Skip to content

Update dependency org.springframework.security:spring-security-crypto to v7.0.5 (main)#451

Merged
DerDaehne merged 1 commit into
mainfrom
renovate/main-spring-security
Apr 27, 2026
Merged

Update dependency org.springframework.security:spring-security-crypto to v7.0.5 (main)#451
DerDaehne merged 1 commit into
mainfrom
renovate/main-spring-security

Conversation

@alexander-dammeier
Copy link
Copy Markdown
Contributor

@alexander-dammeier alexander-dammeier commented Apr 23, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
org.springframework.security:spring-security-crypto (source) 7.0.27.0.5 age confidence

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-crypto)

v7.0.5

Compare Source

⭐ New Features

  • Add XML Based shouldWriteHeadersEagerly tests #​19018
  • Merge Add CredentialRecordOwnerAuthorizationManager #​19005

🪲 Bug Fixes

  • Add equals and hashcode to HttpMethodRequestMatcher #​18963
  • auth_time claim doesn't show the time of the original authentication #​18282
  • auth_time validation fails when SSO session is renewed #​18978
  • Fallback defaultTargetUrl if refererHeader is empty #​18981
  • Fix HttpSessionRequestCache#getMatchingRequest query string parsing #​18972
  • Merge Handle null value in OnCommittedResponseWrapper header methods #​18990
  • OAuth2 client sessionManagement ineffective with DefaultOidcUser #​19022

🔨 Dependency Upgrades

  • Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #​19054
  • Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #​18953
  • Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #​19029
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #​18957
  • Bump actions/upload-artifact from 7.0.0 to 7.0.1 #​19096
  • Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #​19021
  • Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #​19114
  • Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #​19080
  • Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #​19111
  • Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #​19113
  • Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #​19098
  • Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #​19112
  • Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #​18996
  • Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #​19095
  • Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #​18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​rwinch

v7.0.4

Compare Source

⭐ New Features

  • Update RestTemplateBuilder usage in opaque-token.adoc #​18836

🪲 Bug Fixes

  • Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #​18784
  • Add Jackson Mixin for WebAuthnAuthentication #​18878
  • Add Missing OnCommitedResponseWrapper Header Overrides #​18799
  • Document the change in dependency coordinates with Spring Security 7 #​18773
  • Ensure tests clear AuthorizationServerContextHolder #​18768
  • Fix CookieRequestCache parameters #​18864
  • Fix Flaky Crypto Tests #​18842
  • Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs #​18897
  • HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 #​18834
  • OAuth2DeviceVerificationEndpointFilter should be applied after AuthorizationFilter #​18873
  • Restore upgradeEncoding condition in DaoAuthenticationProvider #​18788
  • saveAuthenticationRequest should read relayState from authenticationRequest #​18884
  • SecurityExpressionRoot#hasAuthority should delegate to AuthorizationManagerFactory#hasAuthority #​18487
  • ServerHttpSecurityConfiguration should not set userDetailsPasswordService to a null value #​18276
  • TokenBasedRememberMeServices documentation snippets should compile #​18642
  • Update request-matcher XML property to support PathPatternRequestMatcher #​18737

🔨 Dependency Upgrades

  • Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs #​18853
  • Bump actions/upload-artifact from 6.0.0 to 7.0.0 #​18810
  • Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 #​18752
  • Bump com.webauthn4j:webauthn4j-core from 0.31.0.RELEASE to 0.31.1.RELEASE #​18830
  • Bump io.projectreactor:reactor-bom from 2025.0.3 to 2025.0.4 #​18877
  • Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 #​18751
  • Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 #​18792
  • Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 #​18861
  • Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 #​18887
  • Bump org.junit:junit-bom from 6.0.2 to 6.0.3 #​18743
  • Bump org.springframework.data:spring-data-bom from 2025.1.3 to 2025.1.4 #​18904
  • Bump org.springframework:spring-framework-bom from 7.0.4 to 7.0.5 #​18764
  • Bump org.springframework:spring-framework-bom from 7.0.5 to 7.0.6 #​18905
  • Update Antora UI Spring to v0.4.26 #​18893
  • Update to spring-security-release-tools 1.0.15 #​18909

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​busoco-sjb, @​making, @​meliezer, @​ngocnhan-tran1996, @​rwinch, @​sephiroth-j, @​therepanic, @​thuri, and @​ziqin

v7.0.3

Compare Source

⭐ New Features

  • Fix Javadoc warnings in spring-security-web #​18473
  • Fix/gradle 9 deprecations #​18485
  • Fix/gradle 9 deprecations #​18477
  • Replace method call with 'Builder.configureMessageConverters()' #​18378
  • Replacing use of deprecated 'check' in authorization documentation #​18390
  • Use DefaultParameterNameDiscoverer#getSharedInstance #​18481

🪲 Bug Fixes

  • Authorization Server fails to start with multiple PasswordEncoder beans #​18645
  • BearerTokenAuthenticationEntryPoint uses context path #​18528
  • Create SHA-1 MessageDigest for every new check request in Compromised Password Checker #​18594
  • Document Client PKCE settings #​18304
  • Fix docs typo X-Requested-By -> X-Requested-With #​18123
  • Fix Formatting in mfa.adoc #​18134
  • Fix typo in documentation #​18344
  • Fix typos #​18121

🔨 Dependency Upgrades

  • Bump ch.qos.logback:logback-classic from 1.5.22 to 1.5.24 #​18384
  • Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.28 #​18684
  • Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 #​18711
  • Bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.20.2 #​18660
  • Bump com.webauthn4j:webauthn4j-core from 0.29.7.RELEASE to 0.31.0.RELEASE #​18687
  • Bump gradle-wrapper from 8.14 to 8.14.4 #​18705
  • Bump io.mockk:mockk from 1.14.7 to 1.14.9 #​18681
  • Bump io.projectreactor:reactor-bom from 2025.0.1 to 2025.0.2 #​18658
  • Bump io.projectreactor:reactor-bom from 2025.0.2 to 2025.0.3 #​18717
  • Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 #​18683
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.13 to 1.0.14 #​18725
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 #​18706
  • Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 #​18309
  • Bump org-aspectj from 1.9.25 to 1.9.25.1 #​18326
  • Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.1 to 5.5.2 #​18346
  • Bump org.apache.maven:maven-resolver-provider from 3.9.11 to 3.9.12 #​18327
  • Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 #​18682
  • Bump org.junit:junit-bom from 6.0.1 to 6.0.2 #​18385
  • Bump org.springframework.data:spring-data-bom from 2025.1.1 to 2025.1.2 #​18655
  • Bump org.springframework.ldap:spring-ldap-core from 4.0.0 to 4.0.1 #​18316
  • Bump org.springframework.ldap:spring-ldap-core from 4.0.1 to 4.0.2 #​18733
  • Bump org.springframework:spring-framework-bom from 7.0.3 to 7.0.4 #​18732
  • Bump org.springframework:spring-framework-bom from 7.0.3-SNAPSHOT to 7.0.4-SNAPSHOT #​18657
  • Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22 #​18651
  • Bump tools.jackson:jackson-bom from 3.0.3 to 3.0.4 #​18659
  • Update Antora UI Spring to v0.4.25 #​18249
  • Update to Spring Framework 7.0.3 #​18667
  • Update to spring-data-bom 2025.1.3 #​18735

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Been24, @​Fr05ty-hub, @​Kehrlann, @​Rigu1, @​bloomsei, @​martinboulais, @​ngocnhan-tran1996, @​paulvas, @​rwinch, @​therepanic, and @​vincentstradiot

Configuration

📅 Schedule: (in timezone Europe/Berlin)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@alexander-dammeier alexander-dammeier force-pushed the renovate/main-spring-security branch from d2f5e09 to d1b0da2 Compare April 23, 2026 21:01
@alexander-dammeier alexander-dammeier changed the title Update dependency org.springframework.security:spring-security-crypto to v7.0.4 (main) Update dependency org.springframework.security:spring-security-crypto to v7.0.5 (main) Apr 23, 2026
@DerDaehne DerDaehne merged commit 326b034 into main Apr 27, 2026
2 checks passed
@DerDaehne DerDaehne deleted the renovate/main-spring-security branch April 27, 2026 06:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alexander-dammeier @DerDaehne @renovate-bot