Sourced from org.springframework.security:spring-security-bom's releases.

6.5.4

:star: New Features

• Update servlet test method docs to use include-code #17749

:beetle: Bug Fixes

• Annonation Scanning Should Fallback to Object when Parameter Matching #17899
• Fix double-slash when basePath is root #17841
• Fix traceId discrepancy in case error in servlet web #17796
• Reference should advise avoiding post-authorization on writes #17798

:hammer: Dependency Upgrades

• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17893
• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17874
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17895
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17854
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17836
• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17894
• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17858
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17767
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17766
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17759
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #17853
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #17837
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #17896
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #17897
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17855
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17791
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17771
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17758
• Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17773

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​jkuhel and @​therepanic

• 1349a73 Release 6.5.4
• d0f93fa Merge branch '6.4.x' into 6.5.x
• e5694ac Fallback to Object When Determining Overridden Methods
• ad86ae0 Merge branch '6.4.x' into 6.5.x
• 9de0aad Allow patch version updates for nimbus-jose-jwt
• 7293fc0 Update to nimbus-jose-jwt:9.37.4
• f7b380e Merge branch '6.4.x' into 6.5.x
• 94ec064 Bump com.google.code.gson:gson from 2.13.1 to 2.13.2
• 8b924e9 Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11
• e8ace55 Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)