Update dependency org.springframework.security:spring-security-config to v5

[dev-mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
org.springframework.security:spring-security-config (source)	compile	major	4.0.2.RELEASE -> 5.0.0.RELEASE

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	Reachability	GitHub Issue
High	7.5	CVE-2016-5007		#76

---

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-config)

v5.0.0.RELEASE

Compare Source

v4.2.20.RELEASE

Compare Source

🔨 Dependency Upgrades

• Update to Spring LDAP 2.3.3 #​9274
• Update to GAE 1.9.83 #​9273
• Update to Spring Framework 4.3.30 #​9272

v4.2.19.RELEASE

Compare Source

🔨 Dependency Upgrades

• Update to Spring 4.3.28.RELEASE #​9103

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​rwinch

v4.2.18.RELEASE

Compare Source

⭐ New Features

• Document improvement for configure(WebSecurity web) and configure(HttpSecurity http) #​8859
• Use Github Actions PR pipeline and remove Travis for 4.2.x #​8720
• Use Github Actions PR pipeline in 4.2.x #​8715

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​elliedori

v4.2.17.RELEASE

Compare Source

⭐ New Features

• HTTP Host header attack #​8639

🪲 Bug Fixes

• Fix AntPathRequestMatcher Javadoc #​8530
• Document NoOpPasswordEncoder will not be removed #​8525
• Spring Security BOM 4.2.14.RELEASE is missing #​7975

v4.2.16.RELEASE

Compare Source

🪲 Bug Fixes

• Fix Javadoc punctuation #​8486
• Add ROLE_INFRASTRUCTURE to infrastructure beans #​8442
• SEC-2664: ActiveDirectoryLdapAuthenticationProvider should wrap communication exceptions in InternalAuthenticationServiceException #​8433
• Fix example in javadoc of FilterChainProxy #​8355

v4.2.15.RELEASE

Compare Source

⭐ New Features

• SwitchUserFilter vulnerable to CSRF #​8226
• Update Encryptors documentation for standard and stronger #​8219
• Typo 'properites' -> 'properties' in documentation #​8102

🪲 Bug Fixes

• HttpServletRequest.logout() not functioning #​8244
• Spring Security BOM 4.2.14.RELEASE is missing #​7975

🔨 Dependency Upgrades

• Update to jackson-databind:2.8.11.6 #​8273
• Update to appengine:1.9.79 #​8272
• Update to spring-io-plugin:0.0.8.RELEASE #​8271
• Update to nekohtml:1.9.22 #​8270
• Update to thymeleaf-layout-dialect:2.0.5 #​8269
• Update to httpclient:4.2.6 #​8268
• Update to taglibs-standard-jstlel:1.2.5 #​8267
• Update to Jetty 8.1.22.v20160922 #​8266
• Update to Tomcat 7.0.103 #​8265
• Update to asciidoctor-gradle-plugin:1.5.7 #​8264
• Update to Groovy 2.4.19 #​8263
• Update to spring-boot-gradle-plugin:1.5.22.RELEASE #​8262

v4.2.14.RELEASE

Compare Source

⭐ New Features

• Build 4.2.x on Jenkins #​7940
• Remove Dependency on Bamboo #​7939

🔨 Dependency Upgrades

• Update to Thymeleaf 3.0.11.RELEASE #​7948
• Update to Spring Boot 1.5.22.RELEASE #​7947
• Update to Spring Session 1.3.5.RELEASE #​7946
• Update to Spring Data Redis 1.8.23.RELEASE #​7945
• Update to Spring Data JPA 1.11.23.RELEASE #​7944
• Update to Spring Data Commons 1.13.23.RELEASE #​7943
• Update to CGLIB 3.2.12 #​7942
• Update to Spring Framework 4.3.26.RELEASE #​7941

v4.2.13.RELEASE

Compare Source

v4.2.12.RELEASE

Compare Source

v4.2.11.RELEASE

Compare Source

v4.2.10.RELEASE

Compare Source

v4.2.9.RELEASE

Compare Source

v4.2.8.RELEASE

Compare Source

v4.2.7.RELEASE

Compare Source

v4.2.6.RELEASE

Compare Source

v4.2.5.RELEASE

Compare Source

v4.2.4.RELEASE

Compare Source

v4.2.3.RELEASE

Compare Source

v4.2.2.RELEASE

Compare Source

v4.2.1.RELEASE

Compare Source

v4.2.0.RELEASE

Compare Source

v4.1.5.RELEASE

Compare Source

v4.1.4.RELEASE

Compare Source

v4.1.3.RELEASE

Compare Source

v4.1.2.RELEASE

Compare Source

v4.1.1.RELEASE

Compare Source

v4.1.0.RELEASE

Compare Source

v4.0.4.RELEASE

Compare Source

v4.0.3.RELEASE

Compare Source

---

• If you want to rebase/retry this PR, check this box