⏪ Breaking Changes

• Align setRetrieveUserInfo() between OidcUserService and OidcReactiveOAuth2UserService #18057
• Consider disabling device_code grant by default #17998
• Enable PKCE by default #17507
• Enable PKCE by default in authorization server #18020
• Favor Relative Redirects by Default #16300
• Remove cache from (Reactive)OidcIdTokenDecoderFactory #16647
• Remove OidcUserService.setAccessibleScopes() #18056
• Remove setOidcUserMapper() in OidcUserService and OidcReactiveOAuth2UserService #18060
• Remove unnecessary throws Exception from spring-security-config #17957

⭐ New Features

• Add @EnableGlobalMultiFactorAuthentication #17954
• Add GrantedAuthorities.FACTOR_*_AUTHORITY #17952
• Add RequiredFactor.Builder.Authority() #18033
• Add TestingAuthenticationToken(Object principal,Object credential,String... authorities) #17980
• Add AccessDeniedHandler that Ties Authorities to Authentication Entry Points #17934
• Add AllAuthorities(Reactive)AuthorizationManager #17916
• Add AllFactorsAuthorizationManager #17997
• Add DefaultAuthorizationManagerFactory.additionalAuthorization #17942
• Add FactorGrantedAuthority #17996
• Add Jackson 3 support and deprecate Jackson 2 one #17832
• Add Predicate for authorizationConsentRequired for device code grant #18016
• Add RequiredAuthoritiesAuthorizationManager #18028
• Add SecurityMockMvcResultMatchers.withAuthorities(String...) #17974
• Add support for OAuth 2.0 Dynamic Client Registration Protocol #17964
• AllFactorsAuthorizationManager -> AllRequiredFactorsAuthorizationManager #18031
• Allow OAuth2AuthorizationRequest to be extended #18049
• Authentication should use FactorGrantedAuthority #18001
• Create AuthorizationManagerFactories.multiFactor #18032
• Default Login Page Should Pre-populate Username Field If Already Logged In #17935
• DelegatingAuthenticationEntryPoint should use RequestMatcherEntry #17915
• DelegatingMissingAuthorityAccessDeniedHandler Should Use RequiredFactorErrors #18002
• Document Multi-Factor Simple to Complex #18029
• Fix-typos #18035
• HttpSecurity should allow for AuthorizationManager<? super RequestAuthorizationContext> #17931
• Implement OAuth 2.0 Protected Resource Metadata #17244
• Improve Passivity when Merging Authorities #18052
• Providers Should Add an Authority Representing Successful Authentication #17933
• Security Expressions Should Allow Returning an AuthorizationManager #17936
• Support Automatically Checking for Required Authorities in Authorization Rules #17900
• Support injecting clock into token generation code #18017
• Use AuthorizationManagerFactory in Kotlin DSL #17860

🪲 Bug Fixes

• DelegatingAuthenticationEntryPoint.Builder should not throw exception when default entry point is specified #17955
• Deprecate CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE #18058
• Fix typo in AuthenticationProvider Javadoc #17967
• HttpSecurity.oauth2AuthorizationServer should not automatically set HttpSecurity.securityMatcher #17965
• Mismatch Between DefaultLoginPageGeneratingFilter and DelegatingMissingAuthorityAccessDeniedHandler #18000
• Move FACTOR_ constants to FactorGrantedAuthority #18030
• Prevent Duplicate GrantedAuthority#getAuthority() at time of Authentication #17981
• ProviderManager.copyDetails Changes Authentication to new Type #18027
• Update terminology to HTTP Service Clients #17947

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 #18079
• Bump com.password4j:password4j from 1.8.2 to 1.8.4 #17904
• Bump com.webauthn4j:webauthn4j-core from 0.29.6.RELEASE to 0.29.7.RELEASE #17982
• Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 #18043
• Bump io.mockk:mockk from 1.14.5 to 1.14.6 #17983
• Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.5 to 0.0.6 #18055
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17903
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.5 to 5.5.1 #17970
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 #17949
• Bump org.gretty:gretty from 4.1.7 to 4.1.10 #17943
• Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.15 #18064
• Update JUnit 6.0.0 #18040
• Update to Reactor 2025.0.0-RC1 #18087
• Update to Spring Data 2025.1.0-RC1 #18085
• Update to Spring Framework 7.0.0-RC1 #18084
• Update to Spring LDAP 4.0.0-RC1 #18086

🔩 Build Updates

• Bump antora from 3.2.0-alpha.9 to 3.2.0-alpha.10 in /docs #18009
• Remove Deprecations #13068
• Update to Reactor 2025.0.0-SNAPSHOT #18041

❤️ Contributors

Thank you to all the contributors who worked on this release:

@iigolovko, @ngocnhan-tran1996, @parthokr, @rohan-naik07, @sdeleuze, and @therepanic

What's Changed

• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 by @dependabot[bot] in #17911
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 by @dependabot[bot] in #17914
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 by @dependabot[bot] in #17905
• Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 by @dependabot[bot] in https://github.com/spring-projec...

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 #18082
• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17930
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17929
• Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 #18045
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 #17950
• Bump org.gretty:gretty from 4.1.7 to 4.1.10 #17945
• Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final #18039
• Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 #18083
• Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 #18067
• Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #18068

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 #18080
• Bump com.webauthn4j:webauthn4j-core from 0.29.6.RELEASE to 0.29.7.RELEASE #17985
• Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 #18044
• Bump io.mockk:mockk from 1.14.5 to 1.14.6 #17984
• Bump org.gretty:gretty from 4.1.7 to 4.1.10 #17944
• Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final #18038
• Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 #18081
• Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 #18065
• Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #18066

🔨 Dependency Upgrades

• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17922
• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17911
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17923
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17910
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #17924
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #17913
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #17925
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #17912
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17926
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17914

🔨 Dependency Upgrades

• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17921
• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17909
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17918
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #17905
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #17917
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #17907
• Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #17919
• Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #17906
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17920
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17908

⏪ Breaking Changes

• Remove PortResolver #17524
• Support Expression Templates by Default #17763

⭐ New Features

• Add discoverJwsAlgorithms() in NimbusJwtDecoder #17788
• Add AuthorizationManagerFactory #17673
• Add Builders for all Authentication implementations #17861
• Add OneTimeTokenAuthentication #17799
• Add option to disable anonymous authentication in RSocketSecurity #17159
• Add password4j implementation of PasswordEncoder #17825
• Add SecurityAssertions #17844
• Align NimbusJwtDecoder HTTP timeout defaults with Nimbus by setting to 500ms #17669
• Allow multiple ServerLogoutHandler instances in ServerHttpSecurity #17381
• Allow specifying a ServerAuthenticationConverter for x509() #17382
• AuthenticatedMatcher#withRoles should only check roles #17843
• Change @Bean method signature to return RsaKeyConversionServicePostProcessor instead of BeanFactoryPostProcessor #17672
• Enable Null checking in spring-security-cas via JSpecify #17826
• Enable Null checking in spring-security-data via JSpecify #17789
• Enable Null checking in spring-security-messaging via JSpecify #17817
• Enable Null checking in spring-security-rsocket via JSpecify #17827
• Enable Null checking in spring-security-taglibs via JSpecify #17828
• Enable Null checking in spring-security-test via JSpecify #17840
• Enable Null checking in spring-security-webauthn via JSpecify #17839
• Integrate Spring Authorization Server #17880
• Move Access API to Separate Module #17847
• Move Spring Security Kerberos Extension into Spring Security #17879
• Propagate Authorities From Previous Authentications #17862
• Remove PortResolver #15971
• Remove redundant code in document #17813
• RequestMatchers should implement equals and hashCode #17842
• SpringTestContext should register a WebTestClient Bean #17780
• Support @ClientRegistrationId at Class Level #17838
• Support Modular Spring Security Configuration #16258

🪲 Bug Fixes

• APIs should Use Supplier<? extends @nullable Authentication> #17814
• AuthorizationManager should allow null Authentication #17795

🔨 Dependency Upgrades

• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17872
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17834
• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17856
• Bump io.projectreactor:reactor-bom from 2025.0.0-M6 to 2025.0.0-M7 #17866
• Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.2 to 0.0.3 #17765
• Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.3 to 0.0.4 #17776
• Bump org-opensaml5 from 5.1.5 to 5.1.6 #17809
• Bump org.jetbrains.kotlin:kotlin-bom from 2.2.0 to 2.2.20 #17871
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 2.2.0 to 2.2.20 #17873
• Bump org.springframework.data:spring-data-bom from 2025.1.0-M5 to 2025.1.0-M6 #17888
• Bump org.springframework:spring-framework-bom from 7.0.0-M8 to 7.0.0-M9 #17876

🔩 Build Updates

• Bump @antora/atlas-extension from 1.0.0-alpha.2 to 1.0.0-alpha.5 in /docs #17886
• Fix misleading variable name in authentication filter #17751
• Remove unused import #17750

❤️ Contributors

Thank you to all the contributors who worked on this release:

@bbudano, @blake-bauman, @frido37, @jaehwan02, @jzheaux, @kse-music, @mehrdadbozorgmehr, @ngocnhan-tran1996, @quaff, @sjohnr, and @therepanic

⭐ New Features

• Update servlet test method docs to use include-code #17749

🪲 Bug Fixes

• Annonation Scanning Should Fallback to Object when Parameter Matching #17899
• Fix double-slash when basePath is root #17841
• Fix traceId discrepancy in case error in servlet web #17796
• Reference should advise avoiding post-authorization on writes #17798

🔨 Dependency Upgrades

• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17893
• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17874
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17895
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17854
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17836
• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17894
• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17858
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17767
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17766
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17759
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #17853
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #17837
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #17896
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #17897
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17855
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17791
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17771
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17758
• Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17773

❤️ Contributors

Thank you to all the contributors who worked on this release:

@jkuhel and @therepanic

🪲 Bug Fixes

• Annonation Scanning Should Fallback to Object when Parameter Matching #17898
• Fix traceId discrepancy in case error in servlet web #17134
• Reference should advise avoiding post-authorization on writes #17797
• Remove MockWebServer from JwtIssuerAuthenticationManagerResolverTests #17869

🔨 Dependency Upgrades

• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17792
• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17778
• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17769
• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17892
• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #17857
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17777
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17768
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17755
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final #17851
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final #17835
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #17890
• Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #17891
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17889
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #17877
• Update to nimbus-jose-jwt:9.37.4 #17875

❤️ Contributors

Thank you to all the contributors who worked on this release:

@nkonev

⭐ New Features

• Add ExpressionTemplateValueProvider #17448
• Add META-INF/LICENSE.txt to published jars #17640
• Add OAuth2User to OidcUser Conversion Params #17626
• Apply missing diamond operators #17310
• Clarify instructional nature when when withDefaultPasswordEncoder is used in documentation #17624
• Correct @NonNull and @Nullable package name #17512
• Enable Null checking in spring-security-core via JSpecify #17534
• Enable Null checking in spring-security-crypto via JSpecify #17533
• Extract spring-security-webauthn #17586
• Improve authoritiesClaimName validation in JwtGrantedAuthoritiesConverter #17247
• Improve Spring Boot's integration with PathPatternRequestMatcher.Builder #17746
• Make stricter IP format check in IpAddressMatcher #17500
• Polish document #17654
• Polish ExpressionTemplateValueProvider JavaDoc #17666
• Remove OpenSAML 4 support #17707
• Replace "shameless coverage code" in SecurityNamespaceHandlerTests with meaningful tests #17689
• Simplify error message for unsupported Security XSD versions #17488
• Use 2004-present Copyright #17635

🪲 Bug Fixes

• AuthorizationManager null safety annotation on generic type is incorrectly specified #17667
• OpenSamlAssertingPartyDetails Should Be Serializable #17728

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2 #17589
• Bump com.nimbusds:oauth2-oidc-sdk from 11.26 to 11.26.1 #17644
• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17700
• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17681
• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17657
• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17697
• Bump io.projectreactor:reactor-bom from 2025.0.0-M5 to 2025.0.0-M6 #17703
• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #17619
• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #17590
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17725
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17620
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17588
• Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.1 to 0.0.2 #17591
• Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #17743
• Bump org-opensaml5 from 5.1.2 to 5.1.5 #17734
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17691
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17679
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17670
• Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17618
• Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17587
• Bump org.hibernate.orm:hibernate-core from 7.0.6.Final to 7.0.8.Final #17649
• Bump org.hibernate.orm:hibernate-core from 7.0.8.Final to 7.0.10.Final #17693
• Bump org.hibernate.orm:hibernate-core from 7.0.8.Final to 7.0.10.Final #17678
• Bump org.hibernate.orm:hibernate-core from 7.0.8.Final to 7.0.9.Final #17658
• Bump org.jetbrains.kotlin:kotlin-bom from 2.2.0 to 2.2.10 #17721
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 2.2.0 to 2.2.10 #17719
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2 #17648
• Bump org.springframework.data:spring-data-bom from 2025.1.0-M4 to 2025.1.0-M5 #17740
• Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17722
• Bump org.springframework:spring-framework-bom from 7.0.0-M7 to 7.0.0-M8 #17724
• Support UnboundID LDAP SDK 7.0 #14772

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.1 to 1.0.2 in /docs #17712
• Bump @springio/antora-extensions from 1.14.6 to 1.14.7 in /docs #17564
• Bump antora from 3.2.0-alpha.8 to 3.2.0-alpha.9 in /docs #17714
• Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2 #17617
• Update to UnboundID 7.0.3 #17730

❤️ Contributors

Thank you to all the contributors who worked on this release:

@DeepDhamala, @chanbinme, @mheath, @ml054, @ngocnhan-tran1996, @seongm1n, and @therepanic

⭐ New Features

• Add META-INF/LICENSE.txt to published jars #17639
• Update Angular documentation links in csrf.adoc #17653
• Update Shibboleth Repository URL #17637
• Use 2004-present Copyright #17634

🪲 Bug Fixes

• Add Missing Navigation in Preparing for 7.0 Guide #17731
• DPoP authentication throws JwtDecoderFactory ClassNotFoundException #17249
• OpenSamlAssertingPartyDetails Should Be Serializable #17727
• Use final values in equals and hashCode #17621

🔨 Dependency Upgrades

• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17739
• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17690
• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17684
• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17661
• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17615
• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17599
• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17737
• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17701
• Bump io.mockk:mockk from 1.14.4 to 1.14.5 #17614
• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #17647
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17733
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17711
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17612
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17598
• Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #17742
• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17613
• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17595
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17760
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17692
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17683
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17671
• Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17616
• Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17597
• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final #17646
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final #17660
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17694
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17685
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2 #17650
• Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17645
• Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17757
• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17651
• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17596
• Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #17735

❤️ Contributors

Thank you to all the contributors who worked on this release:

@codingtim