Skip to content

Releases: spring-projects/spring-security

5.2.0.M2

01 Oct 16:09
@jzheaux jzheaux
5.2.0.M2
e66e52d
Compare
Choose a tag to compare
5.2.0.M2 Pre-release
Pre-release

⭐ New Features

  • Add JDK 12 Build #6774
  • Update Gradle version to 5.3.1 #6747
  • Align JavaDoc in SecureRandomFactoryBean #6734
  • Fix a typo #6725
  • Introduce AuthenticationManagerResolver #6722
  • Defer downstream filter execution if no OAuth2AuthorizedClient is found #6719
  • Make UnAuthenticatedServerOAuth2AuthorizedClientRepository threadsafe #6717
  • URL Cleanup #6662
  • URL Cleanup #6655
  • Simplify MediaTypeRequestMatcher construction #6648
  • Polish #6635
  • Introduced placeholder support for headers tag attributes #6623
  • Allowing for a @bean of type OAuth2AccessTokenResponseClient<OAuth2Cl… #6606
  • Throw exception that was created but not thrown #6604
  • documentation: remove out-of-date #6603
  • OAuth2LoginSpec discovers ReactiveOAuth2AccessTokenResponseClient @bean #6587
  • OAuth2ClientConfiguration discovers client_credentials OAuth2AccessTokenResponseClient #6572
  • Multi tenancy for Resource Server #6563
  • Introduce @CurrentSecurityContext for method arguments #6562
  • Fix Broken Documentation Link #6555
  • Broken URL in documentation #6553
  • Add Support for Clear Site Data on Logout #6550
  • Introduce @CurrentSecurityContext for method arguments #6546
  • Reactive Opaque Token Support #6519
  • OidcIdTokenValidator ensures clockSkew is positive number #6514
  • Add Reactive Opaque Token Support to Resource Server #6513
  • Properties should reference scope not scopes #6510
  • HeaderWriterFilter writes headers at beginning #6509
  • Introduce OAuth2AuthorizationRequest.attributes #6508
  • Introduce Support for Reading RSA Keys #6505
  • NimbusReactiveJwtDecoder Takes Reactive Processor #6499
  • Support symmetric key for JwtDecoder #6495
  • Add RSA Key Converters #6494
  • Improve formatting of LDAP snippets in Reference Documentation #6486
  • Add client support for PKCE #6485
  • OAuth2LoginSpec discovers ReactiveOAuth2AccessTokenResponseClient @bean #6477
  • Add new configuration options for OAuth2LoginSpec #6462
  • Update to nimbus-jose-jwt:6.7 #6459
  • Consider having HeaderWriters check before writing #6456
  • Added CompositeHeaderWriter #6455
  • Consider having HeaderWriters check before writing #6454
  • Add a composite HeaderWriter class #6453
  • Support PKCE for Client #6446
  • OidcIdTokenValidator ensures clockSkew is positive number #6443
  • Save original request on oauth2Client filter #6418
  • Add Support for Opaque OAuth2 Tokens to Resource Server #6352
  • Add preload support to Strict-Transport-Security #6312
  • Remove Servlet Spec 2.5 and 3.0 support #6220
  • OAuth2ResourceServerConfigurerTests should avoid MockWebServer #6104
  • OAuth2AuthorizationRequest.additionalParameters should not contain registration_id #5940
  • NimbusReactiveJwtDecoder should accept a custom processor #5937
  • Improve OAuth2LoginSpec with more configuration options #5598
  • Provide support for symmetric key verification via JwtDecoder #5465
  • Support for OIDC Logout #5356
  • Multi-tenancy support for OAuth2 #5351
  • Support RP (Client) initiated logout #5350
  • Provide support for OAuth 2.0 Token Introspection #5200
  • Add Clear Site Data to Log Out #4187

🪲 Bug Fixes

  • ServletOAuth2AuthorizedClientExchangeFilterFunction supports chaining #6526
  • Update resource-server.adoc #6523
  • Fixed broken link #6522
  • Fix broken link in README.adoc #6521
  • Preserve existing refresh token if new refresh token not returned #6504
  • Refreshing access token may remove refresh token from AuthorizedClient #6503
  • ServletOAuth2AuthorizedClientExchangeFilterFunction Does Not Work For Chained Reactive Methods #6483
  • Missing spring: prefix on jwk-set-uri example #6479
  • Improve CsrfBeanDefinitionParser xml parsing #6451
  • HTML markup fixed in DefaultLoginPageGeneratingFilter #6448
  • XML configuration with multiple security:http register multiple requestDataValueProcessor #6423
  • Invalid html in default login page #6417
  • Webflux Oauth2 .oauth2Client() doesn't redirect back to the original request after authenticating in the auth server #6341
  • Fix OAuth2 Client with Ditributed Session #6215

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

Read more
Assets 2

5.2.0.M1

01 Oct 16:10
@jzheaux jzheaux
5.2.0.M1
fdd22e5
Compare
Choose a tag to compare
5.2.0.M1 Pre-release
Pre-release

⭐ New Features

  • Update to spring-build-conventions 0.0.23.RELEASE #6440
  • customization support for StrictHttpFirewall #6439
  • Update to Spring Data Lovelace SR4 #6438
  • Update to Spring Framework 5.1.4 #6437
  • Update to Reactor Californium-SR4 #6436
  • Update to Spring Boot 2.1.2 #6435
  • Update to htmlunit-driver 2.33.3 #6434
  • Update to org.powermock 2.0.0 #6433
  • Update to hibernate-entitymanager 5.4.0.Final #6432
  • Update to ehcache 2.10.6 #6431
  • Update to com.squareup.okhttp3 3.12.1 #6430
  • Update to oauth2-oidc-sdk 6.5 #6429
  • Update to nimbus-jose-jwt 6.5.1 #6428
  • Update to jackson.core 2.9.8 #6427
  • Update to cglib-nodep 3.2.10 #6426
  • Update JwtTimestampValidator.java #6416
  • Extract the ID Token JwtDecoderFactory to enable user customization #6415
  • Expose ID Token JwtDecoderFactory #6379
  • ID Token validation supports clock skew #6375
  • Polish oauth2 client ExchangeFilterFunction's #6355
  • Improve error messages in OidcIdTokenValidator #6349
  • Polish tests #6346
  • Removed isServlet30 check #6331
  • Fixes typo in x,rnc files #6326
  • Typo in Spring Security spring-security-x.y.rnc Files #6325
  • Improve error messages in OidcIdTokenValidator #6323
  • Add hasAnyAuthority() and hasAnyRole() in AuthorizeExchangeSpec #6310
  • JdbcUserDetailsManager handles extra UserDetails attributes #6309
  • Add WebFlux support for spring security web jackson module. #6305
  • Add WebFlux support for spring security web jackson module #6303
  • authorization_uri Supports Query Parameters #6299
  • Extract OidcTokenValidator to an OAuth2TokenValidator #6298
  • Remove check for method HttpServletRequest#getHeader and related test #6290
  • Remove Servlet Spec 2.5 Support for HttpSessionSecurityContextRepository #6289
  • Validate Scopes in ClientRegistration.Builder #6285
  • Allow setting realm for Http Basic #6279
  • Add cookieDomain to CookieCsrfTokenRepository #6276
  • Add Anonymous Support to AuthenticatedReactiveAuthorizationManager #6267
  • Remove Servlet 3.0 Support in CacheControlHeadersWriter #6265
  • Remove Servlet 3.0 Support in AbstractRequestMatcherRegistry #6264
  • Remove Servlet 2.5 and 3.0 Support for Remember Me #6263
  • Remove Servlet Spec 2.5 and 3.0 Support for CSRF #6262
  • Remove Servlet Spec 2.5 Support for HttpSessionSecurityContextRepository #6261
  • Remove Servlet Spec 2.5 Support for SecurityContextHolderAwareRequestFilter #6260
  • Remove Servlet 2.5 Support for Session Fixation #6259
  • Add DelegatingSecurityContextTaskScheduler #6257
  • Validate ClientRegistration.scopes #6256
  • RoleVoter Configuration Defaults Prefix Using GrantedAuthorityDefauts #6241
  • Improve error message for Chinese #6240
  • Add WebClientReactiveAuthorizationCodeTokenResponseClient.setWebClient #6238
  • AuthenticatedReactiveAuthorizationManager support for AnonymousAuthenticationToken #6235
  • JwtDecodersTests and ClientRegistrationsTest should explicitly test for trailing slash #6234
  • Add Reactive Support for UserDetailsChecker #6229
  • SessionRegistryImpl uses computeIfAbsent #6221
  • Accept a case-insensitive "Bearer" keyword #6210
  • Restored Jacoco default task dependence #6200
  • Added support for Anonymous Authentication #6198
  • Update to Gradle 5.0 #6197
  • Make CachingUserDetailsService Public #6196
  • Bearer should be case-insensitive in ServerBearerTokenAuthenticationConverter #6195
  • Use SpringUtils to check scheme #6185
  • BasicAuthenticationFilter could check the scheme more efficiently #6183
  • ReactiveOAuth2AccessTokenResponseClients should support setting a custom WebClient #6182
  • According to RFC 2617 #1.2, the "Bearer" keyword should be case-insensitive #6150
  • Update to Gradle 5.0 #6148
  • Update com.squareup.okhttp3 deps to 3.12.0 #6142
  • Add GenericConversionService with support for UUID and Strings #6141
  • Remove unused dependency slf4j-api in javaconfig x509 sample application #6131
  • Remove unused compile dependency in javaconfig x509 sample #6130
  • Replace deprecated Gradle Task method in AspectJPlugin.groovy #6129
  • Replace deprecated Gradle Task.deleteAllActions() method in AspectJPlugin.groovy #6128
  • WebClient support should get new access token when expired and client_credentials #6127
  • AesBytesEncryptorTests should check available key strengths before running #6121
  • CookieClearingLogoutHandler enhancement #6116
  • Update to Gradle 4.10.2 #6114
  • Update to oauth2-oidc-sdk:6.2 #6101
  • Update webflux-form sample to use Built in CSRF Support #6097
  • Update to nimbus-jose-jwt:6.3 #6095
  • Updated Spring Boot version from 2.1.0.M4 to 2.1.0.RELEASE #6084
  • Update to Spring Boot 2.1.0.RELEASE #6082
  • Make AesBytesEncryptor public #6079
  • CookieClearingLogoutHandler for differen...
Read more
Assets 2