upgrade spring-security version to 5.4.6 (#502)

* bump the spring security version fixes spring-projects/spring-security#4001

* bump library version

* reorganize parent pom to resolve spring-security BOM with higher precedence

Author: liga-oz

CHANGELOG.md

@@ -1,6 +1,9 @@
 # Change Log
 All notable changes to this project will be documented in this file.
-
+## 2.8.11 and 0.1.5 [BETA]
+- The following dependencies were updated:
+    - spring.security.version 5.4.5 --> 5.4.6
+    
 ## 2.8.10 and 0.1.4 [BETA]
 - [spring-xsuaa] introduced spring properties for IAS -> Xsuaa token exchange activation, as described [here](/spring-xsuaa/README.md#ias-to-xsuaa-token-exchange)
 - [java-security-test] uses jetty BoM to fix CVE-2021-28164 and CVE-2021-28165.

api/README.md

@@ -5,6 +5,6 @@
 <dependency>
     <groupId>com.sap.cloud.security.xsuaa</groupId>
     <artifactId>api</artifactId>
-    <version>2.8.10</version>
+    <version>2.8.11</version>
 </dependency>
 ```

api/pom.xml

@@ -8,7 +8,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>2.8.10</version>
+		<version>2.8.11</version>
 	</parent>
 
 	<packaging>jar</packaging>

java-api/README.md

@@ -5,6 +5,6 @@
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>java-api</artifactId>
-    <version>2.8.10</version>
+    <version>2.8.11</version>
 </dependency>
 ```

java-api/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>2.8.10</version>
+		<version>2.8.11</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>

java-security-it/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <artifactId>parent</artifactId>
         <groupId>com.sap.cloud.security.xsuaa</groupId>
-        <version>2.8.10</version>
+        <version>2.8.11</version>
     </parent>
 
     <artifactId>java-security-it</artifactId>

java-security-test/README.md

@@ -22,7 +22,7 @@ It includes for example a `JwtGenerator` that generates JSON Web Tokens (JWT) th
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>java-security-test</artifactId>
-    <version>2.8.10</version>
+    <version>2.8.11</version>
     <scope>test</scope>
 </dependency>
 ```

java-security-test/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>2.8.10</version>
+		<version>2.8.11</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>

java-security/Migration_SpringSecurityProjects.md

@@ -37,19 +37,19 @@ First make sure you have the following dependencies defined in your pom.xml:
 <dependency>
   <groupId>com.sap.cloud.security.xsuaa</groupId>
   <artifactId>api</artifactId>
-  <version>2.8.10</version>
+  <version>2.8.11</version>
 </dependency>
 <dependency>
   <groupId>com.sap.cloud.security</groupId>
   <artifactId>java-security</artifactId>
-  <version>2.8.10</version>
+  <version>2.8.11</version>
 </dependency>
 
 <!-- new java-security dependencies for unit tests -->
 <dependency>
   <groupId>com.sap.cloud.security</groupId>
   <artifactId>java-security-test</artifactId>
-  <version>2.8.10</version>
+  <version>2.8.11</version>
   <scope>test</scope>
 </dependency>
 ```

java-security/README.md

@@ -46,7 +46,7 @@ In case of XSUAA does the JWT provide a valid `jku` token header parameter that
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>java-security</artifactId>
-    <version>2.8.10</version>
+    <version>2.8.11</version>
 </dependency>
 <dependency>
     <groupId>org.apache.httpcomponents</groupId>