security/pull/15248) - Bump org.springframework:spring-framework-bom from 6.1.6 to 6.1.7 [#15081](https://togithub.com/spring-projects/spring-security/pull/15081) - Bump org.springframework:spring-framework-bom from 6.1.7 to 6.1.8 [#15132](https://togithub.com/spring-projects/spring-security/pull/15132) - Bump org.springframework:spring-framework-bom from 6.1.8 to 6.1.9 [#15247](https://togithub.com/spring-projects/spring-security/pull/15247) - Update to OAuth2 OIDC SDK 9.43.4 [#14920](https://togithub.com/spring-projects/spring-security/issues/14920) - Upgrade nimbus-jose-jwt to version 9.37.3 [#14836](https://togithub.com/spring-projects/spring-security/issues/14836) ##### :nut_and_bolt: Build Updates - Attach Antora Docs to Pull Requests [#15060](https://togithub.com/spring-projects/spring-security/issues/15060) - Bump `@antora`/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs [#15163](https://togithub.com/spring-projects/spring-security/pull/15163) - Bump `@springio`/antora-extensions from 1.10.0 to 1.11.1 in /docs [#15142](https://togithub.com/spring-projects/spring-security/pull/15142) - Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 [#15032](https://togithub.com/spring-projects/spring-security/pull/15032) - Bump com.gradle.develocity from 3.17.2 to 3.17.3 [#15050](https://togithub.com/spring-projects/spring-security/pull/15050) - Bump com.gradle.develocity from 3.17.3 to 3.17.4 [#15102](https://togithub.com/spring-projects/spring-security/pull/15102) - Bump com.gradle.develocity from 3.17.4 to 3.17.5 [#15241](https://togithub.com/spring-projects/spring-security/pull/15241) - Bump io-spring-javaformat from 0.0.41 to 0.0.42 [#15216](https://togithub.com/spring-projects/spring-security/pull/15216) - Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 [#14961](https://togithub.com/spring-projects/spring-security/pull/14961) - Bump io.spring.gradle:spring-security-release-plugin from 1.0.2 to 1.0.3 [#14924](https://togithub.com/spring-projects/spring-security/pull/14924) - Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.13 to 4.33.15 [#14950](https://togithub.com/spring-projects/spring-security/pull/14950) - Consider Adding a Build Updates section to the release changelog [#15038](https://togithub.com/spring-projects/spring-security/issues/15038) ##### :heart: Contributors Thank you to all the contributors who worked on this release: [@dependabot](https://togithub.com/dependabot)\[bot] ### [`v6.2.4`](https://togithub.com/spring-projects/spring-security/releases/tag/6.2.4) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.2.3...6.2.4) #### :beetle: Bug Fixes - SpaCsrfTokenRequestHandler(Kotlin) documented in csrf-integration-javascript-spa causes NullPointerException [#14805](https://togithub.com/spring-projects/spring-security/issues/14805) - Address AuthorizationObservationConvention Package Tangle [#14795](https://togithub.com/spring-projects/spring-security/issues/14795) - bug org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector introspect method error [#14848](https://togithub.com/spring-projects/spring-security/issues/14848) - Transactional annotation breaks AOT for native image [#14865](https://togithub.com/spring-projects/spring-security/issues/14865) #### :hammer: Dependency Upgrades - Bump io.micrometer:micrometer-observation from 1.12.4 to 1.12.5 [#14867](https://togithub.com/spring-projects/spring-security/pull/14867) - Bump io.projectreactor:reactor-bom from 2023.0.4 to 2023.0.5 [#14873](https://togithub.com/spring-projects/spring-security/pull/14873) - Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 [#14821](https://togithub.com/spring-projects/spring-security/pull/14821) - Bump io.spring.gradle:spring-security-release-plugin from 1.0.1 to 1.0.2 [#14786](https://togithub.com/spring-projects/spring-security/pull/14786) - Bump org-aspectj from 1.9.21.2 to 1.9.22 [#14798](https://togithub.com/spring-projects/spring-security/pull/14798) - Bump org.slf4j:slf4j-api from 2.0.12 to 2.0.13 [#14907](https://togithub.com/spring-projects/spring-security/pull/14907) - Bump org.springframework.data:spring-data-bom from 2023.1.4 to 2023.1.5 [#14908](https://togithub.com/spring-projects/spring-security/pull/14908) - Bump org.springframework.ldap:spring-ldap-core from 3.2.2 to 3.2.3 [#14896](https://togithub.com/spring-projects/spring-security/pull/14896) - Bump org.springframework:spring-framework-bom from 6.1.5 to 6.1.6 [#14895](https://togithub.com/spring-projects/spring-security/pull/14895) - Update org.opensaml:opensaml-core4 to 4.3.1 [#14850](https://togithub.com/spring-projects/spring-security/issues/14850) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@dependabot](https://togithub.com/dependabot)\[bot]Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.