Skip to content

Bump org.springframework.security:spring-security-bom from 6.5.7 to 6.5.8#3676

Open
dependabot[bot] wants to merge 1 commit into3.5.xfrom
dependabot/gradle/3.5.x/org.springframework.security-spring-security-bom-6.5.8
Open

Bump org.springframework.security:spring-security-bom from 6.5.7 to 6.5.8#3676
dependabot[bot] wants to merge 1 commit into3.5.xfrom
dependabot/gradle/3.5.x/org.springframework.security-spring-security-bom-6.5.8

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 16, 2026

Bumps org.springframework.security:spring-security-bom from 6.5.7 to 6.5.8.

Release notes

Sourced from org.springframework.security:spring-security-bom's releases.

6.5.8

⭐ New Features

  • Add @FunctionalInterface to RequestMatcher #18337
  • Spring Security 7 should provide migration path from request-matcher="ant" #18211
  • Stop deploying JavaDoc outside of Antora #18199

🪲 Bug Fixes

  • Add Missing Migration Pages to Navigation #18313
  • Create SHA-1 MessageDigest for every new check request in Compromised Password Checker #18235
  • Fix typo in "Preparing for 7.0" in reference to PathPatternRequestMatcher #18336
  • Fix typo in AnnotationTemplateExpressionDefaults documentation #18176
  • Fix typos in documentation depenendencies->dependencies #18208

🔨 Dependency Upgrades

  • Bump @antora/atlas-extension from 1.0.0-alpha.2 to 1.0.0-alpha.5 in /docs #18675
  • Bump @antora/collector-extension from 1.0.1 to 1.0.2 in /docs #18677
  • Bump @springio/antora-extensions from 1.14.4 to 1.14.7 in /docs #18676
  • Bump antora from 3.2.0-alpha.8 to 3.2.0-alpha.11 in /docs #18679
  • Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 #18192
  • Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 #18321
  • Bump ch.qos.logback:logback-classic from 1.5.22 to 1.5.24 #18387
  • Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25 #18525
  • Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 #18591
  • Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 #18631
  • Bump ch.qos.logback:logback-classic from 1.5.27 to 1.5.28 #18678
  • Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 #18710
  • Bump gradle-wrapper from 8.14 to 8.14.4 #18704
  • Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 #18703
  • Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 #18279
  • Bump io.mockk:mockk from 1.14.6 to 1.14.7 #18275
  • Bump io.projectreactor:reactor-bom from 2024.0.12 to 2024.0.13 #18293
  • Bump io.projectreactor:reactor-bom from 2024.0.13 to 2024.0.14 #18495
  • Bump io.projectreactor:reactor-bom from 2024.0.14 to 2024.0.15 #18716
  • Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 #18535
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.13 to 1.0.14 #18724
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 #18670
  • Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 #18292
  • Bump org-aspectj from 1.9.25 to 1.9.25.1 #18329
  • Bump org.apache.maven:maven-resolver-provider from 3.9.11 to 3.9.12 #18352
  • Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 #18590
  • Bump org.hibernate.orm:hibernate-core from 6.6.34.Final to 6.6.36.Final #18193
  • Bump org.hibernate.orm:hibernate-core from 6.6.36.Final to 6.6.38.Final #18241
  • Bump org.hibernate.orm:hibernate-core from 6.6.38.Final to 6.6.39.Final #18308
  • Bump org.hibernate.orm:hibernate-core from 6.6.39.Final to 6.6.40.Final #18351
  • Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final #18524
  • Bump org.hibernate.orm:hibernate-core from 6.6.41.Final to 6.6.42.Final #18632
  • Bump org.springframework.data:spring-data-bom from 2024.1.12 to 2024.1.13 #18320

... (truncated)

Commits
  • 0fab34f Release 6.5.8
  • 08e5b37 Bump io.projectreactor:reactor-bom from 2024.0.14 to 2024.0.15
  • f9c32af Bump org.springframework:spring-framework-bom from 6.2.15 to 6.2.16
  • 3d61276 Bump io.spring.gradle:spring-security-release-plugin
  • 10cb6f7 Update spring-security-release-tools 1.0.14
  • 3131642 Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4
  • 552d8d1 Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29
  • f240f29 Bump gradle-wrapper from 8.14 to 8.14.4
  • 1efacf1 Remove unnecessary Gradle wrapper from buildSrc
  • fa7c6ea Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump org.springframework.security:spring-security-bom
c05fef2 
Bumps [org.springframework.security:spring-security-bom](https://github.com/spring-projects/spring-security) from 6.5.7 to 6.5.8.
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.5.7...6.5.8)

---
updated-dependencies:
- dependency-name: org.springframework.security:spring-security-bom
  dependency-version: 6.5.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the type: dependency-upgrade A dependency upgrade label Feb 16, 2026
@github-actions github-actions bot added this to the 3.5.5 milestone Feb 16, 2026
@spring-builds spring-builds enabled auto-merge (rebase) February 16, 2026 03:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type: dependency-upgrade A dependency upgrade

Projects

None yet

Milestone

3.5.5

Development

Successfully merging this pull request may close these issues.

0 participants