Skip to content
Pre-release
Pre-release

@jzheaux jzheaux released this Oct 1, 2019 · 310 commits to master since this release

⭐️ New Features

  • Update to Reactor Dysprosium-M3 #7186
  • Update to Spring Data Moore RC2 #7185
  • Update to Spring Framework 5.2.0.RC1 #7184
  • Downgrade modifier from public to protected #7180
  • AuthenticationFilter#attemptAuthentication should be protected #7177
  • Use org.mockito.ArgumentMatchers in favor of org.mockito.Matchers #7176
  • Migrate VersionsResourceTasks groovy->java #7173
  • Add support for allowedHostnames in StrictHttpFirewall #7158
  • Upgrade org.springframework.boot:spring-boot-xxx to 2.2.0.M4 #7143
  • Remove exceptions from lambda security configuration #7131
  • Remove exception from security configuration methods #7128
  • Support nested builder in DSL for reactive apps #7121
  • Prevent disabled user from logging in on reactive applications #7113
  • Oauth2 BearerTokenAuthenticationFilter logging issue #7110
  • Add support for nested builders in the DSL for reactive apps #7107
  • Error description by BearerTokenAccessDeniedHandler is misleading #7089
  • Throws exception when passed IP address with too long mask #7084
  • Allow configuration of SessionAuthenticationStrategy for CSRF #7083
  • Add Chinese Traditional localized messages. #7082
  • Changed docs to reflect that init should apply configurers #7080
  • Update to Gradle 5.5.1 #7078
  • Migrate TrangPlugin groovy->java #7077
  • Cleanup redundant type casts #7073
  • Allow upgrading between different SCrypt encodings #7057
  • DSL nested builder for HTTP security #7046
  • Add @nullable to UsernamePasswordAuthenticationFilter #7043
  • Allow upgrading between different BCrypt encodings #7042
  • Can't use a custom authorization grant type in a ClientRegistration #7040
  • Add Generic AuthenticationFilter #7025
  • Migrate DefaultLoginPageConfigurerTests groovy->java #6956
  • Add generic getClaim() method in ClaimAccessor #6947
  • Mock Jwt Support should accept a fully-configured Jwt #6896
  • OpenID Connect Userinfo not fetched for custom claims #6886
  • OAuth2LoginAuthenticationFilter sets AuthenticationDetails #6884
  • OAuth2LoginAuthenticationFilter should set AuthenticationDetails #6866
  • Introduce OAuth2AuthorizedClient Manager/Provider #6845
  • Replace strange hashCode() implementations #6542
  • Add Generic AuthenticationFilter #6506
  • Allow in-memory authorized client services to be constructed with a map #5994
  • Please add support for nested builders in the DSL #5557
  • Allow configuration of added SessionAuthenticationStrategy for CsrfConfigurer #5300

🐞 Bug Fixes

  • Basic authentication scheme is not case-insensitive #7163
  • Fix CSRF session authentication strategy since version #7127
  • Incorrect Javadoc for methods in HeadersConfigurer #7123
  • Loggin Fix for printing the full stack trace, spring-projects/spring-… #7111
  • Fix infinite loop in role hierarchy resolving #7106
  • Fixed typo in documentation. #7092
  • Fix typo in documentation #7050
  • Allow custom ReactiveAuthenticationManager for basic and form auth #7048
  • Fixed validation in ClientRegistration.Builder #7047
  • Fix blocking in ServletOAuth2AuthorizedClientExchangeFilterFunction #7037
  • Infinite loop in role hierarchy resolving #7035
  • ServerBearerTokenAuthenticationConverter Handles Empty Tokens #7020
  • Reactive OAuth2 using query parameters for access_token can cause HTTP 500s #7011
  • OAuth2Login should process authenticated requests #6890
  • Ensure ServletOAuth2AuthorizedClientExchangeFilterFunction is non-blocking #6589
  • ServerHttpSecurity can't set multiple authentication managers #5660
  • SCryptPasswordEncoder constructor javadoc needs to be fixed #4004
  • SEC-2576: ArrayIndexOutOfBoundsException in IpAddressMatcher #2790

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

Assets 2
You can’t perform that action at this time.