Skip to content

Bump the backend-prod group across 2 directories with 5 updates#486

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/backend-prod-09f907275f
Open

Bump the backend-prod group across 2 directories with 5 updates#486
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/backend-prod-09f907275f

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 4, 2026
edited
Loading

Bumps the backend-prod group with 5 updates in the / directory:

Package From To
org.springframework.boot:spring-boot-starter-parent 3.5.9 3.5.10
software.amazon.awssdk:s3 2.41.19 2.41.21
org.springframework.security:spring-security-config 6.5.6 6.5.7
org.springframework.security:spring-security-core 6.5.6 6.5.7
org.springframework.security:spring-security-crypto 6.5.6 6.5.7

Bumps the backend-prod group with 5 updates in the /server directory:

Package From To
org.springframework.boot:spring-boot-starter-parent 3.5.9 3.5.10
software.amazon.awssdk:s3 2.41.19 2.41.21
org.springframework.security:spring-security-config 6.5.6 6.5.7
org.springframework.security:spring-security-core 6.5.6 6.5.7
org.springframework.security:spring-security-crypto 6.5.6 6.5.7

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.9 to 3.5.10

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.10

🐞 Bug Fixes

  • Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present #48836
  • When a bean condition references a type that is not present, it appears as ? in the condition evaluation report #48835
  • Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) #48810
  • DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image #48702
  • Application JAR created by extract command is not reproductible #48664
  • AOT processing of tests should not be disabled when 'skipTests' is set #48661
  • Fix zero-length byte buffer in InspectedContent #48649

📔 Documentation

  • Update documentation for Buildpack's AOT Cache support #48768
  • Document support for configuring arguments passed to Docker Compose #48657
  • Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file #48634
  • Fix grammar and typos in the reference guide #48596

🔨 Dependency Upgrades

  • Upgrade to Classmate 1.7.3 #48775
  • Upgrade to Hibernate 6.6.41.Final #48881
  • Upgrade to HttpClient5 5.5.2 #48777
  • Upgrade to Logback 1.5.25 #48882
  • Upgrade to Micrometer 1.15.8 #48705
  • Upgrade to Micrometer Tracing 1.5.8 #48706
  • Upgrade to Pooled JMS 3.1.9 #48779
  • Upgrade to Postgresql 42.7.9 #48883
  • Upgrade to R2DBC MSSQL 1.0.4.RELEASE #48847
  • Upgrade to Reactor Bom 2024.0.14 #48707
  • Upgrade to REST Assured 5.5.7 #48884
  • Upgrade to Spring AMQP 3.2.9 #48909
  • Upgrade to Spring Data Bom 2025.0.8 #48708
  • Upgrade to Spring Integration 6.5.6 #48921
  • Upgrade to Spring Kafka 3.3.12 #48709
  • Upgrade to Spring Pulsar 1.2.14 #48710
  • Upgrade to Undertow 2.3.22.Final #48848
  • Upgrade to WebJars Locator Lite 1.1.3 #48780

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GaoSSR, @​izeye, and @​ngocnhan-tran1996

Commits
  • 1b4e78f Release v3.5.10
  • 650236d Remove breaking and unnecessary Undertow TLS with RSA test
  • 877d59b Upgrade to Spring Kafka 3.3.12
  • ce650b1 Upgrade to Spring Integration 6.5.6
  • 30b5b73 Upgrade to Develocity Conventions 0.0.25
  • 413ec6c Upgrade to Spring Pulsar 1.2.14
  • 3f86432 Upgrade to Spring AMQP 3.2.9
  • 2fa3aaa Merge pull request #48902 from dependabot[bot]
  • 37e0cbc Polish "Bump jfrog/setup-jfrog-cli from 4.8.1 to 4.9.1"
  • ad51def Bump jfrog/setup-jfrog-cli from 4.8.1 to 4.9.1
  • Additional commits viewable in compare view

Updates software.amazon.awssdk:s3 from 2.41.19 to 2.41.21

Updates org.springframework.security:spring-security-config from 6.5.6 to 6.5.7

Release notes

Sourced from org.springframework.security:spring-security-config's releases.

6.5.7

⭐ New Features

  • Add Include-Code for the Password Storage page #18054
  • Default WebAuthnConfigurer#rpName to rpId #18131
  • Document effects of disabling CORS #18129

🪲 Bug Fixes

  • typ values should not be case-sensitive in JwtTypeValidator #18101
  • BCryptPasswordEncoderTests should password limit of 72 bytes #18136
  • Fix GenerateOneTimeTokenRequestResolver ignored if username param not present #18074
  • GenerateOneTimeTokenFilter should not attempt to generate a token with a null token request #18088

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #18110
  • Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #18149
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #18141
  • Bump org-aspectj from 1.9.24 to 1.9.25 #18142
  • Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #18111
  • Update to Reactor 2024.0.12 #18181
  • Update to Spring Data 2024.1.12 #18182
  • Update to Spring Framework 6.2.13 #18180

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​himanshu-pareek, @​marcusdacoregio, and @​namest504

Commits
  • e5a379c Release 6.5.7
  • 7ad2877 Update to Spring Data 2024.1.12
  • 2678925 Update to Reactor 2024.0.12
  • 87472c9 Update to Spring Framework 6.2.13
  • ea03670 Merge branch '6.4.x' into 6.5.x
  • 0980531 Update Spring Data 2024.1.12
  • 4ab9338 Update to Reactor 2024.0.12
  • d2b1cb5 Update to Spring Framework 6.2.13
  • 7007618 Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5
  • 57c9b13 Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final
  • Additional commits viewable in compare view

Updates org.springframework.security:spring-security-core from 6.5.6 to 6.5.7

Release notes

Sourced from org.springframework.security:spring-security-core's releases.

6.5.7

⭐ New Features

  • Add Include-Code for the Password Storage page #18054
  • Default WebAuthnConfigurer#rpName to rpId #18131
  • Document effects of disabling CORS #18129

🪲 Bug Fixes

  • typ values should not be case-sensitive in JwtTypeValidator #18101
  • BCryptPasswordEncoderTests should password limit of 72 bytes #18136
  • Fix GenerateOneTimeTokenRequestResolver ignored if username param not present #18074
  • GenerateOneTimeTokenFilter should not attempt to generate a token with a null token request #18088

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #18110
  • Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #18149
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #18141
  • Bump org-aspectj from 1.9.24 to 1.9.25 #18142
  • Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #18111
  • Update to Reactor 2024.0.12 #18181
  • Update to Spring Data 2024.1.12 #18182
  • Update to Spring Framework 6.2.13 #18180

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​himanshu-pareek, @​marcusdacoregio, and @​namest504

Commits
  • e5a379c Release 6.5.7
  • 7ad2877 Update to Spring Data 2024.1.12
  • 2678925 Update to Reactor 2024.0.12
  • 87472c9 Update to Spring Framework 6.2.13
  • ea03670 Merge branch '6.4.x' into 6.5.x
  • 0980531 Update Spring Data 2024.1.12
  • 4ab9338 Update to Reactor 2024.0.12
  • d2b1cb5 Update to Spring Framework 6.2.13
  • 7007618 Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5
  • 57c9b13 Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final
  • Additional commits viewable in compare view

Updates org.springframework.security:spring-security-crypto from 6.5.6 to 6.5.7

Release notes

Sourced from org.springframework.security:spring-security-crypto's releases.

6.5.7

⭐ New Features

  • Add Include-Code for the Password Storage page #18054
  • Default WebAuthnConfigurer#rpName to rpId #18131
  • Document effects of disabling CORS #18129

🪲 Bug Fixes

  • typ values should not be case-sensitive in JwtTypeValidator #18101
  • BCryptPasswordEncoderTests should password limit of 72 bytes #18136
  • Fix GenerateOneTimeTokenRequestResolver ignored if username param not present #18074
  • GenerateOneTimeTokenFilter should not attempt to generate a token with a null token request #18088

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #18110
  • Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #18149
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #18141
  • Bump org-aspectj from 1.9.24 to 1.9.25 #18142
  • Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #18111
  • Update to Reactor 2024.0.12 #18181
  • Update to Spring Data 2024.1.12 #18182
  • Update to Spring Framework 6.2.13 #18180

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​himanshu-pareek, @​marcusdacoregio, and @​namest504

Commits
  • e5a379c Release 6.5.7
  • 7ad2877 Update to Spring Data 2024.1.12
  • 2678925 Update to Reactor 2024.0.12
  • 87472c9 Update to Spring Framework 6.2.13
  • ea03670 Merge branch '6.4.x' into 6.5.x
  • 0980531 Update Spring Data 2024.1.12
  • 4ab9338 Update to Reactor 2024.0.12
  • d2b1cb5 Update to Spring Framework 6.2.13
  • 7007618 Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5
  • 57c9b13 Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final
  • Additional commits viewable in compare view

Updates software.amazon.awssdk:s3 from 2.41.19 to 2.41.21

Updates org.springframework.security:spring-security-config from 6.5.6 to 6.5.7

Release notes

Sourced from org.springframework.security:spring-security-config's releases.

6.5.7

⭐ New Features

  • Add Include-Code for the Password Storage page #18054
  • Default WebAuthnConfigurer#rpName to rpId #18131
  • Document effects of disabling CORS #18129

🪲 Bug Fixes

  • typ values should not be case-sensitive in JwtTypeValidator #18101
  • BCryptPasswordEncoderTests should password limit of 72 bytes #18136
  • Fix GenerateOneTimeTokenRequestResolver ignored if username param not present #18074
  • GenerateOneTimeTokenFilter should not attempt to generate a token with a null token request #18088

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #18110
  • Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #18149
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #18141
  • Bump org-aspectj from 1.9.24 to 1.9.25 #18142
  • Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #18111
  • Update to Reactor 2024.0.12 #18181
  • Update to Spring Data 2024.1.12 #18182
  • Update to Spring Framework 6.2.13 #18180

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​himanshu-pareek, @​marcusdacoregio, and @​namest504

Commits
  • e5a379c Release 6.5.7
  • 7ad2877 Update to Spring Data 2024.1.12
  • 2678925 Update to Reactor 2024.0.12
  • 87472c9 Update to Spring Framework 6.2.13
  • ea03670 Merge branch '6.4.x' into 6.5.x
  • 0980531 Update Spring Data 2024.1.12
  • 4ab9338 Update to Reactor 2024.0.12
  • d2b1cb5 Update to Spring Framework 6.2.13
  • 7007618 Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5
  • 57c9b13 Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final
  • Additional commits viewable in compare view

Updates org.springframework.security:spring-security-core from 6.5.6 to 6.5.7

Release notes

Sourced from org.springframework.security:spring-security-core's releases.

6.5.7

⭐ New Features

  • Add Include-Code for the Password Storage page #18054
  • Default WebAuthnConfigurer#rpName to rpId #18131
  • Document effects of disabling CORS #18129

🪲 Bug Fixes

  • typ values should not be case-sensitive in JwtTypeValidator #18101
  • BCryptPasswordEncoderTests should password limit of 72 bytes #18136
  • Fix GenerateOneTimeTokenRequestResolver ignored if username param not present #18074
  • GenerateOneTimeTokenFilter should not attempt to generate a token with a null token request #18088

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #18110
  • Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #18149
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #18141
  • Bump org-aspectj from 1.9.24 to 1.9.25 #18142
  • Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #18111
  • Update to Reactor 2024.0.12 #18181
  • Update to Spring Data 2024.1.12 #18182
  • Update to Spring Framework 6.2.13 #18180

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​himanshu-pareek, @​marcusdacoregio, and @​namest504

Commits
  • e5a379c Release 6.5.7
  • 7ad2877 Update to Spring Data 2024.1.12
  • 2678925 Update to Reactor 2024.0.12
  • 87472c9 Update to Spring Framework 6.2.13
  • ea03670 Merge branch '6.4.x' into 6.5.x
  • 0980531 Update Spring Data 2024.1.12
  • 4ab9338 Update to Reactor 2024.0.12
  • d2b1cb5 Update to Spring Framework 6.2.13
  • 7007618 Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5
  • 57c9b13 Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final
  • Additional commits viewable in compare view

Updates org.springframework.security:spring-security-crypto from 6.5.6 to 6.5.7

Release notes

Sourced from org.springframework.security:spring-security-crypto's releases.

6.5.7

⭐ New Features

  • Add Include-Code for the Password Storage page #18054
  • Default WebAuthnConfigurer#rpName to rpId #18131
  • Document effects of disabling CORS #18129

🪲 Bug Fixes

  • typ values should not be case-sensitive in JwtTypeValidator #18101
  • BCryptPasswordEncoderTests should password limit of 72 bytes #18136
  • Fix GenerateOneTimeTokenRequestResolver ignored if username param not present #18074
  • GenerateOneTimeTokenFilter should not attempt to generate a token with a null token request #18088

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #18110
  • Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #18149
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #18141
  • Bump org-aspectj from 1.9.24 to 1.9.25 #18142
  • Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #18111
  • Update to Reactor 2024.0.12 #18181
  • Update to Spring Data 2024.1.12 #18182
  • Update to Spring Framework 6.2.13 #18180

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​himanshu-pareek, @​marcusdacoregio, and @​namest504

Commits
  • e5a379c Release 6.5.7
  • 7ad2877 Update to Spring Data 2024.1.12
  • 2678925 Update to Reactor 2024.0.12
  • 87472c9 Update to Spring Framework 6.2.13
  • ea03670 Merge branch '6.4.x' into 6.5.x
  • 0980531 Update Spring Data 2024.1.12
  • 4ab9338 Update to Reactor 2024.0.12
  • d2b1cb5 Update to Spring Framework 6.2.13
  • 7007618 Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5
  • 57c9b13 Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final
  • Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.9 to 3.5.10

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.10

🐞 Bug Fixes

  • Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present #48836
  • When a bean condition references a type that is not present, it appears as ? in the condition evaluation report #48835
  • Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) #48810
  • DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image #48702
  • Application JAR created by extract command is not reproductible #48664
  • AOT processing of tests should not be disabled when 'skipTests' is set #48661
  • Fix zero-length byte buffer in InspectedContent #48649

📔 Documentation

  • Update documentation for Buildpack's AOT Cache support #48768
  • Document support for configuring arguments passed to Docker Compose #48657
  • Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file #48634
  • Fix grammar and typos in the reference guide #48596

🔨 Dependency Upgrades

  • Upgrade to Classmate 1.7.3 #48775
  • Upgrade to Hibernate 6.6.41.Final #48881
  • Upgrade to HttpClient5 5.5.2 #48777
  • Upgrade to Logback 1.5.25 #48882
  • Upgrade to Micrometer 1.15.8 #48705
  • Upgrade to Micrometer Tracing 1.5.8 #48706
  • Upgrade to Pooled JMS 3.1.9 #48779
  • Upgrade to Postgresql 42.7.9 #48883
  • Upgrade to R2DBC MSSQL 1.0.4.RELEASE #48847
  • Upgrade to Reactor Bom 2024.0.14 #48707
  • Upgrade to REST Assured 5.5.7 #48884
  • Upgrade to Spring AMQP 3.2.9 #48909
  • Upgrade to Spring Data Bom 2025.0.8 #48708
  • Upgrade to Spring Integration 6.5.6 #48921
  • Upgrade to Spring Kafka 3.3.12 #48709
  • Upgrade to Spring Pulsar 1.2.14 #48710
  • Upgrade to Undertow 2.3.22.Final #48848
  • Upgrade to WebJars Locator Lite 1.1.3 #48780

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GaoSSR, @​izeye, and @​ngocnhan-tran1996

Commits
  • 1b4e78f Release v3.5.10
  • 650236d Remove breaking and unnecessary Undertow TLS with RSA test
  • 877d59b Upgrade to Spring Kafka 3.3.12
  • ce650b1 Upgrade to Spring Integration 6.5.6
  • 30b5b73 Upgrade to Develocity Conventions 0.0.25
  • 413ec6c Upgrade to Spring Pulsar 1.2.14
  • 3f86432 Upgrade to Spring AMQP 3.2.9
  • 2fa3aaa Merge pull request #48902 from dependabot[bot]
  • 37e0cbc Polish "Bump jfrog/setup-jfrog-cli from 4.8.1 to 4.9.1"
  • ad51def Bump jfrog/setup-jfrog-cli from 4.8.1 to 4.9.1
  • Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.9 to 3.5.10

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.10

🐞 Bug Fixes

  • Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present #48836
  • When a bean condition references a type that is not present, it appears as ? in the condition evaluation report #48835
  • Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) #48810
  • DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image #48702
  • Application JAR created by extract command is not reproductible #48664
  • AOT processing of tests should not be disabled when 'skipTests' is set #48661
  • Fix zero-length byte buffer in InspectedContent #48649

📔 Documentation

  • Update documentation for Buildpack's AOT Cache support #48768
  • Document support for configuring arguments passed to Docker Compose #48657
  • Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file #48634
  • Fix grammar and typos in the reference guide #48596

🔨 Dependency Upgrades

  • Upgrade to Classmate 1.7.3 #48775
  • Upgrade to Hibernate 6.6.41.Final #48881
  • Upgrade to HttpClient5 5.5.2 #48777
  • Upgrade to Logback 1.5.25 #48882
  • Upgrade to Micrometer 1.15.8 #48705
  • Upgrade to Micrometer Tracing 1.5.8 #48706
  • Upgrade to Pooled JMS 3.1.9 #48779
  • Upgrade to Postgresql 42.7.9 #48883
  • Upgrade to R2DBC MSSQL 1.0.4.RELEASE #48847
  • Upgrade to Reactor Bom 2024.0.14 #48707
  • Upgrade to REST Assured 5.5.7 #48884
  • Upgrade to Spring AMQP 3.2.9 #48909
  • Upgrade to Spring Data Bom 2025.0.8 #48708
  • Upgrade to Spring Integration 6.5.6 #48921
  • Upgrade to Spring Kafka 3.3.12 #48709
  • Upgrade to Spring Pulsar 1.2.14 #48710
  • Upgrade to Undertow 2.3.22.Final #48848
  • Upgrade to WebJars Locator Lite 1.1.3 #48780

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GaoSSR, @​izeye, and @​ngocnhan-tran1996

Commits
  • 1b4e78f Release v3.5.10
  • 650236d Remove breaking and unnecessary Undertow TLS with RSA test
  • 877d59b Upgrade to Spring Kafka 3.3.12
  • ce650b1 Upgrade to Spring Integration 6.5.6
  • 30b5b73 Upgrade to Develocity Conventions 0.0.25
  • 413ec6c Upgrade to Spring Pulsar 1.2.14
  • 3f86432 Upgrade to Spring AMQP 3.2.9
  • 2fa3aaa Merge pull request #48902 from dependabot[bot]
  • 37e0cbc Polish "Bump jfrog/setup-jfrog-cli from 4.8.1 to 4.9.1"
  • ad51def Bump jfrog/setup-jfrog-cli from 4.8.1 to 4.9.1
  • Additional commits viewable in compare view

Updates software.amazon.awssdk:s3 from 2.41.19 to 2.41.21

Updates org.springframework.security:spring-security-config from 6.5.6 to 6.5.7

Release notes

Sourced from org.springframework.security:spring-security-config's releases.

6.5.7

⭐ New Features

  • Add Include-Code for the Password Storage page #18054
  • Default WebAuthnConfigurer#rpName to rpId #18131
  • Document effects of disabling CORS #18129

🪲 Bug Fixes

  • typ values should not be case-sensitive in JwtTypeValidator #18101
  • BCryptPasswordEncoderTests should password limit of 72 bytes #18136
  • Fix GenerateOneTimeTokenRequestResolver ignored if username param not present #18074
  • GenerateOneTimeTokenFilter should not attempt to generate a token with a null token request #18088

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #18110
  • Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #18149
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #18141
  • Bump org-aspectj from 1.9.24 to 1.9.25 #18142
  • Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #18111
  • Update to Reactor 2024.0.12 #18181
  • Update to Spring Data 2024.1.12 #18182
  • Update to Spring Framework 6.2.13 #18180

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​himanshu-pareek, @​marcusdacoregio, and @​namest504

Commits
  • e5a379c Release 6.5.7
  • 7ad2877 Update to Spring Data 2024.1.12
  • 2678925 Update to Reactor 2024.0.12
  • 87472c9 Update to Spring Framework 6.2.13
  • ea03670 Merge branch '6.4.x' into 6.5.x
  • 0980531 Update Spring Data 2024.1.12
  • 4ab9338 Update to Reactor 2024.0.12
  • d2b1cb5 Update to Spring Framework 6.2.13
  • 7007618 Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5
  • 57c9b13 Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final
  • Additional commits viewable in compare view

Updates org.springframework.security:spring-security-core from 6.5.6 to 6.5.7

Release notes

Sourced from org.springframework.security:spring-security-core's releases.

6.5.7

⭐ New Features

  • Add Include-Code for the Password Storage page #18054
  • Default WebAuthnConfigurer#rpName to rpId #18131
  • Document effects of disabling CORS #18129

🪲 Bug Fixes

  • typ values should not be case-sensitive in JwtTypeValidator #18101
  • BCryptPasswordEncoderTests should password limit of 72 bytes #18136
  • Fix GenerateOneTimeTokenRequestResolver ignored if username param not present #18074
  • GenerateOneTimeTokenFilter should not attempt to generate a token with a null token request #18088

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #18110
  • Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #18149
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #18141
  • Bump org-aspectj from 1.9.24 to 1.9.25 #18142
  • Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #18111
  • Update to Reactor 2024.0.12 #18181
  • Update to Spring Data 2024.1.12 #18182
  • Update to Spring Framework 6.2.13 #18180

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​himanshu-pareek, @​marcusdacoregio, and @​namest504

Commits
  • e5a379c Release 6.5.7
  • 7ad2877 Update to Spring Data 2024.1.12
  • 2678925 Update to Reactor 2024.0.12
  • 87472c9 Update to Spring Framework 6.2.13
  • ea03670 Merge branch '6.4.x' into 6.5.x
  • 0980531 Update Spring Data 2024.1.12
  • 4ab9338 Update to Reactor 2024.0.12
  • d2b1cb5 Update to Spring Framework 6.2.13
  • 7007618 Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5
  • 57c9b13 Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final
  • Additional commits viewable in compare view

Updates org.springframework.security:spring-security-crypto from 6.5.6 to 6.5.7

Release notes

Sourced from org.springframework.security:spring-security-crypto's releases.

6.5.7

⭐ New Features

  • Add Include-Code for the Password Storage page #18054
  • Default WebAuthnConfigurer#rpName to rpId #18131
  • Document effects of disabling CORS

@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Feb 4, 2026
@dependabot
Bump the backend-prod group across 2 directories with 5 updates
3fcbdc0 
Bumps the backend-prod group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) | `3.5.9` | `3.5.10` |
| software.amazon.awssdk:s3 | `2.41.19` | `2.41.21` |
| [org.springframework.security:spring-security-config](https://github.com/spring-projects/spring-security) | `6.5.6` | `6.5.7` |
| [org.springframework.security:spring-security-core](https://github.com/spring-projects/spring-security) | `6.5.6` | `6.5.7` |
| [org.springframework.security:spring-security-crypto](https://github.com/spring-projects/spring-security) | `6.5.6` | `6.5.7` |

Bumps the backend-prod group with 5 updates in the /server directory:

| Package | From | To |
| --- | --- | --- |
| [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) | `3.5.9` | `3.5.10` |
| software.amazon.awssdk:s3 | `2.41.19` | `2.41.21` |
| [org.springframework.security:spring-security-config](https://github.com/spring-projects/spring-security) | `6.5.6` | `6.5.7` |
| [org.springframework.security:spring-security-core](https://github.com/spring-projects/spring-security) | `6.5.6` | `6.5.7` |
| [org.springframework.security:spring-security-crypto](https://github.com/spring-projects/spring-security) | `6.5.6` | `6.5.7` |



Updates `org.springframework.boot:spring-boot-starter-parent` from 3.5.9 to 3.5.10
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.9...v3.5.10)

Updates `software.amazon.awssdk:s3` from 2.41.19 to 2.41.21

Updates `org.springframework.security:spring-security-config` from 6.5.6 to 6.5.7
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.5.6...6.5.7)

Updates `org.springframework.security:spring-security-core` from 6.5.6 to 6.5.7
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.5.6...6.5.7)

Updates `org.springframework.security:spring-security-crypto` from 6.5.6 to 6.5.7
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.5.6...6.5.7)

Updates `software.amazon.awssdk:s3` from 2.41.19 to 2.41.21

Updates `org.springframework.security:spring-security-config` from 6.5.6 to 6.5.7
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.5.6...6.5.7)

Updates `org.springframework.security:spring-security-core` from 6.5.6 to 6.5.7
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.5.6...6.5.7)

Updates `org.springframework.security:spring-security-crypto` from 6.5.6 to 6.5.7
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.5.6...6.5.7)

Updates `org.springframework.boot:spring-boot-starter-parent` from 3.5.9 to 3.5.10
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.9...v3.5.10)

Updates `org.springframework.boot:spring-boot-starter-parent` from 3.5.9 to 3.5.10
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.9...v3.5.10)

Updates `software.amazon.awssdk:s3` from 2.41.19 to 2.41.21

Updates `org.springframework.security:spring-security-config` from 6.5.6 to 6.5.7
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.5.6...6.5.7)

Updates `org.springframework.security:spring-security-core` from 6.5.6 to 6.5.7
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.5.6...6.5.7)

Updates `org.springframework.security:spring-security-crypto` from 6.5.6 to 6.5.7
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.5.6...6.5.7)

Updates `software.amazon.awssdk:s3` from 2.41.19 to 2.41.21

Updates `org.springframework.security:spring-security-config` from 6.5.6 to 6.5.7
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.5.6...6.5.7)

Updates `org.springframework.security:spring-security-core` from 6.5.6 to 6.5.7
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.5.6...6.5.7)

Updates `org.springframework.security:spring-security-crypto` from 6.5.6 to 6.5.7
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.5.6...6.5.7)

Updates `org.springframework.boot:spring-boot-starter-parent` from 3.5.9 to 3.5.10
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.9...v3.5.10)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-starter-parent
  dependency-version: 3.5.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: software.amazon.awssdk:s3
  dependency-version: 2.41.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: org.springframework.security:spring-security-config
  dependency-version: 6.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: org.springframework.security:spring-security-core
  dependency-version: 6.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: org.springframework.security:spring-security-crypto
  dependency-version: 6.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: software.amazon.awssdk:s3
  dependency-version: 2.41.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: org.springframework.security:spring-security-config
  dependency-version: 6.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: org.springframework.security:spring-security-core
  dependency-version: 6.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: org.springframework.security:spring-security-crypto
  dependency-version: 6.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: org.springframework.boot:spring-boot-starter-parent
  dependency-version: 3.5.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: org.springframework.boot:spring-boot-starter-parent
  dependency-version: 3.5.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: software.amazon.awssdk:s3
  dependency-version: 2.41.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: org.springframework.security:spring-security-config
  dependency-version: 6.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: org.springframework.security:spring-security-core
  dependency-version: 6.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: org.springframework.security:spring-security-crypto
  dependency-version: 6.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: software.amazon.awssdk:s3
  dependency-version: 2.41.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: org.springframework.security:spring-security-config
  dependency-version: 6.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: org.springframework.security:spring-security-core
  dependency-version: 6.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: org.springframework.security:spring-security-crypto
  dependency-version: 6.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
- dependency-name: org.springframework.boot:spring-boot-starter-parent
  dependency-version: 3.5.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-prod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/maven/backend-prod-09f907275f branch from 4a348f5 to 3fcbdc0 Compare February 5, 2026 11:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants