6.5.1

⭐ New Features

• Create demonstration of include-code usage #17161
• Setup include-code extension for docs #17160

🪲 Bug Fixes

• ClearSiteDataHeaderWriter log is misleading #17166
• Fix to allow multiple AuthenticationFilter instances to process each request #17216
• Inconsistent constructor declaration on bean with name '_reactiveMethodSecurityConfiguration' #17210
• OAuth2ResourceServer using authenticationManagerResolver results in tokenAuthenticationManager cannot be null while startup #17172
• Publishing a default TargetVisitor should not override Spring MVC support #17189
• Use HttpStatus in back-channel logout filters #17157

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #17233
• Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE #17192
• Bump io-spring-javaformat from 0.0.43 to 0.0.45 #17152
• Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #17220
• Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #17232
• Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #17204
• Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #17214
• Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #17184
• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17256
• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17257
• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17239
• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17238

❤️ Contributors

Thank you to all the contributors who worked on this release:

@evgeniycheban

6.4.7

🪲 Bug Fixes

• ClearSiteDataHeaderWriter log is misleading #17165
• Fix inconsistent constructor declaration for ReactiveAuthorizationManagerMethodSecurityConfiguration #17197
• Fix to allow multiple AuthenticationFilter instances to process each request #17215
• Use HttpStatus in back-channel logout filters #17156

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #17229
• Bump io-spring-javaformat from 0.0.43 to 0.0.45 #17148
• Bump io-spring-javaformat from 0.0.45 to 0.0.46 #17199
• Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #17221
• Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #17230
• Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #17206
• Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #17212
• Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #17183
• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17253
• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17254
• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17237
• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17236

❤️ Contributors

Thank you to all the contributors who worked on this release:

@damable-nuvolex

6.3.10

⭐ New Features

• Add SAML 2.0 migration guide from Spring Security SAML Extension #17076
• Advise overriding equals() and hashCode() in UserDetails implementations #17141
• Bump Gradle Wrapper from 8.13 to 8.14 #16999

🪲 Bug Fixes

• Clear Site Data references non-existent constructor #16948
• ClearSiteDataHeaderWriter log is misleading #17126
• ClientRegistrations#fromIssuerLocation should not swallow 4xx exception messages #16993
• Correct method name in document #17044
• Fix IllegalArgumentException message for unknown Argon2 types #16971
• Fix to allow multiple AuthenticationFilter instances to process each request #17186
• Improve AbstractPreAuthenticatedProcessingFilter docs #16985
• Remove duplicate lines from X.509 documentation #17010
• StrictFirewallServerWebExchange should still protect when request is mutated #16978
• Update the docs to use assertingparty instead of identityprovider to close #12810 #17081
• Use HttpStatus in back-channel logout filters #17128
• Use proper configuration key in Opaque Token documentation #17005

🔨 Dependency Upgrades

• Bump io-spring-javaformat from 0.0.43 to 0.0.45 #17151
• Bump io-spring-javaformat from 0.0.45 to 0.0.46 #17198
• Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #17101
• Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #17231
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #17039
• Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #17085
• Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #17211
• Bump org.springframework.data:spring-data-bom from 2024.0.10 to 2024.0.11 #16982
• Bump org.springframework.data:spring-data-bom from 2024.0.11 to 2024.0.12 #17135
• Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13 #17255
• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17241
• Bump org.springframework:spring-framework-bom from 6.1.19 to 6.1.20 #17122
• Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21 #17240
• Update to io.spring.gradle:spring-security-release-plugin:1.0.5 #16975

🔩 Build Updates

• Release 6.3.10 #17140

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Gurunathan16, @danilopiazza, @evgeniycheban, @joaquinjsb, @m0rk4, @ngocnhan-tran1996, @quaff, @rntrp, @ronodhirSoumik, @snowykte0426, and @therepanic

6.5.0

⭐ New Features

• Add documentation for DPoP support #17072
• Add logging to CsrfTokenRequestHandler implementations #16994
• Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter #16806
• Bump Gradle Wrapper from 8.13 to 8.14 #17018
• ClientRegistrations.fromIssuerLocation does not include failure information #17015
• Fix Typo In SubjectDnX509PrincipalExtractorTests #16997
• Implement internal cache in JtiClaimValidator #17107
• Polish javadoc #16924
• Remove unused classes #16935
• Replace NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in Documentation #16962
• RequestHeaderAuthenticationFilter creates a session even if not configured to do so #17147

🪲 Bug Fixes

• Add FunctionalInterface To X509PrincipalExtractor #16952
• Change NonNull import from reactor to spring #16571
• Fix DPoP jkt claim to be JWK SHA-256 thumbprint #17080
• Minor error in the Handling Logouts documentation #17049
• SecurityAnnotationScanner's method comparison should use .equals #17145
• Use proper configuration key in Opaque Token documentation #17014

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #17069
• Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 #16995
• Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 #16990
• Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to 0.29.1.RELEASE #17024
• Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to 0.29.2.RELEASE #17095
• Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #17096
• Bump io.mockk:mockk from 1.14.0 to 1.14.2 #17019
• Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #17111
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #17040
• Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #17088
• Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #16761
• Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #17089
• Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #17105
• Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 #17037
• Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #16981
• Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 #17137
• Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #17124

🔩 Build Updates

• Release 6.5.0 #17138

❤️ Contributors

Thank you to all the contributors who worked on this release:

@dkowis, @franticticktick, @hammadirshad, @jearton, @ngocnhan-tran1996, @quaff, and @yybmion

6.4.6

⭐ New Features

• Bump Gradle Wrapper from 8.13 to 8.14 #17017
• ClientRegistrations.fromIssuerLocation does not include failure information #17016
• RequestHeaderAuthenticationFilter creates a session even if not configured to do so #17146

🪲 Bug Fixes

• Clear Site Data references non-existent constructor #17034
• Ensure Serializable Components Have Serialization Sample #17038
• Minor error in the Handling Logouts documentation #17048
• NPE in BaseOpenSamlAuthenticationProvider #17008
• SecurityAnnotationScanner's method comparison should use .equals #17143
• StrictFirewallServerWebExchange should still protect when request is mutated #17032
• Use proper configuration key in Opaque Token documentation #17013

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #17065
• Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #17094
• Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #17110
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #17042
• Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #17086
• Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #17087
• Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #17103
• Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #16983
• Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #17121

🔩 Build Updates

• Release Security 6.4.6 #17139

6.5.0-RC1

⭐ New Features

• Add AuthenticationEntryPoint for DPoP #16900
• Add DestinationPathPatternMessageMatcher #16635
• Add link to docs zip file to the reference #16800
• Add MatchResult to MessageMatcher #16766
• Add not null validation for UserDetailsChecker in AbstractUserDetailsAuthenticationProvider #16710
• Add RelayState-based Authentication Request Respository #14793
• Add request_uri in OAuth2ParameterNames #16947
• Add support for access token in body parameter as per rfc 6750 Sec. 2.2 #15819
• Add Support Postgres To JdbcUserCredentialRepository #16839
• Add support ResolvableTypeProvider to AuthorizationEvent #16762
• Add toString to IpAddressMatcher #16818
• Add XML support for HttpsRedirectFilter #16775
• Allow retrieving username from SAML Assertion Attributes #12136
• Deprecate ConfigAttribute #16774
• Deprecate SecurityConfig #16773
• Deprecate SecurityMetadataSource and implementations #16772
• Deprecate usages of PathMatcher in Web Socket support #16500
• Ensure ID Token is updated after refresh token #16589
• Explain behaviour with XMLHttpRequest on 401 response #16280
• Fix attribute name in http.adoc #16790
• Improve entity fetching from db #16727
• Include AuthenticationRequest in AuthenticationException #16505
• Jackson deserialization of ClientAuthenticationMethods should recognize all values #16826
• Make DPoP IatClaimValidator public to allow configuring clock and clockSkew #16921
• Method Security templates support use deep non-aliased attributes #16550
• OAuth2 Client Authentication section of docs uses deprecated classes #16925
• PathPatternRequestMatcher Include Optional Servlet Path in the pattern #16765
• Polish Pattern Matching Usage #16493
• Prepare oauth2-client deprecations for removal in Spring Security 7 #16913
• Prepare Request Matching for Spring Framework Changes #16417
• Prevent downgraded usage of DPoP-bound access tokens #16937
• Removed Unnecessary Code in Documentation #16739
• Replace dynamic error message with static "Access Denied" #16528
• Saml2WebSsoAuthenticationFilter should allow requests through when SAMLResponse is absent #16000
• Simplify Response Validation in OpenSaml5AuthenticationProvider #16915
• Support Customizing Set of OpenSAML Validators #15578
• Update HandlerMappingIntrospector Usage in Cache filter support #16536
• Update DeferredCsrfToken to implement Supplier #16905
• Update HandlerMappingIntrospector Usage in CORS support #16657
• Update HandlerMappingIntrospector Usage in CORS support #16501
• Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc #16789
• Update test object factories to Tests naming convention #16686
• Use SpringCacheBasedTicketCache in cas.adoc #16847
• Use Tests naming convention for WebAuthn test object factories #16865

  🪲 Bug Fixes

  • [Docs] Broken link on Spring MVC Test Integration page #16791
  • ServerBearerTokenAuthenticationConverter validates parameters when not enabled #16902
  • Annotation templates should pick up deep non-aliased attributes #16312
  • Clarify WebInvocationPrivilegeEvaluator JavaDoc #16788
  • Fix typo and inline code formatting in documentation #16717
  • Fix typo code tag #16740
  • Fix typos Open SAML 5 Javadoc referencing Open SAML 4 #16729
  • Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity #16821
  • PathPatternRequestMatcher should not fail when the RequestPath cache is empty #16796
  • Polish Documentation #16835
  • Polish javadoc #16908
  • RequestMatcherDelegatingWebInvocationPrivilegeEvaluator fails with PathPatternRequestMatcher #16771
  • Restore Migration and Preparation Steps #16873
  • Typo in Base64StringKeyGenerator exception message #16868
  • Update kotlin.adoc to add required spread operator(*) #16859
  • WebFlux reference links to Servlet docs #16792
  • XML config does not apply request-handler-ref to CsrfAuthenticationStrategy #16845

  🔨 Dependency Upgrades

  • Bump ch.qos.logback:logback-classic from 1.5.17 to 1.5.18 #16768
  • Bump com.google.code.gson:gson from 2.12.1 to 2.13.0 #16930
  • Bump com.webauthn4j:webauthn4j-core from 0.28.6.RELEASE to 0.29.0.RELEASE #16864
  • Bump Gradle Wrapper from 8.10.2 to 8.13 #16648
  • Bump io.freefair.gradle:aspectj-plugin from 8.13 to 8.13.1 #16823
  • Bump io.micrometer:context-propagation from 1.1.2 to 1.1.3 #16932
  • Bump io.micrometer:micrometer-observation from 1.14.5 to 1.14.6 #16933
  • Bump io.mockk:mockk from 1.13.17 to 1.14.0 #16917
  • Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17 #16943
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 #16918
  • Bump org-aspectj from 1.9.22.1 to 1.9.23 #16737
  • Bump org-aspectj from 1.9.22.1 to 1.9.24 #16931
  • Bump org.hibernate.orm:hibernate-core from 6.6.12.Final to 6.6.13.Final #16897
  • Bump org.htmlunit:htmlunit from 4.11.0 to 4.11.1 #16831
  • Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.10.1 to 1.10.2 #16910
  • Bump org.junit:junit-bom from 5.12.1 to 5.12.2 [#16929](https://git...

6.4.5

⭐ New Features

• Add link to docs zip file to the reference #16799
• Fix attribute name in http.adoc #16784
• Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc #16783

🪲 Bug Fixes

• [Docs] Broken link on Spring MVC Test Integration page #16785
• ServerBearerTokenAuthenticationConverter validates parameters when not enabled #16901
• Clarify WebInvocationPrivilegeEvaluator JavaDoc #16782
• CookieServerCsrfTokenRepository.withHttpOnlyFalse() ineffective if setCookieCustomizer() is used #16862
• Correct closing tag in default PassKey HTML form #16601
• Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity #16606
• OpenSaml support should preserve encrypted elements for further analysis #16367
• Sorting in AuthorizationAdvisorProxyFactory should be thread-safe #16837
• WebFlux reference links to Servlet docs #16786
• XML config does not apply request-handler-ref to CsrfAuthenticationStrategy #16844

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.17 to 1.5.18 #16767
• Bump io.micrometer:micrometer-observation from 1.14.5 to 1.14.6 #16938
• Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17 #16944
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 #16919
• Bump org-aspectj from 1.9.22.1 to 1.9.24 #16928
• Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #16758
• Bump org.hibernate.orm:hibernate-core from 6.6.12.Final to 6.6.13.Final #16895
• Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12 #16960
• Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6 #16959

🔩 Build Updates

• Bump spring-io/spring-doc-actions from 0.0.19 to 0.0.20 #16894
• Release 6.4.5 #16972

❤️ Contributors

Thank you to all the contributors who worked on this release:

@AB-xdev, @Borghii, and @dependabot[bot]

6.3.9

⭐ New Features

• Add link to docs zip file to the reference #16798
• Clarify WebInvocationPrivilegeEvaluator JavaDoc #16548
• Fix attribute name in http.adoc #16776
• Fix Spring Framework reference link #16718
• Fix WebFlux authentication reference link #16719
• Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc #16555

🪲 Bug Fixes

• Do not validate parameters in ServerBearerTokenAuthenticationConverter and DefaultBearerTokenResolver if not enabled #16039
• Fix the request matcher patterns in the documentation #16713
• setCookieCustomizer should not reset withHttpOnlyFalse httpOnly setting #16822
• Sorting in AuthorizationAdvisorProxyFactory should be thread-safe #16834
• Use correct message prompt in AuthorizeReturnObjectMethodInterceptor constructor #16829
• XML config does not apply request-handler-ref to CsrfAuthenticationStrategy #16801

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.17 to 1.5.18 #16769
• Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17 #16942
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 #16916
• Bump org-aspectj from 1.9.22.1 to 1.9.24 #16927
• Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #16759
• Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12 #16957
• Bump org.springframework:spring-framework-bom from 6.1.18 to 6.1.19 #16958

🔩 Build Updates

• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.16 to 1.0.0-alpha.17 in /docs #16809
• Release 6.3.9 #16973

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Bragolgirith, @dependabot[bot], @jonah1und1, @kse-music, and @ngocnhan-tran1996

6.5.0-M3

⭐ New Features

• Add HttpsRedirectFilter #16678
• Add BadCredentialsException to OneTimeTokenAuthenticationProvider #16506
• Add customizable RowMappers for user details and authorities in JdbcUserDetailsManager #16561
• Add JwtAudienceValidator #16682
• Add page section to migration-7 #16663
• Add PathPatternRequestMatcher #16499
• Add PathPatternRequestMatcher #16429
• Add SingleResultAuthorizationManager #16612
• Add support for automatic context-propagation with Micrometer #16665
• Add Support ServerFormPostRedirectStrategy #16551
• Add Type Validator #16672
• Allow at+jwt, according to RFC-9068 #13186
• Deprecate ChannelDecisionManager and components #16681
• Deprecate ChannelSecurityConfigurer and components #16680
• JwtDecoders should support issuer hostnames containing underscores #15853
• Make DefaultOneTimeToken Serializable #16618
• Polish AbstractAuthenticationTargetUrlRequestHandler #16557
• Refactored Http403ForbiddenEntryPoint to use HttpStatus.FORBIDDEN.value #16616
• Replace HttpSecurity#requiresChannel with HttpSecurity#redirectToHttps #16679
• Use PortResolver Beans by Default #16664

🪲 Bug Fixes

• Add missing migration-7/web.adoc to nav.adoc #16661
• Add testRuntimeOnly junit-platform-launcher #16757
• Disable Flaky WebAuthnWebDriverTests #16754
• Fix JdbcUserCredentialRepository Save #16621
• Fix ordering for security filter configuration #16558
• Fix source type of migration-7/web.adoc #16662

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.17 #16654
• Bump com.fasterxml.jackson:jackson-bom from 2.18.2 to 2.18.3 #16689
• Bump com.webauthn4j:webauthn4j-core from 0.28.5.RELEASE to 0.28.6.RELEASE #16690
• Bump io.freefair.gradle:aspectj-plugin from 8.12.2.1 to 8.13 #16723
• Bump io.micrometer:micrometer-observation from 1.14.4 to 1.14.5 #16716
• Bump io.mockk:mockk from 1.13.16 to 1.13.17 #16674
• Bump io.projectreactor:reactor-bom from 2023.0.15 to 2023.0.16 #16722
• Bump org.hibernate.orm:hibernate-core from 6.6.10.Final to 6.6.11.Final #16745
• Bump org.htmlunit:htmlunit from 4.9.0 to 4.10.0 #16639
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.23 to 4.34.1 #16671
• Bump org.junit:junit-bom from 5.11.4 to 5.12.0 #16643
• Bump org.junit:junit-bom from 5.11.4 to 5.12.1 #16744
• Bump org.mockito:mockito-bom from 5.16.0 to 5.16.1 #16746
• Bump org.seleniumhq.selenium:htmlunit3-driver from 4.28.0 to 4.29.0 #16641
• Bump org.seleniumhq.selenium:selenium-java from 4.28.1 to 4.29.0 #16625
• Bump org.slf4j:slf4j-api from 2.0.16 to 2.0.17 #16653
• Bump org.springframework:spring-framework-bom from 6.2.3 to 6.2.4 #16736

🔩 Build Updates

• Bump @springio/antora-extensions from 1.14.2 to 1.14.4 in /docs #16636
• Deprecate PortResolver #15972

❤️ Contributors

Thank you to all the contributors who worked on this release:

@big-cir, @bodograumann, @dependabot[bot], @franticticktick, @jzheaux, @matthewgreene, @vpavic, @yelm-212, and @ymajoros

6.4.4

🪲 Bug Fixes

• Add testRuntimeOnly junit-platform-launcher #16756
• Align Method Traversal Algorithm with Spring Framework #16751
• Disable Flaky WebAuthnWebDriverTests #16753
• Fix @PostResult example in method-security doc #16628
• Grammar Fixes in OAuth 2.0 JavaDoc #16619

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.17 #16649
• Bump com.fasterxml.jackson:jackson-bom from 2.18.2 to 2.18.3 #16692
• Bump com.webauthn4j:webauthn4j-core from 0.28.5.RELEASE to 0.28.6.RELEASE #16691
• Bump io.micrometer:micrometer-observation from 1.14.4 to 1.14.5 #16715
• Bump io.mockk:mockk from 1.13.16 to 1.13.17 #16675
• Bump io.projectreactor:reactor-bom from 2023.0.15 to 2023.0.16 #16725
• Bump org.hibernate.orm:hibernate-core from 6.6.10.Final to 6.6.11.Final #16748
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.23 to 4.33.24 #16669
• Bump org.slf4j:slf4j-api from 2.0.16 to 2.0.17 #16650
• Bump org.springframework.data:spring-data-bom from 2024.1.3 to 2024.1.4 #16749
• Bump org.springframework:spring-framework-bom from 6.2.3 to 6.2.4 #16733

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Kuba15, @dependabot[bot], and @pat-mccusker