Bump the backend-prod group across 3 directories with 7 updates by dependabot[bot] · Pull Request #579 · OpenConext/OpenConext-access

dependabot · 2026-03-20T11:27:18Z

Bumps the backend-prod group with 7 updates in the / directory:

Package	From	To
org.springframework.boot:spring-boot-starter-parent	`3.5.11`	`3.5.12`
software.amazon.awssdk:s3	`2.42.7`	`2.42.17`
org.springframework.security:spring-security-config	`6.5.8`	`6.5.9`
org.springframework.security:spring-security-core	`6.5.8`	`6.5.9`
org.springframework.security:spring-security-crypto	`6.5.8`	`6.5.9`
org.flywaydb:flyway-mysql	`12.0.3`	`12.1.1`
org.projectlombok:lombok	`1.18.42`	`1.18.44`

Bumps the backend-prod group with 1 update in the /client directory: org.springframework.boot:spring-boot-starter-parent.
Bumps the backend-prod group with 7 updates in the /server directory:

Package	From	To
org.springframework.boot:spring-boot-starter-parent	`3.5.11`	`3.5.12`
software.amazon.awssdk:s3	`2.42.7`	`2.42.17`
org.springframework.security:spring-security-config	`6.5.8`	`6.5.9`
org.springframework.security:spring-security-core	`6.5.8`	`6.5.9`
org.springframework.security:spring-security-crypto	`6.5.8`	`6.5.9`
org.flywaydb:flyway-mysql	`12.0.3`	`12.1.1`
org.projectlombok:lombok	`1.18.42`	`1.18.44`

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.11 to 3.5.12

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.12

🐞 Bug Fixes

EndpointRequest request matcher for health groups is too complex #49648

"/cloudfoundryapplication" web path is not limited to Actuator #49645

RSocket exposes duplicate endpoint for websocket setups #49592

Fix EndpointRequest.toLinks() when base-path is '/' #49591

SpringBootContextLoader mentions class that no longer exists in message for classes or locations assertion #49518

"spring.main.cloud-platform=none" does not disable cloud features #49478

Using @AutoConfigureWebTestClient prevents separate configuration of spring.test.webtestclient.timeout from taking effect #49340

Ordering of 'spring.config.import' is inconsistent when defined in environment or system properties #49324

RouterFunctions descriptions in Actuator do not support nesting #49289

Maven plugin does not set '-parameters' option when processing AOT code #49268

SSL support with Docker Compose does not work as documented #49210

Docker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') #49055

📔 Documentation

List all supported colors when describing color-coded log output #49561

Clarify that running is the only supported input state when triggering a Quartz job through the Actuator endpoint #49506

Tutorial in the reference guide has outdated instructions #49411

Javadoc of JettyHttpClientBuilder refers to the wrong type #49364

Example spring-devtools.properties file is shown in the wrong format #49357

Mention using org.springframework.boot.aot Gradle plugin directly for AOT processing with the JVM #49307

Update CLI's INSTALL.txt to reflect Groovy no longer being bundled #49297

JDK requirement for the CLI still refers to Java 8 #49290

Java and Kotlin samples of an environment post processor are inconsistent #49282

Document additional repositories required for shibboleth.net #49260

Clarify inferred relationships between OAuth 2 registrations and providers #49240

🔨 Dependency Upgrades

Upgrade to DB2 JDBC 12.1.4.0 #49544

Upgrade to Hibernate 6.6.44.Final #49457

Upgrade to Jakarta XML WS 4.0.3 #49458

Upgrade to JBoss Logging 3.6.3.Final #49630

Upgrade to Jetty 12.0.33 #49459

Upgrade to Kafka 3.9.2 #49460

Upgrade to Lombok 1.18.44 #49574

Upgrade to Maven Failsafe Plugin 3.5.5 #49461

Upgrade to Maven Shade Plugin 3.6.2 #49462

Upgrade to Maven Surefire Plugin 3.5.5 #49463

Upgrade to Micrometer 1.15.10 #49403

Upgrade to Micrometer Tracing 1.5.10 #49404

Upgrade to Pulsar 4.0.9 #49464

Upgrade to Reactor Bom 2024.0.16 #49405

Upgrade to Spring Batch 5.2.5 #49406

Upgrade to Spring Data Bom 2025.0.10 #49407

Upgrade to Spring Framework 6.2.17 #49408

Upgrade to Spring HATEOAS 2.5.2 #49586

... (truncated)

Commits

285b074 Release v3.5.12
6620dea Polishing
dd54841 Upgrade to Spring Batch 5.2.5
1f2ea4a Revisit EndpointRequest matcher for additional paths
01fbede Handle all requests in CloudFoundry mapping
dc54595 Merge pull request #49622 from dependabot[bot]
9bc3768 Bump @springio/asciidoctor-extensions in /antora
6915834 Upgrade to Spring WS 4.1.3
a5db799 Upgrade to Spring Integration 6.5.8
5ee4ffe Upgrade to JBoss Logging 3.6.3.Final
Additional commits viewable in compare view

Updates software.amazon.awssdk:s3 from 2.42.7 to 2.42.17

Updates org.springframework.security:spring-security-config from 6.5.8 to 6.5.9

Release notes

Sourced from org.springframework.security:spring-security-config's releases.

6.5.9

⭐ New Features

Update Link to CSRF Docs in FAQ #18616

🪲 Bug Fixes

Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18544

saveAuthenticationRequest should read relayState from authenticationRequest #18872

Add Missing OnCommitedResponseWrapper Header Overrides #18798

Clarify Resource Server startup expectations #18518

Correct Reference to Clear-Site-Data Directive enum #18273

Fix CookieRequestCache parameters #18857

Fix Flaky Crypto Tests #18841

Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs #18896

🔨 Dependency Upgrades

Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs #18854

Bump actions/upload-artifact from 6.0.0 to 7.0.0 #18809

Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 #18749

Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 #18779

Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 #18876

Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 #18750

Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 #18791

Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 #18860

Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 #18886

Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final #18780

Bump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final #18829

Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 #18903

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Hann244, @Khyojae, @ghusta, @itsmevichu, @qihaiyan, @rwinch, @therepanic, and @ziqin

Commits

0c54a55 Release 6.5.9
01ff3b0 Add Workflow for Deferring Issues
33e6f4b Merge Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs
cdd4b36 Update Antora UI Spring to v0.4.26
7672f76 Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16
3db4999 Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14
a708d2f Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17
e726c05 Fix Jackson 2 deserializer for AuthenticationExtensionsClientOutputs
a7039fb Test Jackson 2 deserializer with unknown primitive WebAuthn ext
88ea668 Test Jackson 2 deserializer with unknown obj/arr WebAuthn ext
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-core from 6.5.8 to 6.5.9

Release notes

Sourced from org.springframework.security:spring-security-core's releases.

6.5.9

⭐ New Features

Update Link to CSRF Docs in FAQ #18616

🪲 Bug Fixes

Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18544

saveAuthenticationRequest should read relayState from authenticationRequest #18872

Add Missing OnCommitedResponseWrapper Header Overrides #18798

Clarify Resource Server startup expectations #18518

Correct Reference to Clear-Site-Data Directive enum #18273

Fix CookieRequestCache parameters #18857

Fix Flaky Crypto Tests #18841

Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs #18896

🔨 Dependency Upgrades

Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs #18854

Bump actions/upload-artifact from 6.0.0 to 7.0.0 #18809

Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 #18749

Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 #18779

Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 #18876

Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 #18750

Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 #18791

Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 #18860

Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 #18886

Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final #18780

Bump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final #18829

Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 #18903

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Hann244, @Khyojae, @ghusta, @itsmevichu, @qihaiyan, @rwinch, @therepanic, and @ziqin

Commits

0c54a55 Release 6.5.9
01ff3b0 Add Workflow for Deferring Issues
33e6f4b Merge Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs
cdd4b36 Update Antora UI Spring to v0.4.26
7672f76 Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16
3db4999 Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14
a708d2f Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17
e726c05 Fix Jackson 2 deserializer for AuthenticationExtensionsClientOutputs
a7039fb Test Jackson 2 deserializer with unknown primitive WebAuthn ext
88ea668 Test Jackson 2 deserializer with unknown obj/arr WebAuthn ext
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-crypto from 6.5.8 to 6.5.9

Release notes

Sourced from org.springframework.security:spring-security-crypto's releases.

6.5.9

⭐ New Features

Update Link to CSRF Docs in FAQ #18616

🪲 Bug Fixes

Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18544

saveAuthenticationRequest should read relayState from authenticationRequest #18872

Add Missing OnCommitedResponseWrapper Header Overrides #18798

Clarify Resource Server startup expectations #18518

Correct Reference to Clear-Site-Data Directive enum #18273

Fix CookieRequestCache parameters #18857

Fix Flaky Crypto Tests #18841

Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs #18896

🔨 Dependency Upgrades

Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs #18854

Bump actions/upload-artifact from 6.0.0 to 7.0.0 #18809

Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 #18749

Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 #18779

Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 #18876

Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 #18750

Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 #18791

Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 #18860

Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 #18886

Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final #18780

Bump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final #18829

Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 #18903

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Hann244, @Khyojae, @ghusta, @itsmevichu, @qihaiyan, @rwinch, @therepanic, and @ziqin

Commits

0c54a55 Release 6.5.9
01ff3b0 Add Workflow for Deferring Issues
33e6f4b Merge Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs
cdd4b36 Update Antora UI Spring to v0.4.26
7672f76 Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16
3db4999 Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14
a708d2f Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17
e726c05 Fix Jackson 2 deserializer for AuthenticationExtensionsClientOutputs
a7039fb Test Jackson 2 deserializer with unknown primitive WebAuthn ext
88ea668 Test Jackson 2 deserializer with unknown obj/arr WebAuthn ext
Additional commits viewable in compare view

Updates org.flywaydb:flyway-mysql from 12.0.3 to 12.1.1

Updates org.projectlombok:lombok from 1.18.42 to 1.18.44

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.44 (March 11th, 2026)

FEATURE: @Jacksonized now supports both Jackson2 and Jackson3; you'll get a warning until you configure which one (or even both!) you want lombok to generate. #3950.

BUGFIX: On JDK25, val and @ExtensionMethod could sometimes cause erroneous errors (in that you see errors but compilation succeeds anyway) using javac. #3947.

BUGFIX: @Jacksonized + fields marked transient would result in those transient fields being serialised which is surprising (and thus undesired) behaviour. #3936.

Commits

17c78fe [version] pre-release version bump
1edca70 [test][@Jacksonized] Test emission of warning when not choosing jackson ver...
e789e82 [test] Update the generation of eclipse test targets from JDK14 to JDK25.
a54cecd [trivial][changelog]
3db0a6c [bugfix][@Jacksonized] javac handler of jacksonized checked for existing ja...
12572fc [test] Adjusted tests to the new 'jackson version is a list' config key setup.
0e9699c [changelog] Document implementation of Jackson3 support: #3950.
d441be1 [jacksonized] infrastructure for previous merge resolution: Changed to the co...
d62b2d5 Merge branch 'master' into cachescrubber-gh-3950
f49f0fe [test] Remove tests for deprecated @Logger(access = MODULE). They're deprec...
Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.11 to 3.5.12

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.12

🐞 Bug Fixes

EndpointRequest request matcher for health groups is too complex #49648

"/cloudfoundryapplication" web path is not limited to Actuator #49645

RSocket exposes duplicate endpoint for websocket setups #49592

Fix EndpointRequest.toLinks() when base-path is '/' #49591

SpringBootContextLoader mentions class that no longer exists in message for classes or locations assertion #49518

"spring.main.cloud-platform=none" does not disable cloud features #49478

Using @AutoConfigureWebTestClient prevents separate configuration of spring.test.webtestclient.timeout from taking effect #49340

Ordering of 'spring.config.import' is inconsistent when defined in environment or system properties #49324

RouterFunctions descriptions in Actuator do not support nesting #49289

Maven plugin does not set '-parameters' option when processing AOT code #49268

SSL support with Docker Compose does not work as documented #49210

Docker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') #49055

📔 Documentation

List all supported colors when describing color-coded log output #49561

Clarify that running is the only supported input state when triggering a Quartz job through the Actuator endpoint #49506

Tutorial in the reference guide has outdated instructions #49411

Javadoc of JettyHttpClientBuilder refers to the wrong type #49364

Example spring-devtools.properties file is shown in the wrong format #49357

Mention using org.springframework.boot.aot Gradle plugin directly for AOT processing with the JVM #49307

Update CLI's INSTALL.txt to reflect Groovy no longer being bundled #49297

JDK requirement for the CLI still refers to Java 8 #49290

Java and Kotlin samples of an environment post processor are inconsistent #49282

Document additional repositories required for shibboleth.net #49260

Clarify inferred relationships between OAuth 2 registrations and providers #49240

🔨 Dependency Upgrades

Upgrade to DB2 JDBC 12.1.4.0 #49544

Upgrade to Hibernate 6.6.44.Final #49457

Upgrade to Jakarta XML WS 4.0.3 #49458

Upgrade to JBoss Logging 3.6.3.Final #49630

Upgrade to Jetty 12.0.33 #49459

Upgrade to Kafka 3.9.2 #49460

Upgrade to Lombok 1.18.44 #49574

Upgrade to Maven Failsafe Plugin 3.5.5 #49461

Upgrade to Maven Shade Plugin 3.6.2 #49462

Upgrade to Maven Surefire Plugin 3.5.5 #49463

Upgrade to Micrometer 1.15.10 #49403

Upgrade to Micrometer Tracing 1.5.10 #49404

Upgrade to Pulsar 4.0.9 #49464

Upgrade to Reactor Bom 2024.0.16 #49405

Upgrade to Spring Batch 5.2.5 #49406

Upgrade to Spring Data Bom 2025.0.10 #49407

Upgrade to Spring Framework 6.2.17 #49408

Upgrade to Spring HATEOAS 2.5.2 #49586

... (truncated)

Commits

285b074 Release v3.5.12
6620dea Polishing
dd54841 Upgrade to Spring Batch 5.2.5
1f2ea4a Revisit EndpointRequest matcher for additional paths
01fbede Handle all requests in CloudFoundry mapping
dc54595 Merge pull request #49622 from dependabot[bot]
9bc3768 Bump @springio/asciidoctor-extensions in /antora
6915834 Upgrade to Spring WS 4.1.3
a5db799 Upgrade to Spring Integration 6.5.8
5ee4ffe Upgrade to JBoss Logging 3.6.3.Final
Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.11 to 3.5.12

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.12

🐞 Bug Fixes

EndpointRequest request matcher for health groups is too complex #49648

"/cloudfoundryapplication" web path is not limited to Actuator #49645

RSocket exposes duplicate endpoint for websocket setups #49592

Fix EndpointRequest.toLinks() when base-path is '/' #49591

SpringBootContextLoader mentions class that no longer exists in message for classes or locations assertion #49518

"spring.main.cloud-platform=none" does not disable cloud features #49478

Using @AutoConfigureWebTestClient prevents separate configuration of spring.test.webtestclient.timeout from taking effect #49340

Ordering of 'spring.config.import' is inconsistent when defined in environment or system properties #49324

RouterFunctions descriptions in Actuator do not support nesting #49289

Maven plugin does not set '-parameters' option when processing AOT code #49268

SSL support with Docker Compose does not work as documented #49210

Docker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') #49055

📔 Documentation

List all supported colors when describing color-coded log output #49561

Clarify that running is the only supported input state when triggering a Quartz job through the Actuator endpoint #49506

Tutorial in the reference guide has outdated instructions #49411

Javadoc of JettyHttpClientBuilder refers to the wrong type #49364

Example spring-devtools.properties file is shown in the wrong format #49357

Mention using org.springframework.boot.aot Gradle plugin directly for AOT processing with the JVM #49307

Update CLI's INSTALL.txt to reflect Groovy no longer being bundled #49297

JDK requirement for the CLI still refers to Java 8 #49290

Java and Kotlin samples of an environment post processor are inconsistent #49282

Document additional repositories required for shibboleth.net #49260

Clarify inferred relationships between OAuth 2 registrations and providers #49240

🔨 Dependency Upgrades

Upgrade to DB2 JDBC 12.1.4.0 #49544

Upgrade to Hibernate 6.6.44.Final #49457

Upgrade to Jakarta XML WS 4.0.3 #49458

Upgrade to JBoss Logging 3.6.3.Final #49630

Upgrade to Jetty 12.0.33 #49459

Upgrade to Kafka 3.9.2 #49460

Upgrade to Lombok 1.18.44 #49574

Upgrade to Maven Failsafe Plugin 3.5.5 #49461

Upgrade to Maven Shade Plugin 3.6.2 #49462

Upgrade to Maven Surefire Plugin 3.5.5 #49463

Upgrade to Micrometer 1.15.10 #49403

Upgrade to Micrometer Tracing 1.5.10 #49404

Upgrade to Pulsar 4.0.9 #49464

Upgrade to Reactor Bom 2024.0.16 #49405

Upgrade to Spring Batch 5.2.5 #49406

Upgrade to Spring Data Bom 2025.0.10 #49407

Upgrade to Spring Framework 6.2.17 #49408

Upgrade to Spring HATEOAS 2.5.2 #49586

... (truncated)

Commits

285b074 Release v3.5.12
6620dea Polishing
dd54841 Upgrade to Spring Batch 5.2.5
1f2ea4a Revisit EndpointRequest matcher for additional paths
01fbede Handle all requests in CloudFoundry mapping
dc54595 Merge pull request #49622 from dependabot[bot]
9bc3768 Bump @springio/asciidoctor-extensions in /antora
6915834 Upgrade to Spring WS 4.1.3
a5db799 Upgrade to Spring Integration 6.5.8
5ee4ffe Upgrade to JBoss Logging 3.6.3.Final
Additional commits viewable in compare view

Updates software.amazon.awssdk:s3 from 2.42.7 to 2.42.17

Updates org.springframework.security:spring-security-config from 6.5.8 to 6.5.9

Release notes

Sourced from org.springframework.security:spring-security-config's releases.

6.5.9

⭐ New Features

Update Link to CSRF Docs in FAQ #18616

🪲 Bug Fixes

Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18544

saveAuthenticationRequest should read relayState from authenticationRequest #18872

Add Missing OnCommitedResponseWrapper Header Overrides #18798

Clarify Resource Server startup expectations #18518

Correct Reference to Clear-Site-Data Directive enum #18273

Fix CookieRequestCache parameters #18857

Fix Flaky Crypto Tests #18841

Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs #18896

🔨 Dependency Upgrades

Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs #18854

Bump actions/upload-artifact from 6.0.0 to 7.0.0 #18809

Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 #18749

Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 #18779

Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 #18876

Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 #18750

Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 #18791

Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 #18860

Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 #18886

Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final #18780

Bump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final #18829

Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 #18903

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Hann244, @Khyojae, @ghusta, @itsmevichu, @qihaiyan, @rwinch, @therepanic, and @ziqin

Commits

0c54a55 Release 6.5.9
01ff3b0 Add Workflow for Deferring Issues
33e6f4b Merge Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs
cdd4b36 Update Antora UI Spring to v0.4.26
7672f76 Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16
3db4999 Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14
a708d2f Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17
e726c05 Fix Jackson 2 deserializer for AuthenticationExtensionsClientOutputs
a7039fb Test Jackson 2 deserializer with unknown primitive WebAuthn ext
88ea668 Test Jackson 2 deserializer with unknown obj/arr WebAuthn ext
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-core from 6.5.8 to 6.5.9

Release notes

Sourced from org.springframework.security:spring-security-core's releases.

6.5.9

⭐ New Features

Update Link to CSRF Docs in FAQ #18616

🪲 Bug Fixes

Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18544

saveAuthenticationRequest should read relayState from authenticationRequest #18872

Add Missing OnCommitedResponseWrapper Header Overrides #18798

Clarify Resource Server startup expectations #18518

Correct Reference to Clear-Site-Data Directive enum #18273

Fix CookieRequestCache parameters #18857

Fix Flaky Crypto Tests #18841

Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs #18896

🔨 Dependency Upgrades

Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs #18854

Bump actions/upload-artifact from 6.0.0 to 7.0.0 #18809

Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 #18749

Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 #18779

Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 #18876

Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 #18750

Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 #18791

Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 #18860

Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 #18886

Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final #18780

Bump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final #18829

Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 #18903

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Hann244, @Khyojae, @ghusta, @itsmevichu, @qihaiyan, @rwinch, @therepanic, and @ziqin

Commits

0c54a55 Release 6.5.9
01ff3b0 Add Workflow for Deferring Issues
33e6f4b Merge Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs
cdd4b36 Update Antora UI Spring to v0.4.26
7672f76 Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16
3db4999 Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14
a708d2f Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17
e726c05 Fix Jackson 2 deserializer for AuthenticationExtensionsClientOutputs
a7039fb Test Jackson 2 deserializer with unknown primitive WebAuthn ext
88ea668 Test...
Description has been truncated

Bumps the backend-prod group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) | `3.5.11` | `3.5.12` | | software.amazon.awssdk:s3 | `2.42.7` | `2.42.17` | | [org.springframework.security:spring-security-config](https://github.com/spring-projects/spring-security) | `6.5.8` | `6.5.9` | | [org.springframework.security:spring-security-core](https://github.com/spring-projects/spring-security) | `6.5.8` | `6.5.9` | | [org.springframework.security:spring-security-crypto](https://github.com/spring-projects/spring-security) | `6.5.8` | `6.5.9` | | org.flywaydb:flyway-mysql | `12.0.3` | `12.1.1` | | [org.projectlombok:lombok](https://github.com/projectlombok/lombok) | `1.18.42` | `1.18.44` | Bumps the backend-prod group with 1 update in the /client directory: [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot). Bumps the backend-prod group with 7 updates in the /server directory: | Package | From | To | | --- | --- | --- | | [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) | `3.5.11` | `3.5.12` | | software.amazon.awssdk:s3 | `2.42.7` | `2.42.17` | | [org.springframework.security:spring-security-config](https://github.com/spring-projects/spring-security) | `6.5.8` | `6.5.9` | | [org.springframework.security:spring-security-core](https://github.com/spring-projects/spring-security) | `6.5.8` | `6.5.9` | | [org.springframework.security:spring-security-crypto](https://github.com/spring-projects/spring-security) | `6.5.8` | `6.5.9` | | org.flywaydb:flyway-mysql | `12.0.3` | `12.1.1` | | [org.projectlombok:lombok](https://github.com/projectlombok/lombok) | `1.18.42` | `1.18.44` | Updates `org.springframework.boot:spring-boot-starter-parent` from 3.5.11 to 3.5.12 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.5.11...v3.5.12) Updates `software.amazon.awssdk:s3` from 2.42.7 to 2.42.17 Updates `org.springframework.security:spring-security-config` from 6.5.8 to 6.5.9 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.8...6.5.9) Updates `org.springframework.security:spring-security-core` from 6.5.8 to 6.5.9 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.8...6.5.9) Updates `org.springframework.security:spring-security-crypto` from 6.5.8 to 6.5.9 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.8...6.5.9) Updates `org.flywaydb:flyway-mysql` from 12.0.3 to 12.1.1 Updates `org.projectlombok:lombok` from 1.18.42 to 1.18.44 - [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown) - [Commits](projectlombok/lombok@v1.18.42...v1.18.44) Updates `org.springframework.boot:spring-boot-starter-parent` from 3.5.11 to 3.5.12 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.5.11...v3.5.12) Updates `org.springframework.boot:spring-boot-starter-parent` from 3.5.11 to 3.5.12 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.5.11...v3.5.12) Updates `software.amazon.awssdk:s3` from 2.42.7 to 2.42.17 Updates `org.springframework.security:spring-security-config` from 6.5.8 to 6.5.9 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.8...6.5.9) Updates `org.springframework.security:spring-security-core` from 6.5.8 to 6.5.9 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.8...6.5.9) Updates `org.springframework.security:spring-security-crypto` from 6.5.8 to 6.5.9 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.5.8...6.5.9) Updates `org.flywaydb:flyway-mysql` from 12.0.3 to 12.1.1 Updates `org.projectlombok:lombok` from 1.18.42 to 1.18.44 - [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown) - [Commits](projectlombok/lombok@v1.18.42...v1.18.44) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-version: 3.5.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: software.amazon.awssdk:s3 dependency-version: 2.42.17 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: org.springframework.security:spring-security-config dependency-version: 6.5.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: org.springframework.security:spring-security-core dependency-version: 6.5.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: org.springframework.security:spring-security-crypto dependency-version: 6.5.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: org.flywaydb:flyway-mysql dependency-version: 12.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-prod - dependency-name: org.projectlombok:lombok dependency-version: 1.18.44 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-version: 3.5.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-version: 3.5.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: software.amazon.awssdk:s3 dependency-version: 2.42.17 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: org.springframework.security:spring-security-config dependency-version: 6.5.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: org.springframework.security:spring-security-core dependency-version: 6.5.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: org.springframework.security:spring-security-crypto dependency-version: 6.5.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: org.flywaydb:flyway-mysql dependency-version: 12.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-prod - dependency-name: org.projectlombok:lombok dependency-version: 1.18.44 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-23T11:38:10Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Mar 20, 2026

dependabot bot closed this Mar 23, 2026

dependabot bot deleted the dependabot/maven/backend-prod-4ca4b9ae80 branch March 23, 2026 11:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the backend-prod group across 3 directories with 7 updates#579

Bump the backend-prod group across 3 directories with 7 updates#579
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/backend-prod-4ca4b9ae80

dependabot bot commented on behalf of github Mar 20, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Mar 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v3.5.12

🐞 Bug Fixes

📔 Documentation

🔨 Dependency Upgrades

6.5.9

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

6.5.9

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

6.5.9

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

v1.18.44 (March 11th, 2026)

v3.5.12

🐞 Bug Fixes

📔 Documentation

🔨 Dependency Upgrades

v3.5.12

🐞 Bug Fixes

📔 Documentation

🔨 Dependency Upgrades

6.5.9

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

6.5.9

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

Uh oh!

dependabot bot commented on behalf of github Mar 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Mar 20, 2026 •

edited

Loading