Update Spring All (major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework.retry:spring-retry	1.3.4 -> 2.0.11
org.springframework.security:spring-security-web (source)	5.8.14 -> 6.4.2
org.springframework.security:spring-security-config (source)	5.8.14 -> 6.4.2
org.springframework.security:spring-security-crypto (source)	5.8.14 -> 6.4.2
org.springframework.security:spring-security-core (source)	5.8.14 -> 6.4.2
org.springframework.cloud:spring-cloud-dependencies (source)	2021.0.9 -> 2024.0.0
org.springframework.boot	2.7.18 -> 3.4.2

---

Release Notes

spring-projects/spring-retry (org.springframework.retry:spring-retry)

v2.0.11

⭐ New Features

• Version in pom.xml contains "${revision}" #​474

🐞 Bug Fixes

• MetricsRetryListener problems #​477

📔 Documentation

• Documentation is no longer published #​476

v2.0.10

⭐ New Features

• Add default hashCode implementation to RetryConfiguration.AnnotationClassOrMethodPointcut #​472
• Apply a setter for the logger field of RetryTemplate so that it doesn't need to be injected via reflections #​470

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​NorsaG and @​dsyer

v2.0.9

Compare Source

⭐ New Features

• Populate MethodInvocation to RetryPolicy (via RetryContext) #​229
• Can't chose correct @Recover method #​188

🐞 Bug Fixes

• Support concurrent behavior on MetricsRetryListener #​467
• UniformRandomBackOffPolicy is throwing IllegalArgumentException on calling backOff when maxBackOffPeriod is less than minBackOffPeriod. #​464

v2.0.8

Compare Source

⭐ New Features

• Built-in support for Micrometer metrics publishing #​458
• Add @Nullable in RetryContext to easier detect possible NPE #​457

📔 Documentation

• Wrong value for JDK (1.7) needed for building the project #​460

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.0.23 #​462

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​szpak

v2.0.7

Compare Source

⭐ New Features

• Allow use of custom (binary) exception classifier in RestTemplateBuilder #​441

🔨 Dependency Upgrades

• Upgade to Spring Framework 6.0.22 #​449

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​marcingrzejszczak

v2.0.6

Compare Source

⭐ New Features

• No distinction in the logs between different retried methods #​422
• Rework Exception-wrapping #​82

🐞 Bug Fixes

• @Retryable annotation retrying with ExponentialBackOff instead of ExponentialRandomBackOff when randomExpression provided #​427
• fix: Null pointer error may occur #​421

📔 Documentation

• Wrong method recommended for build.gradle? #​423
• put GAV in docs #​418
• Improve Javadoc for setThrowLastExceptionOnExhausted of RetryTemplate #​137

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.0.20 #​435

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​aozeyu

v2.0.5

⭐ New Features

• Expose the number of max attempts to the retry context for all policies #​395
• classifiable's self class checked twice #​212
• Provide The Ability to Exclude Global RetryListeners #​211

🐞 Bug Fixes

• Unexpected exception type thrown instead of actual CHECKED exception when noRetryFor is used #​405
• NPE in CircuitBreaker, wrong null check #​403
• Retryable with exponential backoff not working with delayExpression #​397
• Restore the interrupted thread status in the provided backoff policies #​386

📔 Documentation

• Unable to define recover method where the method is returning a generic List #​402
• Fix incorrect return type of RetryListener's open method in README.md #​401
• ExponentialRandomBackOffPolicy not always random #​391

🔨 Dependency Upgrades

• Upgrade to AspectJ 1.9.20.1 #​406
• Upgrade to Spring Framework 6.0.15 #​408

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​hoonti06

v2.0.4

🐞 Bug Fixes

• maxAttemptsExpression is not evaluated when an exceptionExpression is set #​383

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.0.13 #​385

v2.0.3

⭐ New Features

• Investigate Adding Option To Avoid ThreadLocal in RetrySynchronizationManager #​374

🐞 Bug Fixes

• Throwable as first argument of explicit recover method should be optional #​371

📔 Documentation

• feat: ISSUE-228 random - document as Jitter #​376

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.0.12 #​381

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​liran2000 and @​quaff

v2.0.2

Compare Source

⭐ New Features

• Add support of Duration in RetryTemplateBuilder #​344
• Add constructor make timeout customisable #​343

🐞 Bug Fixes

• DelayExpression not working starting in 2.0.0 #​340

📔 Documentation

• Overhaul Javadoc of RestTemplateBuilder #​359

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.0.10 #​365

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​aahlenst and @​artembilan

v2.0.1

Compare Source

⭐ New Features

• Change default order for @EnableRetry #​335
• add notice and license to jar #​330
• Add default implementations to RetryListener #​326
• support custom RetryConfiguration.getOrder() via @EnableRetry like @EnableAsync #​22

🐞 Bug Fixes

• Backoff annotation 'delayExpression' attribute is not always applied #​332
• [code error] in org.springframework.retry.annotation.RecoverAnnotationRecoveryHandler#isParameterizedTypeAssignable #​328
• AnnotationTypeMapping warning when using @CircuitBreaker with Spring Framework 6 #​324
• AnnotationTypeMapping warning when using @EnableRetry with Spring Framework 6 #​322

📔 Documentation

• Added getting support links #​334

🔨 Dependency Upgrades

• Upgrade Spring Framework (6.0.7), aspectJ (1.9.19) #​336

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​esivakumar18, @​garyrussell, @​hpoettker, @​tobi5775, and @​xak2000

v2.0.0

Compare Source

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.0.0 #​321

spring-projects/spring-security (org.springframework.security:spring-security-web)

v6.4.2

Compare Source

⭐ New Features

• Add 6.4 Sample Serializations for Serializable classes #​16274
• Add @inheritDoc to sessionIdChanged method #​16216
• Fix typo in oauth2 resource server documentation #​16053
• Fixed confusing phrasing in the docs for a better clarity. #​16169
• Improve AuthorizationManager configuration error messages #​16194
• Polish #​16148
• Use Documentation Tags for Maven and Gradle in Getting Started #​16234
• Add WebDriver WebAuthn test #​15969

🪲 Bug Fixes

• Add Deprecated ObjectPostProcessor constructor #​16212
• Add RuntimeHints for webauthn Javascript resource #​16159
• Always return current ClientRegistration in loadAuthorizedClient #​16139
• Avoid requesting an unnecessary attestation statement when creating a webauthn credential #​16252
• CI is not using the correct secret for Develocity #​16263
• Dark mode rendering issue with images on CSRF and Method Security pages #​16176
• DefaultSaml2AuthenticatedPrincipal should define a serialVersionUID #​16163
• Delay initialization of AuthenticationProvider in Global Authentication #​16147
• Fix Documentation Typos #​16054
• Correct OAuth2ClientHttpRequestInterceptor Usage Documentation #​16172
• Fix Typo in 'What's New' Documentation #​16183
• Fix WebAuthnWebdriverTests #​16279
• Correct OpenSAML 5.x Documentation #​16195
• Issue when using @AuthenticationPrincipal on interfaces #​16177
• Mutate breaks functionality of StrictFirewallHttpHeaders with recently modified HttpHeaders#writabeHttpHeaders #​16261
• Remove duplicate cache in AuthenticationPrincipalArgumentResolverand CurrentSecurityContextArgumentResolver #​16202
• Resolve ObjectPostProcessor collisions between RSocket and WebFlux security configuration #​16161
• Restore @AuthenticationPrincipal/@CurrentSecurityContext Interface Support #​16245
• Restore Servlet 5 Compatiblity for CookieCsrfTokenRepository #​16220
• Spelling error in opensaml.adoc #​16146
• Update document regarding PublicKeyCredentialCreationOptions.attestation value #​16264
• Verification Options Should Return Saved Transports for Credentials #​16084

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.1 to 2.18.2 #​16184
• Bump com.webauthn4j:webauthn4j-core from 0.28.2.RELEASE to 0.28.3.RELEASE #​16203
• Bump io.micrometer:micrometer-observation from 1.14.1 to 1.14.2 #​16255
• Bump io.projectreactor:reactor-bom from 2023.0.12 to 2023.0.13 #​16256
• Bump org.gradle.wrapper-upgrade from 0.11.4 to 0.12 #​16209
• Bump org.gretty:gretty from 4.1.5 to 4.1.6 #​16247
• Bump org.hibernate.orm:hibernate-core from 6.6.2.Final to 6.6.3.Final #​16145
• Bump org.htmlunit:htmlunit from 4.6.0 to 4.7.0 #​16205
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.22 to 4.33.23 #​16180
• Bump org.seleniumhq.selenium:htmlunit3-driver from 4.26.0 to 4.27.0 #​16204
• Bump org.seleniumhq.selenium:selenium-java from 4.26.0 to 4.27.0 #​16167
• Bump org.springframework.data:spring-data-bom from 2024.1.0 to 2024.1.1 #​16290
• Bump org.springframework.ldap:spring-ldap-core from 3.2.8 to 3.2.10 #​16270
• Bump org.springframework:spring-framework-bom from 6.2.0 to 6.2.1 #​16271

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0 to 1.0.1 in /docs #​16239
• Bump antora from 3.2.0-alpha.6 to 3.2.0-alpha.8 in /docs #​16237
• Bump gradle/gradle-build-action from 2 to 3 #​16278
• Remove 5.8.x and 6.2.x dependabot configuration #​16268
• Remove 5.8.x from Auto Merge Forward Dependabot PRs #​15770

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​12OneTwo12, @​Kehrlann, @​MuhammadNFadhil, @​OrangeDog, @​Spikhalskiy, @​dependabot[bot], @​harpreets789, @​kse-music, @​martin-tarjanyi, @​ngocnhan-tran1996, and @​ynojima

v6.4.1

Compare Source

🪲 Bug Fixes

• Documentation images should render clearly in both light and dark mode #​16132
• Fix conflicting bean names between @EnableWebSecurity and @EnableWebSocketSecurity #​16113

🔩 Build Updates

• Update Antora UI Spring to v0.4.18 #​16112

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​github-actions[bot] and @​ngocnhan-tran1996

v6.4.0

Compare Source

⭐ New Features

• Add @FunctionalInterface to AuthorizationEventPublisher #​15934
• Add DefaultResourcesFilter.webauthn() #​15970
• Add deprecation notice for missing leading slashes #​16020
• Code Cleanup #​15996
• Document passkeys dependencies #​16107
• Factor out some common object mocking in tests #​15396
• Fix saml2 authentication guide docs #​16017
• Improve documentation about CredentialsContainer #​15554
• Improve Documentation on Adding a Custom Security Filter #​15893
• Improve Error Message for Conflicting Filter Chains #​15992
• Make it easier to determine where a filter chain has been defined #​15874
• OIDC logout not working for JPA/JDBC OAuth2AuthorizationService because DefaultSaml2AuthenticatedPrincipal does not implement equality #​15346
• Polish JdbcOneTimeTokenService #​15997
• relying-party-registration doesn't allow placeholders in xml #​14645
• Remove unnecessary parentheses and add static final field MockPortResolver#getServerPort #​15875
• Support ServerExchangeRejectedHandler @Bean #​16063

🪲 Bug Fixes

• An empty-string bearer token should result in an appropriate HTTP status code #​16037
• AuthorizeReturnObject AOT support should register proxied class as well #​16106
• Correct class name reference in WebFilterChainProxy JavaDoc #​16004
• Fix typo javadoc some classes #​16022
• Initialize OpenSAML in OpenSamlAssertingPartyMetadataRepository #​16055
• IpAddressMatcher null pointer exception #​16104
• OpenSamlAssertingPartyMetadataRepository should initialize OpenSAML #​16042
• Support ServerWebExchangeFirewall @Bean #​15999
• UniqueSecurityAnnotationScanner throws ConcurrentModificationException #​15906

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 #​16005
• Bump com.fasterxml.jackson:jackson-bom from 2.18.0 to 2.18.1 #​16007
• Bump com.webauthn4j:webauthn4j-core from 0.28.1.RELEASE to 0.28.2.RELEASE #​16122
• Bump io.freefair.gradle:aspectj-plugin from 8.10.2 to 8.11 #​16123
• Bump io.micrometer:micrometer-observation from 1.14.0 to 1.14.1 #​16121
• Bump io.projectreactor:reactor-bom from 2023.0.11 to 2023.0.12 #​16079
• Bump org-bouncycastle from 1.78.1 to 1.79 #​16010
• Bump org.hibernate.orm:hibernate-core from 6.6.1.Final to 6.6.2.Final #​16048
• Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #​16028
• Bump org.htmlunit:htmlunit from 4.5.0 to 4.6.0 #​16044
• Bump org.junit:junit-bom from 5.11.2 to 5.11.3 #​15968
• Bump org.seleniumhq.selenium:htmlunit3-driver from 4.25.0 to 4.26.0 #​16043
• Bump org.seleniumhq.selenium:selenium-java from 4.25.0 to 4.26.0 #​16018
• Bump org.springframework.data:spring-data-bom from 2024.0.5 to 2024.1.0 #​16124
• Bump org.springframework.ldap:spring-ldap-core from 3.2.7 to 3.2.8 #​16097
• Bump org.springframework:spring-framework-bom from 6.2.0-RC3 to 6.2.0 #​16096

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-beta.4 to 1.0.0-beta.5 in /docs #​16115
• Update Antora UI Spring to v0.4.17 #​15929

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Chu3laMan, @​Kehrlann, @​Limm-jk, @​dcolazin, @​dependabot[bot], @​franticticktick, @​github-actions[bot], @​gzhao9, @​ig-jinwoo, @​jzheaux, @​kse-music, @​ngocnhan-tran1996, and @​nomoreFt

v6.3.6

Compare Source

🪲 Bug Fixes

• Always return current ClientRegistration in loadAuthorizedClient #​16138
• CI is not using the correct secret for Develocity #​16262
• Dark mode rendering issue with images on CSRF and Method Security pages #​16175
• Delay initialization AuthenticationProvider in Global Authentication #​16050
• Do not eagerly construct UserDetailsService bean in Global Authentication #​16144
• Documentation images should render clearly in both light and dark mode #​16131
• Mutate breaks functionality of StrictFirewallHttpHeaders with recently modified HttpHeaders#writabeHttpHeaders #​16069
• OidcBackChannelLogoutWebFilter error response is not a correct JSON #​16229
• Restore Servlet 5 Compatiblity for CookieCsrfTokenRepository #​16219

🔨 Dependency Upgrades

• Bump io.projectreactor:reactor-bom from 2023.0.12 to 2023.0.13 #​16257
• Bump org.gretty:gretty from 4.1.5 to 4.1.6 #​16246
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.22 to 4.33.23 #​16179
• Bump org.springframework.data:spring-data-bom from 2024.0.6 to 2024.0.7 #​16289
• Bump org.springframework.ldap:spring-ldap-core from 3.2.8 to 3.2.10 #​16269
• Bump org.springframework:spring-framework-bom from 6.1.15 to 6.1.16 #​16272

🔩 Build Updates

• Bump antora from 3.2.0-alpha.6 to 3.2.0-alpha.8 in /docs #​16244
• Update Antora UI Spring to v0.4.18 #​16110

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dependabot[bot], @​github-actions[bot], and @​kse-music

v6.3.5

Compare Source

⭐ New Features

• Support ServerExchangeRejectedHandler @Bean #​16062
• Supporting logout+jwt for back-channel logout with spring-webflux #​15702

🪲 Bug Fixes

• Align DelegatingAuthenticationConverter Constructors #​15949
• An empty-string bearer token should result in an appropriate HTTP status code #​16036
• IpAddressMatcher null pointer exception #​15527
• RequestMatcherDelegatingAuthorizationManager should be post-processable #​15981
• Support ServerWebExchangeFirewall @Bean #​15991
• Unhandled exception in CookieRequestCache results in 500 Internal Server Error #​15986
• Update logout.adoc: Fix Customizing Logout Success Example #​15956

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 #​16006
• Bump com.fasterxml.jackson:jackson-bom from 2.17.2 to 2.17.3 #​16032
• Bump io.micrometer:micrometer-observation from 1.12.12 to 1.12.13 #​16126
• Bump io.projectreactor:reactor-bom from 2023.0.11 to 2023.0.12 #​16082
• Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #​16033
• Bump org.springframework.data:spring-data-bom from 2024.0.5 to 2024.0.6 #​16125
• Bump org.springframework.ldap:spring-ldap-core from 3.2.7 to 3.2.8 #​16102
• Bump org.springframework:spring-framework-bom from 6.1.14 to 6.1.15 #​16101

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-beta.4 to 1.0.0-beta.5 in /docs #​16117
• Update Antora UI Spring to v0.4.17 #​15930

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​asimuleo, @​dependabot[bot], @​github-actions[bot], and @​kse-music

v6.3.4

Compare Source

🪲 Bug Fixes

• Annotation expression template processing should not fail on Class parameter types #​15711
• Disabling credentials erasure on custom AuthenticationManager is not working #​15808
• Documentation inconsistency in AuthorizationManager's verify method return type #​15822
• Methods annotated with @PostFilter are processed twice by PostFilterAuthorizationMethodInterceptor #​15676
• OidcBackChannelLogoutTokenValidator should not construct when missing OIDC Provider Issuer #​15868
• SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #​15767
• The additionalParameters array parameter of OAuth2AuthorizationRequest causes the authorizationRequestUri to be incorrect #​15829

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.10 to 1.5.11 #​15926
• Bump io.micrometer:micrometer-observation from 1.12.10 to 1.12.11 #​15917
• Bump io.mockk:mockk from 1.13.12 to 1.13.13 #​15897
• Bump io.projectreactor:reactor-bom from 2023.0.10 to 2023.0.11 #​15925
• Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.1 to 3.0.2 #​15694
• Bump org-eclipse-jetty from 11.0.23 to 11.0.24 #​15731
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.21 to 4.33.22 #​15761
• Bump org.junit:junit-bom from 5.10.4 to 5.10.5 #​15883
• Bump org.springframework.data:spring-data-bom from 2024.0.4 to 2024.0.5 #​15958
• Bump org.springframework.ldap:spring-ldap-core from 3.2.6 to 3.2.7 #​15944
• Bump org.springframework:spring-framework-bom from 6.1.13 to 6.1.14 #​15945

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-beta.2 to 1.0.0-beta.3 in /docs #​15907
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.13 to 1.0.0-alpha.14 in /docs #​15836
• Migrate slack notifications to GChat #​15668
• Release 6.3.4 #​15964
• Update eclipse/vscode configuration to use -parameters #​15681

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dependabot[bot] and @​kse-music

v6.3.3

Compare Source

🪲 Bug Fixes

• ObservationRegistry is never post-processed #​15658

🔨 Dependency Upgrades

• Bump org-eclipse-jetty from 11.0.22 to 11.0.23 #​15664

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dependabot[bot]

v6.3.2

Compare Source

⭐ New Features

• ActiveDirectoryLdapAuthenticationProvider does not implement support for multiple urls #​15495
• Document the role of CredentialsContainer #​15321
• OIDC Backchannel Logout should allow logout tokens having typ header of logout+jwt #​15410

🪲 Bug Fixes

• A broken link in Spring Security reference #​15297
• Documentation for ServletBearerExchangeFilterFunction incomplete or incorrect #​15460
• EnableMethodSecurity should publish only one bean of each AuthorizationAdvisor #​15592
• Fix Compromised Password Checker Docs Sample Not Working #​15305
• Fix for #​15172 introduces significant performance degredation #​15324
• Pre/PostAuthorize should not ignore HandleAuthorizationDenied#handlerClass when ApplicationContext is not provided #​15535
• Update prerequisites documentation with Java 17 #​15340
• Use Correct Meta-Annotation in Kotlin Sample #​15472
• Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' #​15440

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.6 to 1.5.7 #​15619
• Bump com.fasterxml.jackson:jackson-bom from 2.17.1 to 2.17.2 #​15374
• Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 #​15373
• Bump io.micrometer:micrometer-observation from 1.12.7 to 1.12.8 #​15383
• Bump io.micrometer:micrometer-observation from 1.12.8 to 1.12.9 #​15581
• Bump io.mockk:mockk from 1.13.11 to 1.13.12 #​15430
• Bump io.projectreactor:reactor-bom from 2023.0.7 to 2023.0.8 #​15388
• Bump io.projectreactor:reactor-bom from 2023.0.8 to 2023.0.9 #​15597
• Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.0 to 3.0.1 #​15582
• Bump org-apache-maven-resolver from 1.9.20 to 1.9.21 #​15372
• Bump org-apache-maven-resolver from 1.9.21 to 1.9.22 #​15545
• Bump org-eclipse-jetty from 11.0.21 to 11.0.22 #​15356
• Bump org.apache.maven:maven-resolver-provider from 3.9.7 to 3.9.8 #​15268
• Bump org.apache.maven:maven-resolver-provider from 3.9.8 to 3.9.9 #​15642
• Bump org.gretty:gretty from 4.1.4 to 4.1.5 #​15431
• Bump org.hibernate.orm:hibernate-core from 6.4.9.Final to 6.4.10.Final #​15530
• Bump org.jetbrains.kotlin:kotlin-bom from 1.9.24 to 1.9.25 #​15456
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.24 to 1.9.25 #​15455
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.19 to 4.33.20 #​15267
• Bump org.junit:junit-bom from 5.10.2 to 5.10.3 #​15315
• Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 #​15336
• Bump org.slf4j:slf4j-api from 2.0.13 to 2.0.14 #​15529
• Bump org.slf4j:slf4j-api from 2.0.14 to 2.0.15 #​15546
• Bump org.slf4j:slf4j-api from 2.0.15 to 2.0.16 #​15571
• Bump org.springframework.data:spring-data-bom from 2024.0.1 to 2024.0.2 #​15421
• Bump org.springframework.data:spring-data-bom from 2024.0.2 to 2024.0.3 #​15643
• Bump org.springframework.ldap:spring-ldap-core from 3.2.4 to 3.2.6 #​15620
• Bump org.springframework:spring-framework-bom from 6.1.10 to 6.1.11 #​15402
• Bump org.springframework:spring-framework-bom from 6.1.11 to 6.1.12 #​15613
• Bump org.springframework:spring-framework-bom from 6.1.9 to 6.1.10 #​15279

🔩 Build Updates

• Automate check of expected branch version #​15310
• Bump @antora/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs #​15449
• Bump @antora/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs #​15482
• Bump @antora/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs #​15560
• Bump @antora/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs #​15637
• Bump @springio/antora-extensions from 1.11.1 to 1.12.0 in /docs #​15418
• Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs #​15517
• Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs #​15561
• Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs #​15636
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs #​15419
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs #​15515
• Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs #​15329
• Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs #​15480
• Bump com.gradle.develocity from 3.17.5 to 3.17.6 #​15464
• Bump io-spring-javaformat from 0.0.42 to 0.0.43 #​15650
• Fix typos and formatting in documentation #​15380
• Migrate slack notifications to GChat #​15505
• Use explicit types instead of var #​15537

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kehrlann, @​dependabot[bot], and @​tahakorkem

v6.3.1

[Compare Source](https://redirect.github.com/spring-projects/spring-security/co

---

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

CCD diff report

No change

[github-actions]

CCD diff report

No change

[github-actions]

CCD diff report

No change

[github-actions]

CCD diff report

No change

[github-actions]

CCD diff report

No change

[github-actions]

CCD diff report

No change

[github-actions]

CCD diff report

No change

[github-actions]

CCD diff report

No change

[github-actions]

CCD diff report

No change

[github-actions]

CCD diff report

No change

[github-actions]

CCD diff report

No change

[github-actions]

CCD diff report

No change

[github-actions]

CCD diff report

No change

[github-actions]

CCD diff report

No change

[github-actions]

CCD diff report

No change

[github-actions]

CCD diff report

No change