Upgrade Spring Security 6.3.4 -> 6.4.1

[Picnic-DevPla-Bot]

This PR contains the following updates:

Package	Type	Update	Change
Spring Security (source)	import	minor	6.3.4 -> 6.4.1

---

Release Notes

spring-projects/spring-security (Spring Security)

v6.4.1

Compare Source

🪲 Bug Fixes

• Documentation images should render clearly in both light and dark mode #​16132
• Fix conflicting bean names between @EnableWebSecurity and @EnableWebSocketSecurity #​16113

🔩 Build Updates

• Update Antora UI Spring to v0.4.18 #​16112

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​github-actions[bot] and @​ngocnhan-tran1996

v6.4.0

Compare Source

⭐ New Features

• Add @FunctionalInterface to AuthorizationEventPublisher #​15934
• Add DefaultResourcesFilter.webauthn() #​15970
• Add deprecation notice for missing leading slashes #​16020
• Code Cleanup #​15996
• Document passkeys dependencies #​16107
• Factor out some common object mocking in tests #​15396
• Fix saml2 authentication guide docs #​16017
• Improve documentation about CredentialsContainer #​15554
• Improve Documentation on Adding a Custom Security Filter #​15893
• Improve Error Message for Conflicting Filter Chains #​15992
• Make it easier to determine where a filter chain has been defined #​15874
• OIDC logout not working for JPA/JDBC OAuth2AuthorizationService because DefaultSaml2AuthenticatedPrincipal does not implement equality #​15346
• Polish JdbcOneTimeTokenService #​15997
• relying-party-registration doesn't allow placeholders in xml #​14645
• Remove unnecessary parentheses and add static final field MockPortResolver#getServerPort #​15875
• Support ServerExchangeRejectedHandler @Bean #​16063

🪲 Bug Fixes

• An empty-string bearer token should result in an appropriate HTTP status code #​16037
• AuthorizeReturnObject AOT support should register proxied class as well #​16106
• Correct class name reference in WebFilterChainProxy JavaDoc #​16004
• Fix typo javadoc some classes #​16022
• Initialize OpenSAML in OpenSamlAssertingPartyMetadataRepository #​16055
• IpAddressMatcher null pointer exception #​16104
• OpenSamlAssertingPartyMetadataRepository should initialize OpenSAML #​16042
• Support ServerWebExchangeFirewall @Bean #​15999
• UniqueSecurityAnnotationScanner throws ConcurrentModificationException #​15906

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 #​16005
• Bump com.fasterxml.jackson:jackson-bom from 2.18.0 to 2.18.1 #​16007
• Bump com.webauthn4j:webauthn4j-core from 0.28.1.RELEASE to 0.28.2.RELEASE #​16122
• Bump io.freefair.gradle:aspectj-plugin from 8.10.2 to 8.11 #​16123
• Bump io.micrometer:micrometer-observation from 1.14.0 to 1.14.1 #​16121
• Bump io.projectreactor:reactor-bom from 2023.0.11 to 2023.0.12 #​16079
• Bump org-bouncycastle from 1.78.1 to 1.79 #​16010
• Bump org.hibernate.orm:hibernate-core from 6.6.1.Final to 6.6.2.Final #​16048
• Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #​16028
• Bump org.htmlunit:htmlunit from 4.5.0 to 4.6.0 #​16044
• Bump org.junit:junit-bom from 5.11.2 to 5.11.3 #​15968
• Bump org.seleniumhq.selenium:htmlunit3-driver from 4.25.0 to 4.26.0 #​16043
• Bump org.seleniumhq.selenium:selenium-java from 4.25.0 to 4.26.0 #​16018
• Bump org.springframework.data:spring-data-bom from 2024.0.5 to 2024.1.0 #​16124
• Bump org.springframework.ldap:spring-ldap-core from 3.2.7 to 3.2.8 #​16097
• Bump org.springframework:spring-framework-bom from 6.2.0-RC3 to 6.2.0 #​16096

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-beta.4 to 1.0.0-beta.5 in /docs #​16115
• Update Antora UI Spring to v0.4.17 #​15929

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Chu3laMan, @​Kehrlann, @​Limm-jk, @​dcolazin, @​dependabot[bot], @​franticticktick, @​github-actions[bot], @​gzhao9, @​ig-jinwoo, @​jzheaux, @​kse-music, @​ngocnhan-tran1996, and @​nomoreFt

v6.3.5

Compare Source

⭐ New Features

• Support ServerExchangeRejectedHandler @Bean #​16062
• Supporting logout+jwt for back-channel logout with spring-webflux #​15702

🪲 Bug Fixes

• Align DelegatingAuthenticationConverter Constructors #​15949
• An empty-string bearer token should result in an appropriate HTTP status code #​16036
• IpAddressMatcher null pointer exception #​15527
• RequestMatcherDelegatingAuthorizationManager should be post-processable #​15981
• Support ServerWebExchangeFirewall @Bean #​15991
• Unhandled exception in CookieRequestCache results in 500 Internal Server Error #​15986
• Update logout.adoc: Fix Customizing Logout Success Example #​15956

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 #​16006
• Bump com.fasterxml.jackson:jackson-bom from 2.17.2 to 2.17.3 #​16032
• Bump io.micrometer:micrometer-observation from 1.12.12 to 1.12.13 #​16126
• Bump io.projectreactor:reactor-bom from 2023.0.11 to 2023.0.12 #​16082
• Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #​16033
• Bump org.springframework.data:spring-data-bom from 2024.0.5 to 2024.0.6 #​16125
• Bump org.springframework.ldap:spring-ldap-core from 3.2.7 to 3.2.8 #​16102
• Bump org.springframework:spring-framework-bom from 6.1.14 to 6.1.15 #​16101

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-beta.4 to 1.0.0-beta.5 in /docs #​16117
• Update Antora UI Spring to v0.4.17 #​15930

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​asimuleo, @​dependabot[bot], @​github-actions[bot], and @​kse-music

---

• If you want to rebase/retry this PR, check this box

[Picnic-DevPla-Bot]

Suggested commit message:

Upgrade Spring Security 6.3.4 -> 6.4.1 (#1433)

See:
- https://docs.spring.io/spring-security/reference/6.4/whats-new.html
- https://github.com/spring-projects/spring-security/releases/tag/6.3.5
- https://github.com/spring-projects/spring-security/releases/tag/6.4.0-M1
- https://github.com/spring-projects/spring-security/releases/tag/6.4.0-M2
- https://github.com/spring-projects/spring-security/releases/tag/6.4.0-M3
- https://github.com/spring-projects/spring-security/releases/tag/6.4.0-M4
- https://github.com/spring-projects/spring-security/releases/tag/6.4.0-RC1
- https://github.com/spring-projects/spring-security/releases/tag/6.4.0
- https://github.com/spring-projects/spring-security/releases/tag/6.4.1
- https://github.com/spring-projects/spring-security/compare/6.3.4...6.4.1

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[Stephan202]

Tweaked the suggested commit message.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[Stephan202]

Version 6.4.1 LGTM too.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[github-actions]

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud