Version 2.11.13

• [java-security]
  • removes audience check as part of JwtX5tValidator
• [spring-xsuaa]
  • XsuaaServiceConfigurationDefault supports access to other credentials (fix #802)
  • XsuaaServiceConfigurationDefault supports non relaxed-binding rules for non spring framework cases
  • auto-configures mtls-based rest operations w/o credential-type=x509 property
• [spring-security]
  • HybridJwtDecoder should support xsuaa only (see #790)
  • auto-configures mtls-based rest operations w/o credential-type=x509 property
  • auto-configures token flows if no secret but certificate is given