Skip to content

Bump org.springframework.security:spring-security-bom from 7.0.4 to 7.0.5 in /spring#2598

Merged
acoburn merged 1 commit into1.3from
dependabot/maven/spring/1.3/org.springframework.security-spring-security-bom-7.0.5
May 1, 2026
Merged

Bump org.springframework.security:spring-security-bom from 7.0.4 to 7.0.5 in /spring#2598
acoburn merged 1 commit into1.3from
dependabot/maven/spring/1.3/org.springframework.security-spring-security-bom-7.0.5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026
edited
Loading

Bumps org.springframework.security:spring-security-bom from 7.0.4 to 7.0.5.

Release notes

Sourced from org.springframework.security:spring-security-bom's releases.

7.0.5

⭐ New Features

  • Add XML Based shouldWriteHeadersEagerly tests #19018
  • Merge Add CredentialRecordOwnerAuthorizationManager #19005

🪲 Bug Fixes

  • Add equals and hashcode to HttpMethodRequestMatcher #18963
  • auth_time claim doesn't show the time of the original authentication #18282
  • auth_time validation fails when SSO session is renewed #18978
  • Fallback defaultTargetUrl if refererHeader is empty #18981
  • Fix HttpSessionRequestCache#getMatchingRequest query string parsing #18972
  • Merge Handle null value in OnCommittedResponseWrapper header methods #18990
  • OAuth2 client sessionManagement ineffective with DefaultOidcUser #19022

🔨 Dependency Upgrades

  • Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19054
  • Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18953
  • Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19029
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18957
  • Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19096
  • Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #19021
  • Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #19114
  • Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #19080
  • Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19111
  • Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #19113
  • Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #19098
  • Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #19112
  • Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #18996
  • Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19095
  • Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​rwinch

Commits
  • 53bc6a7 Fix Formatting
  • aed95aa Fix Formatting
  • 7b57a4a Release 7.0.5
  • 1104796 Merge branch '6.5.x' into 7.0.x
  • 3d4e205 Merge remote-tracking branch 'oss/6.5.x' into 6.5.x
  • 4c40eeb Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
  • ff1e925 Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
  • 7b309cf Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5
  • 51a1f88 Bump com.webauthn4j:webauthn4j-core
  • 762d8f1 Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7
  • Additional commits viewable in compare view

@dependabot dependabot Bot requested a review from a team as a code owner May 1, 2026 05:08
@acoburn acoburn enabled auto-merge (squash) May 1, 2026 15:05
@dependabot
Bump org.springframework.security:spring-security-bom in /spring
48c3ab9 
Bumps [org.springframework.security:spring-security-bom](https://github.com/spring-projects/spring-security) from 7.0.4 to 7.0.5.
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@7.0.4...7.0.5)

---
updated-dependencies:
- dependency-name: org.springframework.security:spring-security-bom
  dependency-version: 7.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/spring/1.3/org.springframework.security-spring-security-bom-7.0.5 branch from acd1f34 to 48c3ab9 Compare May 1, 2026 15:08
@acoburn acoburn merged commit d178d30 into 1.3 May 1, 2026
7 checks passed
@acoburn acoburn deleted the dependabot/maven/spring/1.3/org.springframework.security-spring-security-bom-7.0.5 branch May 1, 2026 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@acoburn acoburn acoburn approved these changes

Assignees

No one assigned

Labels

1.3 backport

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@acoburn