Update Spring All

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework.security:spring-security-rsa (source)	1.1.1 -> 1.1.5
org.springframework.cloud:spring-cloud-dependencies (source)	2021.0.1 -> 2021.0.9
org.springframework.retry:spring-retry (source)	2.0.3 -> 2.0.10
org.springframework.security:spring-security-oauth2-core (source)	5.7.12 -> 5.8.15
org.springframework.security:spring-security-core (source)	5.7.12 -> 5.8.15
org.springframework.security:spring-security-config (source)	5.7.12 -> 5.8.15
org.springframework.security:spring-security-web (source)	5.7.12 -> 5.8.15
org.springframework.security:spring-security-crypto (source)	5.7.12 -> 5.8.15
org.springframework.security:spring-security-oauth2-resource-server (source)	5.7.12 -> 5.8.15
io.spring.dependency-management	1.0.12.RELEASE -> 1.1.6

---

Release Notes

spring-cloud/spring-cloud-release (org.springframework.cloud:spring-cloud-dependencies)

v2021.0.9

v2021.0.8: 2021.0.8

⭐ Releases

• spring-cloud-build 3.1.8
• spring-cloud-bus 3.1.2
• spring-cloud-circuitbreaker 2.1.7
• spring-cloud-cli 3.1.1
• spring-cloud-cloudfoundry 3.1.3
• spring-cloud-commons 3.1.7
• spring-cloud-config 3.1.8
• spring-cloud-consul 3.1.4
• spring-cloud-contract 3.1.8
• spring-cloud-function 3.2.11
• spring-cloud-gateway 3.1.8
• spring-cloud-kubernetes 2.1.8
• spring-cloud-netflix 3.1.7
• spring-cloud-openfeign 3.1.8
• spring-cloud-sleuth 3.1.9
• spring-cloud-stream 3.2.9
• spring-cloud-task 2.4.6
• spring-cloud-vault 3.1.3
• spring-cloud-zookeeper 3.1.4

v2021.0.7

Compare Source

v2021.0.6

Compare Source

v2021.0.5

Compare Source

v2021.0.4

v2021.0.3

v2021.0.2

spring-projects/spring-retry (org.springframework.retry:spring-retry)

v2.0.10

Compare Source

⭐ New Features

• Add default hashCode implementation to RetryConfiguration.AnnotationClassOrMethodPointcut #​472
• Apply a setter for the logger field of RetryTemplate so that it doesn't need to be injected via reflections #​470

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​NorsaG and @​dsyer

v2.0.9

⭐ New Features

• Populate MethodInvocation to RetryPolicy (via RetryContext) #​229
• Can't chose correct @Recover method #​188

🐞 Bug Fixes

• Support concurrent behavior on MetricsRetryListener #​467
• UniformRandomBackOffPolicy is throwing IllegalArgumentException on calling backOff when maxBackOffPeriod is less than minBackOffPeriod. #​464

v2.0.8

⭐ New Features

• Built-in support for Micrometer metrics publishing #​458
• Add @Nullable in RetryContext to easier detect possible NPE #​457

📔 Documentation

• Wrong value for JDK (1.7) needed for building the project #​460

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.0.23 #​462

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​szpak

v2.0.7

⭐ New Features

• Allow use of custom (binary) exception classifier in RestTemplateBuilder #​441

🔨 Dependency Upgrades

• Upgade to Spring Framework 6.0.22 #​449

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​marcingrzejszczak

v2.0.6

⭐ New Features

• No distinction in the logs between different retried methods #​422
• Rework Exception-wrapping #​82

🐞 Bug Fixes

• @Retryable annotation retrying with ExponentialBackOff instead of ExponentialRandomBackOff when randomExpression provided #​427
• fix: Null pointer error may occur #​421

📔 Documentation

• Wrong method recommended for build.gradle? #​423
• put GAV in docs #​418
• Improve Javadoc for setThrowLastExceptionOnExhausted of RetryTemplate #​137

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.0.20 #​435

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​aozeyu

v2.0.5

⭐ New Features

• Expose the number of max attempts to the retry context for all policies #​395
• classifiable's self class checked twice #​212
• Provide The Ability to Exclude Global RetryListeners #​211

🐞 Bug Fixes

• Unexpected exception type thrown instead of actual CHECKED exception when noRetryFor is used #​405
• NPE in CircuitBreaker, wrong null check #​403
• Retryable with exponential backoff not working with delayExpression #​397
• Restore the interrupted thread status in the provided backoff policies #​386

📔 Documentation

• Unable to define recover method where the method is returning a generic List #​402
• Fix incorrect return type of RetryListener's open method in README.md #​401
• ExponentialRandomBackOffPolicy not always random #​391

🔨 Dependency Upgrades

• Upgrade to AspectJ 1.9.20.1 #​406
• Upgrade to Spring Framework 6.0.15 #​408

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​hoonti06

v2.0.4

🐞 Bug Fixes

• maxAttemptsExpression is not evaluated when an exceptionExpression is set #​383

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.0.13 #​385

spring-projects/spring-security (org.springframework.security:spring-security-oauth2-core)

v5.8.15

Compare Source

⭐ New Features

• Address unnecessary method invocation in AbstractRequestMatcherRegistry #​15718
• The SecuredAuthorizationManager can now find @Secured annotations on … #​15014

🪲 Bug Fixes

• Disabling credentials erasure on custom AuthenticationManager is not working #​15683
• Methods annotated with @PostFilter are processed twice by PostFilterAuthorizationMethodInterceptor #​15624
• SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #​15749
• The additionalParameters array parameter of OAuth2AuthorizationRequest causes the authorizationRequestUri to be incorrect #​15533

🔨 Dependency Upgrades

• Bump io.projectreactor.tools:blockhound from 1.0.9.RELEASE to 1.0.10.RELEASE #​15928
• Bump org-eclipse-jetty from 9.4.55.v20240627 to 9.4.56.v20240826 #​15730
• Bump org.springframework.ldap:spring-ldap-core from 2.4.1 to 2.4.2 #​15941

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-beta.2 to 1.0.0-beta.3 in /docs #​15908
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.13 to 1.0.0-alpha.14 in /docs #​15837
• Migrate slack notifications to GChat #​15503
• Release 5.8.15 #​15963

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​chenzhenjia
• @​tugjg
• @​abimael-turing
• @​dependabot[bot]

v5.8.14

Compare Source

⭐ New Features

• Document the role of CredentialsContainer #​15319

🪲 Bug Fixes

• Clarify url Parameter Usage in AD Provider Constructor #​15409
• Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' #​15363

🔨 Dependency Upgrades

• Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 #​15375
• Bump io.projectreactor.netty:reactor-netty from 1.0.46 to 1.0.47 #​15391
• Bump io.projectreactor.netty:reactor-netty from 1.0.47 to 1.0.48 #​15606
• Bump io.projectreactor:reactor-bom from 2020.0.45 to 2020.0.46 #​15390
• Bump io.projectreactor:reactor-bom from 2020.0.46 to 2020.0.47 #​15604
• Bump org-eclipse-jetty from 9.4.54.v20240208 to 9.4.55.v20240627 #​15360
• Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.2 #​15291
• Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 #​15335
• Bump org.springframework:spring-framework-bom from 5.3.37 to 5.3.39 #​15615

🔩 Build Updates

• Automate check of expected branch version #​15226
• Bump @antora/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs #​15447
• Bump @antora/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs #​15484
• Bump @antora/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs #​15558
• Bump @antora/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs #​15633
• Bump @springio/antora-extensions from 1.11.1 to 1.12.0 in /docs #​15417
• Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs #​15523
• Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs #​15559
• Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs #​15632
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs #​15416
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs #​15524
• Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs #​15330
• Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs #​15481
• Bump com.gradle.develocity from 3.17.5 to 3.17.6 #​15463

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​Haarolean
• @​dependabot[bot]

v5.8.13

Compare Source

⭐ New Features

• doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #​14779
• Enhance Logging in RequestMatcherDelegatingAuthorizationManage #​14837
• Improve PasswordEncoder Error Messaging #​14951
• InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #​14880
• Mention all required dependencies in LDAP documentation #​15235
• Remove useBase64 parameter #​14862

🪲 Bug Fixes

• AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #​13849
• Always Use Request-Level ServletContext to Evaluate Request Matcher Paths #​15195
• Assert WebSession is not null #​14977
• Conditionally Add Conventions Plugin #​15152
• DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext #​14418
• Fix Java example in multitenanci.adoc #​15146
• LDIF file on official documentation breaks the startup process #​15089
• Link to article with remember-me-persistent-token strategy is broken #​14358
• ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #​14931
• Resolving invalid CSRF token values is not consistent #​15184
• Restore Build Scan Capability #​15120
• Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #​14855

🔨 Dependency Upgrades

• Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 #​15074
• Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 #​15231
• Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE #​14923
• Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 #​15073
• Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 #​15230
• Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #​15191
• Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 #​15085
• Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 #​15135
• Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 #​15253
• Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 #​14938

🔩 Build Updates

• Attach Antora Docs to Pull Requests #​14992
• Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #​15160
• Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #​15140
• Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #​15001
• Bump com.gradle.develocity from 3.17.2 to 3.17.4 #​15099
• Bump com.gradle.develocity from 3.17.4 to 3.17.5 #​15240
• Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #​14959
• Consider Adding a Build Updates section to the release changelog #​14485
• Migrate to com.gradle.develocity plugin #​15021
• Update Gradle Enterprise plugin to 3.17.2 #​15020

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​caio-henrique
• @​jzheaux
• @​dukbong
• @​Harsh4902
• @​abimael-turing
• @​dependabot[bot]
• @​sheriumair
• @​paschm

v5.8.12

Compare Source

🪲 Bug Fixes

• Conditional check for data-source-ref is incorrect #​14742

🔨 Dependency Upgrades

• Bump io.projectreactor.netty:reactor-netty from 1.0.43 to 1.0.44 #​14878
• Bump io.projectreactor:reactor-bom from 2020.0.42 to 2020.0.43 #​14877
• Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 #​14822
• Bump org.springframework:spring-framework-bom from 5.3.33 to 5.3.34 #​14891

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​dependabot[bot]
• @​sheriumair

v5.8.11

Compare Source

🪲 Bug Fixes

• Allow tab in HTTP header values. #​14590
• Check for null Authentication #​14664
• PostAuthorize Method Interceptors Should Use Order from AuthorizationInterceptorsOrder #​14720
• Remove duplicate setSecurityContextHolderStrategy #​14603
• Spring security's ServerLogoutHandler order problem. #​14379

🔨 Dependency Upgrades

• Bump io.projectreactor.netty:reactor-netty from 1.0.41 to 1.0.43 #​14730
• Bump io.projectreactor:reactor-bom from 2020.0.41 to 2020.0.42 #​14729
• Bump org.springframework:spring-framework-bom from 5.3.32 to 5.3.33 #​14759

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​chbecker2
• @​kse-music
• @​dependabot[bot]

v5.8.10

Compare Source

⭐ New Features

• Updated broken documentation link in javadocs #​14329

🪲 Bug Fixes

• Fix security filter sort in javadoc #​14552
• ReactiveMethodSecurityConfiguration is initialized prematurely when the context contains a BeanPostProcessor #​11596
• Saml2 LogoutFilter Should Come Before Common LogoutFilter #​14549

🔨 Dependency Upgrades

• Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 #​14584
• Bump gradle/gradle-build-action from 2 to 3 #​14505
• Bump io-spring-javaformat from 0.0.40 to 0.0.41 #​14438
• Bump io.projectreactor.netty:reactor-netty from 1.0.40 to 1.0.41 #​14432
• Bump io.projectreactor:reactor-bom from 2020.0.39 to 2020.0.40 #​14431
• Bump io.projectreactor:reactor-bom from 2020.0.40 to 2020.0.41 #​14614
• Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 #​14464
• Bump org-aspectj from 1.9.20.1 to 1.9.21.1 #​14607
• Bump org-eclipse-jetty from 9.4.53.v20231009 to 9.4.54.v20240208 #​14608
• Bump org.springframework:spring-framework-bom from 5.3.31 to 5.3.32 #​14622
• Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 #​14506
• Bump spring-io/spring-github-workflows from eaf17a1 to 1e8b058 #​14585

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​kse-music
• @​geirhe
• @​aspan
• @​dependabot[bot]

v5.8.9

Compare Source

⭐ New Features

• Document that Shibboleth Repository is Required for SAML Support #​14286
• OAuth2 Resource Server is exposing server information. #​13730
• Resolve RequestMatcher at request-time #​14078
• Update Java Config Spring MVC documentation #​14220

🪲 Bug Fixes

• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #​13625
• Authentication not propagated correctly after migrating to SB3 #​12877
• Authorization does not show up on Features section #​14099
• Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #​13718
• Fix caching error state in ReactiveRemoteJWKSource #​13976
• fix wrong document about "jws-algorithms" #​14252
• Improve error message when ServletRegistration API is unavailable #​14221
• References to WebFlux docs do not link to them #​14100
• relay_state should not be included in signing calculation when it is null #​13913
• Security configuration is failed to be initialized in a Servlet 6.0 container #​13794
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #​13644
• X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #​11948
• XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #​12483

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #​14313
• Bump actions/setup-java from 3 to 4 #​14307
• Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 #​14240
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #​14301
• Bump io-spring-javaformat from 0.0.39 to 0.0.40 #​14153
• Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 #​14143
• Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 #​14290
• Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 #​14142
• Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 #​14291
• Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 #​14170
• Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 #​14154
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #​14303
• Bump spring-io/spring-gradle-build-action from 1 to 2 #​14308

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​dongelci
• @​dependabot[bot]

v5.8.8

Compare Source

⭐ New Features

• Document how to publish an AuthenticationManager @Bean without WebSecurityConfigurerAdapter #​11926
• Use Gradle's Version Catalog #​13868

🪲 Bug Fixes

• Fix snapshot_tests on CI workflow #​13876
• fix corrupted saml2 metadata once special characters are present #​13777
• Saml-Metadata with special characters is corrupted #​13776
• Saml2LogoutRequestMixin relayState property should be binding #​12539

🔨 Dependency Upgrades

• Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 #​13982
• Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 #​13927
• Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 #​13890
• Bump com.gradle.enterprise from 3.11.1 to 3.11.4 #​13928
• Bump io.projectreactor.netty:reactor-netty from 1.0.35 to 1.0.36 #​13885
• Bump io.projectreactor.netty:reactor-netty from 1.0.36 to 1.0.38 #​13998
• Bump io.projectreactor:reactor-bom from 2020.0.35 to 2020.0.36 #​13944
• Bump io.projectreactor:reactor-bom from 2020.0.36 to 2020.0.37 #​13997
• Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 #​13925
• Bump org-aspectj from 1.9.20 to 1.9.20.1 #​13893
• Bump org-eclipse-jetty from 9.4.51.v20230217 to 9.4.52.v20230823 #​13909
• Bump org-eclipse-jetty from 9.4.52.v20230823 to 9.4.53.v20231009 #​13996
• Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.17.2 #​13926
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 #​13954
• Bump org.springframework.data:spring-data-bom from 2021.2.15 to 2021.2.16 #​13907
• Bump org.springframework.data:spring-data-bom from 2021.2.16 to 2021.2.17 #​14018
• Bump org.springframework:spring-framework-bom from 5.3.29 to 5.3.30 #​13908

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​JannickWeisshaupt
• @​erichaagdev
• @​dependabot[bot]

v5.8.7

Compare Source

⭐ New Features

• Automate spring-security.xsd #​13823

🪲 Bug Fixes

• CookieRequestCache ignores user Locale #​13792
• Default Security Configuration adds WWW-Authenticate Twice #​13737
• OAuth2AuthenticationExceptionMixin doesn't work in JDK 17 #​11893
• Saml2AuthenticationExceptionMixin doesn't work in JDK 17 #​13804

v5.8.6

Compare Source

⭐ New Features

• Closes #​11450 - Add Java beans configuration for Remmember Me Docs #​13570
• Dependencies are resolved from appropriate repositories #​13582
• requestMatchers servlet validation error should include information about servlet paths #​13667
• requestMatchers should not count servlets without mappings #​13666

🪲 Bug Fixes

• Fix Bearer Token RestTemplate Support example #​13434
• Referrer Header is set in Reactive Web Applications by default, although doc says it is not. #​13561
• The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered #​13572

🔨 Dependency Upgrades

• Update io.projectreactor to 2020.0.35 #​13702
• Update org.aspectj to 1.9.20 #​13704
• Update org.springframework.data to 2021.2.15 #​13705
• Update reactor-netty to 1.0.35 #​13703

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​erichaagdev
• @​petrovskimario
• @​daniel-shuy

v5.8.5

Compare Source

⭐ New Features

• Improve RequestMatcher Validation #​13551
• Improve Security Filters Documentation #​8167

🪲 Bug Fixes

• Optimize Querying of RequestCache -> continue parameter #​13438
• Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration #​13417
• Use default PathPatternParser instance #​13462

🔨 Dependency Upgrades

• Update io.projectreactor to 2020.0.34 #​13513
• Update org.springframework to 5.3.29 #​13515
• Update org.springframework.data to 2021.2.14 #​13516
• Update reactor-netty to 1.0.34 #​13514

v5.8.4

Compare Source

⭐ New Features

• Convert to Asciidoctor Tabs #​13405
• Mention that authorizeHttpRequests does not support GrantedAuthorityDefaults #​13227
• mockOAuth2Login() does not work in collaboration with Spring Cloud Gateway and TokenRelayGatewayFilter #​13252
• Use Antora name of security #​13329

🪲 Bug Fixes

• Additional filters registered when using Custom DSL #​13280
• AffirmativeBased vs. AuthorizationManagers.anyOf(...) documentation #​13069
• AuthorizationAnnotationUtils.findUniqueAnnotation broken for synthetic methods #​13132
• Clarify that Kotlin DSL needs an import #​13101
• Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository #​13191
• Fix Antora Warnings #​13292
• Fix code snippets in Authorize HttpServletRequest #​11522
• Fix constant value in XContentTypeOptionsServerHttpHeadersWriter #​13219
• Fix Documentation Title #​13316
• Fix legacy-websocket-configuration cross-reference #​12969
• Fix typo in authorization.adoc #​13135
• http://www.springframework.org/schema/security/spring-security.xsd returns 404 #​13207
• Links between migration docs are out of date #​12675
• Proxy Server section is not linked in nav #​13322
• RememberMeAuthenticationFilter does not use SecurityContextRepository configured in HttpSecurity #​13104
• SAML 2.0 HTTP Redirect Binding query params may appear in any order #​12963
• SAML login fails in Internet Explorer 11 #​13106
• Spring Security 6 combined with AspectJ weaving of spring-security-aspects executes PreAuthorize twice [#​13160]

---

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.