Bump spring-security.version from 4.2.12.RELEASE to 5.2.1.RELEASE

[dependabot]

Bumps spring-security.version from 4.2.12.RELEASE to 5.2.1.RELEASE.

Updates spring-security-core from 4.2.12.RELEASE to 5.2.1.RELEASE

Release notes

Sourced from spring-security-core's releases.

5.2.1.RELEASE

⭐ New Features

• Fix variable reference in sample code #7571
• spring-security-saml2-service-provider impossible to use different format of assertionConsumerServiceUrlTemplate #7565
• Add Resource Server Multi-tenancy Documentation #7532
• Update SAML sample to use boot auto config #7521
• Add Reactive CSRF Documentation #6487

🪲 Bug Fixes

• Restore Removed Throws Clauses #7580
• CsrfWebFilter should handle multipart/form-data #7576
• Make saveAuthorizedClient save the authorized client #7551
• DefaultReactiveOAuth2AuthorizedClientManager.saveAuthorizedClient does not save authorized client #7546
• throws Exception was removed from WebSecurityConfigurerAdapter#configure(WebSecurity) #7541
• SAML2 Provider SubjectConfirmation validation failure #7514
• SAML2 Provider AuthNRequest Hardcoded Protocol Binding #7513
• Clock skew to check access token expiration has wrong sign #7511

🔨 Dependency Upgrades

• Upgrade to Spring Boot 2.2.0.RELEASE #7566

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​fhanik
• @​mftruso
• @​jzheaux
• @​philsttr
• @​rweisleder
• @​ramonPires

5.2.0.RELEASE

⭐ New Features

• Add Hello RSocket Sample #7504
• Add RSocket Reference #7502
• CookieServerCsrfRepositoryTests should not start domain with a dot #7500
• Add OAuth2 Resource Server to Modules Section #7498
• Initial saml2 login docs #7495
• SAML 2 Assertion - Always require signature validation #7490
• Add Reactive Messaging CurrentSecurityContextPrincipalArgumentResolver #7488
• CurrentSecurityContextArgumentResolver polishes #7487
• Add ClientRegistration.withClientRegistration(ClientRegistration) #7486
• Add hasAuthority method to RSocketSecurity #7478
• Align Servlet ExchangeFilterFunction CoreSubscriber #7476
• WebFluxSecurityConfiguration does not configure oauth2Client #7470

... (truncated)

Commits

• 8ce1ac3 Release 5.2.1.RELEASE
• 906a69b Add Resource Server Multi-tenancy Docs
• 7b8dd79 Update to blockound 1.0.1.RELEASE
• 526e3fd Update to hibernate-validator 6.1.0.Final
• f340da8 Update to hibernate-entitymanager 5.4.8.Final
• 7fdebf3 Update to Unbounded 4.0.12
• c091d6d Update to powermock 2.0.4
• 036a3b9 Update to Bouncy Castle 1.64
• f7477b0 Update to Reactor Dysprosium-SR1
• 4583cbc Update to GAE 1.9.76
• Additional commits viewable in compare view

Updates spring-security-config from 4.2.12.RELEASE to 5.2.1.RELEASE

Release notes

Sourced from spring-security-config's releases.

5.2.1.RELEASE

⭐ New Features

• Fix variable reference in sample code #7571
• spring-security-saml2-service-provider impossible to use different format of assertionConsumerServiceUrlTemplate #7565
• Add Resource Server Multi-tenancy Documentation #7532
• Update SAML sample to use boot auto config #7521
• Add Reactive CSRF Documentation #6487

🪲 Bug Fixes

• Restore Removed Throws Clauses #7580
• CsrfWebFilter should handle multipart/form-data #7576
• Make saveAuthorizedClient save the authorized client #7551
• DefaultReactiveOAuth2AuthorizedClientManager.saveAuthorizedClient does not save authorized client #7546
• throws Exception was removed from WebSecurityConfigurerAdapter#configure(WebSecurity) #7541
• SAML2 Provider SubjectConfirmation validation failure #7514
• SAML2 Provider AuthNRequest Hardcoded Protocol Binding #7513
• Clock skew to check access token expiration has wrong sign #7511

🔨 Dependency Upgrades

• Upgrade to Spring Boot 2.2.0.RELEASE #7566

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​fhanik
• @​mftruso
• @​jzheaux
• @​philsttr
• @​rweisleder
• @​ramonPires

5.2.0.RELEASE

⭐ New Features

• Add Hello RSocket Sample #7504
• Add RSocket Reference #7502
• CookieServerCsrfRepositoryTests should not start domain with a dot #7500
• Add OAuth2 Resource Server to Modules Section #7498
• Initial saml2 login docs #7495
• SAML 2 Assertion - Always require signature validation #7490
• Add Reactive Messaging CurrentSecurityContextPrincipalArgumentResolver #7488
• CurrentSecurityContextArgumentResolver polishes #7487
• Add ClientRegistration.withClientRegistration(ClientRegistration) #7486
• Add hasAuthority method to RSocketSecurity #7478
• Align Servlet ExchangeFilterFunction CoreSubscriber #7476
• WebFluxSecurityConfiguration does not configure oauth2Client #7470

... (truncated)

Commits

• 8ce1ac3 Release 5.2.1.RELEASE
• 906a69b Add Resource Server Multi-tenancy Docs
• 7b8dd79 Update to blockound 1.0.1.RELEASE
• 526e3fd Update to hibernate-validator 6.1.0.Final
• f340da8 Update to hibernate-entitymanager 5.4.8.Final
• 7fdebf3 Update to Unbounded 4.0.12
• c091d6d Update to powermock 2.0.4
• 036a3b9 Update to Bouncy Castle 1.64
• f7477b0 Update to Reactor Dysprosium-SR1
• 4583cbc Update to GAE 1.9.76
• Additional commits viewable in compare view

Updates spring-security-web from 4.2.12.RELEASE to 5.2.1.RELEASE

Release notes

Sourced from spring-security-web's releases.

5.2.1.RELEASE

⭐ New Features

• Fix variable reference in sample code #7571
• spring-security-saml2-service-provider impossible to use different format of assertionConsumerServiceUrlTemplate #7565
• Add Resource Server Multi-tenancy Documentation #7532
• Update SAML sample to use boot auto config #7521
• Add Reactive CSRF Documentation #6487

🪲 Bug Fixes

• Restore Removed Throws Clauses #7580
• CsrfWebFilter should handle multipart/form-data #7576
• Make saveAuthorizedClient save the authorized client #7551
• DefaultReactiveOAuth2AuthorizedClientManager.saveAuthorizedClient does not save authorized client #7546
• throws Exception was removed from WebSecurityConfigurerAdapter#configure(WebSecurity) #7541
• SAML2 Provider SubjectConfirmation validation failure #7514
• SAML2 Provider AuthNRequest Hardcoded Protocol Binding #7513
• Clock skew to check access token expiration has wrong sign #7511

🔨 Dependency Upgrades

• Upgrade to Spring Boot 2.2.0.RELEASE #7566

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​fhanik
• @​mftruso
• @​jzheaux
• @​philsttr
• @​rweisleder
• @​ramonPires

5.2.0.RELEASE

⭐ New Features

• Add Hello RSocket Sample #7504
• Add RSocket Reference #7502
• CookieServerCsrfRepositoryTests should not start domain with a dot #7500
• Add OAuth2 Resource Server to Modules Section #7498
• Initial saml2 login docs #7495
• SAML 2 Assertion - Always require signature validation #7490
• Add Reactive Messaging CurrentSecurityContextPrincipalArgumentResolver #7488
• CurrentSecurityContextArgumentResolver polishes #7487
• Add ClientRegistration.withClientRegistration(ClientRegistration) #7486
• Add hasAuthority method to RSocketSecurity #7478
• Align Servlet ExchangeFilterFunction CoreSubscriber #7476
• WebFluxSecurityConfiguration does not configure oauth2Client #7470

... (truncated)

Commits

• 8ce1ac3 Release 5.2.1.RELEASE
• 906a69b Add Resource Server Multi-tenancy Docs
• 7b8dd79 Update to blockound 1.0.1.RELEASE
• 526e3fd Update to hibernate-validator 6.1.0.Final
• f340da8 Update to hibernate-entitymanager 5.4.8.Final
• 7fdebf3 Update to Unbounded 4.0.12
• c091d6d Update to powermock 2.0.4
• 036a3b9 Update to Bouncy Castle 1.64
• f7477b0 Update to Reactor Dysprosium-SR1
• 4583cbc Update to GAE 1.9.76
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #130.