6.3.0-M1

⭐ New Features

• Add a factory method for RoleHierarchyImpl #13788
• Add documentation for CachingUserDetailsService #14263
• Add Max Session to WebFlux #6192
• Add Not Support #14236
• Add order offset to @EnableMethodSecurity #14052
• Add RoleHierarchyBuilder #14196
• Added support for the CAS gateway feature #14193
• Configuration examples in docs are out of date #14393
• Document that Shibboleth Repository is Required for SAML Support #14296
• Integrate HandlerMappingIntrospector Caching #14333
• Max Sessions on WebFlux #13752
• Serializable objects should be deserializable between minor versions #3737
• Update messages_ca.properties #14241
• Update messages_es_ES.properties #14293

🪲 Bug Fixes

• HandlerMappingIntrospectorRequestTransformer is registered twice in AOT #14368
• OAuth2AuthorizationExchange is not serializable #14406
• Add missing method call in docs #14262
• Application context fails to load: Couldn't find FilterChainProxy #14381
• Fix typo in Authorize HTTP Requests' Doc Page #14334
• Missing native-image reflection hint for HandlerMappingIntrospectorCachFilterFactoryBean #14378
• There is a typo in the JavaDoc for the hasPermission method in the SecurityExpressionOperations class #14268

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #14300
• Bump actions/setup-java from 3 to 4 #14314
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14326
• Bump io-spring-javaformat from 0.0.40 to 0.0.41 #14442
• Bump io.micrometer:micrometer-observation from 1.12.0 to 1.12.1 #14283
• Bump io.micrometer:micrometer-observation from 1.12.1 to 1.12.2 #14427
• Bump io.mockk:mockk from 1.13.8 to 1.13.9 #14414
• Bump io.projectreactor:reactor-bom from 2023.0.0 to 2023.0.1 #14292
• Bump io.projectreactor:reactor-bom from 2023.0.1 to 2023.0.2 #14426
• Bump org-aspectj from 1.9.20.1 to 1.9.21 #14273
• Bump org-eclipse-jetty from 11.0.18 to 11.0.19 #14353
• Bump org.apereo.cas.client:cas-client-core from 4.0.3 to 4.0.4 #14441
• Bump org.jetbrains.kotlin:kotlin-bom from 1.9.21 to 1.9.22 #14365
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.21 to 1.9.22 #14366
• Bump org.slf4j:slf4j-api from 2.0.10 to 2.0.11 #14420
• Bump org.slf4j:slf4j-api from 2.0.9 to 2.0.10 #14388
• Bump org.springframework.data:spring-data-bom from 2023.1.0 to 2023.1.1 #14342
• Bump org.springframework.data:spring-data-bom from 2023.1.1 to 2023.1.2 #14456
• Bump org.springframework.ldap:spring-ldap-core from 3.2.0 to 3.2.1 #14336
• Bump org.springframework:spring-framework-bom from 6.1.1 to 6.1.2 #14311
• Bump org.springframework:spring-framework-bom from 6.1.2 to 6.1.3 #14457
• Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0 #14304
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14309
• Bump spring-io/spring-gradle-build-action from 1 to 2 #14306

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @aaguilera
• @ykardziyaka
• @leleuj
• @Junhyunny
• @jzheaux
• @making
• @FdHerrera
• @marcusdacoregio

6.2.1

⭐ New Features

• docs: make XML and Java/Kotlin consistent with AspectJExpressionPointcut #14219
• Document that Shibboleth Repository is Required for SAML Support #14295
• Integrate HandlerMappingIntrospector Caching #14332
• OAuth2 Resource Server is exposing server information. #14278

🪲 Bug Fixes

• Update Java Config Spring MVC documentation #14234
• add missing [tabs] fix typo in docs #14208
• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #14267
• Correct What's New in 6.2 reference to forServletPattern #14200
• Fix typo in getClaimAsMap docstring #14183
• Fix typo in the 'Authorizing Requests' example #14169
• fix wrong document about "jws-algorithms" #14280
• Improve error message when ServletRegistration API is unavailable #14232
• Update Javadoc Comments in AuthorizationEvent Class #14175
• Fix typo in architecture.adoc #14254
• Fixing link in authentication/architecture.adoc #13593

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #14323
• Bump actions/setup-java from 3 to 4 #14320
• Bump ch.qos.logback:logback-classic from 1.4.11 to 1.4.13 #14213
• Bump ch.qos.logback:logback-classic from 1.4.13 to 1.4.14 #14239
• Bump com.unboundid:unboundid-ldapsdk from 6.0.10 to 6.0.11 #14223
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14328
• Bump Gradle Wrapper from 8.4 to 8.5 #14222
• Bump io.micrometer:micrometer-observation from 1.12.0 to 1.12.1 #14284
• Bump io.projectreactor:reactor-bom from 2023.0.0 to 2023.0.1 #14289
• Bump org-apache-maven-resolver from 1.9.16 to 1.9.17 #14184
• Bump org-apache-maven-resolver from 1.9.17 to 1.9.18 #14197
• Bump org-aspectj from 1.9.20.1 to 1.9.21 #14271
• Bump org.apache.maven:maven-resolver-provider from 3.9.5 to 3.9.6 #14228
• Bump org.hibernate.orm:hibernate-core from 6.3.1.Final to 6.3.2.Final #14190
• Bump org.jetbrains.kotlin:kotlin-bom from 1.9.20 to 1.9.21 #14192
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.20 to 1.9.21 #14191
• Bump org.springframework.data:spring-data-bom from 2023.1.0 to 2023.1.1 #14341
• Bump org.springframework.ldap:spring-ldap-core from 3.2.0 to 3.2.1 #14335
• Bump org.springframework:spring-framework-bom from 6.1.0 to 6.1.1 #14189
• Bump org.springframework:spring-framework-bom from 6.1.1 to 6.1.2 #14319
• Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0 #14318
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14322
• Bump spring-io/spring-gradle-build-action from 1 to 2 #14321

❤️ Contributors

Thank you to all the contributors who worked on this release:

@ParkerM, @YangSiJun528, @aaron-to-go, @ahmd-nabil, @andreilisa, @dependabot[bot], @limvik, and @prufrock

6.1.6

⭐ New Features

• Document that Shibboleth Repository is Required for SAML Support #14294
• Integrate HandlerMappingIntrospector Caching #14128
• OAuth2 Resource Server is exposing server information. #14277
• Resolve RequestMatcher at request-time #14085

🪲 Bug Fixes

• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #14266
• Authentication not propagated correctly after migrating to SB3 #14111
• Authorization does not show up on Features section #14104
• DefaultLoginPageGeneratingFilter should be able to handle AuthenticationExceptions without message #14117
• Fix broken link for servlet getting started page #14119
• Fix typo in method-security.adoc #14059
• fix wrong document about "jws-algorithms" #14279
• Improve error message when ServletRegistration API is unavailable #14231
• improve render in headers.adoc #14101
• On Cancel, ObservationWebFilterDecorator Starts After-Filter Span without Stopping It #14063
• ReactiveRemoteJWKSource caches invalid response status into jwkSetURL #14041
• References to WebFlux docs do not link to them #14107
• relay_state should not be included in signing calculation when it is null #14038
• samesite set by Tomcat CookieProcessor ignored when creating XSRF-TOKEN cookie in CsrfTokenRepository #14131
• Security configuration is failed to be initialized in a Servlet 6.0 container #14165
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #14114
• Spring Security metric names should not contain dashes #14066
• spring.security counters inaccurate due onComplete and cancel() #14146
• Update Java Config Spring MVC documentation #14233
• Update logout.adoc: Replace Directives with Directive #14062

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #14310
• Bump actions/setup-java from 3 to 4 #14327
• Bump ch.qos.logback:logback-classic from 1.4.11 to 1.4.13 #14214
• Bump ch.qos.logback:logback-classic from 1.4.13 to 1.4.14 #14238
• Bump com.unboundid:unboundid-ldapsdk from 6.0.10 to 6.0.11 #14224
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14317
• Bump Gradle Wrapper from 8.4 to 8.5 #14218
• Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14158
• Bump io.micrometer:micrometer-observation from 1.10.12 to 1.10.13 #14134
• Bump io.projectreactor:reactor-bom from 2022.0.12 to 2022.0.13 #14144
• Bump io.projectreactor:reactor-bom from 2022.0.13 to 2022.0.14 #14288
• Bump org-aspectj from 1.9.20.1 to 1.9.21 #14272
• Bump org-eclipse-jetty from 11.0.17 to 11.0.18 #14081
• Bump org.springframework.data:spring-data-bom from 2022.0.11 to 2022.0.12 #14173
• Bump org.springframework:spring-framework-bom from 6.0.13 to 6.0.14 #14159
• Bump org.springframework:spring-framework-bom from 6.0.14 to 6.0.15 #14312
• Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0 #14315
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14316
• Bump spring-io/spring-gradle-build-action from 1 to 2 #14305

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Ruffeng, @dependabot[bot], @github-actions[bot], @marbon87, and @sadidshaikh

5.8.9

⭐ New Features

• Document that Shibboleth Repository is Required for SAML Support #14286
• OAuth2 Resource Server is exposing server information. #13730
• Resolve RequestMatcher at request-time #14078
• Update Java Config Spring MVC documentation #14220

🪲 Bug Fixes

• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #13625
• Authentication not propagated correctly after migrating to SB3 #12877
• Authorization does not show up on Features section #14099
• Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #13718
• Fix caching error state in ReactiveRemoteJWKSource #13976
• fix wrong document about "jws-algorithms" #14252
• Improve error message when ServletRegistration API is unavailable #14221
• References to WebFlux docs do not link to them #14100
• relay_state should not be included in signing calculation when it is null #13913
• Security configuration is failed to be initialized in a Servlet 6.0 container #13794
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #13644
• X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #11948
• XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #12483

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #14313
• Bump actions/setup-java from 3 to 4 #14307
• Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 #14240
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14301
• Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14153
• Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 #14143
• Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 #14290
• Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 #14142
• Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 #14291
• Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 #14170
• Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 #14154
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14303
• Bump spring-io/spring-gradle-build-action from 1 to 2 #14308

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @dongelci
• @dependabot[bot]

6.2.0

⭐ New Features

• AuthorizationManager[Before/After]ReactiveMethodInterceptor doesn't support Kotlin coroutines #12080
• Simplify configuration of OAuth2 Client component model #11783

🪲 Bug Fixes

• On Cancel, ObservationWebFilterDecorator Starts After-Filter Span without Stopping It #14064
• Authentication not propagated correctly after migrating to SB3 #14112
• Authorization does not show up on Features section #14105
• Fix obsolete comment and typos #14060
• Fix typo in documentation #14130
• improve render in headers.adoc #14102
• ReactiveRemoteJWKSource caches invalid response status into jwkSetURL #14042
• References to WebFlux docs do not link to them #14108
• relay_state should not be included in signing calculation when it is null #14039
• samesite set by Tomcat CookieProcessor ignored when creating XSRF-TOKEN cookie in CsrfTokenRepository #14138
• Security configuration is failed to be initialized in a Servlet 6.0 container #14166
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #14115
• Spring Security metric names should not contain dashes #14067
• spring.security counters inaccurate due onComplete and cancel() #14147
• The latest "OAuth2AuthorizedClientManager" class is not AOT ready #14094
• UnboundIdContainer should be marked as not running at shutdown #14095

🔨 Dependency Upgrades

• Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14156
• Bump io.micrometer:micrometer-observation from 1.12.0-RC1 to 1.12.0 #14135
• Bump io.projectreactor:reactor-bom from 2023.0.0-RC1 to 2023.0.0 #14145
• Bump org.junit:junit-bom from 5.10.0 to 5.10.1 #14097
• Bump org.springframework.data:spring-data-bom from 2023.1.0-RC1 to 2023.1.0 #14172
• Bump org.springframework.ldap:spring-ldap-core from 3.2.0-RC1 to 3.2.0 #14155
• Bump org.springframework:spring-framework-bom from 6.1.0-RC1 to 6.1.0-RC2 #14055
• Bump org.springframework:spring-framework-bom from 6.1.0-RC2 to 6.1.0 #14157

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @nico-ortiz
• @dependabot[bot]
• @martin-lukas

6.2.0-RC2

⭐ New Features

• Propagate security context via channel interceptor #12532
• RequestedUrlRedirectInvalidSessionStrategy can cause the HTTP method to change depending on the user agent #12797
• RequestedUrlRedirectInvalidSessionStrategy doesn't take servlet context path into account #12795

🪲 Bug Fixes

• Added a note about the fact that if the CSRF protection is disabled in configuration, no logout confirmation page is shown to the user and the logout is performed directly. #13442
• Use same case for all fields in toString #13917

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @abramofranchetti
• @artembilan
• @valery1707

6.2.0-RC1

⭐ New Features

• Add servletPath support to AuthorizeHttpRequests #13857
• Allow AuthenticationConverter to be settable in BasicAuthenticationFilter #13989
• Dependabot should consider minor versions for org.springframework* on main #14029
• Document how to publish an AuthenticationManager @Bean without WebSecurityConfigurerAdapter #14016
• Update doc references for forwarded headers support #13880
• Use Gradle's Version Catalog #13872

🪲 Bug Fixes

• Breaking change in AuthorizeHttpRequestsConfigurer #14012
• Dependency convergence failed: nimbus-jose-jwt #13972
• Fix snapshot_tests on CI workflow #13879
• Fix parsing of GET SAML logout requests #14024
• Saml-Metadata with special characters is corrupted #13862
• Saml2LogoutRequestMixin relayState property should be binding #13943
• Update http.adoc: IP number does not follow IP number format #13969

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.15.2 to 2.15.3 #14005
• Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 #13983
• Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 #13929
• Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 #13962
• Bump com.gradle.enterprise from 3.12.3 to 3.12.6 #13960
• Bump com.unboundid:unboundid-ldapsdk from 6.0.9 to 6.0.10 #13932
• Bump Gradle Wrapper from 8.3 to 8.4 #13975
• Bump io.freefair.gradle:aspectj-plugin from 6.6-rc1 to 6.6.3 #13933
• Bump io.mockk:mockk from 1.13.7 to 1.13.8 #13902
• Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 #13931
• Bump org-apache-maven-resolver from 1.9.15 to 1.9.16 #13894
• Bump org-eclipse-jetty from 11.0.16 to 11.0.17 #14002
• Bump org.apache.maven:maven-resolver-provider from 3.9.4 to 3.9.5 #13963
• Bump org.hibernate.orm:hibernate-core from 6.3.0.CR1 to 6.3.1.Final #13905
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 #13964
• Update io.micrometer:micrometer-observation to 1.12.0-RC1 #14027
• Update io.projectreactor:reactor-bom to 2023.0.0-RC1 #14028
• Update org.springframework.data:spring-data-bom to 2023.1.0-RC1 #14025
• Update org.springframework.ldap:spring-ldap-core to 3.2.0-RC1 #14026
• Update org.springframework:spring-framework-bom to 6.1.0-RC1 #14023
• Update to io.freefair.aspectj 8.4 #14017
• Update to org.apereo.cas.client:cas-client-core 4.0.3 #13948

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @larsgrefer
• @ParkerM
• @jzheaux
• @mmoayyed
• @GeniusDP
• @github-actions[bot]
• @dependabot[bot]

6.1.5

⭐ New Features

• Document how to publish an AuthenticationManager @Bean without WebSecurityConfigurerAdapter #14015
• Replace deprecated method #13649
• Use Gradle's Version Catalog #13871

🪲 Bug Fixes

• Dependency convergence failed: nimbus-jose-jwt #13843
• Docs custom AuthorizationManager fix #13991
• Fix snapshot_tests on CI workflow #13878
• Fix parsing of GET SAML logout requests #13970
• Saml-Metadata with special characters is corrupted #13861
• Saml2LogoutRequestMixin relayState property should be binding #13942

🔨 Dependency Upgrades

• Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 #13984
• Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 #13891
• Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 #13950
• Bump com.gradle.enterprise from 3.12.3 to 3.12.6 #13934
• Bump com.unboundid:unboundid-ldapsdk from 6.0.9 to 6.0.10 #13903
• Bump Gradle Wrapper from 8.3 to 8.4 #13974
• Bump io.freefair.gradle:aspectj-plugin from 6.6-rc1 to 6.6.3 #13935
• Bump io.micrometer:micrometer-observation from 1.10.10 to 1.10.11 #13945
• Bump io.micrometer:micrometer-observation from 1.10.11 to 1.10.12 #14001
• Bump io.mockk:mockk from 1.13.7 to 1.13.8 #13952
• Bump io.projectreactor:reactor-bom from 2022.0.10 to 2022.0.11 #13937
• Bump io.projectreactor:reactor-bom from 2022.0.11 to 2022.0.12 #14000
• Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 #13985
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.0 to 4.0.1 #13949
• Bump org-aspectj from 1.9.20 to 1.9.20.1 #13896
• Bump org-eclipse-jetty from 11.0.15 to 11.0.16 #13901
• Bump org-eclipse-jetty from 11.0.16 to 11.0.17 #13999
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 #13953
• Bump org.slf4j:slf4j-api from 2.0.7 to 2.0.9 #13938
• Bump org.springframework.data:spring-data-bom from 2022.0.10 to 2022.0.11 #14019
• Bump org.springframework.data:spring-data-bom from 2022.0.9 to 2022.0.10 #13951
• Bump org.springframework.ldap:spring-ldap-core from 3.0.5 to 3.0.6 #14007
• Bump org.springframework:spring-framework-bom from 6.0.11 to 6.0.12 #13904
• Bump org.springframework:spring-framework-bom from 6.0.12 to 6.0.13 #14006
• Update to org.apereo.cas.client:cas-client-core 4.0.3 #13947

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @Dyndyn
• @limvik
• @github-actions[bot]
• @dependabot[bot]
• @pbborisov18

6.0.8

⭐ New Features

• Document how to publish an AuthenticationManager @Bean without WebSecurityConfigurerAdapter #14014
• Use Gradle's Version Catalog #13870

🪲 Bug Fixes

• Fix snapshot_tests on CI workflow #13877
• Saml-Metadata with special characters is corrupted #13860
• Saml2LogoutRequestMixin relayState property should be binding #13939

🔨 Dependency Upgrades

• Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 #13981
• Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 #13886
• Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 #13898
• Bump com.gradle.enterprise from 3.11.1 to 3.11.4 #13957
• Bump com.unboundid:unboundid-ldapsdk from 6.0.9 to 6.0.10 #13895
• Bump Gradle Wrapper from 8.3 to 8.4 #13973
• Bump io.freefair.gradle:aspectj-plugin from 6.6-rc1 to 6.6.3 #13980
• Bump io.micrometer:micrometer-observation from 1.10.10 to 1.10.11 #13921
• Bump io.micrometer:micrometer-observation from 1.10.11 to 1.10.12 #13995
• Bump io.projectreactor.netty:reactor-netty from 1.1.10 to 1.1.11 #13958
• Bump io.projectreactor.netty:reactor-netty from 1.1.11 to 1.1.12 #13994
• Bump io.projectreactor:reactor-bom from 2022.0.10 to 2022.0.12 #13992
• Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 #13919
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.0 to 4.0.1 #13906
• Bump org-aspectj from 1.9.20 to 1.9.20.1 #13979
• Bump org-eclipse-jetty from 11.0.15 to 11.0.16 #13922
• Bump org-eclipse-jetty from 11.0.16 to 11.0.17 #13993
• Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.17.2 #13923
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 #13955
• Bump org.slf4j:slf4j-api from 2.0.7 to 2.0.9 #13920
• Bump org.springframework.data:spring-data-bom from 2022.0.10 to 2022.0.11 #14020
• Bump org.springframework.data:spring-data-bom from 2022.0.9 to 2022.0.10 #13892
• Bump org.springframework.ldap:spring-ldap-core from 3.0.5 to 3.0.6 #14009
• Bump org.springframework:spring-framework-bom from 6.0.11 to 6.0.12 #13978
• Bump org.springframework:spring-framework-bom from 6.0.12 to 6.0.13 #14008

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @github-actions[bot]
• @dependabot[bot]

5.8.8

⭐ New Features

• Document how to publish an AuthenticationManager @Bean without WebSecurityConfigurerAdapter #11926
• Use Gradle's Version Catalog #13868

🪲 Bug Fixes

• Fix snapshot_tests on CI workflow #13876
• fix corrupted saml2 metadata once special characters are present #13777
• Saml-Metadata with special characters is corrupted #13776
• Saml2LogoutRequestMixin relayState property should be binding #12539

🔨 Dependency Upgrades

• Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 #13982
• Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 #13927
• Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 #13890
• Bump com.gradle.enterprise from 3.11.1 to 3.11.4 #13928
• Bump io.projectreactor.netty:reactor-netty from 1.0.35 to 1.0.36 #13885
• Bump io.projectreactor.netty:reactor-netty from 1.0.36 to 1.0.38 #13998
• Bump io.projectreactor:reactor-bom from 2020.0.35 to 2020.0.36 #13944
• Bump io.projectreactor:reactor-bom from 2020.0.36 to 2020.0.37 #13997
• Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 #13925
• Bump org-aspectj from 1.9.20 to 1.9.20.1 #13893
• Bump org-eclipse-jetty from 9.4.51.v20230217 to 9.4.52.v20230823 #13909
• Bump org-eclipse-jetty from 9.4.52.v20230823 to 9.4.53.v20231009 #13996
• Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.17.2 #13926
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 #13954
• Bump org.springframework.data:spring-data-bom from 2021.2.15 to 2021.2.16 #13907
• Bump org.springframework.data:spring-data-bom from 2021.2.16 to 2021.2.17 #14018
• Bump org.springframework:spring-framework-bom from 5.3.29 to 5.3.30 #13908

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @JannickWeisshaupt
• @erichaagdev
• @dependabot[bot]