Skip to content

Bump org.springframework.security:spring-security-bom from 6.5.9 to 6.5.10 in the development-dependencies group#10967

Merged
github-actions[bot] merged 1 commit into6.5.xfrom
dependabot/gradle/6.5.x/development-dependencies-9b51a8e027
Apr 21, 2026
Merged

Bump org.springframework.security:spring-security-bom from 6.5.9 to 6.5.10 in the development-dependencies group#10967
github-actions[bot] merged 1 commit into6.5.xfrom
dependabot/gradle/6.5.x/development-dependencies-9b51a8e027

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 21, 2026

Bumps the development-dependencies group with 1 update: org.springframework.security:spring-security-bom.

Updates org.springframework.security:spring-security-bom from 6.5.9 to 6.5.10

Release notes

Sourced from org.springframework.security:spring-security-bom's releases.

6.5.10

⭐ New Features

  • Add CredentialRecordOwnerAuthorizationManager #19004
  • Add XML Based shouldWriteHeadersEagerly tests #19017
  • Clarify Session Management Persistence Documentation #18345
  • Update FilterChainProxy#getFilters(String) javadoc #18258

🪲 Bug Fixes

  • Add equals and hashcode to HttpMethodRequestMatcher #18914
  • auth_time validation fails when SSO session is renewed #18839
  • Fallback defaultTargetUrl if refererHeader is empty #18806
  • Fix HttpSessionRequestCache#getMatchingRequest query string parsing #16914
  • Fix documentation for Custom Authorization Manager #18362
  • Improve serialVersionUID check in tests #18474
  • Merge Handle null value in OnCommittedResponseWrapper header methods #18989
  • OAuth2 client sessionManagement ineffective with DefaultOidcUser #18622

🔨 Dependency Upgrades

  • Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #19055
  • Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #18956
  • Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #19031
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #18952
  • Bump actions/upload-artifact from 7.0.0 to 7.0.1 #19094
  • Bump io.projectreactor:reactor-bom from 2024.0.16 to 2024.0.17 #19078
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.14 to 1.0.15 #18916
  • Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #19108
  • Bump org.hibernate.orm:hibernate-core from 6.6.44.Final to 6.6.45.Final #18966
  • Bump org.hibernate.orm:hibernate-core from 6.6.45.Final to 6.6.47.Final #19046
  • Bump org.hibernate.orm:hibernate-core from 6.6.47.Final to 6.6.48.Final #19064
  • Bump org.hibernate.orm:hibernate-core from 6.6.48.Final to 6.6.49.Final #19110
  • Bump org.springframework:spring-framework-bom from 6.2.17 to 6.2.18 #19109
  • Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #19093
  • Bump spring-io/spring-security-release-tools from 1.0.14 to 1.0.15 #18954
  • Bump spring-io/spring-security-release-tools/.github/workflows/build.yml from 1.0.14 to 1.0.15 #18955
  • Bump spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml from 1.0.14 to 1.0.15 #18949
  • Bump spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml from 1.0.14 to 1.0.15 #18950
  • Bump spring-io/spring-security-release-tools/.github/workflows/perform-release.yml from 1.0.14 to 1.0.15 #18995
  • Bump spring-io/spring-security-release-tools/.github/workflows/test.yml from 1.0.14 to 1.0.15 #18951
  • Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #18994
  • Update to spring-security-release-tools 1.0.15 #18910

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kehrlann, @​as1605, @​johnycho, @​ngocnhan-tran1996, @​rwinch, and @​sankranty

Commits
  • 0a9d4dc Release 6.5.10
  • 3d4e205 Merge remote-tracking branch 'oss/6.5.x' into 6.5.x
  • 81bd52a Bump org.hibernate.orm:hibernate-core from 6.6.48.Final to 6.6.49.Final
  • 25b6af2 Bump org.springframework:spring-framework-bom from 6.2.17 to 6.2.18
  • 95987bf Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15
  • 6e5f8f2 Merge remote-tracking branch 'origin/6.5.x' into 6.5.x
  • 4187af3 Verify token deletion in JdbcOneTimeTokenService
  • 5b638a5 Use SHA Hashes
  • 51eef2b Bump io.projectreactor:reactor-bom from 2024.0.16 to 2024.0.17
  • 302cfb1 Bump @​springio/antora-extensions from 1.14.10 to 1.14.11 in /docs
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump org.springframework.security:spring-security-bom
065b9c3 
Bumps the development-dependencies group with 1 update: [org.springframework.security:spring-security-bom](https://github.com/spring-projects/spring-security).


Updates `org.springframework.security:spring-security-bom` from 6.5.9 to 6.5.10
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.5.9...6.5.10)

---
updated-dependencies:
- dependency-name: org.springframework.security:spring-security-bom
  dependency-version: 6.5.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the type: dependency-upgrade Pull requests that update a dependency file label Apr 21, 2026
@github-actions github-actions Bot added type: task and removed type: dependency-upgrade Pull requests that update a dependency file labels Apr 21, 2026
@github-actions github-actions Bot added this to the 6.5.9 milestone Apr 21, 2026
@github-actions github-actions Bot enabled auto-merge (squash) April 21, 2026 16:54
@github-actions github-actions Bot merged commit 2af0773 into 6.5.x Apr 21, 2026
3 checks passed
@github-actions github-actions Bot deleted the dependabot/gradle/6.5.x/development-dependencies-9b51a8e027 branch April 21, 2026 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type: task

Projects

None yet

Milestone

6.5.9

Development

Successfully merging this pull request may close these issues.

0 participants