Skip to content

Bump org.springframework.security:spring-security-bom from 6.5.9 to 6.5.10#3751

Merged
spring-builds merged 1 commit into3.5.xfrom
dependabot/gradle/3.5.x/org.springframework.security-spring-security-bom-6.5.10
Apr 21, 2026
Merged

Bump org.springframework.security:spring-security-bom from 6.5.9 to 6.5.10#3751
spring-builds merged 1 commit into3.5.xfrom
dependabot/gradle/3.5.x/org.springframework.security-spring-security-bom-6.5.10

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 21, 2026

Bumps org.springframework.security:spring-security-bom from 6.5.9 to 6.5.10.

Release notes

Sourced from org.springframework.security:spring-security-bom's releases.

6.5.10

⭐ New Features

  • Add CredentialRecordOwnerAuthorizationManager #19004
  • Add XML Based shouldWriteHeadersEagerly tests #19017
  • Clarify Session Management Persistence Documentation #18345
  • Update FilterChainProxy#getFilters(String) javadoc #18258

🪲 Bug Fixes

  • Add equals and hashcode to HttpMethodRequestMatcher #18914
  • auth_time validation fails when SSO session is renewed #18839
  • Fallback defaultTargetUrl if refererHeader is empty #18806
  • Fix HttpSessionRequestCache#getMatchingRequest query string parsing #16914
  • Fix documentation for Custom Authorization Manager #18362
  • Improve serialVersionUID check in tests #18474
  • Merge Handle null value in OnCommittedResponseWrapper header methods #18989
  • OAuth2 client sessionManagement ineffective with DefaultOidcUser #18622

🔨 Dependency Upgrades

  • Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19055
  • Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18956
  • Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19031
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18952
  • Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19094
  • Bump io.projectreactor:reactor-bom from 2024.0.16 to 2024.0.17 #19078
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.14 to 1.0.15 #18916
  • Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19108
  • Bump org.hibernate.orm:hibernate-core from 6.6.44.Final to 6.6.45.Final #18966
  • Bump org.hibernate.orm:hibernate-core from 6.6.45.Final to 6.6.47.Final #19046
  • Bump org.hibernate.orm:hibernate-core from 6.6.47.Final to 6.6.48.Final #19064
  • Bump org.hibernate.orm:hibernate-core from 6.6.48.Final to 6.6.49.Final #19110
  • Bump org.springframework:spring-framework-bom from 6.2.17 to 6.2.18 #19109
  • Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19093
  • Bump spring-io/spring-security-release-tools from 1.0.14 to 1.0.15 #18954
  • Bump spring-io/spring-security-release-tools/.github/workflows/build.yml from 1.0.14 to 1.0.15 #18955
  • Bump spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml from 1.0.14 to 1.0.15 #18949
  • Bump spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml from 1.0.14 to 1.0.15 #18950
  • Bump spring-io/spring-security-release-tools/.github/workflows/perform-release.yml from 1.0.14 to 1.0.15 #18995
  • Bump spring-io/spring-security-release-tools/.github/workflows/test.yml from 1.0.14 to 1.0.15 #18951
  • Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18994
  • Update to spring-security-release-tools 1.0.15 #18910

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kehrlann, @​as1605, @​johnycho, @​ngocnhan-tran1996, @​rwinch, and @​sankranty

Commits
  • 0a9d4dc Release 6.5.10
  • 3d4e205 Merge remote-tracking branch 'oss/6.5.x' into 6.5.x
  • 81bd52a Bump org.hibernate.orm:hibernate-core from 6.6.48.Final to 6.6.49.Final
  • 25b6af2 Bump org.springframework:spring-framework-bom from 6.2.17 to 6.2.18
  • 95987bf Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
  • 6e5f8f2 Merge remote-tracking branch 'origin/6.5.x' into 6.5.x
  • 4187af3 Verify token deletion in JdbcOneTimeTokenService
  • 5b638a5 Use SHA Hashes
  • 51eef2b Bump io.projectreactor:reactor-bom from 2024.0.16 to 2024.0.17
  • 302cfb1 Bump @​springio/antora-extensions from 1.14.10 to 1.14.11 in /docs
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump org.springframework.security:spring-security-bom
9fb8ef0 
Bumps [org.springframework.security:spring-security-bom](https://github.com/spring-projects/spring-security) from 6.5.9 to 6.5.10.
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.5.9...6.5.10)

---
updated-dependencies:
- dependency-name: org.springframework.security:spring-security-bom
  dependency-version: 6.5.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the type: dependency-upgrade A dependency upgrade label Apr 21, 2026
@github-actions github-actions Bot added this to the 3.5.6 milestone Apr 21, 2026
@spring-builds spring-builds enabled auto-merge (rebase) April 21, 2026 03:08
@spring-builds spring-builds merged commit 7e87cd9 into 3.5.x Apr 21, 2026
5 checks passed
@dependabot dependabot Bot deleted the dependabot/gradle/3.5.x/org.springframework.security-spring-security-bom-6.5.10 branch April 21, 2026 03:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type: dependency-upgrade A dependency upgrade

Projects

None yet

Milestone

3.5.6

Development

Successfully merging this pull request may close these issues.

1 participant

@spring-builds