Update dependency org.springframework.security:spring-security-crypto to v5.6.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework.security:spring-security-crypto (source)	5.4.6 -> 5.6.0

---

Release Notes

spring-projects/spring-security

v5.6.0

Compare Source

⭐ New Features

• DaoAuthenticationProviderTests#avg function doesn't return fraction #​10426
• Docs Should Use Section Summary #​10449
• MissingCsrfTokenException message is misleading when not storing the CSRF tokens in the session #​10436
• Revamp OAuth 2.0 Login/Client reactive documentation #​8174
• Revamp Reactive OAuth 2.0 Login documentation #​10479
• Split up Documentation Further #​10367
• Support Structure 101 License Id in Package Tangle Check #​10443

🪲 Bug Fixes

• Adding keyInfo section to LogoutRequest from RP side #​10450
• In saml2 LogoutRequest from RP doesn't contain KeyInfo #​10438
• Oauth2 Resource Server will not retry on first failure with Multi-tenancy #​10444
• Port Missing Integration Docs #​10465
• SAML 2.0 JUnit Tests are being skipped #​10215
• Various build time javadoc warnings fix #​10423

🔨 Dependency Upgrades

• Update aspectj-plugin to 6.2.0 #​10445
• Update com.nimbusds to 9.19 #​10491
• Update hibernate-entitymanager to 5.6.1.Final #​10495
• Update hsqldb to 2.6.1 #​10496
• Update io.projectreactor to 2020.0.13 #​10493
• Update logback-classic to 1.2.7 #​10490
• Update org.springframework to 5.3.13 #​10497
• Update reactor-netty to 1.0.13 #​10494

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​sjohnr
• @​larsgrefer
• @​Emkas
• @​surkoff-v

v5.5.3

Compare Source

⭐ New Features

• Allow defining custom SAML 2.0 Assertion Signature Validator #​10317
• Add Documentation for Static Methods Classes for mockJwt() and jwt() #​10265

🪲 Bug Fixes

• ClaimAccessor#getClaimAsMap doesn't return null as documented #​10371
• 5.5.X only works with spring-security-5.4.xsd schema (XML-based config) #​10369
• SecurityNamespaceHandler: update schema version to 5.5 #​10348
• JwtTimeStampValidator uses wrong error on token expiration #​10328
• Fix typo #​10313
• Saml2LoginConfigurer relyingPartyRegistrationRepository method does not return correct type #​10257
• ACL docs refer to nonexistent sample apps #​10237
• SAML 2.0 Login should allow loginProcessingUrl without {registrationId} when providing an AuthenticationConverter #​10176

🔨 Dependency Upgrades

• Update org.springframework.data to 2021.0.6 #​10417
• Update org.springframework to 5.3.11 #​10416
• Update org.jetbrains.kotlinx to 1.5.2 #​10415
• Update org.jetbrains.kotlin to 1.5.31 #​10414
• Update org.eclipse.jetty to 9.4.44.v20210927 #​10413
• Update io.spring.nohttp to 0.0.10 #​10412
• Update r2dbc-spi-test to 0.8.6.RELEASE #​10410
• Update reactor-netty to 1.0.12 #​10409
• Update io.projectreactor to 2020.0.12 #​10408
• Update jackson-datatype-jsr310 to 2.12.5 #​10407
• Update jackson-databind to 2.12.5 #​10406
• Update jackson-bom to 2.12.5 #​10405
• Update logback-classic to 1.2.6 #​10404

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​Emkas
• @​marcusdacoregio

v5.5.2

Compare Source

⭐ New Features

• Consider adding springFrameworkVersion property #​10068
• Introduce samplesBranch property #​10036
• Use the new springFrameworkVersion property in docs' links #​10067

🔨 Dependency Upgrades

• Update com.nimbusds to 9.9.1 #​10186
• Update io.projectreactor to 2020.0.10 #​10187
• Update jackson-bom to 2.12.4 #​10183
• Update jackson-databind to 2.12.4 #​10184
• Update jackson-datatype-jsr310 to 2.12.4 #​10185
• Update logback-classic to 1.2.5 #​10182
• Update org.aspectj to 1.9.7 #​10189
• Update org.eclipse.jetty to 9.4.43.v20210629 #​10190
• Update org.jetbrains.kotlin to 1.5.21 #​10191
• Update org.jetbrains.kotlinx to 1.5.1 #​10192
• Update org.slf4j to 1.7.32 #​10193
• Update org.springframework to 5.3.9 #​10194
• Update org.springframework.data to 2021.0.4 #​10195
• Update reactor-netty to 1.0.10 #​10188

v5.5.1

Compare Source

⭐ New Features

• Consider adding a link checker to build #​9972
• Use Job Outputs to Transmit Error #​9928
• Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository #​9917
• Combine different OS Build in one CI Job #​9798
• Use GPG_PRIVATE_KEY directly #​9778

🪲 Bug Fixes

• Update links to point to migrated samples #​9971
• Add messaging to documentation about sample migration #​9970
• Fix broken links in docs #​9969
• CORS section is missing in Reactive reference documentation #​9952
• RSocket documentation mentions non-existent class #​9950
• Disabling logout keeps LogoutPageGeneratingWebFilter registered at /logout #​9941
• Missing log of "caused by" exception when OP document metadata cannot be reached #​9939
• Missing support for private_key_jwt in ClientRegistrations #​9936
• Allow client registration from issuer uri with no authorize_endpoint #​9935
• Missing support for urn:ietf:params:oauth:grant-type:jwt-bearer in ClientRegistrations #​9934
• Using the SecurityMockServerConfigurers.java requires the com.nimbusds oauth2-oidc-sdk on the classpath #​9929
• Jwt client authentication converter should detect new key #​9927
• Adding filters relative to custom ones is broken #​9906
• SEC-3139: Anonymous authentication token not passed to Controller #​9890
• Clarify quick start section in README #​9885
• RSocket and WebClient with Security refCount: 0 #​9870
• spring-security-config kotlin-stdlib-jdk8 dependency isn't optional #​9864
• Client credentials not correctly encoded in Basic Auth #​9858
• Docs should state default value for Resource Server validation clock skew is 60 seconds #​9849
• OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #​9819
• DefaultSpringSecurityContextSource can't handle spaces in baseDn #​9806
• OAuth2ErrorResponseErrorHandler throws IllegalArgumentException for a nonstandard HTTP status code response #​9805
• NPE in HttpSessionSecurityContextRepository.isTransientAuthentication #​9801
• Fix Build Scan in Build Windows CI Job #​9797
• GitHub Actions only Activated for main #​9777
• Artifactory missing mavenJava publication #​9774
• spring-security-core depends on spring-security-crypto #​9773

🔨 Dependency Upgrades

• Update org.springframework to 5.3.8 #​9984
• Update org.slf4j to 1.7.31 #​9983
• Update org.jetbrains.kotlin to 1.5.10 #​9982
• Update hibernate-entitymanager to 5.4.32.Final #​9981
• Update org.eclipse.jetty to 9.4.42.v20210604 #​9980
• Update io.rsocket to 1.1.1 #​9979
• Remove commons-codec constraint #​9977
• Update to OpenSAML 4.1.1 #​9976
• Update to nimbus-jose-jwt 9.10 #​9975
• Update to oauth2-oidc-sdk 9.9 #​9974

v5.5.0

Compare Source

⭐ New Features

• Configure user name used for Gradle CI builds #​9747
• HttpSessionOAuth2AuthorizationRequestRepository storing one OAuth2AuthorizationRequest #​9649
• Incorrect javadoc in AuthorizationCodeOAuth2AuthorizedClientProvider #​9708
• Restore Dependency Constraints for commons-codec and commons-logging #​8836
• Stop CI Jobs on Forks #​9717
• Update javadoc AuthorizationCodeOAuth2AuthorizedClientProvider #​9730

🔨 Dependency Upgrades

• Update io.projectreactor to 2020.0.7 #​9750
• Update io.spring.nohttp to 0.0.8 #​9753
• Update org.springframework to 5.3.7 #​9754
• Update org.springframework.data to 2021.0.1 #​9755
• Update r2dbc-spi-test to 0.8.5.RELEASE #​9752
• Update spring-ldap-core to 2.3.4.RELEASE #​9756
• Update to com.gradle.enterprise 3.6.1 #​9764
• Update to Gradle. 6.9 #​9758
• Update to Kotlin 1.5.0 #​9763

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​jzheaux
• @​talentedasian
• @​candrews
• @​marcusdacoregio

v5.4.9

Compare Source

⭐ New Features

• Add Documentation for Static Methods Classes for mockJwt() and jwt() #​10266

🪲 Bug Fixes

• SAML 2.0 Login should allow loginProcessingUrl without {registrationId} when providing an AuthenticationConverter #​10342
• JwtTimeStampValidator uses wrong error on token expiration #​10329
• Fix typo #​10314
• Saml2LoginConfigurer relyingPartyRegistrationRepository method does not return correct type #​10258
• MappedJwtClaimSetConverter#withDefaults doesn't remove claims from JWT as documented #​10209

🔨 Dependency Upgrades

• Update to Spring Boot 2.4.11 #​10418

v5.4.8

Compare Source

⭐ New Features

• Remove -PdeployDocsHost=docs-ip.spring.io from Build #​10021

🪲 Bug Fixes

• Regression with URL encode client credentials #​10126
• AuthenticationFailureEvent does not exist #​10107
• Fix a typo in some class names in the oauth documentation #​10052
• Fix Saml2WebSsoAuthenticationRequestFilter javadoc #​10027
• Update to use s01.oss.sonatype.org Maven Publishing #​10015
• Every XML sec:authentication-manager creates a new global instance of AuthenticationEventPublisher #​10009
• logoutSuccessUrl in DefaultLoginPageGeneratingFilter is not set #​9997

🔨 Dependency Upgrades

• Update to Spring Boot 2.4.8 #​10181
• Update to spring-build-conventions:0.0.38 #​10020

v5.4.7

Compare Source

⭐ New Features

• Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository #​9920

🪲 Bug Fixes

• Disabling logout keeps LogoutPageGeneratingWebFilter registered at /logout #​9942
• Missing log of "caused by" exception when OP document metadata cannot be reached #​9940
• Using the SecurityMockServerConfigurers.java requires the com.nimbusds oauth2-oidc-sdk on the classpath #​9930
• Adding filters relative to custom ones is broken #​9908
• SEC-3139: Anonymous authentication token not passed to Controller #​9891
• Clarify quick start section in README #​9886
• RSocket and WebClient with Security refCount: 0 #​9871
• Client credentials not correctly encoded in Basic Auth #​9861
• Docs should state default value for Resource Server validation clock skew is 60 seconds #​9848
• OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #​9820
• DefaultSpringSecurityContextSource can't handle spaces in baseDn #​9807
• OAuth2ErrorResponseErrorHandler throws IllegalArgumentException for a nonstandard HTTP status code response #​9802
• NPE in HttpSessionSecurityContextRepository.isTransientAuthentication #​9800
• docs.af.pivotal.io->docs-ip.spring.io #​9686
• Buffer LEAK detected by ResourceLeakDetector in AuthenticationPayloadExchangeConverter #​9681
• NullPointerException in StrictHttpFirewall spring-security-web version 5.4.5 #​9674
• WebFlux httpBasic() should match on XHR requests #​9662
• HttpSecurity.addFilter* with same Filter in Different Position Places in Incorrect Location #​9643
• oauth2Login() generates authorization links for "client_credentials" grant type #​9637

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.