chore(deps): bump spring-security.version from 6.5.10 to 7.0.5 in /dhis-2 by dependabot[bot] · Pull Request #23755 · dhis2/dhis2-core

dependabot · 2026-04-28T03:16:47Z

Bumps spring-security.version from 6.5.10 to 7.0.5.
Updates org.springframework.security:spring-security-core from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-core's releases.

7.0.5

⭐ New Features

Add XML Based shouldWriteHeadersEagerly tests #19018

Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

Add equals and hashcode to HttpMethodRequestMatcher #18963

auth_time claim doesn't show the time of the original authentication #18282

auth_time validation fails when SSO session is renewed #18978

Fallback defaultTargetUrl if refererHeader is empty #18981

Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972

Merge Handle null value in OnCommittedResponseWrapper header methods #18990

OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054

Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953

Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029

Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957

Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096

Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021

Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114

Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080

Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111

Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113

Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098

Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112

Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996

Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095

Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@rwinch

7.0.4

⭐ New Features

Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784

Add Jackson Mixin for WebAuthnAuthentication #18878

Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

53bc6a7 Fix Formatting
aed95aa Fix Formatting
7b57a4a Release 7.0.5
1104796 Merge branch '6.5.x' into 7.0.x
4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
51a1f88 Bump com.webauthn4j:webauthn4j-core
762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-web from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-web's releases.

7.0.5

⭐ New Features

Add XML Based shouldWriteHeadersEagerly tests #19018

Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

Add equals and hashcode to HttpMethodRequestMatcher #18963

auth_time claim doesn't show the time of the original authentication #18282

auth_time validation fails when SSO session is renewed #18978

Fallback defaultTargetUrl if refererHeader is empty #18981

Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972

Merge Handle null value in OnCommittedResponseWrapper header methods #18990

OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054

Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953

Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029

Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957

Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096

Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021

Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114

Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080

Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111

Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113

Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098

Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112

Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996

Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095

Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@rwinch

7.0.4

⭐ New Features

Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784

Add Jackson Mixin for WebAuthnAuthentication #18878

Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

53bc6a7 Fix Formatting
aed95aa Fix Formatting
7b57a4a Release 7.0.5
1104796 Merge branch '6.5.x' into 7.0.x
4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
51a1f88 Bump com.webauthn4j:webauthn4j-core
762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-config from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-config's releases.

7.0.5

⭐ New Features

Add XML Based shouldWriteHeadersEagerly tests #19018

Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

Add equals and hashcode to HttpMethodRequestMatcher #18963

auth_time claim doesn't show the time of the original authentication #18282

auth_time validation fails when SSO session is renewed #18978

Fallback defaultTargetUrl if refererHeader is empty #18981

Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972

Merge Handle null value in OnCommittedResponseWrapper header methods #18990

OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054

Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953

Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029

Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957

Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096

Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021

Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114

Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080

Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111

Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113

Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098

Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112

Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996

Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095

Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@rwinch

7.0.4

⭐ New Features

Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784

Add Jackson Mixin for WebAuthnAuthentication #18878

Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

53bc6a7 Fix Formatting
aed95aa Fix Formatting
7b57a4a Release 7.0.5
1104796 Merge branch '6.5.x' into 7.0.x
4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
51a1f88 Bump com.webauthn4j:webauthn4j-core
762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-ldap from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-ldap's releases.

7.0.5

⭐ New Features

Add XML Based shouldWriteHeadersEagerly tests #19018

Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

Add equals and hashcode to HttpMethodRequestMatcher #18963

auth_time claim doesn't show the time of the original authentication #18282

auth_time validation fails when SSO session is renewed #18978

Fallback defaultTargetUrl if refererHeader is empty #18981

Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972

Merge Handle null value in OnCommittedResponseWrapper header methods #18990

OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054

Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953

Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029

Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957

Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096

Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021

Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114

Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080

Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111

Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113

Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098

Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112

Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996

Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095

Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@rwinch

7.0.4

⭐ New Features

Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784

Add Jackson Mixin for WebAuthnAuthentication #18878

Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

53bc6a7 Fix Formatting
aed95aa Fix Formatting
7b57a4a Release 7.0.5
1104796 Merge branch '6.5.x' into 7.0.x
4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
51a1f88 Bump com.webauthn4j:webauthn4j-core
762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-oauth2-client from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-oauth2-client's releases.

7.0.5

⭐ New Features

Add XML Based shouldWriteHeadersEagerly tests #19018

Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

Add equals and hashcode to HttpMethodRequestMatcher #18963

auth_time claim doesn't show the time of the original authentication #18282

auth_time validation fails when SSO session is renewed #18978

Fallback defaultTargetUrl if refererHeader is empty #18981

Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972

Merge Handle null value in OnCommittedResponseWrapper header methods #18990

OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054

Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953

Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029

Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957

Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096

Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021

Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114

Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080

Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111

Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113

Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098

Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112

Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996

Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095

Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@rwinch

7.0.4

⭐ New Features

Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784

Add Jackson Mixin for WebAuthnAuthentication #18878

Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

53bc6a7 Fix Formatting
aed95aa Fix Formatting
7b57a4a Release 7.0.5
1104796 Merge branch '6.5.x' into 7.0.x
4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
51a1f88 Bump com.webauthn4j:webauthn4j-core
762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-oauth2-jose from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-oauth2-jose's releases.

7.0.5

⭐ New Features

Add XML Based shouldWriteHeadersEagerly tests #19018

Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

Add equals and hashcode to HttpMethodRequestMatcher #18963

auth_time claim doesn't show the time of the original authentication #18282

auth_time validation fails when SSO session is renewed #18978

Fallback defaultTargetUrl if refererHeader is empty #18981

Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972

Merge Handle null value in OnCommittedResponseWrapper header methods #18990

OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054

Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953

Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029

Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957

Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096

Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021

Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114

Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080

Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111

Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113

Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098

Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112

Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996

Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095

Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@rwinch

7.0.4

⭐ New Features

Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784

Add Jackson Mixin for WebAuthnAuthentication #18878

Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

53bc6a7 Fix Formatting
aed95aa Fix Formatting
7b57a4a Release 7.0.5
1104796 Merge branch '6.5.x' into 7.0.x
4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
51a1f88 Bump com.webauthn4j:webauthn4j-core
762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-oauth2-resource-server from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-oauth2-resource-server's releases.

7.0.5

⭐ New Features

Add XML Based shouldWriteHeadersEagerly tests #19018

Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

Add equals and hashcode to HttpMethodRequestMatcher #18963

auth_time claim doesn't show the time of the original authentication #18282

auth_time validation fails when SSO session is renewed #18978

Fallback defaultTargetUrl if refererHeader is empty #18981

Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972

Merge Handle null value in OnCommittedResponseWrapper header methods #18990

OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054

Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953

Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029

Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957

Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096

Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021

Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114

Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080

Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111

Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113

Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098

Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112

Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996

Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095

Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@rwinch

7.0.4

⭐ New Features

Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784

Add Jackson Mixin for WebAuthnAuthentication #18878

Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

53bc6a7 Fix Formatting
aed95aa Fix Formatting
7b57a4a Release 7.0.5
1104796 Merge branch '6.5.x' into 7.0.x
4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
51a1f88 Bump com.webauthn4j:webauthn4j-core
762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-crypto from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-crypto's releases.

7.0.5

⭐ New Features

Add XML Based shouldWriteHeadersEagerly tests #19018

Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

Add equals and hashcode to HttpMethodRequestMatcher #18963

auth_time claim doesn't show the time of the original authentication #18282

auth_time validation fails when SSO session is renewed #18978

Fallback defaultTargetUrl if refererHeader is empty #18981

Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972

Merge Handle null value in OnCommittedResponseWrapper header methods #18990

OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054

Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953

Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029

Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957

Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096

Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021

Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114

Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080

Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111

Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113

Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098

Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112

Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996

Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095

Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@rwinch

7.0.4

⭐ New Features

Update RestTemplateBuilder usage in opaque-token.adoc #18836

🪲 Bug Fixes

Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784

Add Jackson Mixin for WebAuthnAuthentication #18878

Add Missing OnCommitedResponseWrapper Header Overrides #18799

... (truncated)

Commits

53bc6a7 Fix Formatting
aed95aa Fix Formatting
7b57a4a Release 7.0.5
1104796 Merge branch '6.5.x' into 7.0.x
4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
51a1f88 Bump com.webauthn4j:webauthn4j-core
762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
c9d6239 Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-test from 6.5.10 to 7.0.5

Release notes

Sourced from org.springframework.security:spring-security-test's releases.

7.0.5

⭐ New Features

Add XML Based shouldWriteHeadersEagerly tests #19018

Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

Add equals and hashcode to HttpMethodRequestMatcher #18963

auth_time claim doesn't show the time of the original authentication #18282

auth_time validation fails when SSO session is renewed #18978

Fallback defaultTargetUrl if refererHeader is empty #18981

Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972

Merge Handle null value in OnCommittedResponseWrapper header methods #18990

OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054

Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953

Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029

Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957

Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096

Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021

Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114

Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080

Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111

Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113

Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098

Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112

Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996

Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095

Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@rwinch

7.0.4

⭐ New Features

Update RestTemplateBuilder usage in opaque-token.adoc

Bumps `spring-security.version` from 6.5.10 to 7.0.5. Updates `org.springframework.security:spring-security-core` from 6.5.10 to 7.0.5 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.10...7.0.5) Updates `org.springframework.security:spring-security-web` from 6.5.10 to 7.0.5 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.10...7.0.5) Updates `org.springframework.security:spring-security-config` from 6.5.10 to 7.0.5 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.10...7.0.5) Updates `org.springframework.security:spring-security-ldap` from 6.5.10 to 7.0.5 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.10...7.0.5) Updates `org.springframework.security:spring-security-oauth2-client` from 6.5.10 to 7.0.5 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.10...7.0.5) Updates `org.springframework.security:spring-security-oauth2-jose` from 6.5.10 to 7.0.5 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.10...7.0.5) Updates `org.springframework.security:spring-security-oauth2-resource-server` from 6.5.10 to 7.0.5 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.10...7.0.5) Updates `org.springframework.security:spring-security-crypto` from 6.5.10 to 7.0.5 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.10...7.0.5) Updates `org.springframework.security:spring-security-test` from 6.5.10 to 7.0.5 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.10...7.0.5) Updates `org.springframework.security:spring-security-oauth2-core` from 6.5.10 to 7.0.5 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.10...7.0.5) --- updated-dependencies: - dependency-name: org.springframework.security:spring-security-config dependency-version: 7.0.5 dependency-type: direct:development update-type: version-update:semver-major - dependency-name: org.springframework.security:spring-security-core dependency-version: 7.0.5 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework.security:spring-security-crypto dependency-version: 7.0.5 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework.security:spring-security-ldap dependency-version: 7.0.5 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework.security:spring-security-oauth2-client dependency-version: 7.0.5 dependency-type: direct:development update-type: version-update:semver-major - dependency-name: org.springframework.security:spring-security-oauth2-core dependency-version: 7.0.5 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework.security:spring-security-oauth2-jose dependency-version: 7.0.5 dependency-type: direct:development update-type: version-update:semver-major - dependency-name: org.springframework.security:spring-security-oauth2-resource-server dependency-version: 7.0.5 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.springframework.security:spring-security-test dependency-version: 7.0.5 dependency-type: direct:development update-type: version-update:semver-major - dependency-name: org.springframework.security:spring-security-web dependency-version: 7.0.5 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-01T18:48:36Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Apr 28, 2026

dependabot Bot mentioned this pull request Apr 28, 2026

chore(deps): bump spring-security.version from 6.5.10 to 7.0.5 in /dhis-2 #23464

Closed

dependabot Bot assigned netroms Apr 28, 2026

dependabot Bot force-pushed the dependabot-maven-dhis-2-spring-security.version-7.0.5 branch from 2666bb6 to 46791dd Compare May 6, 2026 08:37

netroms closed this Jun 1, 2026

netroms deleted the dependabot-maven-dhis-2-spring-security.version-7.0.5 branch June 1, 2026 18:48

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump spring-security.version from 6.5.10 to 7.0.5 in /dhis-2#23755

chore(deps): bump spring-security.version from 6.5.10 to 7.0.5 in /dhis-2#23755
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot-maven-dhis-2-spring-security.version-7.0.5

dependabot Bot commented on behalf of github Apr 28, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Jun 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

7.0.5

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

7.0.4

⭐ New Features

🪲 Bug Fixes

7.0.5

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

7.0.4

⭐ New Features

🪲 Bug Fixes

7.0.5

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

7.0.4

⭐ New Features

🪲 Bug Fixes

7.0.5

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

7.0.4

⭐ New Features

🪲 Bug Fixes

7.0.5

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

7.0.4

⭐ New Features

🪲 Bug Fixes

7.0.5

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

7.0.4

⭐ New Features

🪲 Bug Fixes

7.0.5

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

7.0.4

⭐ New Features

🪲 Bug Fixes

7.0.5

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

7.0.4

⭐ New Features

🪲 Bug Fixes

7.0.5

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

7.0.4

⭐ New Features

Uh oh!

dependabot Bot commented on behalf of github Jun 1, 2026

Uh oh!

Reviewers

Assignees

Labels

dependabot Bot commented on behalf of github Apr 28, 2026 •

edited

Loading