Releases: spring-projects/spring-security
Releases · spring-projects/spring-security
6.1.3
⭐ New Features
- Add MvcRequestMatcher reference documentation #13726
- Refactor for readability #13472
- requestMatchers servlet validation error should include information about servlet paths #13722
- requestMatchers should not count servlets without mappings #13724
🪲 Bug Fixes
- Add return statement of the roleHierachy method in the servlet/author… #13596
- Fix typo in docs #13637
- Referrer Header is set in Reactive Web Applications by default, although doc says it is not. #13590
- RequestMatcherMetadataResponseResolver only shows last RelyingPartyRegistration #13700
- saml2Login should not override OpenSaml4AuthenticationProvider bean #13655
- The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered #13580
- Update links in adocs #13632
🔨 Dependency Upgrades
- Update io.projectreactor to 2022.0.10 #13674
- Update logback-classic to 1.4.11 #13669
- Update micrometer-observation to 1.10.10 #13672
- Update mockk to 1.13.7 #13673
- Update org.aspectj to 1.9.20 #13676
- Update org.springframework.data to 2022.0.9 #13677
- Update reactor-netty to 1.1.10 #13675
- Update spring-ldap-core to 3.0.5 #13678
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
6.0.6
⭐ New Features
- requestMatchers servlet validation error should include information about servlet paths #13721
- requestMatchers should not count servlets without mappings #13720
🪲 Bug Fixes
- Doc : typo in Custom DSLs section #13325
- Fix typo in docs #13605
- Referrer Header is set in Reactive Web Applications by default, although doc says it is not. #13589
- saml2Login should not override OpenSaml4AuthenticationProvider bean #13654
- The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered #13579
- Update links in adocs #13565
🔨 Dependency Upgrades
- Update io.projectreactor to 2022.0.10 #13710
- Update logback-classic to 1.4.11 #13707
- Update micrometer-observation to 1.10.10 #13708
- Update mockk to 1.13.7 #13709
- Update org.aspectj to 1.9.20 #13712
- Update org.springframework.data to 2022.0.9 #13713
- Update reactor-netty to 1.1.10 #13711
- Update spring-ldap-core to 3.0.5 #13714
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.8.6
⭐ New Features
- Closes #11450 - Add Java beans configuration for Remmember Me Docs #13570
- Dependencies are resolved from appropriate repositories #13582
- requestMatchers servlet validation error should include information about servlet paths #13667
- requestMatchers should not count servlets without mappings #13666
🪲 Bug Fixes
- Fix Bearer Token RestTemplate Support example #13434
- Referrer Header is set in Reactive Web Applications by default, although doc says it is not. #13561
- The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered #13572
🔨 Dependency Upgrades
- Update io.projectreactor to 2020.0.35 #13702
- Update org.aspectj to 1.9.20 #13704
- Update org.springframework.data to 2021.2.15 #13705
- Update reactor-netty to 1.0.35 #13703
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
6.2.0-M1
⭐ New Features
- Add meta-annotation support for EnableMethodSecurity #13120
- Add with() method to apply SecurityConfigurerAdapter #13432
- Assert is missing object. It was useless before Spring Framework 6.1 and will not compile on 6.1 #13412
- authorizeHttpRequests should consider GrantedAuthorityDefaults #13215
- Automatically enable .cors() if CorsConfigurationSource bean is present #5011
- Change TestingAuthenticationToken to Accept Collection GrantedAuthorities #12953
- Create NoOpAccessDeniedHandler #13109
- Create NoOpAuthenticationEntryPoint #13107
- Deprecate AbstractConfiguredSecurityBuilder#apply that returns SecurityConfigurerAdapter #13436
- Make class
OidcClientInitiatedLogoutSuccessHandler
extensible #13007 - Optimize Querying of RequestCache -> continue parameter #13489
- Optimize Querying of RequestCache -> continue parameter #13483
- Prepare for Spring Security 6.2 #13416
- Remove LazyCsrfTokenRepository usage #13202
- Replace deprecated methods #13307
- Simplify RequestMatcherDelegatingAuthorizationManager.Builder matcher registration #13110
- Use SecurityContextHolderStrategy in CasAuthenticationFilter #13418
- Using modern Java features #12569
🪲 Bug Fixes
- Docs link leads to wrong section on What's New #13492
- Error message should show underlying Client Authentication method #13499
- Javadoc for AuthorizationFilter#filterErrorDispatch is wrong #13466
- once-per-request="true" does not work in XML configuration #13495
- Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration #13422
- Unable to Use
hasIpAddress()
Method After Migrating toauthorizeHttpRequests()
in Spring Security 6 #13479 - Usage of deprecated function in JWT documentation #13501
- Use default PathPatternParser instance #13475
🔨 Dependency Upgrades
- Update aspectj-plugin to 6.6.3 #13531
- Update hibernate-core to 6.2.6.Final #13538
- Update htmlunit to 2.70.0 #13535
- Update htmlunit-driver to 2.70.0 #13543
- Update io.projectreactor to 2023.0.0-M1 #13533
- Update jackson-bom to 2.15.2 #13530
- Update jakarta.websocket to 2.1.1 #13534
- Update junit-bom to 5.10.0-RC1 #13541
- Update maven-resolver-provider to 3.9.3 #13536
- Update micrometer-observation to 1.12.0-M1 #13532
- Update org.apache.maven.resolver to 1.9.13 #13537
- Update org.jetbrains.kotlin to 1.9.0 #13539
- Update org.jetbrains.kotlinx to 1.7.2 #13540
- Update org.mockito to 4.11.0 #13542
- Update org.springframework to 6.1.0-M2 #13544
- Update org.springframework.data to 2022.0.8 #13529
- Update org.springframework.data to 2022.0.8 #13523
- Update spring-ldap-core to 3.2.0-M1 #13545
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
6.1.2
⭐ New Features
- Improve RequestMatcher Validation #13557
- Improve Security Filters Documentation #13414
- Optimize Querying of RequestCache -> continue parameter #13488
- Optimize Querying of RequestCache -> continue parameter #13482
🪲 Bug Fixes
- Error message should show underlying Client Authentication method #13498
- Javadoc for AuthorizationFilter#filterErrorDispatch is wrong #13465
- once-per-request="true" does not work in XML configuration #13494
- Spring Security 6 combined with AspectJ weaving of spring-security-aspects executes PreAuthorize twice #13199
- Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration #13421
- Unable to Use
hasIpAddress()
Method After Migrating toauthorizeHttpRequests()
in Spring Security 6 #13478 - update l179 of jwt docs #13480
- Use default PathPatternParser instance #13464
🔨 Dependency Upgrades
- Update io.projectreactor to 2022.0.9 #13525
- Update jakarta.websocket to 2.1.1 #13526
- Update micrometer-observation to 1.10.9 #13524
- Update org.springframework to 6.0.11 #13527
- Update org.springframework.data to 2022.0.8 #13528
- Update org.springframework.data to 2022.0.8 #13522
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
6.0.5
⭐ New Features
- Improve RequestMatcher Validation #13556
- Improve Security Filters Documentation #13413
- Optimize Querying of RequestCache -> continue parameter #13487
- Optimize Querying of RequestCache -> continue parameter #13481
🪲 Bug Fixes
- Error message should show underlying Client Authentication method #13496
- Javadoc for AuthorizationFilter#filterErrorDispatch is wrong #13456
- once-per-request="true" does not work in XML configuration #13491
- Spring Security 6 combined with AspectJ weaving of spring-security-aspects executes PreAuthorize twice #13198
- Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration #13420
- Unable to Use
hasIpAddress()
Method After Migrating toauthorizeHttpRequests()
in Spring Security 6 #13477 - Use default PathPatternParser instance #13463
🔨 Dependency Upgrades
5.8.5
5.7.10
5.6.12
6.1.1
⭐ New Features
- Add initial Native section to reference docs #13236
- Align Resource Server documentation with Boot's capabilities #13239
- Convert to Asciidoctor Tabs #13407
- Document How to Handle Method Security in Native Image #13237
- Improve javadoc about deprecation of .and() and non-Customizer methods #13273
- Make eclipse/vscode project import work #13284
- Mention that authorizeHttpRequests does not support GrantedAuthorityDefaults #13229
- mockOAuth2Login() does not work in collaboration with Spring Cloud Gateway and TokenRelayGatewayFilter #13254
- Use Antora name of security #13331
🪲 Bug Fixes
- Additional filters registered when using Custom DSL #13282
- AOT Fails to proxy #13369
- CasAuthenticationFilter.successfulAuthentication missing call to securityContextRepository.saveContext #13243
- DefaultAuthorizationCodeTokenResponseClient.getTokenResponse(OAuth2AuthorizationCodeGrantRequest) can return null #13223
- Deprecated hint on BasicAuthenticationFilter #13279
- Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository #13193
- Fix Antora Warnings #13294
- Fix constant value in XContentTypeOptionsServerHttpHeadersWriter #13221
- Fix Documentation Title #13318
- Fix legacy-websocket-configuration cross-reference #13206
- Fix type on method-security.adoc #13212
- http://www.springframework.org/schema/security/spring-security.xsd returns 404 #13209
- Migration to EnableMethodSecurity break Transactional on custom PermissionEvaluator #13218
- No longer maintained net.sourceforge.nekohtml with known security issues #13287
- Provide meaningful error when invalid client-authentication-method is provided #13309
- Proxy Server section is not linked in nav #13324
- Use consistent list of micrometer tags in web observation handler #13190
- UserBuilder does not allow authorities to be overridden #13290
🔨 Dependency Upgrades
- Update cas-client-core to 4.0.2 #13342
- Update com.nimbusds to 9.43.3 #13335
- Update hsqldb to 2.7.2 #13343
- Update io.projectreactor to 2022.0.8 #13338
- Update io.rsocket to 1.1.4 #13340
- Update io.spring.javaformat to 0.0.39 #13341
- Update logback-classic to 1.4.8 #13334
- Update micrometer-observation to 1.10.8 #13337
- Update org.jetbrains.kotlin to 1.8.22 #13344
- Update org.springframework to 6.0.10 #13345
- Update org.springframework.data to 2022.0.7 #13346
- Update reactor-netty to 1.1.8 #13339
- Update spring-ldap-core to 3.0.4 #13347
- Update unboundid-ldapsdk to 6.0.9 #13336
❤️ Contributors
We'd like to thank all the contributors who worked on this release!