Releases: spring-projects/spring-security
Releases Β· spring-projects/spring-security
6.2.0-M3
β New Features
- Adopt dedicated AssertJ assertions for more expressive test failure messages #13619
- Automate spring-security.xsd #13826
- Correct mentioned HTTP Method in Documentation #13751
- Fix grammar on logout page of the docs #13750
- Fix untitled page title in documentation #13575
- Improve StrictHttpFirewall error messaging #13615
- Improve StrictHttpFirewall error messaging #13614
- Replace wildcard type ? with * in Kotlin and fix typo in Spring docs #13719
- Support nested suspend calls for Kotlin coroutines #13766
- Update OAuth2 docs landing page with examples #13784
- Add OIDC Back-channel Logout Support #7845
πͺ² Bug Fixes
- CookieCsrfTokenRepository resets httpOnly to true in case a cookieCustomizer is set #13748
- CookieRequestCache ignores user Locale #13797
- Default Security Configuration adds WWW-Authenticate Twice #13760
- OAuth2AuthenticationExceptionMixin doesn't work in JDK 17 #13802
- Problem uploading multipart file after migrating to latest Spring Security. #13821
- Saml2AuthenticationExceptionMixin doesn't work in JDK 17 #13807
- Spring ACL and native compilation fail to process datasource properties #13815
π¨ Dependency Upgrades
- Update io.projectreactor to 2023.0.0-M3 #13829
- Update jakarta.xml.bind-api to 4.0.1 #13831
- Update micrometer-observation to 1.12.0-M3 #13828
- Update org.aspectj to 1.9.20.1 #13832
- Update org.eclipse.jetty to 11.0.16 #13833
- Update org.jetbrains.kotlin to 1.9.10 #13835
- Update org.springframework to 6.1.0-M5 #13837
- Update org.springframework.data to 2023.1.0-M3 #13838
- Update reactor-netty to 1.1.11 #13830
- Update slf4j-api to 2.0.9 #13836
- Update Spring Framework to 6.1.0-SNAPSHOT #13765
- Update spring-ldap-core to 3.2.0-M3 #13839
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
6.1.4
β New Features
- Automate spring-security.xsd #13825
πͺ² Bug Fixes
- CookieCsrfTokenRepository resets httpOnly to true in case a cookieCustomizer is set #13659
- CookieRequestCache ignores user Locale #13796
- Default Security Configuration adds WWW-Authenticate Twice #13759
- Fix inaccurate information about permitting the FORWARD dispatcher in Kotlin #13729
- OAuth2AuthenticationExceptionMixin doesn't work in JDK 17 #13800
- Problem uploading multipart file after migrating to latest Spring Security. #13820
- Saml2AuthenticationExceptionMixin doesn't work in JDK 17 #13806
- Spring ACL and native compilation fail to process datasource properties #13814
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
6.0.7
β New Features
- Automate spring-security.xsd #13824
πͺ² Bug Fixes
- CookieRequestCache ignores user Locale #13795
- Default Security Configuration adds WWW-Authenticate Twice #13758
- OAuth2AuthenticationExceptionMixin doesn't work in JDK 17 #13799
- Problem uploading multipart file after migrating to latest Spring Security. #13731
- Resolve The matchingRequestParameterName From The Query String #13817
- Saml2AuthenticationExceptionMixin doesn't work in JDK 17 #13805
- Spring ACL and native compilation fail to process datasource properties #12653
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
5.8.7
5.7.11
6.2.0-M2
β New Features
- Add MvcRequestMatcher reference documentation #13727
- Adds integrity attribute for bootstrap signin.css #13608
- Allow JWT issuer AuthenticationManagerResolvers to accept predicate issuer validator #13428
- Default RequestMatchers for Saml2WebSsoAuthenticationFilter and OpenSamlAuthenticationTokenConverter should align #13653
- Fix method typo in Gh3409Tests (gh-3409) #13402
- Fix minor typo in docs #13304
- Fix typo: you're -> your #13430
- Fixing ArrayIndexOutOfBoundsException in XorCsrfTokenRequestAttribute⦠#13550
- Include information about -parameters flag in 6.2 upgrade notes #13552
- Polishing #13470
- requestMatchers servlet validation error should include information about servlet paths #13723
- requestMatchers should not count servlets without mappings #13725
- Return content-type from saved request #13440
- Return statement of the roleHierarchy method is omitted in the Reference #13636
- Simplify configuration of OAuth2 Client component model #13587
πͺ² Bug Fixes
- Fix typo in docs #13638
- Referrer Header is set in Reactive Web Applications by default, although doc says it is not. #13591
- RequestMatcherMetadataResponseResolver only shows last RelyingPartyRegistration #13701
- saml2Login should not override OpenSaml4AuthenticationProvider bean #13656
- The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered #13581
- Update links in adocs #13634
π¨ Dependency Upgrades
- Update hibernate-core to 6.3.0.CR1 #13691
- Update io.projectreactor to 2023.0.0-M2 #13686
- Update junit-bom to 5.10.0 #13694
- Update junit-platform-launcher to 1.10.0 #13696
- Update logback-classic to 1.4.11 #13683
- Update maven-resolver-provider to 3.9.4 #13688
- Update micrometer-observation to 1.12.0-M2 #13684
- Update mockk to 1.13.7 #13685
- Update org.apache.maven.resolver to 1.9.15 #13689
- Update org.aspectj to 1.9.20 #13690
- Update org.jetbrains.kotlinx to 1.7.3 #13693
- Update org.junit.jupiter to 5.10.0 #13695
- Update org.springframework to 6.1.0-M4 #13697
- Update org.springframework.data to 2023.1.0-M2 #13698
- Update reactor-netty to 1.1.10 #13687
- Update spring-ldap-core to 3.2.0-M2 #13699
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
6.1.3
β New Features
- Add MvcRequestMatcher reference documentation #13726
- Refactor for readability #13472
- requestMatchers servlet validation error should include information about servlet paths #13722
- requestMatchers should not count servlets without mappings #13724
πͺ² Bug Fixes
- Add return statement of the roleHierachy method in the servlet/author⦠#13596
- Fix typo in docs #13637
- Referrer Header is set in Reactive Web Applications by default, although doc says it is not. #13590
- RequestMatcherMetadataResponseResolver only shows last RelyingPartyRegistration #13700
- saml2Login should not override OpenSaml4AuthenticationProvider bean #13655
- The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered #13580
- Update links in adocs #13632
π¨ Dependency Upgrades
- Update io.projectreactor to 2022.0.10 #13674
- Update logback-classic to 1.4.11 #13669
- Update micrometer-observation to 1.10.10 #13672
- Update mockk to 1.13.7 #13673
- Update org.aspectj to 1.9.20 #13676
- Update org.springframework.data to 2022.0.9 #13677
- Update reactor-netty to 1.1.10 #13675
- Update spring-ldap-core to 3.0.5 #13678
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
6.0.6
β New Features
- requestMatchers servlet validation error should include information about servlet paths #13721
- requestMatchers should not count servlets without mappings #13720
πͺ² Bug Fixes
- Doc : typo in Custom DSLs section #13325
- Fix typo in docs #13605
- Referrer Header is set in Reactive Web Applications by default, although doc says it is not. #13589
- saml2Login should not override OpenSaml4AuthenticationProvider bean #13654
- The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered #13579
- Update links in adocs #13565
π¨ Dependency Upgrades
- Update io.projectreactor to 2022.0.10 #13710
- Update logback-classic to 1.4.11 #13707
- Update micrometer-observation to 1.10.10 #13708
- Update mockk to 1.13.7 #13709
- Update org.aspectj to 1.9.20 #13712
- Update org.springframework.data to 2022.0.9 #13713
- Update reactor-netty to 1.1.10 #13711
- Update spring-ldap-core to 3.0.5 #13714
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
5.8.6
β New Features
- Closes #11450 - Add Java beans configuration for Remmember Me Docs #13570
- Dependencies are resolved from appropriate repositories #13582
- requestMatchers servlet validation error should include information about servlet paths #13667
- requestMatchers should not count servlets without mappings #13666
πͺ² Bug Fixes
- Fix Bearer Token RestTemplate Support example #13434
- Referrer Header is set in Reactive Web Applications by default, although doc says it is not. #13561
- The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered #13572
π¨ Dependency Upgrades
- Update io.projectreactor to 2020.0.35 #13702
- Update org.aspectj to 1.9.20 #13704
- Update org.springframework.data to 2021.2.15 #13705
- Update reactor-netty to 1.0.35 #13703
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
6.2.0-M1
β New Features
- Add meta-annotation support for EnableMethodSecurity #13120
- Add with() method to apply SecurityConfigurerAdapter #13432
- Assert is missing object. It was useless before Spring Framework 6.1 and will not compile on 6.1 #13412
- authorizeHttpRequests should consider GrantedAuthorityDefaults #13215
- Automatically enable .cors() if CorsConfigurationSource bean is present #5011
- Change TestingAuthenticationToken to Accept Collection GrantedAuthorities #12953
- Create NoOpAccessDeniedHandler #13109
- Create NoOpAuthenticationEntryPoint #13107
- Deprecate AbstractConfiguredSecurityBuilder#apply that returns SecurityConfigurerAdapter #13436
- Make class
OidcClientInitiatedLogoutSuccessHandlerextensible #13007 - Optimize Querying of RequestCache -> continue parameter #13489
- Optimize Querying of RequestCache -> continue parameter #13483
- Prepare for Spring Security 6.2 #13416
- Remove LazyCsrfTokenRepository usage #13202
- Replace deprecated methods #13307
- Simplify RequestMatcherDelegatingAuthorizationManager.Builder matcher registration #13110
- Use SecurityContextHolderStrategy in CasAuthenticationFilter #13418
- Using modern Java features #12569
πͺ² Bug Fixes
- Docs link leads to wrong section on What's New #13492
- Error message should show underlying Client Authentication method #13499
- Javadoc for AuthorizationFilter#filterErrorDispatch is wrong #13466
- once-per-request="true" does not work in XML configuration #13495
- Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration #13422
- Unable to Use
hasIpAddress()Method After Migrating toauthorizeHttpRequests()in Spring Security 6 #13479 - Usage of deprecated function in JWT documentation #13501
- Use default PathPatternParser instance #13475
π¨ Dependency Upgrades
- Update aspectj-plugin to 6.6.3 #13531
- Update hibernate-core to 6.2.6.Final #13538
- Update htmlunit to 2.70.0 #13535
- Update htmlunit-driver to 2.70.0 #13543
- Update io.projectreactor to 2023.0.0-M1 #13533
- Update jackson-bom to 2.15.2 #13530
- Update jakarta.websocket to 2.1.1 #13534
- Update junit-bom to 5.10.0-RC1 #13541
- Update maven-resolver-provider to 3.9.3 #13536
- Update micrometer-observation to 1.12.0-M1 #13532
- Update org.apache.maven.resolver to 1.9.13 #13537
- Update org.jetbrains.kotlin to 1.9.0 #13539
- Update org.jetbrains.kotlinx to 1.7.2 #13540
- Update org.mockito to 4.11.0 #13542
- Update org.springframework to 6.1.0-M2 #13544
- Update org.springframework.data to 2022.0.8 #13529
- Update org.springframework.data to 2022.0.8 #13523
- Update spring-ldap-core to 3.2.0-M1 #13545
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!