Skip to content

Update Maven major updates (major) #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
matthaeusheer wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update Maven major updates (major) #30

matthaeusheer wants to merge 1 commit into from

Conversation

@matthaeusheer
Copy link
Contributor

@matthaeusheer matthaeusheer commented Nov 24, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
org.slf4j:slf4j-api (source, changelog) compile major 1.7.36 -> 2.0.17
org.jetbrains:annotations compile major 20.1.0 -> 26.0.2-1
com.squareup.okhttp3:logging-interceptor (source) compile major 4.11.0 -> 5.3.2
com.squareup.okhttp3:okhttp (source) compile major 4.11.0 -> 5.3.2
org.springframework.security:spring-security-crypto (source) compile major 5.6.0 -> 7.0.0
org.springframework.boot:spring-boot-starter-actuator (source) compile major 2.7.4 -> 4.0.0
org.springframework.boot:spring-boot-starter-parent (source) parent major 2.7.4 -> 4.0.0

Release Notes

JetBrains/java-annotations (org.jetbrains:annotations)

v26.0.2-1

Compare Source

v26.0.2

Compare Source

v26.0.1

Compare Source

  • Fixed sources.jar build (regression after 25.0.0)

v26.0.0

Compare Source

  • Added new experimental annotation: @NotNullByDefault

v25.0.0

Compare Source

  • Added Kotlin Multiplatform artifact (multiplatform-annotations).
  • Removed Java 5 artifact.

v24.1.0

Compare Source

  • @CheckReturnValue is not experimental anymore.

v24.0.1

Compare Source

  • Added @Documented annotation where it would be useful.

v24.0.0

Compare Source

  • Added new annotation: @CheckReturnValue.

v23.1.0

Compare Source

  • Added new annotation: @ApiStatus.Obsolete.

v23.0.0

Compare Source

  • Added new annotations: @BlockingExecutor and @NonBlockingExecutor.

v22.0.0

Compare Source

  • Added new annotations: @Blocking and @NonBlocking.

v21.0.1

Compare Source

  • Multi-Release Jar: Manifest fixed

v21.0.0

Compare Source

  • Added new annotation: @UnknownNullability.
  • Proper JPMS module.
  • JdkConstants deprecated.
square/okhttp (com.squareup.okhttp3:logging-interceptor)

v5.3.2

2025-11-18

  • Fix: Don't delay triggering timeouts. In Okio 3.16.0 we introduced a regression that caused
    timeouts to fire later than they were supposed to.

  • Upgrade: [Okio 3.16.4][okio_3_16_4].

v5.3.1

2025-11-16

This release is the same as 5.3.0. Okio 3.16.3 didn't have a necessary fix!

  • Upgrade: [Okio 3.16.3][okio_3_16_3].

v5.3.0

2025-10-30

  • New: Add tags to Call, including computable tags. Use this to attach application-specific
    metadata to a Call in an EventListener or Interceptor. The tag can be read in any other
    EventListener or Interceptor.

      override fun intercept(chain: Interceptor.Chain): Response {
    chain.call().tag(MyAnalyticsTag::class) {
      MyAnalyticsTag(...)
    }

    return chain.proceed(chain.request())
  }

  • New: Support request bodies on HTTP/1.1 connection upgrades.

  • New: EventListener.plus() makes it easier to observe events in multiple listeners.

  • Fix: Don't spam logs with ‘Method isLoggable in android.util.Log not mocked.’ when using
    OkHttp in Robolectric and Paparazzi tests.

  • Upgrade: [Kotlin 2.2.21][kotlin_2_2_21].

  • Upgrade: [Okio 3.16.2][okio_3_16_2].

  • Upgrade: [ZSTD-KMP 0.4.0][zstd_kmp_0_4_0]. This update fixes a bug that caused APKs to fail
    [16 KB ELF alignment checks][elf_alignment].

v5.2.3

2025-11-18

  • Fix: Don't delay triggering timeouts. In Okio 3.16.0 we introduced a regression that caused
    timeouts to fire later than they were supposed to.

  • Upgrade: [Okio 3.16.4][okio_3_16_4].

v5.2.2

2025-11-16

This release is the same as 5.3.0. Okio 3.16.3 didn't have a necessary fix!

  • Upgrade: [Okio 3.16.3][okio_3_16_3].

v5.2.1

2025-10-09

  • Fix: Don't crash when calling Socket.shutdownOutput() or shutdownInput() on an SSLSocket
    on Android API 21 through 23. This method throws an UnsupportedOperationException, so we now
    catch that and close the underlying stream instead.

  • Upgrade: [Okio 3.16.1][okio_3_16_1].

v5.2.0

2025-10-07

  • New: Support [HTTP 101] responses with Response.socket. This mechanism is only supported on
    HTTP/1.1. We also reimplemented our websocket client to use this new mechanism.

  • New: The okhttp-zstd module negotiates [Zstandard (zstd)][zstd] compression with servers that
    support it. It integrates a new (unstable) [ZSTD-KMP] library, also from Square. Enable it like
    this:

    val client = OkHttpClient.Builder()
  .addInterceptor(CompressionInterceptor(Zstd, Gzip))
  .build()

  • New: Support the QUERY HTTP method. You will need to set the Request.cacheUrlOverride
    property to cache calls made with this method. The RequestBody.sha256() may be helpful here;
    use it to compose a cache URL from the query body.

  • New: Publish events when calls must wait to execute. EventListener.dispatcherQueueStart()
    is invoked when a call starts waiting, and dispatcherQueueEnd() is invoked when it's done.

  • New: Request.toCurl() returns a copy-pasteable [curl] command consistent with Chrome’s and
    Firefox’s ‘copy as cURL’ features.

  • New: Support [JPMS]. We replaced our Automatic-Module-Name metadata with proper
    module-info.java files.

  • Fix: Recover gracefully when worker threads are interrupted. When we introduced fast fallback in
    OkHttp 5.0, we started using background threads while connecting. Sadly that code didn't handle
    interruptions well. This is now fixed.

  • Upgrade: [Kotlin 2.2.20][kotlin_2_2_20].

  • Upgrade: [Okio 3.16.0][okio_3_16_0].

v5.1.0

2025-07-07

  • New: Response.peekTrailers(). When we changed Response.trailers() to block instead of
    throwing in 5.0.0, we inadvertently removed the ability for callers to peek the trailers
    (by catching the IllegalStateException if they weren't available). This new API restores that
    capability.

  • Fix: Don't crash on trailers() if the response doesn't have a body. We broke [Retrofit] users
    who read the trailers on the raw() OkHttp response, after its body was decoded.

v5.0.0

2025-07-02

This is our first stable release of OkHttp since 2023. Here's the highlights if you're upgrading
from OkHttp 4.x:

OkHttp is now packaged as separate JVM and Android artifacts. This allows us to offer
platform-specific features and optimizations. If your build system handles [Gradle module metadata],
this change should be automatic.

MockWebServer has a new coordinate and package name. We didn’t like that our old artifact
depends on JUnit 4 so the new one doesn’t. It also has a better API built on immutable values. (We
intend to continue publishing the old okhttp3.mockwebserver artifact so there’s no urgency to
migrate.)

Coordinate Package Name Description
com.squareup.okhttp3:mockwebserver3:5.0.0 mockwebserver3 Core module. No JUnit dependency!
com.squareup.okhttp3:mockwebserver3-junit4:5.0.0 mockwebserver3.junit4 Optional JUnit 4 integration.
com.squareup.okhttp3:mockwebserver3-junit5:5.0.0 mockwebserver3.junit5 Optional JUnit 5 integration.
com.squareup.okhttp3:mockwebserver:5.0.0 okhttp3.mockwebserver Obsolete. Depends on JUnit 4.

OkHttp now supports Happy Eyeballs ([RFC 8305][rfc_8305]) for IPv4+IPv6 networks. It attempts
both IPv6 and IPv4 connections concurrently, keeping whichever connects first.

We’ve improved our Kotlin APIs. You can skip the builder:

val request = Request(
  url = "https://cash.app/".toHttpUrl(),
)

OkHttp now supports [GraalVM].

Here’s what has changed since 5.0.0-alpha.17:

  • Upgrade: [Okio 3.15.0][okio_3_15_0].
  • Upgrade: [Kotlin 2.2.0][kotlin_2_2_0].
  • Fix: Don't crash with a NoSuchMethodError when using OkHttp with the Sentry SDK.
  • Fix: Retain the query data in the old okhttp3.mockwebserver.RecordedRequest.path property. We
    inadvertently changed this behavior when we introduced the mockwebserver3 API.
spring-projects/spring-security (org.springframework.security:spring-security-crypto)

v7.0.0

Compare Source

⭐ New Features

  • Add a minimal authorization server configuration #​18153
  • Mark GrantedAuthority#getAuthority as @Nullable #​18014
  • Polish SimpleGrantedAuthority #​18062

🪲 Bug Fixes

  • Correct the org.springframework.security.config.annotation.web.LogoutDsl's property description #​18026
  • Fix webauthn multifactor authentication #​18163

🔨 Dependency Upgrades

  • Bump org.jetbrains.kotlin:kotlin-bom from 2.2.20 to 2.2.21 #​18099
  • Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 2.2.20 to 2.2.21 #​18100
  • Bump tools.jackson:jackson-bom from 3.0.0 to 3.0.1 #​18097
  • Update to Reactor 2025.0.0 #​18173
  • Update to Spring Data 2025.1.0 #​18174
  • Update to Spring Framework 7.0.0 #​18172
  • Update to Spring LDAP 4.0.0 #​18175

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kehrlann, @​SimonVonXCVII, @​quaff, and @​therepanic

v6.5.7

Compare Source

⭐ New Features

  • Add Include-Code for the Password Storage page #​18054
  • Default WebAuthnConfigurer#rpName to rpId #​18131
  • Document effects of disabling CORS #​18129

🪲 Bug Fixes

  • typ values should not be case-sensitive in JwtTypeValidator #​18101
  • BCryptPasswordEncoderTests should password limit of 72 bytes #​18136
  • Fix GenerateOneTimeTokenRequestResolver ignored if username param not present #​18074
  • GenerateOneTimeTokenFilter should not attempt to generate a token with a null token request #​18088

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #​18110
  • Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #​18149
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #​18141
  • Bump org-aspectj from 1.9.24 to 1.9.25 #​18142
  • Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #​18111
  • Update to Reactor 2024.0.12 #​18181
  • Update to Spring Data 2024.1.12 #​18182
  • Update to Spring Framework 6.2.13 #​18180

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​himanshu-pareek, @​marcusdacoregio, and @​namest504

v6.5.6

Compare Source

🔨 Dependency Upgrades

  • Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 #​18082
  • Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17930
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17929
  • Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 #​18045
  • Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 #​17950
  • Bump org.gretty:gretty from 4.1.7 to 4.1.10 #​17945
  • Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final #​18039
  • Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 #​18083
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 #​18067
  • Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #​18068

v6.5.5

Compare Source

🔨 Dependency Upgrades

  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17922
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17911
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17923
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17910
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17924
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17913
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17925
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17912
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17926
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17914

v6.5.4

Compare Source

⭐ New Features

  • Update servlet test method docs to use include-code #​17749

🪲 Bug Fixes

  • Annonation Scanning Should Fallback to Object when Parameter Matching #​17899
  • Fix double-slash when basePath is root #​17841
  • Fix traceId discrepancy in case error in servlet web #​17796
  • Reference should advise avoiding post-authorization on writes #​17798

🔨 Dependency Upgrades

  • Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17893
  • Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17874
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17895
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17854
  • Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17836
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17894
  • Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17858
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17767
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17766
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17759
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #​17853
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #​17837
  • Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17896
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17897
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17855
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17791
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17771
  • Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17758
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #​17773

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​jkuhel and @​therepanic

v6.5.3

Compare Source

⭐ New Features

  • Add META-INF/LICENSE.txt to published jars #​17639
  • Update Angular documentation links in csrf.adoc #​17653
  • Update Shibboleth Repository URL #​17637
  • Use 2004-present Copyright #​17634

🪲 Bug Fixes

  • Add Missing Navigation in Preparing for 7.0 Guide #​17731
  • DPoP authentication throws JwtDecoderFactory ClassNotFoundException #​17249
  • OpenSamlAssertingPartyDetails Should Be Serializable #​17727
  • Use final values in equals and hashCode #​17621

🔨 Dependency Upgrades

  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17739
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17690
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17684
  • Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17661
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #​17615
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #​17599
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17737
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17701
  • Bump io.mockk:mockk from 1.14.4 to 1.14.5 #​17614
  • Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #​17647
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #​17733
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #​17711
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #​17612
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #​17598
  • Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #​17742
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17613
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17595
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17760
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17692
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17683
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17671
  • Bump org.gretty:gretty from 4.1.6 to 4.1.7 #​17616
  • Bump org.gretty:gretty from 4.1.6 to 4.1.7 #​17597
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final #​17646
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final #​17660
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #​17694
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #​17685
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2 #​17650
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #​17645
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #​17757
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #​17651
  • Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #​17596
  • Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #​17735

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​codingtim

v6.5.2

Compare Source

🪲 Bug Fixes

  • <websocket-message-broker> should pick up a bean named csrfChannelInterceptor #​17495
  • Add 7.0 Migration Steps for Messaging PathPattern Usage #​17509
  • EnableReactiveMethodSecurity should not import Servlet configuration #​17545
  • Fix equals and hashCode in PathPatternRequestMatcher to include HTTP method #​17337
  • Fix securityContextRepository() initialization in oauth2Login() DSL #​17557
  • OAuth2Login DSL should support post-processing AuthenticationProvider implementations #​17176
  • Websocket XML config should pick up PathPatternMessageMatcher.Builder #​17508

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​fkowal and @​therepanic

v6.5.1

Compare Source

⭐ New Features

  • Create demonstration of include-code usage #​17161
  • Setup include-code extension for docs #​17160

🪲 Bug Fixes

  • ClearSiteDataHeaderWriter log is misleading #​17166
  • Fix to allow multiple AuthenticationFilter instances to process each request #​17216
  • Inconsistent constructor declaration on bean with name '_reactiveMethodSecurityConfiguration' #​17210
  • OAuth2ResourceServer using authenticationManagerResolver results in tokenAuthenticationManager cannot be null while startup #​17172
  • Publishing a default TargetVisitor should not override Spring MVC support #​17189
  • Use HttpStatus in back-channel logout filters #​17157

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #​17233
  • Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE #​17192
  • Bump io-spring-javaformat from 0.0.43 to 0.0.45 #​17152
  • Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #​17220
  • Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #​17232
  • Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #​17204
  • Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #​17214
  • Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #​17184
  • Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #​17256
  • Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #​17257
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #​17239
  • Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #​17238

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​evgeniycheban

v6.5.0

Compare Source

⭐ New Features

  • Add documentation for DPoP support #​17072
  • Add logging to CsrfTokenRequestHandler implementations #​16994
  • Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter #​16806
  • Bump Gradle Wrapper from 8.13 to 8.14 #​17018
  • ClientRegistrations.fromIssuerLocation does not include failure information #​17015
  • Fix Typo In SubjectDnX509PrincipalExtractorTests #​16997
  • Implement internal cache in JtiClaimValidator #​17107
  • Polish javadoc #​16924
  • Remove unused classes #​16935
  • Replace NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in Documentation #​16962
  • RequestHeaderAuthenticationFilter creates a session even if not configured to do so #​17147

🪲 Bug Fixes

  • Add FunctionalInterface To X509PrincipalExtractor #​16952
  • Change NonNull import from reactor to spring #​16571
  • Fix DPoP jkt claim to be JWK SHA-256 thumbprint #​17080
  • Minor error in the Handling Logouts documentation #​17049
  • SecurityAnnotationScanner's method comparison should use .equals #​17145
  • Use proper configuration key in Opaque Token documentation #​17014

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #​17069
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 #​16995
  • Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 #​16990
  • Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to 0.29.1.RELEASE #​17024
  • Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to 0.29.2.RELEASE #​17095
  • Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #​17096
  • Bump io.mockk:mockk from 1.14.0 to 1.14.2 #​17019
  • Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #​17111
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #​17040
  • Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #​17088
  • Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #​16761
  • Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #​17089
  • Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #​17105
  • Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 #​17037
  • Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #​16981
  • Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 #​17137
  • Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #​17124

🔩 Build Updates

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dkowis, @​franticticktick, @​hammadirshad, @​jearton, @​ngocnhan-tran1996, @​quaff, and @​yybmion

v6.4.13

Compare Source

⭐ New Features

  • Default WebAuthnConfigurer#rpName to rpId #​18115
  • Document effects of disabling CORS #​18117

🪲 Bug Fixes

  • BCryptPasswordEncoderTests should password limit of 72 bytes #​18133

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #​18108
  • Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #​18148
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #​18140
  • Bump org-aspectj from 1.9.24 to 1.9.25 #​18139
  • Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #​18109
  • Update Spring Data 2024.1.12 #​18179
  • Update to Reactor 2024.0.12 #​18178
  • Update to Spring Framework 6.2.13 #​18177

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kehrlann

v6.4.12

Compare Source

🔨 Dependency Upgrades

  • Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 #​18080
  • Bump com.webauthn4j:webauthn4j-core from 0.29.6.RELEASE to 0.29.7.RELEASE #​17985
  • Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 #​18044
  • Bump io.mockk:mockk from 1.14.5 to 1.14.6 #​17984
  • Bump org.gretty:gretty from 4.1.7 to 4.1.10 #​17944
  • Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final #​18038
  • Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 #​18081
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 #​18065
  • Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #​18066

v6.4.11

Compare Source

🔨 Dependency Upgrades

  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #​17921
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #​17909
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17918
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17905
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #​17917
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #​17907
  • Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #​17919
  • Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #​17906
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17920
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17908

v6.4.10

Compare Source

🪲 Bug Fixes

  • Annonation Scanning Should Fallback to Object when Parameter Matching #​17898
  • Fix traceId discrepancy in case error in servlet web #​17134
  • Reference should advise avoiding post-authorization on writes #​17797
  • Remove MockWebServer from JwtIssuerAuthenticationManagerResolverTests #​17869

🔨 Dependency Upgrades

  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17792
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17778
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17769
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #​17892
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #​17857
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17777
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17768
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17755
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final #​17851
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final #​17835
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #​17890
  • Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #​17891
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17889
  • Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17877
  • Update to nimbus-jose-jwt:9.37.4 #​17875

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​nkonev

v6.4.9

Compare Source

⭐ New Features

  • Add META-INF/LICENSE.txt to published jars #​17638
  • Update Angular documentation links in csrf.adoc #​17652
  • Update Shibboleth Repository URL #​17636
  • Use 2004-present Copyright #​17633

🪲 Bug Fixes

  • OpenSamlAssertingPartyDetails Should Be Serializable #​17622

🔨 Dependency Upgrades

  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #​17611
  • Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #​17604
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17756
  • Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17699
  • Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #​17643
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #​17741
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #​17717
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #​17609
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #​17603
  • Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #​17736
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17607
  • Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17602
  • Bump org.gretty:gretty from 4.1.6 to 4.1.7 #​17641
  • Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final #​17630
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final #​17659
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #​17695
  • Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #​17680
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #​17696
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #​17682
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #​17642
  • Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 [#​17600](https://redirect.github.com/spri

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@matthaeusheer matthaeusheer force-pushed the renovate/major-maven-major branch from a1b4d3a to fb6bab7 Compare November 24, 2025 23:01
@matthaeusheer matthaeusheer force-pushed the renovate/major-maven-major branch from fb6bab7 to 65d06d3 Compare November 25, 2025 23:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@matthaeusheer @renovate-bot