Skip to content

chore(deps): bump org.springframework.security:spring-security-oauth2-authorization-server from 1.5.5 to 7.0.3#3870

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/org.springframework.security-spring-security-oauth2-authorization-server-7.0.3
Open

chore(deps): bump org.springframework.security:spring-security-oauth2-authorization-server from 1.5.5 to 7.0.3#3870
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/org.springframework.security-spring-security-oauth2-authorization-server-7.0.3

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 12, 2026

Bumps org.springframework.security:spring-security-oauth2-authorization-server from 1.5.5 to 7.0.3.

Release notes

Sourced from org.springframework.security:spring-security-oauth2-authorization-server's releases.

7.0.3

⭐ New Features

  • Fix Javadoc warnings in spring-security-web #18473
  • Fix/gradle 9 deprecations #18485
  • Fix/gradle 9 deprecations #18477
  • Replace method call with 'Builder.configureMessageConverters()' #18378
  • Replacing use of deprecated 'check' in authorization documentation #18390
  • Use DefaultParameterNameDiscoverer#getSharedInstance #18481

🪲 Bug Fixes

  • Authorization Server fails to start with multiple PasswordEncoder beans #18645
  • BearerTokenAuthenticationEntryPoint uses context path #18528
  • Create SHA-1 MessageDigest for every new check request in Compromised Password Checker #18594
  • Document Client PKCE settings #18304
  • Fix docs typo X-Requested-By -> X-Requested-With #18123
  • Fix Formatting in mfa.adoc #18134
  • Fix typo in documentation #18344
  • Fix typos #18121

🔨 Dependency Upgrades

  • Bump ch.qos.logback:logback-classic from 1.5.22 to 1.5.24 #18384
  • Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.28 #18684
  • Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 #18711
  • Bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.20.2 #18660
  • Bump com.webauthn4j:webauthn4j-core from 0.29.7.RELEASE to 0.31.0.RELEASE #18687
  • Bump gradle-wrapper from 8.14 to 8.14.4 #18705
  • Bump io.mockk:mockk from 1.14.7 to 1.14.9 #18681
  • Bump io.projectreactor:reactor-bom from 2025.0.1 to 2025.0.2 #18658
  • Bump io.projectreactor:reactor-bom from 2025.0.2 to 2025.0.3 #18717
  • Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 #18683
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.13 to 1.0.14 #18725
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 #18706
  • Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 #18309
  • Bump org-aspectj from 1.9.25 to 1.9.25.1 #18326
  • Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.1 to 5.5.2 #18346
  • Bump org.apache.maven:maven-resolver-provider from 3.9.11 to 3.9.12 #18327
  • Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 #18682
  • Bump org.junit:junit-bom from 6.0.1 to 6.0.2 #18385
  • Bump org.springframework.data:spring-data-bom from 2025.1.1 to 2025.1.2 #18655
  • Bump org.springframework.ldap:spring-ldap-core from 4.0.0 to 4.0.1 #18316
  • Bump org.springframework.ldap:spring-ldap-core from 4.0.1 to 4.0.2 #18733
  • Bump org.springframework:spring-framework-bom from 7.0.3 to 7.0.4 #18732
  • Bump org.springframework:spring-framework-bom from 7.0.3-SNAPSHOT to 7.0.4-SNAPSHOT #18657
  • Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22 #18651
  • Bump tools.jackson:jackson-bom from 3.0.3 to 3.0.4 #18659
  • Update Antora UI Spring to v0.4.25 #18249
  • Update to Spring Framework 7.0.3 #18667

... (truncated)

Changelog

Sourced from org.springframework.security:spring-security-oauth2-authorization-server's changelog.

= Release Process

The release process for Spring Security is entirely automated via the https://github.com/spring-io/spring-security-release-tools/blob/main/release-plugin/README.adoc[Spring Security Release Plugin] and https://github.com/spring-io/spring-security-release-tools/tree/main/.github/workflows[reusable workflows]. The following table outlines the steps that are taken by the automation.

WARNING: The 5.8.x branch does not have all of the improvements from the 6.x.x branches. See "Status (5.8.x)" for which steps are still manual.

In case of a failure, you can follow the links below to read about each step, which includes instructions for performing the step manually if applicable. See <<frequently-asked-questions,FAQ>> for troubleshooting tips.

[cols="1,1,1"] |=== | Step | Status (5.8.x) | Status (6.0.x+)

| <> | ✅ automated | ✅ automated

| <> | ✅ automated | ✅ automated

| <> | ✅ automated | ✅ automated

| <> | ✅ automated | ✅ automated

| <> | ✅ automated | ✅ automated

| <> | ✅ automated | ✅ automated

| <> | ✅ automated | ✅ automated

| <> | ❌ manual | ✅ automated

| <<close-create-milestone,Close milestone>> | ❌ manual | ✅ automated

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump org.springframework.security:spring-security-oauth2…
d0742f2 
…-authorization-server

Bumps [org.springframework.security:spring-security-oauth2-authorization-server](https://github.com/spring-projects/spring-security) from 1.5.5 to 7.0.3.
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-projects/spring-security/commits/7.0.3)

---
updated-dependencies:
- dependency-name: org.springframework.security:spring-security-oauth2-authorization-server
  dependency-version: 7.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Mar 12, 2026
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Mar 12, 2026
@dependabot dependabot bot mentioned this pull request Mar 12, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GMishx GMishx Awaiting requested review from GMishx GMishx is a code owner

@KoukiHama KoukiHama Awaiting requested review from KoukiHama KoukiHama is a code owner

@arunazhakesan arunazhakesan Awaiting requested review from arunazhakesan arunazhakesan is a code owner

@ag4ums ag4ums Awaiting requested review from ag4ums ag4ums is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants