Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump spring-security-bom from 5.4.5 to 5.4.7 #1882

Merged
merged 1 commit into from
Jul 19, 2021
Merged

Bump spring-security-bom from 5.4.5 to 5.4.7 #1882

merged 1 commit into from
Jul 19, 2021

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 19, 2021

Bumps spring-security-bom from 5.4.5 to 5.4.7.

Release notes

Sourced from spring-security-bom's releases.

5.4.7

⭐ New Features

  • Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository #9920

🪲 Bug Fixes

  • Disabling logout keeps LogoutPageGeneratingWebFilter registered at /logout #9942
  • Missing log of "caused by" exception when OP document metadata cannot be reached #9940
  • Using the SecurityMockServerConfigurers.java requires the com.nimbusds oauth2-oidc-sdk on the classpath #9930
  • Adding filters relative to custom ones is broken #9908
  • SEC-3139: Anonymous authentication token not passed to Controller #9891
  • Clarify quick start section in README #9886
  • RSocket and WebClient with Security refCount: 0 #9871
  • Client credentials not correctly encoded in Basic Auth #9861
  • Docs should state default value for Resource Server validation clock skew is 60 seconds #9848
  • OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #9820
  • DefaultSpringSecurityContextSource can't handle spaces in baseDn #9807
  • OAuth2ErrorResponseErrorHandler throws IllegalArgumentException for a nonstandard HTTP status code response #9802
  • NPE in HttpSessionSecurityContextRepository.isTransientAuthentication #9800
  • docs.af.pivotal.io->docs-ip.spring.io #9686
  • Buffer LEAK detected by ResourceLeakDetector in AuthenticationPayloadExchangeConverter #9681
  • NullPointerException in StrictHttpFirewall spring-security-web version 5.4.5 #9674
  • WebFlux httpBasic() should match on XHR requests #9662
  • HttpSecurity.addFilter* with same Filter in Different Position Places in Incorrect Location #9643
  • oauth2Login() generates authorization links for "client_credentials" grant type #9637

5.4.6

🪲 Bug Fixes

🔨 Dependency Upgrades

  • Update to Spring Boot 2.4.4 #9613
Commits
  • 73e6ef2 Release 5.4.7
  • d71be4c Lock Dependencies for Release
  • 0c1bce5 Disable default logout page when logout disabled
  • 1cd4ffe fix typo preventing full exception to be displayed in log
  • 1d48f31 Replace StringUtils from oauth2-oidc-sdk
  • a108868 Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRep...
  • ac371d5 Fix Adding Filter Relative to Custom Filter
  • e601d96 Anonymous Authentication Argument Resolution Docs
  • 18d04f2 Fix Getting Started Link
  • b9e1901 Format PayloadInterceptorRSocket
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump spring-security-bom from 5.4.5 to 5.4.7
2323a85 
Bumps [spring-security-bom](https://github.com/spring-projects/spring-security) from 5.4.5 to 5.4.7.
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@5.4.5...5.4.7)

---
updated-dependencies:
- dependency-name: org.springframework.security:spring-security-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added Priority 1: Must Highest priority. A release cannot be made if this issue isn’t resolved. Status: In Progress Use to signal this issue is actively worked on. Target: 4.5.4 Type: Dependency Upgrade Use to signal an issue that adjusts the project’s dependencies. Typically used by dependabot only. labels Jul 19, 2021
@dependabot dependabot bot added this to the Release 4.5.4 milestone Jul 19, 2021
@sonarcloud
Copy link

sonarcloud bot commented Jul 19, 2021

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@smcvb smcvb self-assigned this Jul 19, 2021
smcvb
smcvb approved these changes Jul 19, 2021
View reviewed changes
Copy link
Member

@smcvb smcvb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me 👍

@smcvb smcvb merged commit c2b54cb into axon-4.5.x Jul 19, 2021
@smcvb smcvb added Status: Resolved Use to signal that work on this issue is done. and removed Status: In Progress Use to signal this issue is actively worked on. labels Jul 19, 2021
@dependabot dependabot bot deleted the dependabot/maven/axon-4.5.x/org.springframework.security-spring-security-bom-5.4.7 branch July 19, 2021 08:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smcvb smcvb smcvb approved these changes

@lfgcampos lfgcampos Awaiting requested review from lfgcampos

@m1l4n54v1c m1l4n54v1c Awaiting requested review from m1l4n54v1c

@saratry saratry Awaiting requested review from saratry

Assignees

@smcvb smcvb

Labels
Priority 1: Must Highest priority. A release cannot be made if this issue isn’t resolved. Status: Resolved Use to signal that work on this issue is done. Type: Dependency Upgrade Use to signal an issue that adjusts the project’s dependencies. Typically used by dependabot only.
Projects
None yet
Milestone
Release 4.5.4
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@smcvb