Releases: spring-projects/spring-security
Releases Β· spring-projects/spring-security
6.5.0-M3
β New Features
- Add
HttpsRedirectFilter#16678 - Add BadCredentialsException to OneTimeTokenAuthenticationProvider #16506
- Add customizable RowMappers for user details and authorities in JdbcUserDetailsManager #16561
- Add JwtAudienceValidator #16682
- Add page section to migration-7 #16663
- Add PathPatternRequestMatcher #16499
- Add PathPatternRequestMatcher #16429
- Add SingleResultAuthorizationManager #16612
- Add support for automatic context-propagation with Micrometer #16665
- Add Support ServerFormPostRedirectStrategy #16551
- Add Type Validator #16672
- Allow at+jwt, according to RFC-9068 #13186
- Deprecate
ChannelDecisionManagerand components #16681 - Deprecate
ChannelSecurityConfigurerand components #16680 - JwtDecoders should support issuer hostnames containing underscores #15853
- Make DefaultOneTimeToken Serializable #16618
- Polish AbstractAuthenticationTargetUrlRequestHandler #16557
- Refactored Http403ForbiddenEntryPoint to use HttpStatus.FORBIDDEN.value #16616
- Replace
HttpSecurity#requiresChannelwithHttpSecurity#redirectToHttps#16679 - Use PortResolver Beans by Default #16664
πͺ² Bug Fixes
- Add missing migration-7/web.adoc to nav.adoc #16661
- Add testRuntimeOnly junit-platform-launcher #16757
- Disable Flaky WebAuthnWebDriverTests #16754
- Fix JdbcUserCredentialRepository Save #16621
- Fix ordering for security filter configuration #16558
- Fix source type of migration-7/web.adoc #16662
π¨ Dependency Upgrades
- Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.17 #16654
- Bump com.fasterxml.jackson:jackson-bom from 2.18.2 to 2.18.3 #16689
- Bump com.webauthn4j:webauthn4j-core from 0.28.5.RELEASE to 0.28.6.RELEASE #16690
- Bump io.freefair.gradle:aspectj-plugin from 8.12.2.1 to 8.13 #16723
- Bump io.micrometer:micrometer-observation from 1.14.4 to 1.14.5 #16716
- Bump io.mockk:mockk from 1.13.16 to 1.13.17 #16674
- Bump io.projectreactor:reactor-bom from 2023.0.15 to 2023.0.16 #16722
- Bump org.hibernate.orm:hibernate-core from 6.6.10.Final to 6.6.11.Final #16745
- Bump org.htmlunit:htmlunit from 4.9.0 to 4.10.0 #16639
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.23 to 4.34.1 #16671
- Bump org.junit:junit-bom from 5.11.4 to 5.12.0 #16643
- Bump org.junit:junit-bom from 5.11.4 to 5.12.1 #16744
- Bump org.mockito:mockito-bom from 5.16.0 to 5.16.1 #16746
- Bump org.seleniumhq.selenium:htmlunit3-driver from 4.28.0 to 4.29.0 #16641
- Bump org.seleniumhq.selenium:selenium-java from 4.28.1 to 4.29.0 #16625
- Bump org.slf4j:slf4j-api from 2.0.16 to 2.0.17 #16653
- Bump org.springframework:spring-framework-bom from 6.2.3 to 6.2.4 #16736
π© Build Updates
- Bump
@springio/antora-extensions from 1.14.2 to 1.14.4 in /docs #16636 - Deprecate PortResolver #15972
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@big-cir, @bodograumann, @dependabot[bot], @franticticktick, @jzheaux, @matthewgreene, @vpavic, @yelm-212, and @ymajoros
Contributors
vpavic, bodograumann, and 7 other contributors
Assets 2
6.4.4
πͺ² Bug Fixes
- Add testRuntimeOnly junit-platform-launcher #16756
- Align Method Traversal Algorithm with Spring Framework #16751
- Disable Flaky WebAuthnWebDriverTests #16753
- Fix
@PostResultexample in method-security doc #16628 - Grammar Fixes in OAuth 2.0 JavaDoc #16619
π¨ Dependency Upgrades
- Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.17 #16649
- Bump com.fasterxml.jackson:jackson-bom from 2.18.2 to 2.18.3 #16692
- Bump com.webauthn4j:webauthn4j-core from 0.28.5.RELEASE to 0.28.6.RELEASE #16691
- Bump io.micrometer:micrometer-observation from 1.14.4 to 1.14.5 #16715
- Bump io.mockk:mockk from 1.13.16 to 1.13.17 #16675
- Bump io.projectreactor:reactor-bom from 2023.0.15 to 2023.0.16 #16725
- Bump org.hibernate.orm:hibernate-core from 6.6.10.Final to 6.6.11.Final #16748
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.23 to 4.33.24 #16669
- Bump org.slf4j:slf4j-api from 2.0.16 to 2.0.17 #16650
- Bump org.springframework.data:spring-data-bom from 2024.1.3 to 2024.1.4 #16749
- Bump org.springframework:spring-framework-bom from 6.2.3 to 6.2.4 #16733
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@Kuba15, @dependabot[bot], and @pat-mccusker
Contributors
Kuba15, pat-mccusker, and dependabot
Assets 2
6.3.8
πͺ² Bug Fixes
- Add testRuntimeOnly junit-platform-launcher #16755
- Fix typo
security-api-urlattribute infaq.adoc#16633 - Security SpEL Expressions Should Propagate AuthorizationDeniedException from Proxied Objects #16697
π¨ Dependency Upgrades
- Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.17 #16651
- Bump io.mockk:mockk from 1.13.16 to 1.13.17 #16676
- Bump io.projectreactor:reactor-bom from 2023.0.15 to 2023.0.16 #16724
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.23 to 4.33.24 #16670
- Bump org.slf4j:slf4j-api from 2.0.16 to 2.0.17 #16652
- Bump org.springframework.data:spring-data-bom from 2024.0.9 to 2024.0.10 #16747
- Bump org.springframework:spring-framework-bom from 6.1.17 to 6.1.18 #16735
π© Build Updates
- Bump
@springio/antora-extensions from 1.14.2 to 1.14.4 in /docs #16637
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@dependabot[bot] and @ngocnhan-tran1996
Contributors
dependabot and ngocnhan-tran1996
Assets 2
6.5.0-M2
β New Features
- Add
FormPostRedirectStrategyto enable POST OIDC Logout #16214 - Add
HttpStatusAccessDeniedHandler#16502 - Add support for OAuth 2.0 Demonstrating Proof of Possession (DPoP) #16574
- Add Support GenerateOneTimeTokenRequestResolver #16297
- Add Support ServerGenerateOneTimeTokenRequestResolver #16489
- Consistently NonNull annotation #16587
- Consistently Spring Security javadocs #16586
- Display default login page with only one-time token login #16414
- Generic error message in Log In page and debug messages #16575
- Lazily compose debug message in AbstractUserDetailsAuthenticationProv⦠#16513
- Make PublicKeyCredentialRequestOptions Serializable #16438
- One time token authentication filter should be its own class #16539
- One Time Token login registers the default login page #16480
- Polish OneTimeTokenLoginConfigurer #16468
- Refactor authorization manager variable naming #16559
- Remove Deprecated Usages of RemoteJWKSet #16537
- Support JWK Selection Strategy in NimbusJwtEncoder #16570
- Update DelegatingPasswordEncoder.java #16479
- Update reference Spring Framwork links #16564
- Update settings.gradle to correct the behavior if creating a new subproject with default buildFile name #16387
- Update UsernameNotFoundException message #16508
πͺ² Bug Fixes
- Fix javadoc typo onResponseCommmitted-> onResponseCommitted #16535
- Fix loader has changed while resolving nodes in WebAuthnWebDriverTests #16464
- Fix RestClient Documentation Header #16562
- Fix serializeCurrentVersionClasses #16443
- Fixed assertion in DefaultGenerateOneTimeTokenRequestResolver #16507
- GenerateOneTimeTokenWebFilter triggers double execution of the downstream WebFilterChain #16465
- Implement
Serializablefor WebAuthnAuthentication #16474 - Misconfigured OAuth2LoginAuthenticationFilter when combining OAuth2 login and OAuth2 client configuration #16467
- OTT Should Use non-static member to capture the last OneTimeToken #16472
- OTT Tests should use mocks instead of comparing expires #16515
π¨ Dependency Upgrades
- Bump com.github.ben-manes:gradle-versions-plugin from 0.51.0 to 0.52.0 #16475
- Bump com.google.code.gson:gson from 2.12.0 to 2.12.1 #16511
- Bump com.nimbusds:oauth2-oidc-sdk from 9.43.5 to 9.43.6 #16593
- Bump com.webauthn4j:webauthn4j-core from 0.28.4.RELEASE to 0.28.5.RELEASE #16522
- Bump esbuild from 0.23.0 to 0.25.0 in /javascript #16580
- Bump io.freefair.gradle:aspectj-plugin from 8.12 to 8.12.1 #16531
- Bump io.micrometer:micrometer-observation from 1.14.3 to 1.14.4 #16568
- Bump io.projectreactor:reactor-bom from 2023.0.14 to 2023.0.15 #16578
- Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 #16532
- Bump org.hibernate.orm:hibernate-core from 6.6.7.Final to 6.6.8.Final #16609
- Bump org.htmlunit:htmlunit from 4.8.0 to 4.9.0 #16469
- Bump org.seleniumhq.selenium:htmlunit3-driver from 4.27.0 to 4.28.0 #16476
- Bump org.seleniumhq.selenium:selenium-java from 4.28.0 to 4.28.1 #16477
- Bump org.springframework.data:spring-data-bom from 2024.1.2 to 2024.1.3 #16608
- Bump org.springframework.ldap:spring-ldap-core from 3.2.10 to 3.2.11 #16592
- Bump org.springframework:spring-framework-bom from 6.2.2 to 6.2.3 #16591
- Bump serialize-javascript and mocha in /javascript #16581
π© Build Updates
- Add GenerateOneTimeTokenFilterTests #16327
- Add TestBytes #16462
- Bump
@springio/asciidoctor-extensions from 1.0.0-alpha.14 to 1.0.0-alpha.16 in /docs #16518
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@ChristianHoesel, @Kehrlann, @LiYing2010, @Tejas-Teju, @big-cir, @candrews, @dependabot[bot], @douxiaofeng99, @earlgrey02, @franticticktick, @guesshe, @jgrandja, @kse-music, @kwondh5217, @ngocnhan-tran1996, @patpatpat123, and @plll0123
Contributors
candrews, ChristianHoesel, and 15 other contributors
Assets 2
6.4.3
β New Features
- Add Support disableDefaultRegistrationPage to WebAuthnDsl #16395
πͺ² Bug Fixes
withValueused incorrectly #16527- Fix for JdbcOneTimeTokenService cleanupExpiredTokens failing with PostgreSQL #16344
- Fix GenerateOneTimeTokenWebFilter double publish of chain.filter(...) #16459
- Fix Kotlin DSL webAuthn { } #16338
- Fix loader has changed while resolving nodes in WebAuthnWebDriverTests #16463
- Fix logoutRequestRepository not set on Saml2RelyingPartyInitiatedLogoutSuccessHandler #16310
- Implement
Serializablefor WebAuthnAuthentication #16285 - Make AuthorizationDecision Serializable #16544
- Make PublicKeyCredentialRequestOptions Serializable Backport #16584
- Make Saml2AuthenticationToken Serializable #16287
- Make WebAuthnAuthentication Serializable #16273
- Make WebAuthnAuthenticationRequestToken Serializable #16602
- Make WebAuthnAuthenticationTokenRequest Serializable #16481
- Misconfigured OAuth2LoginAuthenticationFilter when combining OAuth2 login and OAuth2 client configuration #16466
- OTT Should Use non-static member to capture the last OneTimeToken #16471
- webauthn js should ensure allowCredentials[].id is an ArrayBuffer #16440
π¨ Dependency Upgrades
- Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16 #16364
- Bump com.nimbusds:oauth2-oidc-sdk from 9.43.5 to 9.43.6 #16598
- Bump com.webauthn4j:webauthn4j-core from 0.28.4.RELEASE to 0.28.5.RELEASE #16523
- Bump io.micrometer:micrometer-observation from 1.14.3 to 1.14.4 #16565
- Bump io.mockk:mockk from 1.13.14 to 1.13.16 #16399
- Bump io.projectreactor:reactor-bom from 2023.0.14 to 2023.0.15 #16576
- Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 #16534
- Bump org.hibernate.orm:hibernate-core from 6.6.7.Final to 6.6.8.Final #16610
- Bump org.junit:junit-bom from 5.11.3 to 5.11.4 #16292
- Bump org.springframework.data:spring-data-bom from 2024.1.2 to 2024.1.3 #16611
- Bump org.springframework.ldap:spring-ldap-core from 3.2.10 to 3.2.11 #16597
- Bump org.springframework:spring-framework-bom from 6.2.2 to 6.2.3 #16599
- Update to oauth2-oidc-sdk 9.43.5 #16583
π© Build Updates
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@Kehrlann, @NeoTraveler, @dependabot[bot], @franticticktick, @making, and @ngocnhan-tran1996
Contributors
making, Kehrlann, and 4 other contributors
Assets 2
6.3.7
β New Features
- Improve Stability of S101 CI Task #16482
πͺ² Bug Fixes
- Fix logoutRequestRepository not set on Saml2RelyingPartyInitiatedLogoutSuccessHandler #16093
- Misconfigured OAuth2LoginAuthenticationFilter when combining OAuth2 login and OAuth2 client configuration #16105
π¨ Dependency Upgrades
- Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16 #16363
- Bump com.nimbusds:oauth2-oidc-sdk from 9.43.5 to 9.43.6 #16594
- Bump io.mockk:mockk from 1.13.14 to 1.13.16 #16400
- Bump io.projectreactor:reactor-bom from 2023.0.14 to 2023.0.15 #16577
- Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 #16533
- Bump org.springframework.data:spring-data-bom from 2024.0.8 to 2024.0.9 #16607
- Bump org.springframework.ldap:spring-ldap-core from 3.2.10 to 3.2.11 #16595
- Bump org.springframework:spring-framework-bom from 6.1.16 to 6.1.17 #16596
- Update to oauth2-oidc-sdk 9.43.5 #16582
π© Build Updates
- Bump
@springio/asciidoctor-extensions from 1.0.0-alpha.14 to 1.0.0-alpha.16 in /docs #16519 - Troubleshoot missing GChat notifications #16423
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@dependabot[bot] and @sawprogramming
Contributors
sawprogramming and dependabot
Assets 2
6.5.0-M1
β New Features
- Add
@AuthenticationPrincipal/@CurrentSecurityContextInterface Support for Expression Templates #16201 - Add ClientRegistration.clientSettings.requireProofKey to Enable PKCE #16386
- Add support checking same security matchers #16186
- Add Support disableDefaultRegistrationPage to WebAuthnDsl #16404
- Add support fullyAuthenticated to Kotlin DSL #16190
- Add Support JDBC Repositories For WebAuthn #16282
- Add Support OAuth2AuthorizationRequestResolver As Bean #16381
- Add UserDetailsService Constructor #15984
- Add WebAuthnConfigurer HttpMessageConverter Support #16397
- Added a constant for DPOP in OAuth2AccessToken.TokenType #16087
- Allow configuring custom ServerHttpHeadersWriter for Kotlin DSL #16136
- Avoid unnecessary instantiation of HttpSecurity #16370
- Consider making the constructor of
OAuth2AccessToken.TokenTypepublic#16086 - Customize Redirect URI in OidcClientInitiatedServerLogoutSuccessHandler #14808
- Documentation code snippets should consistently use joint tabs for java, kotlin, & XML #16228
- Fix OAuth reference documentation typo #16350
- Redirect using a relative URL #7273
- Set PublicKeyCredentialCreationOptionsRepository by DSL or Bean #16396
- Suggest replacing size() == 0 with isEmpty() for collection check #16428
- Support Determining Max Sessions by Authentication #16218
- Use relative URLs in /login redirects #14714
πͺ² Bug Fixes
- Encode clientId and clientSecret for
OpaqueTokenIntrospectorandReactiveOpaqueTokenIntrospector#16008 - Fix broken link #16416
- Fix broken link to MockMvc documentation #16415
- Fix for JdbcOneTimeTokenService cleanupExpiredTokens failing with PostgreSQL #16409
- Fix incorrect rendering of SpEL expression example tabs #16343
- Fix Kotlin DSL webAuthn { } #16403
- Fix logout code snippet for Kotlin #16341
- Fix missing space in documentation #16353
- Fix WebAuthnWebdriverTests #16283
- Fixed grammatical mistakes/errors in the docs. #16232
- Fixed typo in WebAuthnDsl #16413
- Kotlin MVC Integration Docs should use servlet path parameter #16426
- method-security: fix invalid Kotlin syntax #16375
- Update docs to link to AuthorizationFilter instead of deprecated FilterSecurityInterceptor #16352
- Use spring.security prefix instead of security.security #16427
- WebAuthn login fails when CredentialsRequestOptions.publicKey.allowCredentials is not empty #16441
π¨ Dependency Upgrades
- Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16 #16366
- Bump com.webauthn4j:webauthn4j-core from 0.28.3.RELEASE to 0.28.4.RELEASE #16356
- Bump io.micrometer:micrometer-observation from 1.14.2 to 1.14.3 #16411
- Bump io.mockk:mockk from 1.13.14 to 1.13.16 #16402
- Bump io.projectreactor:reactor-bom from 2023.0.13 to 2023.0.14 #16419
- Bump org-bouncycastle from 1.79 to 1.80 #16418
- Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 #16447
- Bump org.hibernate.orm:hibernate-core from 6.6.4.Final to 6.6.5.Final #16448
- Bump org.htmlunit:htmlunit from 4.7.0 to 4.8.0 #16401
- Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.10.0 to 1.10.1 #16333
- Bump org.junit:junit-bom from 5.11.3 to 5.11.4 #16293
- Bump org.mockito:mockito-bom from 5.14.2 to 5.15.2 #16360
- Bump org.springframework.data:spring-data-bom from 2024.1.1 to 2024.1.2 #16449
- Bump org.springframework:spring-framework-bom from 6.2.1 to 6.2.2 #16435
π© Build Updates
- Polish AbstractHttpConfigurer #16362
- Remove unused code from WebSecurityConfiguration #16348
- Remove Unused Loggers from Request Matchers #16319
- Troubleshoot missing GChat notifications #16425
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@2-say, @ClaudenirFreitas, @Meehdi, @MuhammadNFadhil, @Pistolnik, @ThomasKasene, @dependabot[bot], @evgeniycheban, @franticticktick, @harcomaase, @intotherealworld, @jzheaux, @kse-music, @mehdirahimi, @ngocnhan-tran1996, @simaotwx, and @wndyd0131
Contributors
jzheaux, ThomasKasene, and 15 other contributors
Assets 2
6.4.2
β New Features
- Add 6.4 Sample Serializations for Serializable classes #16274
- Add
@inheritDocto sessionIdChanged method #16216 - Fix typo in oauth2 resource server documentation #16053
- Fixed confusing phrasing in the docs for a better clarity. #16169
- Improve AuthorizationManager configuration error messages #16194
- Polish #16148
- Use Documentation Tags for Maven and Gradle in Getting Started #16234
- Add WebDriver WebAuthn test #15969
πͺ² Bug Fixes
- Add Deprecated ObjectPostProcessor constructor #16212
- Add RuntimeHints for webauthn Javascript resource #16159
- Always return current ClientRegistration in
loadAuthorizedClient#16139 - Avoid requesting an unnecessary attestation statement when creating a webauthn credential #16252
- CI is not using the correct secret for Develocity #16263
- Dark mode rendering issue with images on CSRF and Method Security pages #16176
- DefaultSaml2AuthenticatedPrincipal should define a serialVersionUID #16163
- Delay initialization of AuthenticationProvider in Global Authentication #16147
- Fix Documentation Typos #16054
- Correct OAuth2ClientHttpRequestInterceptor Usage Documentation #16172
- Fix Typo in 'What's New' Documentation #16183
- Fix WebAuthnWebdriverTests #16279
- Correct OpenSAML 5.x Documentation #16195
- Issue when using
@AuthenticationPrincipalon interfaces #16177 - Mutate breaks functionality of StrictFirewallHttpHeaders with recently modified HttpHeaders#writabeHttpHeaders #16261
- Remove duplicate cache in AuthenticationPrincipalArgumentResolverand CurrentSecurityContextArgumentResolver #16202
- Resolve ObjectPostProcessor collisions between RSocket and WebFlux security configuration #16161
- Restore
@AuthenticationPrincipal/@CurrentSecurityContextInterface Support #16245 - Restore Servlet 5 Compatiblity for CookieCsrfTokenRepository #16220
- Spelling error in opensaml.adoc #16146
- Update document regarding PublicKeyCredentialCreationOptions.attestation value #16264
- Verification Options Should Return Saved Transports for Credentials #16084
π¨ Dependency Upgrades
- Bump com.fasterxml.jackson:jackson-bom from 2.18.1 to 2.18.2 #16184
- Bump com.webauthn4j:webauthn4j-core from 0.28.2.RELEASE to 0.28.3.RELEASE #16203
- Bump io.micrometer:micrometer-observation from 1.14.1 to 1.14.2 #16255
- Bump io.projectreactor:reactor-bom from 2023.0.12 to 2023.0.13 #16256
- Bump org.gradle.wrapper-upgrade from 0.11.4 to 0.12 #16209
- Bump org.gretty:gretty from 4.1.5 to 4.1.6 #16247
- Bump org.hibernate.orm:hibernate-core from 6.6.2.Final to 6.6.3.Final #16145
- Bump org.htmlunit:htmlunit from 4.6.0 to 4.7.0 #16205
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.22 to 4.33.23 #16180
- Bump org.seleniumhq.selenium:htmlunit3-driver from 4.26.0 to 4.27.0 #16204
- Bump org.seleniumhq.selenium:selenium-java from 4.26.0 to 4.27.0 #16167
- Bump org.springframework.data:spring-data-bom from 2024.1.0 to 2024.1.1 #16290
- Bump org.springframework.ldap:spring-ldap-core from 3.2.8 to 3.2.10 #16270
- Bump org.springframework:spring-framework-bom from 6.2.0 to 6.2.1 #16271
π© Build Updates
- Bump
@antora/collector-extension from 1.0.0 to 1.0.1 in /docs #16239 - Bump antora from 3.2.0-alpha.6 to 3.2.0-alpha.8 in /docs #16237
- Bump gradle/gradle-build-action from 2 to 3 #16278
- Remove 5.8.x and 6.2.x dependabot configuration #16268
- Remove 5.8.x from Auto Merge Forward Dependabot PRs #15770
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@12OneTwo12, @Kehrlann, @MuhammadNFadhil, @OrangeDog, @Spikhalskiy, @dependabot[bot], @harpreets789, @kse-music, @martin-tarjanyi, @ngocnhan-tran1996, and @ynojima
Contributors
Spikhalskiy, OrangeDog, and 9 other contributors
Assets 2
6.3.6
πͺ² Bug Fixes
- Always return current ClientRegistration in
loadAuthorizedClient#16138 - CI is not using the correct secret for Develocity #16262
- Dark mode rendering issue with images on CSRF and Method Security pages #16175
- Delay initialization AuthenticationProvider in Global Authentication #16050
- Do not eagerly construct UserDetailsService bean in Global Authentication #16144
- Documentation images should render clearly in both light and dark mode #16131
- Mutate breaks functionality of StrictFirewallHttpHeaders with recently modified HttpHeaders#writabeHttpHeaders #16069
- OidcBackChannelLogoutWebFilter error response is not a correct JSON #16229
- Restore Servlet 5 Compatiblity for CookieCsrfTokenRepository #16219
π¨ Dependency Upgrades
- Bump io.projectreactor:reactor-bom from 2023.0.12 to 2023.0.13 #16257
- Bump org.gretty:gretty from 4.1.5 to 4.1.6 #16246
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.22 to 4.33.23 #16179
- Bump org.springframework.data:spring-data-bom from 2024.0.6 to 2024.0.7 #16289
- Bump org.springframework.ldap:spring-ldap-core from 3.2.8 to 3.2.10 #16269
- Bump org.springframework:spring-framework-bom from 6.1.15 to 6.1.16 #16272
π© Build Updates
- Bump antora from 3.2.0-alpha.6 to 3.2.0-alpha.8 in /docs #16244
- Update Antora UI Spring to v0.4.18 #16110
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@dependabot[bot], @github-actions[bot], and @kse-music
Contributors
dependabot and kse-music
Assets 2
6.4.1
πͺ² Bug Fixes
- Documentation images should render clearly in both light and dark mode #16132
- Fix conflicting bean names between
@EnableWebSecurityand@EnableWebSocketSecurity#16113
π© Build Updates
- Update Antora UI Spring to v0.4.18 #16112
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@github-actions[bot] and @ngocnhan-tran1996
Contributors
ngocnhan-tran1996