Releases: spring-projects/spring-security
Releases · spring-projects/spring-security
6.2.2
⭐ New Features
- Configuration examples in docs are out of date #14392
🪲 Bug Fixes
- "Span wasn't started - an observation must be started (not only created)" (Micrometer) due to observation handling in Spring Security Web? #14568
HandlerMappingIntrospectorRequestTransformeris registered twice in AOT #14367OAuth2AuthorizationExchangeis not serializable #14405WebTestUtilsTestRuntimeHintsshould implementRuntimeHintsRegistrar#14468- Application context fails to load: Couldn't find FilterChainProxy #14380
- Back-Channel Logout should use localhost for internal logout request #14553
- Cannot configure
SecurityContextRepositoryinCasAuthenticationFilter#14536 - Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #14348
- fix typo in anonymous.adoc #14424
- fix: typo in Authentication Architecture ProviderManager #14448
- Missing native-image reflection hint for
HandlerMappingIntrospectorCachFilterFactoryBean#14377 - Missing native-image reflection hint for CsrfTokenRequestAttributeHandler$SupplierCsrfToken #14470
- ReactiveMethodSecurityConfiguration is initialized prematurely when the context contains a BeanPostProcessor #14350
- SAML relying party logout filter is always ordered last #14551
- Spring Security 6.2 defaults to InMemoryOidcSessionRegistry causing memory leaks in distributed systems with external session storage #14558
- Test using
@WithMockUserfails with 401 UNAUTHORIZED with 3.2 #14207 - Typo: Update authorize-http-requests.adoc #14563
- Unexpected Exception Handling in NimbusReactiveJwtDecoder decode Method #14496
- X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #14346
🔨 Dependency Upgrades
- Bump com.fasterxml.jackson:jackson-bom from 2.15.3 to 2.15.4 #14617
- Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 #14582
- Bump Gradle Wrapper from 8.5 to 8.6 #14547
- Bump gradle/gradle-build-action from 2 to 3 #14503
- Bump io-spring-javaformat from 0.0.40 to 0.0.41 #14439
- Bump io.micrometer:micrometer-observation from 1.12.1 to 1.12.2 #14429
- Bump io.micrometer:micrometer-observation from 1.12.2 to 1.12.3 #14589
- Bump io.mockk:mockk from 1.13.8 to 1.13.9 #14412
- Bump io.projectreactor:reactor-bom from 2023.0.1 to 2023.0.2 #14430
- Bump io.projectreactor:reactor-bom from 2023.0.2 to 2023.0.3 #14612
- Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 #14463
- Bump org-aspectj from 1.9.21 to 1.9.21.1 #14605
- Bump org-eclipse-jetty from 11.0.18 to 11.0.19 #14354
- Bump org-eclipse-jetty from 11.0.19 to 11.0.20 #14518
- Bump org.apereo.cas.client:cas-client-core from 4.0.3 to 4.0.4 #14440
- Bump org.jetbrains.kotlin:kotlin-bom from 1.9.21 to 1.9.22 #14364
- Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.21 to 1.9.22 #14363
- Bump org.junit:junit-bom from 5.10.1 to 5.10.2 #14543
- Bump org.slf4j:slf4j-api from 2.0.10 to 2.0.11 #14422
- Bump org.slf4j:slf4j-api from 2.0.11 to 2.0.12 #14554
- Bump org.slf4j:slf4j-api from 2.0.9 to 2.0.10 #14387
- Bump org.springframework.data:spring-data-bom from 2023.1.1 to 2023.1.2 #14455
- Bump org.springframework.data:spring-data-bom from 2023.1.2 to 2023.1.3 #14624
- Bump org.springframework.ldap:spring-ldap-core from 3.2.1 to 3.2.2 #14616
- Bump org.springframework:spring-framework-bom from 6.1.2 to 6.1.3 #14454
- Bump org.springframework:spring-framework-bom from 6.1.3 to 6.1.4 #14615
- Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 #14504
- Bump spring-io/spring-github-workflows from eaf17a1890b1ef1b337f015d6eb263baaf8c6dab to 1e8b0587a1f4f01697f9753fa3339c3e0d30f396 #14583
❤️ Contributors
Thank you to all the contributors who worked on this release:
@Amitmahato, @andreasbuechel, @boulce, and @dependabot[bot]
Contributors
dependabot, Amitmahato, and 2 other contributors
Assets 2
6.1.7
⭐ New Features
- Fix Spring initializr link in 'Getting Spring Security' #14375
- Refactor: Remove Irrelevant Documentation Lines #14374
- Typo fix in configuration.adoc #14372
- Updated the Configuration examples in docs #14391
🪲 Bug Fixes
- "Span wasn't started - an observation must be started (not only created)" (Micrometer) due to observation handling in Spring Security Web? #14445
HandlerMappingIntrospectorRequestTransformeris registered twice in AOT #14362OAuth2AuthorizationExchangeis not serializable #14402WebTestUtilsTestRuntimeHintsshould implementRuntimeHintsRegistrar#14399- Application context fails to load: Couldn't find FilterChainProxy #14370
- Cannot configure
SecurityContextRepositoryinCasAuthenticationFilter#14529 - Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #14347
- Fix broken sample code in Authorize HttpServletRequests #14386
- Fix command in CONTRIBUTING.adoc #14489
- Missing native-image reflection hint for
HandlerMappingIntrospectorCachFilterFactoryBean#14359 - Missing native-image reflection hint for CsrfTokenRequestAttributeHandler$SupplierCsrfToken #14397
- ReactiveMethodSecurityConfiguration is initialized prematurely when the context contains a BeanPostProcessor #14349
- SAML relying party logout filter is always ordered last #14550
- Typo: Update ldap.adoc #14509
- Typo: Update session-management.adoc #14515
- Unexpected Exception Handling in NimbusReactiveJwtDecoder decode Method #14495
- X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #14345
🔨 Dependency Upgrades
- Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 #14581
- Bump Gradle Wrapper from 8.5 to 8.6 #14540
- Bump gradle/gradle-build-action from 2 to 3 #14500
- Bump io-spring-javaformat from 0.0.40 to 0.0.41 #14436
- Bump io.mockk:mockk from 1.13.8 to 1.13.9 #14413
- Bump io.projectreactor:reactor-bom from 2022.0.14 to 2022.0.15 #14428
- Bump io.projectreactor:reactor-bom from 2022.0.15 to 2022.0.16 #14611
- Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 #14465
- Bump org-aspectj from 1.9.21 to 1.9.21.1 #14606
- Bump org-eclipse-jetty from 11.0.18 to 11.0.19 #14355
- Bump org-eclipse-jetty from 11.0.19 to 11.0.20 #14519
- Bump org.apereo.cas.client:cas-client-core from 4.0.3 to 4.0.4 #14437
- Bump org.slf4j:slf4j-api from 2.0.10 to 2.0.11 #14421
- Bump org.slf4j:slf4j-api from 2.0.11 to 2.0.12 #14555
- Bump org.slf4j:slf4j-api from 2.0.9 to 2.0.10 #14389
- Bump org.springframework:spring-framework-bom from 6.0.15 to 6.0.16 #14443
- Bump org.springframework:spring-framework-bom from 6.0.16 to 6.0.17 #14621
- Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 #14499
- Bump spring-io/spring-github-workflows from eaf17a1890b1ef1b337f015d6eb263baaf8c6dab to 1e8b0587a1f4f01697f9753fa3339c3e0d30f396 #14580
❤️ Contributors
Thank you to all the contributors who worked on this release:
@Siddharth1605, @acktsap, @boulce, @dependabot[bot], @github-actions[bot], @kcsurapaneni, @nkilchenmann, and @ty-v1
Contributors
kcsurapaneni, ty-v1, and 5 other contributors
Assets 2
5.8.10
⭐ New Features
- Updated broken documentation link in javadocs #14329
🪲 Bug Fixes
- Fix security filter sort in javadoc #14552
- ReactiveMethodSecurityConfiguration is initialized prematurely when the context contains a BeanPostProcessor #11596
- Saml2 LogoutFilter Should Come Before Common LogoutFilter #14549
🔨 Dependency Upgrades
- Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 #14584
- Bump gradle/gradle-build-action from 2 to 3 #14505
- Bump io-spring-javaformat from 0.0.40 to 0.0.41 #14438
- Bump io.projectreactor.netty:reactor-netty from 1.0.40 to 1.0.41 #14432
- Bump io.projectreactor:reactor-bom from 2020.0.39 to 2020.0.40 #14431
- Bump io.projectreactor:reactor-bom from 2020.0.40 to 2020.0.41 #14614
- Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 #14464
- Bump org-aspectj from 1.9.20.1 to 1.9.21.1 #14607
- Bump org-eclipse-jetty from 9.4.53.v20231009 to 9.4.54.v20240208 #14608
- Bump org.springframework:spring-framework-bom from 5.3.31 to 5.3.32 #14622
- Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 #14506
- Bump spring-io/spring-github-workflows from eaf17a1890b1ef1b337f015d6eb263baaf8c6dab to 1e8b0587a1f4f01697f9753fa3339c3e0d30f396 #14585
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
6.3.0-M1
⭐ New Features
- Add a factory method for RoleHierarchyImpl #13788
- Add documentation for CachingUserDetailsService #14263
- Add Max Session to WebFlux #6192
- Add Not Support #14236
- Add order offset to
@EnableMethodSecurity#14052 - Add RoleHierarchyBuilder #14196
- Added support for the CAS gateway feature #14193
- Configuration examples in docs are out of date #14393
- Document that Shibboleth Repository is Required for SAML Support #14296
- Integrate HandlerMappingIntrospector Caching #14333
- Max Sessions on WebFlux #13752
- Serializable objects should be deserializable between minor versions #3737
- Update messages_ca.properties #14241
- Update messages_es_ES.properties #14293
🪲 Bug Fixes
HandlerMappingIntrospectorRequestTransformeris registered twice in AOT #14368OAuth2AuthorizationExchangeis not serializable #14406- Add missing method call in docs #14262
- Application context fails to load: Couldn't find FilterChainProxy #14381
- Fix typo in Authorize HTTP Requests' Doc Page #14334
- Missing native-image reflection hint for
HandlerMappingIntrospectorCachFilterFactoryBean#14378 - There is a typo in the JavaDoc for the
hasPermissionmethod in theSecurityExpressionOperationsclass #14268
🔨 Dependency Upgrades
- Bump actions/checkout from 3 to 4 #14300
- Bump actions/setup-java from 3 to 4 #14314
- Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14326
- Bump io-spring-javaformat from 0.0.40 to 0.0.41 #14442
- Bump io.micrometer:micrometer-observation from 1.12.0 to 1.12.1 #14283
- Bump io.micrometer:micrometer-observation from 1.12.1 to 1.12.2 #14427
- Bump io.mockk:mockk from 1.13.8 to 1.13.9 #14414
- Bump io.projectreactor:reactor-bom from 2023.0.0 to 2023.0.1 #14292
- Bump io.projectreactor:reactor-bom from 2023.0.1 to 2023.0.2 #14426
- Bump org-aspectj from 1.9.20.1 to 1.9.21 #14273
- Bump org-eclipse-jetty from 11.0.18 to 11.0.19 #14353
- Bump org.apereo.cas.client:cas-client-core from 4.0.3 to 4.0.4 #14441
- Bump org.jetbrains.kotlin:kotlin-bom from 1.9.21 to 1.9.22 #14365
- Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.21 to 1.9.22 #14366
- Bump org.slf4j:slf4j-api from 2.0.10 to 2.0.11 #14420
- Bump org.slf4j:slf4j-api from 2.0.9 to 2.0.10 #14388
- Bump org.springframework.data:spring-data-bom from 2023.1.0 to 2023.1.1 #14342
- Bump org.springframework.data:spring-data-bom from 2023.1.1 to 2023.1.2 #14456
- Bump org.springframework.ldap:spring-ldap-core from 3.2.0 to 3.2.1 #14336
- Bump org.springframework:spring-framework-bom from 6.1.1 to 6.1.2 #14311
- Bump org.springframework:spring-framework-bom from 6.1.2 to 6.1.3 #14457
- Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0 #14304
- Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14309
- Bump spring-io/spring-gradle-build-action from 1 to 2 #14306
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
6.2.1
⭐ New Features
- docs: make XML and Java/Kotlin consistent with AspectJExpressionPointcut #14219
- Document that Shibboleth Repository is Required for SAML Support #14295
- Integrate HandlerMappingIntrospector Caching #14332
- OAuth2 Resource Server is exposing server information. #14278
🪲 Bug Fixes
- Update Java Config Spring MVC documentation #14234
- add missing [tabs] fix typo in docs #14208
- AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #14267
- Correct What's New in 6.2 reference to forServletPattern #14200
- Fix typo in getClaimAsMap docstring #14183
- Fix typo in the 'Authorizing Requests' example #14169
- fix wrong document about "jws-algorithms" #14280
- Improve error message when ServletRegistration API is unavailable #14232
- Update Javadoc Comments in AuthorizationEvent Class #14175
- Fix typo in architecture.adoc #14254
- Fixing link in authentication/architecture.adoc #13593
🔨 Dependency Upgrades
- Bump actions/checkout from 3 to 4 #14323
- Bump actions/setup-java from 3 to 4 #14320
- Bump ch.qos.logback:logback-classic from 1.4.11 to 1.4.13 #14213
- Bump ch.qos.logback:logback-classic from 1.4.13 to 1.4.14 #14239
- Bump com.unboundid:unboundid-ldapsdk from 6.0.10 to 6.0.11 #14223
- Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14328
- Bump Gradle Wrapper from 8.4 to 8.5 #14222
- Bump io.micrometer:micrometer-observation from 1.12.0 to 1.12.1 #14284
- Bump io.projectreactor:reactor-bom from 2023.0.0 to 2023.0.1 #14289
- Bump org-apache-maven-resolver from 1.9.16 to 1.9.17 #14184
- Bump org-apache-maven-resolver from 1.9.17 to 1.9.18 #14197
- Bump org-aspectj from 1.9.20.1 to 1.9.21 #14271
- Bump org.apache.maven:maven-resolver-provider from 3.9.5 to 3.9.6 #14228
- Bump org.hibernate.orm:hibernate-core from 6.3.1.Final to 6.3.2.Final #14190
- Bump org.jetbrains.kotlin:kotlin-bom from 1.9.20 to 1.9.21 #14192
- Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.20 to 1.9.21 #14191
- Bump org.springframework.data:spring-data-bom from 2023.1.0 to 2023.1.1 #14341
- Bump org.springframework.ldap:spring-ldap-core from 3.2.0 to 3.2.1 #14335
- Bump org.springframework:spring-framework-bom from 6.1.0 to 6.1.1 #14189
- Bump org.springframework:spring-framework-bom from 6.1.1 to 6.1.2 #14319
- Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0 #14318
- Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14322
- Bump spring-io/spring-gradle-build-action from 1 to 2 #14321
❤️ Contributors
Thank you to all the contributors who worked on this release:
@ParkerM, @YangSiJun528, @aaron-to-go, @ahmd-nabil, @andreilisa, @dependabot[bot], @limvik, and @prufrock
Contributors
prufrock, ParkerM, and 6 other contributors
Assets 2
6.1.6
⭐ New Features
- Document that Shibboleth Repository is Required for SAML Support #14294
- Integrate HandlerMappingIntrospector Caching #14128
- OAuth2 Resource Server is exposing server information. #14277
- Resolve RequestMatcher at request-time #14085
🪲 Bug Fixes
- AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #14266
- Authentication not propagated correctly after migrating to SB3 #14111
- Authorization does not show up on Features section #14104
- DefaultLoginPageGeneratingFilter should be able to handle AuthenticationExceptions without message #14117
- Fix broken link for servlet getting started page #14119
- Fix typo in method-security.adoc #14059
- fix wrong document about "jws-algorithms" #14279
- Improve error message when ServletRegistration API is unavailable #14231
- improve render in headers.adoc #14101
- On Cancel, ObservationWebFilterDecorator Starts After-Filter Span without Stopping It #14063
- ReactiveRemoteJWKSource caches invalid response status into jwkSetURL #14041
- References to WebFlux docs do not link to them #14107
- relay_state should not be included in signing calculation when it is null #14038
- samesite set by Tomcat CookieProcessor ignored when creating XSRF-TOKEN cookie in CsrfTokenRepository #14131
- Security configuration is failed to be initialized in a Servlet 6.0 container #14165
- Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #14114
- Spring Security metric names should not contain dashes #14066
- spring.security counters inaccurate due onComplete and cancel() #14146
- Update Java Config Spring MVC documentation #14233
- Update logout.adoc: Replace Directives with Directive #14062
🔨 Dependency Upgrades
- Bump actions/checkout from 3 to 4 #14310
- Bump actions/setup-java from 3 to 4 #14327
- Bump ch.qos.logback:logback-classic from 1.4.11 to 1.4.13 #14214
- Bump ch.qos.logback:logback-classic from 1.4.13 to 1.4.14 #14238
- Bump com.unboundid:unboundid-ldapsdk from 6.0.10 to 6.0.11 #14224
- Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14317
- Bump Gradle Wrapper from 8.4 to 8.5 #14218
- Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14158
- Bump io.micrometer:micrometer-observation from 1.10.12 to 1.10.13 #14134
- Bump io.projectreactor:reactor-bom from 2022.0.12 to 2022.0.13 #14144
- Bump io.projectreactor:reactor-bom from 2022.0.13 to 2022.0.14 #14288
- Bump org-aspectj from 1.9.20.1 to 1.9.21 #14272
- Bump org-eclipse-jetty from 11.0.17 to 11.0.18 #14081
- Bump org.springframework.data:spring-data-bom from 2022.0.11 to 2022.0.12 #14173
- Bump org.springframework:spring-framework-bom from 6.0.13 to 6.0.14 #14159
- Bump org.springframework:spring-framework-bom from 6.0.14 to 6.0.15 #14312
- Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0 #14315
- Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14316
- Bump spring-io/spring-gradle-build-action from 1 to 2 #14305
❤️ Contributors
Thank you to all the contributors who worked on this release:
@Ruffeng, @dependabot[bot], @github-actions[bot], @marbon87, and @sadidshaikh
Contributors
marbon87, Ruffeng, and 2 other contributors
Assets 2
5.8.9
⭐ New Features
- Document that Shibboleth Repository is Required for SAML Support #14286
- OAuth2 Resource Server is exposing server information. #13730
- Resolve RequestMatcher at request-time #14078
- Update Java Config Spring MVC documentation #14220
🪲 Bug Fixes
- AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #13625
- Authentication not propagated correctly after migrating to SB3 #12877
- Authorization does not show up on Features section #14099
- Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #13718
- Fix caching error state in ReactiveRemoteJWKSource #13976
- fix wrong document about "jws-algorithms" #14252
- Improve error message when ServletRegistration API is unavailable #14221
- References to WebFlux docs do not link to them #14100
- relay_state should not be included in signing calculation when it is null #13913
- Security configuration is failed to be initialized in a Servlet 6.0 container #13794
- Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #13644
- X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #11948
- XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #12483
🔨 Dependency Upgrades
- Bump actions/checkout from 3 to 4 #14313
- Bump actions/setup-java from 3 to 4 #14307
- Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 #14240
- Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14301
- Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14153
- Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 #14143
- Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 #14290
- Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 #14142
- Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 #14291
- Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 #14170
- Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 #14154
- Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14303
- Bump spring-io/spring-gradle-build-action from 1 to 2 #14308
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
6.2.0
⭐ New Features
- AuthorizationManager[Before/After]ReactiveMethodInterceptor doesn't support Kotlin coroutines #12080
- Simplify configuration of OAuth2 Client component model #11783
🪲 Bug Fixes
- On Cancel, ObservationWebFilterDecorator Starts After-Filter Span without Stopping It #14064
- Authentication not propagated correctly after migrating to SB3 #14112
- Authorization does not show up on Features section #14105
- Fix obsolete comment and typos #14060
- Fix typo in documentation #14130
- improve render in headers.adoc #14102
- ReactiveRemoteJWKSource caches invalid response status into jwkSetURL #14042
- References to WebFlux docs do not link to them #14108
- relay_state should not be included in signing calculation when it is null #14039
- samesite set by Tomcat CookieProcessor ignored when creating XSRF-TOKEN cookie in CsrfTokenRepository #14138
- Security configuration is failed to be initialized in a Servlet 6.0 container #14166
- Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #14115
- Spring Security metric names should not contain dashes #14067
- spring.security counters inaccurate due onComplete and cancel() #14147
- The latest "OAuth2AuthorizedClientManager" class is not AOT ready #14094
- UnboundIdContainer should be marked as not running at shutdown #14095
🔨 Dependency Upgrades
- Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14156
- Bump io.micrometer:micrometer-observation from 1.12.0-RC1 to 1.12.0 #14135
- Bump io.projectreactor:reactor-bom from 2023.0.0-RC1 to 2023.0.0 #14145
- Bump org.junit:junit-bom from 5.10.0 to 5.10.1 #14097
- Bump org.springframework.data:spring-data-bom from 2023.1.0-RC1 to 2023.1.0 #14172
- Bump org.springframework.ldap:spring-ldap-core from 3.2.0-RC1 to 3.2.0 #14155
- Bump org.springframework:spring-framework-bom from 6.1.0-RC1 to 6.1.0-RC2 #14055
- Bump org.springframework:spring-framework-bom from 6.1.0-RC2 to 6.1.0 #14157
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
6.2.0-RC2
⭐ New Features
- Propagate security context via channel interceptor #12532
- RequestedUrlRedirectInvalidSessionStrategy can cause the HTTP method to change depending on the user agent #12797
- RequestedUrlRedirectInvalidSessionStrategy doesn't take servlet context path into account #12795
🪲 Bug Fixes
- Added a note about the fact that if the CSRF protection is disabled in configuration, no logout confirmation page is shown to the user and the logout is performed directly. #13442
- Use same case for all fields in toString #13917
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
6.2.0-RC1
⭐ New Features
- Add servletPath support to AuthorizeHttpRequests #13857
- Allow AuthenticationConverter to be settable in BasicAuthenticationFilter #13989
- Dependabot should consider minor versions for org.springframework* on main #14029
- Document how to publish an
AuthenticationManager@BeanwithoutWebSecurityConfigurerAdapter#14016 - Update doc references for forwarded headers support #13880
- Use Gradle's Version Catalog #13872
🪲 Bug Fixes
- Breaking change in
AuthorizeHttpRequestsConfigurer#14012 - Dependency convergence failed: nimbus-jose-jwt #13972
- Fix
snapshot_testson CI workflow #13879 - Fix parsing of GET SAML logout requests #14024
- Saml-Metadata with special characters is corrupted #13862
- Saml2LogoutRequestMixin relayState property should be binding #13943
- Update http.adoc: IP number does not follow IP number format #13969
🔨 Dependency Upgrades
- Bump com.fasterxml.jackson:jackson-bom from 2.15.2 to 2.15.3 #14005
- Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 #13983
- Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 #13929
- Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 #13962
- Bump com.gradle.enterprise from 3.12.3 to 3.12.6 #13960
- Bump com.unboundid:unboundid-ldapsdk from 6.0.9 to 6.0.10 #13932
- Bump Gradle Wrapper from 8.3 to 8.4 #13975
- Bump io.freefair.gradle:aspectj-plugin from 6.6-rc1 to 6.6.3 #13933
- Bump io.mockk:mockk from 1.13.7 to 1.13.8 #13902
- Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 #13931
- Bump org-apache-maven-resolver from 1.9.15 to 1.9.16 #13894
- Bump org-eclipse-jetty from 11.0.16 to 11.0.17 #14002
- Bump org.apache.maven:maven-resolver-provider from 3.9.4 to 3.9.5 #13963
- Bump org.hibernate.orm:hibernate-core from 6.3.0.CR1 to 6.3.1.Final #13905
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 #13964
- Update io.micrometer:micrometer-observation to 1.12.0-RC1 #14027
- Update io.projectreactor:reactor-bom to 2023.0.0-RC1 #14028
- Update org.springframework.data:spring-data-bom to 2023.1.0-RC1 #14025
- Update org.springframework.ldap:spring-ldap-core to 3.2.0-RC1 #14026
- Update org.springframework:spring-framework-bom to 6.1.0-RC1 #14023
- Update to io.freefair.aspectj 8.4 #14017
- Update to org.apereo.cas.client:cas-client-core 4.0.3 #13948
❤️ Contributors
We'd like to thank all the contributors who worked on this release!