chore(deps): bump spring-security.version from 5.8.8 to 5.8.13 in /dhis-2 #17858

dependabot · 2024-06-24T00:10:36Z

Bumps spring-security.version from 5.8.8 to 5.8.13.
Updates org.springframework.security:spring-security-core from 5.8.8 to 5.8.13

Release notes

Sourced from org.springframework.security:spring-security-core's releases.

5.8.13

⭐ New Features

doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #14779

Enhance Logging in RequestMatcherDelegatingAuthorizationManage #14837

Improve PasswordEncoder Error Messaging #14951

InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #14880

Mention all required dependencies in LDAP documentation #15235

Remove useBase64 parameter #14862

🪲 Bug Fixes

AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #13849

Always Use Request-Level ServletContext to Evaluate Request Matcher Paths #15195

Assert WebSession is not null #14977

Conditionally Add Conventions Plugin #15152

DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext #14418

Fix Java example in multitenanci.adoc #15146

LDIF file on official documentation breaks the startup process #15089

Link to article with remember-me-persistent-token strategy is broken #14358

ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #14931

Resolving invalid CSRF token values is not consistent #15184

Restore Build Scan Capability #15120

Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #14855

🔨 Dependency Upgrades

Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 #15074

Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 #15231

Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE #14923

Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 #15073

Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 #15230

Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #15191

Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 #15085

Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 #15135

Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 #15253

Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 #14938

🔩 Build Updates

Attach Antora Docs to Pull Requests #14992

Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #15160

Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #15140

Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #15001

Bump com.gradle.develocity from 3.17.2 to 3.17.4 #15099

Bump com.gradle.develocity from 3.17.4 to 3.17.5 #15240

Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #14959

Consider Adding a Build Updates section to the release changelog #14485

Migrate to com.gradle.develocity plugin #15021

Update Gradle Enterprise plugin to 3.17.2 #15020

... (truncated)

Commits

20332fe Release 5.8.13
2537a03 Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37
f622d8e Polish gh-15235
92cab2b Add 'Required Dependencies' section in ldap.adoc file
254709c Bump com.gradle.develocity from 3.17.4 to 3.17.5
e9c1b7b Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45
2b322da Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46
6aabd76 Pick MvcRequestMatcher for MockMvc requests
cdd6266 Use Request-Level Servlet Context
5a798e9 Polish MVC Tests
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-web from 5.8.8 to 5.8.13

Release notes

Sourced from org.springframework.security:spring-security-web's releases.

5.8.13

⭐ New Features

doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #14779

Enhance Logging in RequestMatcherDelegatingAuthorizationManage #14837

Improve PasswordEncoder Error Messaging #14951

InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #14880

Mention all required dependencies in LDAP documentation #15235

Remove useBase64 parameter #14862

🪲 Bug Fixes

AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #13849

Always Use Request-Level ServletContext to Evaluate Request Matcher Paths #15195

Assert WebSession is not null #14977

Conditionally Add Conventions Plugin #15152

DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext #14418

Fix Java example in multitenanci.adoc #15146

LDIF file on official documentation breaks the startup process #15089

Link to article with remember-me-persistent-token strategy is broken #14358

ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #14931

Resolving invalid CSRF token values is not consistent #15184

Restore Build Scan Capability #15120

Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #14855

🔨 Dependency Upgrades

Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 #15074

Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 #15231

Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE #14923

Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 #15073

Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 #15230

Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #15191

Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 #15085

Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 #15135

Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 #15253

Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 #14938

🔩 Build Updates

Attach Antora Docs to Pull Requests #14992

Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #15160

Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #15140

Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #15001

Bump com.gradle.develocity from 3.17.2 to 3.17.4 #15099

Bump com.gradle.develocity from 3.17.4 to 3.17.5 #15240

Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #14959

Consider Adding a Build Updates section to the release changelog #14485

Migrate to com.gradle.develocity plugin #15021

Update Gradle Enterprise plugin to 3.17.2 #15020

... (truncated)

Commits

20332fe Release 5.8.13
2537a03 Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37
f622d8e Polish gh-15235
92cab2b Add 'Required Dependencies' section in ldap.adoc file
254709c Bump com.gradle.develocity from 3.17.4 to 3.17.5
e9c1b7b Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45
2b322da Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46
6aabd76 Pick MvcRequestMatcher for MockMvc requests
cdd6266 Use Request-Level Servlet Context
5a798e9 Polish MVC Tests
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-aspects from 5.8.8 to 5.8.13

Release notes

Sourced from org.springframework.security:spring-security-aspects's releases.

5.8.13

⭐ New Features

doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #14779

Enhance Logging in RequestMatcherDelegatingAuthorizationManage #14837

Improve PasswordEncoder Error Messaging #14951

InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #14880

Mention all required dependencies in LDAP documentation #15235

Remove useBase64 parameter #14862

🪲 Bug Fixes

AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #13849

Always Use Request-Level ServletContext to Evaluate Request Matcher Paths #15195

Assert WebSession is not null #14977

Conditionally Add Conventions Plugin #15152

DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext #14418

Fix Java example in multitenanci.adoc #15146

LDIF file on official documentation breaks the startup process #15089

Link to article with remember-me-persistent-token strategy is broken #14358

ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #14931

Resolving invalid CSRF token values is not consistent #15184

Restore Build Scan Capability #15120

Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #14855

🔨 Dependency Upgrades

Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 #15074

Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 #15231

Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE #14923

Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 #15073

Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 #15230

Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #15191

Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 #15085

Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 #15135

Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 #15253

Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 #14938

🔩 Build Updates

Attach Antora Docs to Pull Requests #14992

Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #15160

Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #15140

Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #15001

Bump com.gradle.develocity from 3.17.2 to 3.17.4 #15099

Bump com.gradle.develocity from 3.17.4 to 3.17.5 #15240

Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #14959

Consider Adding a Build Updates section to the release changelog #14485

Migrate to com.gradle.develocity plugin #15021

Update Gradle Enterprise plugin to 3.17.2 #15020

... (truncated)

Commits

20332fe Release 5.8.13
2537a03 Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37
f622d8e Polish gh-15235
92cab2b Add 'Required Dependencies' section in ldap.adoc file
254709c Bump com.gradle.develocity from 3.17.4 to 3.17.5
e9c1b7b Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45
2b322da Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46
6aabd76 Pick MvcRequestMatcher for MockMvc requests
cdd6266 Use Request-Level Servlet Context
5a798e9 Polish MVC Tests
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-config from 5.8.8 to 5.8.13

Release notes

Sourced from org.springframework.security:spring-security-config's releases.

5.8.13

⭐ New Features

doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #14779

Enhance Logging in RequestMatcherDelegatingAuthorizationManage #14837

Improve PasswordEncoder Error Messaging #14951

InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #14880

Mention all required dependencies in LDAP documentation #15235

Remove useBase64 parameter #14862

🪲 Bug Fixes

AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #13849

Always Use Request-Level ServletContext to Evaluate Request Matcher Paths #15195

Assert WebSession is not null #14977

Conditionally Add Conventions Plugin #15152

DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext #14418

Fix Java example in multitenanci.adoc #15146

LDIF file on official documentation breaks the startup process #15089

Link to article with remember-me-persistent-token strategy is broken #14358

ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #14931

Resolving invalid CSRF token values is not consistent #15184

Restore Build Scan Capability #15120

Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #14855

🔨 Dependency Upgrades

Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 #15074

Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 #15231

Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE #14923

Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 #15073

Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 #15230

Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #15191

Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 #15085

Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 #15135

Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 #15253

Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 #14938

🔩 Build Updates

Attach Antora Docs to Pull Requests #14992

Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #15160

Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #15140

Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #15001

Bump com.gradle.develocity from 3.17.2 to 3.17.4 #15099

Bump com.gradle.develocity from 3.17.4 to 3.17.5 #15240

Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #14959

Consider Adding a Build Updates section to the release changelog #14485

Migrate to com.gradle.develocity plugin #15021

Update Gradle Enterprise plugin to 3.17.2 #15020

... (truncated)

Commits

20332fe Release 5.8.13
2537a03 Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37
f622d8e Polish gh-15235
92cab2b Add 'Required Dependencies' section in ldap.adoc file
254709c Bump com.gradle.develocity from 3.17.4 to 3.17.5
e9c1b7b Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45
2b322da Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46
6aabd76 Pick MvcRequestMatcher for MockMvc requests
cdd6266 Use Request-Level Servlet Context
5a798e9 Polish MVC Tests
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-ldap from 5.8.8 to 5.8.13

Release notes

Sourced from org.springframework.security:spring-security-ldap's releases.

5.8.13

⭐ New Features

doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #14779

Enhance Logging in RequestMatcherDelegatingAuthorizationManage #14837

Improve PasswordEncoder Error Messaging #14951

InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #14880

Mention all required dependencies in LDAP documentation #15235

Remove useBase64 parameter #14862

🪲 Bug Fixes

AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #13849

Always Use Request-Level ServletContext to Evaluate Request Matcher Paths #15195

Assert WebSession is not null #14977

Conditionally Add Conventions Plugin #15152

DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext #14418

Fix Java example in multitenanci.adoc #15146

LDIF file on official documentation breaks the startup process #15089

Link to article with remember-me-persistent-token strategy is broken #14358

ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #14931

Resolving invalid CSRF token values is not consistent #15184

Restore Build Scan Capability #15120

Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #14855

🔨 Dependency Upgrades

Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 #15074

Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 #15231

Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE #14923

Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 #15073

Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 #15230

Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #15191

Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 #15085

Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 #15135

Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 #15253

Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 #14938

🔩 Build Updates

Attach Antora Docs to Pull Requests #14992

Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #15160

Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #15140

Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #15001

Bump com.gradle.develocity from 3.17.2 to 3.17.4 #15099

Bump com.gradle.develocity from 3.17.4 to 3.17.5 #15240

Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #14959

Consider Adding a Build Updates section to the release changelog #14485

Migrate to com.gradle.develocity plugin #15021

Update Gradle Enterprise plugin to 3.17.2 #15020

... (truncated)

Commits

20332fe Release 5.8.13
2537a03 Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37
f622d8e Polish gh-15235
92cab2b Add 'Required Dependencies' section in ldap.adoc file
254709c Bump com.gradle.develocity from 3.17.4 to 3.17.5
e9c1b7b Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45
2b322da Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46
6aabd76 Pick MvcRequestMatcher for MockMvc requests
cdd6266 Use Request-Level Servlet Context
5a798e9 Polish MVC Tests
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-oauth2-client from 5.8.8 to 5.8.13

Release notes

Sourced from org.springframework.security:spring-security-oauth2-client's releases.

5.8.13

⭐ New Features

doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #14779

Enhance Logging in RequestMatcherDelegatingAuthorizationManage #14837

Improve PasswordEncoder Error Messaging #14951

InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #14880

Mention all required dependencies in LDAP documentation #15235

Remove useBase64 parameter #14862

🪲 Bug Fixes

AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #13849

Always Use Request-Level ServletContext to Evaluate Request Matcher Paths #15195

Assert WebSession is not null #14977

Conditionally Add Conventions Plugin #15152

DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext #14418

Fix Java example in multitenanci.adoc #15146

LDIF file on official documentation breaks the startup process #15089

Link to article with remember-me-persistent-token strategy is broken #14358

ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #14931

Resolving invalid CSRF token values is not consistent #15184

Restore Build Scan Capability #15120

Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #14855

🔨 Dependency Upgrades

Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 #15074

Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 #15231

Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE #14923

Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 #15073

Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 #15230

Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #15191

Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 #15085

Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 #15135

Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 #15253

Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 #14938

🔩 Build Updates

Attach Antora Docs to Pull Requests #14992

Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #15160

Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #15140

Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #15001

Bump com.gradle.develocity from 3.17.2 to 3.17.4 #15099

Bump com.gradle.develocity from 3.17.4 to 3.17.5 #15240

Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #14959

Consider Adding a Build Updates section to the release changelog #14485

Migrate to com.gradle.develocity plugin #15021

Update Gradle Enterprise plugin to 3.17.2 #15020

... (truncated)

Commits

20332fe Release 5.8.13
2537a03 Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37
f622d8e Polish gh-15235
92cab2b Add 'Required Dependencies' section in ldap.adoc file
254709c Bump com.gradle.develocity from 3.17.4 to 3.17.5
e9c1b7b Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45
2b322da Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46
6aabd76 Pick MvcRequestMatcher for MockMvc requests
cdd6266 Use Request-Level Servlet Context
5a798e9 Polish MVC Tests
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-oauth2-jose from 5.8.8 to 5.8.13

Release notes

Sourced from org.springframework.security:spring-security-oauth2-jose's releases.

5.8.13

⭐ New Features

doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #14779

Enhance Logging in RequestMatcherDelegatingAuthorizationManage #14837

Improve PasswordEncoder Error Messaging #14951

InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #14880

Mention all required dependencies in LDAP documentation #15235

Remove useBase64 parameter #14862

🪲 Bug Fixes

AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #13849

Always Use Request-Level ServletContext to Evaluate Request Matcher Paths #15195

Assert WebSession is not null #14977

Conditionally Add Conventions Plugin #15152

DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext #14418

Fix Java example in multitenanci.adoc #15146

LDIF file on official documentation breaks the startup process #15089

Link to article with remember-me-persistent-token strategy is broken #14358

ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #14931

Resolving invalid CSRF token values is not consistent #15184

Restore Build Scan Capability #15120

Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #14855

🔨 Dependency Upgrades

Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 #15074

Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 #15231

Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE #14923

Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 #15073

Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 #15230

Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #15191

Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 #15085

Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 #15135

Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 #15253

Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 #14938

🔩 Build Updates

Attach Antora Docs to Pull Requests #14992

Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #15160

Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #15140

Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #15001

Bump com.gradle.develocity from 3.17.2 to 3.17.4 #15099

Bump com.gradle.develocity from 3.17.4 to 3.17.5 #15240

Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #14959

Consider Adding a Build Updates section to the release changelog #14485

Migrate to com.gradle.develocity plugin #15021

Update Gradle Enterprise plugin to 3.17.2 #15020

... (truncated)

Commits

20332fe Release 5.8.13
2537a03 Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37
f622d8e Polish gh-15235
92cab2b Add 'Required Dependencies' section in ldap.adoc file
254709c Bump com.gradle.develocity from 3.17.4 to 3.17.5
e9c1b7b Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45
2b322da Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46
6aabd76 Pick MvcRequestMatcher for MockMvc requests
cdd6266 Use Request-Level Servlet Context
5a798e9 Polish MVC Tests
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-oauth2-resource-server from 5.8.8 to 5.8.13

Release notes

Sourced from org.springframework.security:spring-security-oauth2-resource-server's releases.

5.8.13

⭐ New Features

doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #14779

Enhance Logging in RequestMatcherDelegatingAuthorizationManage #14837

Improve PasswordEncoder Error Messaging #14951

InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #14880

Mention all required dependencies in LDAP documentation #15235

Remove useBase64 parameter #14862

🪲 Bug Fixes

AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #13849

Always Use Request-Level ServletContext to Evaluate Request Matcher Paths #15195

Assert WebSession is not null #14977

Conditionally Add Conventions Plugin #15152

DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext #14418

Fix Java example in multitenanci.adoc #15146

LDIF file on official documentation breaks the startup process #15089

Link to article with remember-me-persistent-token strategy is broken #14358

ProxyRe...
Description has been truncated

Bumps `spring-security.version` from 5.8.8 to 5.8.13. Updates `org.springframework.security:spring-security-core` from 5.8.8 to 5.8.13 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.8.8...5.8.13) Updates `org.springframework.security:spring-security-web` from 5.8.8 to 5.8.13 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.8.8...5.8.13) Updates `org.springframework.security:spring-security-aspects` from 5.8.8 to 5.8.13 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.8.8...5.8.13) Updates `org.springframework.security:spring-security-config` from 5.8.8 to 5.8.13 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.8.8...5.8.13) Updates `org.springframework.security:spring-security-ldap` from 5.8.8 to 5.8.13 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.8.8...5.8.13) Updates `org.springframework.security:spring-security-oauth2-client` from 5.8.8 to 5.8.13 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.8.8...5.8.13) Updates `org.springframework.security:spring-security-oauth2-jose` from 5.8.8 to 5.8.13 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.8.8...5.8.13) Updates `org.springframework.security:spring-security-oauth2-resource-server` from 5.8.8 to 5.8.13 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.8.8...5.8.13) Updates `org.springframework.security:spring-security-crypto` from 5.8.8 to 5.8.13 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.8.8...5.8.13) Updates `org.springframework.security:spring-security-oauth2-core` from 5.8.8 to 5.8.13 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@5.8.8...5.8.13) --- updated-dependencies: - dependency-name: org.springframework.security:spring-security-core dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-web dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-aspects dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-config dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-ldap dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-oauth2-client dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-oauth2-jose dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-oauth2-resource-server dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-crypto dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-oauth2-core dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

sonarcloud · 2024-06-24T00:20:36Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 24, 2024

github-actions bot approved these changes Jun 24, 2024

View reviewed changes

github-actions bot enabled auto-merge (squash) June 24, 2024 00:11

github-actions bot merged commit bc88701 into 2.39 Jun 24, 2024
9 checks passed

github-actions bot deleted the dependabot-maven-dhis-2-2.39-spring-security.version-5.8.13 branch June 24, 2024 00:27

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump spring-security.version from 5.8.8 to 5.8.13 in /dhis-2 #17858

chore(deps): bump spring-security.version from 5.8.8 to 5.8.13 in /dhis-2 #17858

dependabot bot commented on behalf of github Jun 24, 2024

sonarcloud bot commented Jun 24, 2024

chore(deps): bump spring-security.version from 5.8.8 to 5.8.13 in /dhis-2 #17858

chore(deps): bump spring-security.version from 5.8.8 to 5.8.13 in /dhis-2 #17858

Conversation

dependabot bot commented on behalf of github Jun 24, 2024

5.8.13

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

5.8.13

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

5.8.13

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

5.8.13

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

5.8.13

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

5.8.13

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

5.8.13

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

5.8.13

⭐ New Features

🪲 Bug Fixes

sonarcloud bot commented Jun 24, 2024

Quality Gate passed