chore(deps): bump spring-security.version from 6.5.10 to 7.0.5 in /dhis-2

[dependabot]

Bumps spring-security.version from 6.5.10 to 7.0.5.
Updates org.springframework.security:spring-security-core from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-core's releases.

7.0.5

⭐ New Features

• Add XML Based shouldWriteHeadersEagerly tests #19018
• Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

• Add equals and hashcode to HttpMethodRequestMatcher #18963
• auth_time claim doesn't show the time of the original authentication #18282
• auth_time validation fails when SSO session is renewed #18978
• Fallback defaultTargetUrl if refererHeader is empty #18981
• Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972
• Merge Handle null value in OnCommittedResponseWrapper header methods #18990
• OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

• Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054
• Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953
• Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957
• Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096
• Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021
• Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114
• Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080
• Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111
• Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113
• Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098
• Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112
• Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996
• Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095
• Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​rwinch

7.0.4

⭐ New Features

• Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

• Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784
• Add Jackson Mixin for WebAuthnAuthentication #18878
• Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

• 53bc6a7 Fix Formatting
• aed95aa Fix Formatting
• 7b57a4a Release 7.0.5
• 1104796 Merge branch '6.5.x' into 7.0.x
• 4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
• ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
• 7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
• 51a1f88 Bump com.webauthn4j:webauthn4j-core
• 762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
• c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-web from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-web's releases.

7.0.5

⭐ New Features

• Add XML Based shouldWriteHeadersEagerly tests #19018
• Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

• Add equals and hashcode to HttpMethodRequestMatcher #18963
• auth_time claim doesn't show the time of the original authentication #18282
• auth_time validation fails when SSO session is renewed #18978
• Fallback defaultTargetUrl if refererHeader is empty #18981
• Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972
• Merge Handle null value in OnCommittedResponseWrapper header methods #18990
• OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

• Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054
• Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953
• Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957
• Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096
• Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021
• Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114
• Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080
• Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111
• Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113
• Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098
• Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112
• Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996
• Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095
• Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​rwinch

7.0.4

⭐ New Features

• Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

• Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784
• Add Jackson Mixin for WebAuthnAuthentication #18878
• Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

• 53bc6a7 Fix Formatting
• aed95aa Fix Formatting
• 7b57a4a Release 7.0.5
• 1104796 Merge branch '6.5.x' into 7.0.x
• 4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
• ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
• 7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
• 51a1f88 Bump com.webauthn4j:webauthn4j-core
• 762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
• c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-config from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-config's releases.

7.0.5

⭐ New Features

• Add XML Based shouldWriteHeadersEagerly tests #19018
• Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

• Add equals and hashcode to HttpMethodRequestMatcher #18963
• auth_time claim doesn't show the time of the original authentication #18282
• auth_time validation fails when SSO session is renewed #18978
• Fallback defaultTargetUrl if refererHeader is empty #18981
• Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972
• Merge Handle null value in OnCommittedResponseWrapper header methods #18990
• OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

• Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054
• Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953
• Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957
• Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096
• Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021
• Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114
• Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080
• Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111
• Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113
• Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098
• Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112
• Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996
• Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095
• Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​rwinch

7.0.4

⭐ New Features

• Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

• Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784
• Add Jackson Mixin for WebAuthnAuthentication #18878
• Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

• 53bc6a7 Fix Formatting
• aed95aa Fix Formatting
• 7b57a4a Release 7.0.5
• 1104796 Merge branch '6.5.x' into 7.0.x
• 4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
• ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
• 7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
• 51a1f88 Bump com.webauthn4j:webauthn4j-core
• 762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
• c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-ldap from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-ldap's releases.

7.0.5

⭐ New Features

• Add XML Based shouldWriteHeadersEagerly tests #19018
• Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

• Add equals and hashcode to HttpMethodRequestMatcher #18963
• auth_time claim doesn't show the time of the original authentication #18282
• auth_time validation fails when SSO session is renewed #18978
• Fallback defaultTargetUrl if refererHeader is empty #18981
• Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972
• Merge Handle null value in OnCommittedResponseWrapper header methods #18990
• OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

• Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054
• Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953
• Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957
• Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096
• Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021
• Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114
• Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080
• Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111
• Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113
• Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098
• Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112
• Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996
• Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095
• Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​rwinch

7.0.4

⭐ New Features

• Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

• Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784
• Add Jackson Mixin for WebAuthnAuthentication #18878
• Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

• 53bc6a7 Fix Formatting
• aed95aa Fix Formatting
• 7b57a4a Release 7.0.5
• 1104796 Merge branch '6.5.x' into 7.0.x
• 4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
• ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
• 7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
• 51a1f88 Bump com.webauthn4j:webauthn4j-core
• 762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
• c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-oauth2-client from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-oauth2-client's releases.

7.0.5

⭐ New Features

• Add XML Based shouldWriteHeadersEagerly tests #19018
• Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

• Add equals and hashcode to HttpMethodRequestMatcher #18963
• auth_time claim doesn't show the time of the original authentication #18282
• auth_time validation fails when SSO session is renewed #18978
• Fallback defaultTargetUrl if refererHeader is empty #18981
• Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972
• Merge Handle null value in OnCommittedResponseWrapper header methods #18990
• OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

• Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054
• Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953
• Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957
• Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096
• Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021
• Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114
• Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080
• Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111
• Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113
• Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098
• Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112
• Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996
• Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095
• Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​rwinch

7.0.4

⭐ New Features

• Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

• Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784
• Add Jackson Mixin for WebAuthnAuthentication #18878
• Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

• 53bc6a7 Fix Formatting
• aed95aa Fix Formatting
• 7b57a4a Release 7.0.5
• 1104796 Merge branch '6.5.x' into 7.0.x
• 4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
• ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
• 7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
• 51a1f88 Bump com.webauthn4j:webauthn4j-core
• 762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
• c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-oauth2-jose from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-oauth2-jose's releases.

7.0.5

⭐ New Features

• Add XML Based shouldWriteHeadersEagerly tests #19018
• Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

• Add equals and hashcode to HttpMethodRequestMatcher #18963
• auth_time claim doesn't show the time of the original authentication #18282
• auth_time validation fails when SSO session is renewed #18978
• Fallback defaultTargetUrl if refererHeader is empty #18981
• Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972
• Merge Handle null value in OnCommittedResponseWrapper header methods #18990
• OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

• Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054
• Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953
• Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957
• Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096
• Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021
• Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114
• Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080
• Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111
• Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113
• Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098
• Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112
• Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996
• Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095
• Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​rwinch

7.0.4

⭐ New Features

• Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

• Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784
• Add Jackson Mixin for WebAuthnAuthentication #18878
• Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

• 53bc6a7 Fix Formatting
• aed95aa Fix Formatting
• 7b57a4a Release 7.0.5
• 1104796 Merge branch '6.5.x' into 7.0.x
• 4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
• ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
• 7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
• 51a1f88 Bump com.webauthn4j:webauthn4j-core
• 762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
• c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-oauth2-resource-server from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-oauth2-resource-server's releases.

7.0.5

⭐ New Features

• Add XML Based shouldWriteHeadersEagerly tests #19018
• Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

• Add equals and hashcode to HttpMethodRequestMatcher #18963
• auth_time claim doesn't show the time of the original authentication #18282
• auth_time validation fails when SSO session is renewed #18978
• Fallback defaultTargetUrl if refererHeader is empty #18981
• Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972
• Merge Handle null value in OnCommittedResponseWrapper header methods #18990
• OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

• Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054
• Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953
• Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957
• Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096
• Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021
• Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114
• Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080
• Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111
• Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113
• Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098
• Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112
• Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996
• Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095
• Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​rwinch

7.0.4

⭐ New Features

• Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

• Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784
• Add Jackson Mixin for WebAuthnAuthentication #18878
• Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

• 53bc6a7 Fix Formatting
• aed95aa Fix Formatting
• 7b57a4a Release 7.0.5
• 1104796 Merge branch '6.5.x' into 7.0.x
• 4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
• ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
• 7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
• 51a1f88 Bump com.webauthn4j:webauthn4j-core
• 762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
• c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-crypto from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-crypto's releases.

7.0.5

⭐ New Features

• Add XML Based shouldWriteHeadersEagerly tests #19018
• Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

• Add equals and hashcode to HttpMethodRequestMatcher #18963
• auth_time claim doesn't show the time of the original authentication #18282
• auth_time validation fails when SSO session is renewed #18978
• Fallback defaultTargetUrl if refererHeader is empty #18981
• Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972
• Merge Handle null value in OnCommittedResponseWrapper header methods #18990
• OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

• Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054
• Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953
• Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957
• Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096
• Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021
• Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114
• Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080
• Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111
• Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113
• Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098
• Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112
• Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996
• Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095
• Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​rwinch

7.0.4

⭐ New Features

• Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

• Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784
• Add Jackson Mixin for WebAuthnAuthentication #18878
• Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

• 53bc6a7 Fix Formatting
• aed95aa Fix Formatting
• 7b57a4a Release 7.0.5
• 1104796 Merge branch '6.5.x' into 7.0.x
• 4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
• ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
• 7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
• 51a1f88 Bump com.webauthn4j:webauthn4j-core
• 762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
• c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-test from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-test's releases.

7.0.5

⭐ New Features

• Add XML Based shouldWriteHeadersEagerly tests #19018
• Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

• Add equals and hashcode to HttpMethodRequestMatcher #18963
• auth_time claim doesn't show the time of the original authentication #18282
• auth_time validation fails when SSO session is renewed #18978
• Fallback defaultTargetUrl if refererHeader is empty #18981
• Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972
• Merge Handle null value in OnCommittedResponseWrapper header methods #18990
• OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

• Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054
• Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953
• Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957
• Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096
• Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021
• Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114
• Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080
• Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111
• Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113
• Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098
• Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112
• Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996
• Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095
• Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​rwinch

7.0.4

⭐ New Features

• Update RestTemplateBuilder usage in opaque-token.adoc

[enricocolasante]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with master! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[dependabot]

Superseded by #23755.