Releases: spring-projects/spring-security
Releases · spring-projects/spring-security
5.2.7.RELEASE
🪲 Bug Fixes
- SpringSecurityCoreVersion.java getSpringVersion() method does not close stream. #9058
- CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #9025
🔨 Dependency Upgrades
- Update to Spring Data Moore-SR10 #9088
- Update to Hibernate Entity manager 5.4.22 #9087
- Update to Hibernate Validator 6.1.6 #9086
- Upgrade to embedded Apache Tomcat 9.0.38 #9085
- Update to RSocket 1.0.2 #9084
- Update to Spring Framework 5.2.9 #9083
- Update to Reactor Dysprosium-SR12 #9082
- Update to Spring Boot 2.2.10 #9081
- Update to GAE 1.9.82 #9080
- Update to org.aspectj 1.9.6 #9079
5.1.13.RELEASE
🪲 Bug Fixes
- SpringSecurityCoreVersion.java getSpringVersion() method does not close stream. #9059
🔨 Dependency Upgrades
- Update to Spring Boot 2.1.17.RELEASE #9078
- Update to Hibernate Validator 6.0.21 #9077
- Update to org.aspectj 1.9.6 #9076
- Update to GAE 1.9.82 #9075
- Update to Jackson Databind 2.9.10.6 #9074
- Update to Spring Data Lovelace-SR20 #9073
- Update to Spring Framework 5.1.18 #9072
- Update to Reactor Californium-SR21 #9071
5.0.19.RELEASE
🪲 Bug Fixes
- SpringSecurityCoreVersion.java getSpringVersion() method does not close stream. #9060
🔨 Dependency Upgrades
4.2.19.RELEASE
5.4.0
⭐ New Features
- Add What's New in 5.4 #9002
- Add What's New in 5.4 Section to Docs #9001
- Add Resource Server Servlet Logging #9000
- Simplify saml2Login Samples #8990
- Remove Framework Tests from saml2Login Sample #8989
- Add authenticationManagerResolver to resource server Kotlin DSL #8981
- Generalize SAML 2.0 Assertion Validation Support #8970
- Update abstract-authentication-processing-filter.adoc #8965
- Add spring-javaformat checkstyle and formatting #8946
- Add hasAnyRole and hasAnyAuthority to authorizeRequests in Kotlin DSL #8926
- Add hasAnyAuthority(String...) and hasAnyRole(String...) to authorizeRequests in Kotlin DSL #8892
- Resolve oauth2 client-id, client-secret placeholders #8880
- Restructure SAML 2.0 documentation #8763
- security:client-registrations doesn't take propertyconfigurer properties #8453
🪲 Bug Fixes
- Clickjacking demo in docs: YouTube link in X-Frame-Options section leads to private video #8986
- NoClassDefFoundError: AuthMetadataFlyweight at o.s.s.r.m.SimpleAuthenticationEncoder #8948
- SAML attributes not parsed correctly with prefixed XML elements #8864
- Don't use oidc scopes_supported for scope as default in ClientRegistrations #8790
- scopes_supported metadata should not be used as default in ClientRegistrations #8514
🔨 Dependency Upgrades
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.4.0-RC1
⭐ New Features
- Deprecate CustomUserTypesOAuth2UserService #8908
- Deprecate ClientRegistration.redirectUriTemplate #8906
- Allow for custom ClientRegistration.clientAuthenticationMethod #8903
- Deprecate ImplicitGrantConfigurer #8902
- Remove use of Mono.deferWithContext() #8901
- Consider adding RelyingPartyRegistrationResolver #8887
- Add HttpMessageConverter that constructs a RelyingPartyRegistration #8877
- RelyingPartyRegistration should default the ACS Location #8876
- Update SimpleSaml2AuthenticatedPrincipal class name #8861
- Introduce AuthenticationConverterServerWebExchangeMatcher #8854
- Make class SimpleSaml2AuthenticatedPrincipal public #8852
- Support custom filter in Server Kotlin DSL #8850
- Saml2AuthenticationToken should take a RelyingPartyRegistration #8845
- Wording changes #8832
- -gh 8784 Document improvement for WebSecurityConfigure #8825
- Consider making BearerTokenServerWebExchangeMatcher public and more generic #8824
- Add custom HeaderWriter in Kotlin DSL #8823
- Add Static Factories to Saml2X509Credential #8822
- Allow disabling headers in Kotlin DSL #8816
- Remove need for WebSecurityConfigurerAdapter #8805
- Configure HTTP Security without extending WebSecurityConfigurerAdapter #8804
- Fix #8693 Support SAML 2.0 SP Metadata Endpoints #8795
- Add Static Factories to Saml2X509Credential #8789
- RelyingPartyRegistration Credentials Should Be Split by Party #8788
- Support custom filter in Server Kotlin DSL #8783
- mongolian translation for messages.properties #8780
- Mongolian translation required for messages.propeperties #8778
- RelyingPartyRegistration should use metadata spec language #8777
- ACS Binding should be in RelyingPartyRegistration #8776
- Remove OpenSamlImplementation #8775
- OpenSamlAuthenticationRequestFactory should use OpenSAML directly #8774
- OpenSamlAuthenticationProvider should use OpenSAML directly #8773
- OpenSAML should get initialized as part of container lifecycle #8772
- SAML Assertion validation fails when OneTimeUse condition is sent from the IdP #8769
- Improve error message when invalid content-type for UserInfo response #8764
- Simplify retrieving Introspection-specific attributes #8740
- Reactive SwitchUserWebFilter for user impersonation #8687
- Change getMethod() to return configured value in SimpleSavedRequest #8675
- gh-8589 Additional Jwt validation debug messages #8665
- Adds cookie based RequestCache #8653
- Missing Reactive SwitchUserWebFilter for user impersonation #8599
- Use String to specify custom HTTP method in mock request #8592
- Add logging #8589
- Support for dynamic configuration using IDP metadata URL for SAML SSO integration #8484
- SAML Authentication Provider assertions #8471
- Throw exception when specified ldif file does not exist #8434
- SAML: Add RequestedAuthnContext to AuthnRequest in OpenSamlAuthenticationRequestFactory #8141
- Add request cache that uses cookie #8034
- No log message or exception if expected ldif file does not exist #7791
🪲 Bug Fixes
- Move RSocket Integration Tests to integration tests #8944
- Fix snapshot build failure related to reactor-netty #8909
- Resolve Bearer token after subscribing to publisher #8894
- ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8865
- Update README.adoc #8851
- Saml2Error should be in a core package #8835
- Fix #8797: Add OAuth2AuthenticationException to allowlist #8827
- CookieRequestCache "REDIRECT_URI" removed by any request #8820
- use CookieRequestCache something went wrong #8817
- LoginPageGeneratingWebFilter should honor context path #8807
- Fix ProviderManager Javadoc typo #8800
- OAuth2AuthenticationException should be in allowlist #8797
- tutorial uses hasRole but should use hasAuthority #8796
- Saml2WebSsoAuthenticationFilter does not follow standard patterns for request matching. #8768
- Bearer Token Padding #8511
- Resolved bearer token has no padding indicators #8502
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.3.4.RELEASE
⭐ New Features
- Add logging #8888
- Document improvement for configure(WebSecurity web) and configure(HttpSecurity http) #8855
- formLogin() does not work with REST Docs #8748
- Use Github Actions PR pipeline and remove Travis for 5.3.x #8724
🪲 Bug Fixes
- ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8896
- OAuth2AuthenticationException should be in allowlist #8863
- Resolved bearer token has no padding indicators #8837
- Fix ProviderManager Javadoc typo #8811
- LoginPageGeneratingWebFilter should honor context path #8808
- OAuth2 Resource Server docs not in sync - authorityPrefix can't be set to "" #8803
- RoleHierarchy is not used by AbstractAuthorizeTag #8678
- OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException #8672
- ReactorContext not available in PayloadSocketAcceptor delegate.accept #8655
🔨 Dependency Upgrades
- Update to spring-build-conventions:0.0.34.RELEASE #8925
- Update to nohttp 0.0.5.RELEASE #8924
- Update to GAE 1.9.81 #8923
- Update to Spring Boot 2.2.9.RELEASE #8922
- Update to spring-build-conventions:0.0.33.RELEASE #8760
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.2.6.RELEASE
⭐ New Features
- Add logging #8889
- Document improvement for configure(WebSecurity web) and configure(HttpSecurity http) #8856
- Use Github Actions PR pipeline and remove Travis for 5.2.x #8723
🪲 Bug Fixes
- ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8897
- Resolved bearer token has no padding indicators #8838
- Fix ProviderManager Javadoc typo #8812
- LoginPageGeneratingWebFilter should honor context path #8809
- RoleHierarchy is not used by AbstractAuthorizeTag #8679
- OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException #8673
- ReactorContext not available in PayloadSocketAcceptor delegate.accept #8656
🔨 Dependency Upgrades
- Update to nohttp 0.0.5.RELEASE #8927
- Update to Spring Boot 2.2.9.RELEASE #8921
- Update to Reactor Dysprosium-SR10 #8920
- Update to Spring Framework 5.2.8.RELEASE #8919
- Update to Spring Data Moore-SR9 #8918
- Update to PowerMock Mockito2 2.0.7 #8917
- Update blockhound to 1.0.4.RELEASE #8916
- Update to groovy 2.4.20 #8915
- Update to embedded Tomcat websocket 8.5.57 #8914
- Upgrade to embedded Apache Tomcat 9.0.37 #8913
- Update to jaxb-impl 2.3.3 #8912
- Update to GAE 1.9.81 #8911
- Update to Jackson 2.10.5 #8910
- Update to spring-build-conventions:0.0.33.RELEASE #8761
- Update to RSocket 1.0.1 #8664
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.1.12.RELEASE
⭐ New Features
- Add logging #8891
- Document improvement for configure(WebSecurity web) and configure(HttpSecurity http) #8857
- Use Github Actions PR pipeline and remove Travis for 5.1.x #8722
- Use Github Actions PR pipeline in 5.1.x #8717
🪲 Bug Fixes
- ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8898
- Resolved bearer token has no padding indicators #8839
- Fix ProviderManager Javadoc typo #8813
- LoginPageGeneratingWebFilter should honor context path #8810
- RoleHierarchy is not used by AbstractAuthorizeTag #8681
- OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException #8674
🔨 Dependency Upgrades
- Update to Spring Ldap 2.3.3 #8943
- Update to Hibernate Validator 6.0.20 #8942
- Update to Hibernate Entitymanager 5.3.17 #8941
- Update to Groovy 2.4.20 #8940
- Update to Spring Boot 2.1.16.RELEASE #8939
- Update to Google App Engine 1.9.81 #8938
- Update to Jackson Databind 2.9.10.5 #8937
- Update to Project Reactor Californium-SR20 #8936
- Update to Spring Framework 5.1.17 #8935
- Update to Spring Data Lovelace-SR19 #8934
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.0.18.RELEASE
⭐ New Features
- Document improvement for configure(WebSecurity web) and configure(HttpSecurity http) #8858
- Use Github Actions PR pipeline and remove Travis for 5.0.x #8721
- Use Github Actions PR pipeline in 5.0.x #8716
🪲 Bug Fixes
🔨 Dependency Upgrades
- Update to Spring Ldap 2.3.3 #8933
- Update to Hibernate Validator 6.0.20 #8932
- Update to Groovy 2.4.20 #8931
- Update to Google App Engine 1.9.81 #8930
- Update to Jackson Databind 2.9.10.5 #8929
- Update to Spring Framework 5.0.18 #8928
❤️ Contributors
We'd like to thank all the contributors who worked on this release!