Releases: spring-projects/spring-security
Releases · spring-projects/spring-security
5.7.0
⭐ New Features
- Check Samples should run against the current artifacts #11199
- Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager#isAuthorized #11188
- Remember me should detect UserDetailsService bean #11170
- WebSessionServerSecurityContextRepository provides Mono.cache option #8422
- X509 should detect UserDetailsService bean #11174
🪲 Bug Fixes
@EnableMethodSecuritydoesn't resolve annotations on interfaces through a Proxy #11177- Add shouldFilterAllDispatcherTypes to Kotlin DSL #11153
- Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator #11165
- Multiple .requestMatchers().mvcMatchers() override previous one #11185
🔨 Dependency Upgrades
- Update aspectj-plugin to 6.4.3 #11218
- Update com.nimbusds to 9.35 #11217
- Update htmlunit to 2.61.0 #11222
- Update htmlunit-driver to 2.61.0 #11224
- Update io.projectreactor to 2020.0.19 #11220
- Update mockk to 1.12.4 #11219
- Update org.jetbrains.kotlin to 1.6.21 #11223
- Update org.springframework to 5.3.20 #11225
- Update org.springframework.data to 2021.2.0 #11228
- Update reactor-netty to 1.1.0-M2 #11221
- Update spring-data-jpa to 2.7.0-RC1 #11226
- Update spring-ldap-core to 2.4.0 #11227
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.6.4
5.5.7
🔨 Dependency Upgrades
5.7.0-RC1
⭐ New Features
- Add authorizeHttpRequests to Kotlin DSL #10895
- Add authorizeHttpRequests to Kotlin DSL #10481
- Add DisableEncodeUrlFilter #11084
- Add Option to Filter All Dispatcher Types #11094
- Add Option to Filter All Dispatcher Types #11092
- Add support for authorization events in DelegatingAuthorizationManager #9527
- Add Support for Explicitly Saving SecurityContext #10949
- Create ForceEagerSessionCreationFilter #11109
- DelegatingAuthorizationManager Should Fire Events #9288
- Deprecate loadContext(RequestResponseHolder) in 5.x #11032
- Deprecate Saml2AuthenticationRequestFactory #11080
- Fix saml2 authentication-requests documentation #11034
- HttpSessionSecurityContextRepository.loadContext support null HttpServletResponse #11029
- RequestMatcherDelegatingAuthorizationManager should use RequestMatcherEntry #11046
🪲 Bug Fixes
- AuthorizationManagerWebInvocationPrivilegeEvaluator does not provide access to ServletContext #10908
- ExceptionTranslationWebFilter causes a blocking call in case of missing/wrong authentication #10864
- Fix typo in reference documentation #11058
- Make the
DelegatingPasswordEncoderwork correctly, even if the prefix and suffix are the same #10933 - Update saganCreateRelease property referenceDocUrl #11031
- Update saganCreateRelease task property referenceDocUrl #11016
🔨 Dependency Upgrades
- Update aspectj-plugin to 6.4.2 #11143
- Update com.nimbusds to 9.34 #11142
- Update hibernate-entitymanager to 5.6.8.Final #11149
- Update io.projectreactor to 2020.0.18 #11144
- Update io.rsocket to 1.1.2 #11146
- Update org.aspectj to 1.9.9.1 #11147
- Update org.eclipse.jetty to 9.4.46.v20220331 #11148
- Update org.jetbrains.kotlin to 1.6.20 #11150
- Update org.jetbrains.kotlinx to 1.6.1 #11151
- Update org.springframework to 5.3.19 #11152
- Update reactor-netty to 1.1.0-M1 #11145
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.6.3
🪲 Bug Fixes
- AuthorizationManagerWebInvocationPrivilegeEvaluator should grant access when AuthorizationManager abstains #10951
- Change HashSet to LinkedHashSet for RelyingPartyRegistration credentials #10916
- Fix saml2 authentication-requests documentation #11047
- Remove "Hi servlet/authentication/architecture there" from docs #10963
🔨 Dependency Upgrades
- Update hibernate-entitymanager to 5.6.8.Final #11124
- Update io.projectreactor to 2020.0.18 #11119
- Update io.rsocket to 1.1.2 #11121
- Update jackson-bom to 2.13.2.20220328 #11115
- Update jackson-databind to 2.13.2.2 #11116
- Update jackson-datatype-jsr310 to 2.13.2 #11117
- Update logback-classic to 1.2.11 #11114
- Update mockk to 1.12.3 #11118
- Update org.aspectj to 1.9.9.1 #11122
- Update org.eclipse.jetty to 9.4.46.v20220331 #11123
- Update org.springframework to 5.3.19 #11125
- Update org.springframework.data to 2021.1.3 #11126
- Update reactor-netty to 1.0.18 #11120
- Update spring-ldap-core to 2.3.7.RELEASE #11127
5.5.6
🪲 Bug Fixes
- AuthorizationManagerWebInvocationPrivilegeEvaluator should grant access when AuthorizationManager abstains #10952
- Change HashSet to LinkedHashSet for RelyingPartyRegistration credentials #10917
🔨 Dependency Upgrades
- Update com.fasterxml.jackson.core to 2.13.2.2 #11130
- Update com.fasterxml.jackson.datatype to 2.13.2 #11131
- Update io.projectreactor to 2020.0.18 #11132
- Update io.rsocket to 1.1.2 #11134
- Update jackson-bom to 2.12.6.20220326 #11129
- Update logback-classic to 1.2.11 #11128
- Update org.aspectj to 1.9.9.1 #11135
- Update org.eclipse.jetty to 9.4.46.v20220331 #11136
- Update org.springframework to 5.3.19 #11137
- Update org.springframework.data to 2021.0.10 #11138
- Update reactor-netty to 1.0.18 #11133
- Update spring-ldap-core to 2.3.7.RELEASE #11139
6.0.0-M3
6.0.0-M2
⏪ Breaking Changes
- Fixed ClientAuthenticationMethod inconsistent equals and hashCode #10559
⭐ New Features
- Add default value for version in gitHubCheckMilestoneHasNoOpenIssues task #10921
- Add gradle task for updating to next development version #10975
- Do not run CI on tags #10974
- Remove
spring-security-openidmodule #10773 - Update CI pipeline to push next snapshot version after release #10977
🪲 Bug Fixes
- commons-logging:commons-logging is a transitive dependency of some modules #10499
- Do not rely on javax. group ids #10501
🔨 Dependency Upgrades
- Update aspectj-plugin to 6.4.1 #10984
- Update com.nimbusds to 9.30 #10983
- Update hibernate-core-jakarta to 5.6.7.Final #10992
- Update htmlunit to 2.59.0 #10990
- Update htmlunit-driver to 2.59.0 #10993
- Update io.projectreactor to 2020.0.17 #10986
- Update io.r2dbc to 0.9.1.RELEASE #10988
- Update io.spring.javaformat to 0.0.31 #10989
- Update jackson-bom to 2.13.2 #10980
- Update jackson-databind to 2.13.2 #10981
- Update jackson-datatype-jsr310 to 2.13.2 #10982
- Update logback-classic to 1.2.11 #10979
- Update mockk to 1.12.3 #10985
- Update org.eclipse.jetty to 11.0.8 #10991
- Update org.slf4j to 1.7.36 #10994
- Update reactor-netty to 1.0.17 #10987
- Update spring-ldap-core to 2.3.6.RELEASE #10995
- Upgrade to AspectJ 1.9.8 #10349
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.7.0-M3
⏪ Breaking Changes
- ServerHttpBasicAuthenticationConverter uses platform's default charset #10903
- Use utf-8 in ServerHttpBasicAuthenticationConverter #10911
⭐ New Features
OidcClientInitiatedLogoutSuccessHandlerresolves redirect uri placeholders #10935- Add support in xml configuration #9012
- Add InResponseTo validation support #9174
- Add Jackson Support for saml2 Module #10907
- Add Kotlin example for SecuritySocketAcceptorInterceptor of RSocket #10932
- Add method to customize EntityDescriptor and SPSSODescriptor #10925
- Add OpenSamlMetadataResolver#setEntityDescriptorCustomizer #10839
- Add Persistence to Documentation #10962
- Add RequestAttributeSecurityContextRepository #10918
- Add SAML 2.0 Login and Logout XML Support #10685
- Add SAML 2.0 Single Logout XML Support #10842
- Add SecurityContextHolderFilter #9635
- Add support for customizing claims in JWT Client Assertion #10972
- Add support for validation of InResponseTo attribute when validating SAML2 responses #10849
- Consider adding factory method to
UsernamePasswordAuthenticationToken#10790 - Consider enabling PKCE for confidential clients #6548
- fix gh_10846 #10898
- HttpSessionSecurityContextRepository saves with original response #10947
- Implemented Add Kotlin example for SecuritySocketAcceptorInterceptor o… #10936
- OAuth2AuthorizedClientArgumentResolver couldn't use ReactiveOAuth2AuthorizedClientManager registered in the Context #10846
- Polish UsernamePasswordAuthenticationFilter method #10970
- Provide ability to customize claims in Jwt Client Assertion #9855
- UsernamePasswordAuthenticationToken factory methods #10901
🪲 Bug Fixes
- AuthorizationManagerWebInvocationPrivilegeEvaluator should grant access when AuthorizationManager abstains #10950
- Change HashSet to LinkedHashSet for RelyingPartyRegistration credentials #10912
- DefaultSecurityFilterChain: Wrong log message "Will not secure" #10909
- Edit declaration of PasswordEncoder interface of Cryptography section #10922
- Edit declaration of PasswordEncoder interface of Cryptography section #10910
- Line breaks in Base64 encoded LogoutResponse cause an IllegalArgumentException #10923
- Preserve order of RelyingPartRegistration credentials #10924
🔨 Dependency Upgrades
- Update com.nimbusds to 9.31 #11003
- Update hibernate-entitymanager to 5.6.7.Final #11008
- Update htmlunit to 2.60.0 #11007
- Update htmlunit-driver to 2.60.0 #11010
- Update io.projectreactor to 2020.0.17 #11005
- Update jackson-bom to 2.13.2 #11000
- Update jackson-databind to 2.13.2 #11001
- Update jackson-datatype-jsr310 to 2.13.2 #11002
- Update logback-classic to 1.2.11 #10999
- Update mockk to 1.12.3 #11004
- Update org.jetbrains.kotlin to 1.6.20-RC #11009
- Update org.springframework to 5.3.17 #11011
- Update reactor-netty to 1.0.17 #11006
- Update spring-data-bom to 2021.2.0-M4 #11014
- Update spring-data-jpa to 2.7.0-M4 #11012
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.7.0-M2
⭐ New Features
- Add
serialVersionUIDtoDefaultSavedRequestandSavedCookie#10594 - Add EntitiesDescriptor Support #10787
- add Kotlin example for logout configuration of reactive authentication #10823
- Add Kotlin example for logout configuration of reactive authentication #10819
- Add LDAP AuthenticationManager factory #10138
- Add OpenSaml custom types to Saml2AuthenticatedPrincipal #10809
- Add OpenSamlAssertingPartyDetails #10794
- Add Request AuthenticationManagerResolvers #7366
- Add Saml2AuthenticationRequestResolver #10355
- Add Saml2AuthenticationRequestResolver #9277
- Add serialVersionUID to DefaultSavedRequest and SavedCookie #10676
- Add Session Index Support #10784
- Consider Adding OpenSamlAssertingPartyDetails #10781
- Deprecate WebSecurityConfigurerAdapter #10822
- Document SecurityFilterChain bean based configuration #10003
- Expose JDBC default user schema DDL location as public constant #10837
- Fix for gh10663 encryptedID #10689
- Introduce a Map-based AuthenticationManagerResolver #6762
- Make Saml2AuthenticationRequests serializable #10608
- Make WebAuthenticationDetails constructor public #10830
- Print ignore message DefaultSecurityFilterChain #9526
- RelyingPartyRegistrations should read all entities #10782
- SAML 2.0 Response handling should have a better error message when decryption is not allowed #10220
- Saml2AuthenticationRequests not serializable cause exception when using jdbc session #10550
- Support
@TransientSecurityContext and Provide TransientSecurityContext #9995 - Support extensions of WebAuthenticationDetails when using Jackson serialization #10564
- Support multiple RequestRejectedHandler beans. #10603
- Update reference documentation to use LDAP AuthenticationManager factory #10789
🪲 Bug Fixes
- add Kotlin examples for Spring Data Integration of servlet application #10834
- Add Kotlin examples for Spring Data Integration of servlet application #10827
- Apply configurers from spring.factories to HttpSecurity bean #10815
- Cannot create OrRequestMatcher with List.of(...) #10703
- commons-logging:commons-logging is a transitive dependency of some modules #10771
- Default configurer in spring.factories is not applied when using SecurityFilterChain #10814
- Do not rely on javax. group ids #10769
- Fix broken link to SAML2 login example #10800
- Fix typo in role hierarchy document #10804
- Getting Spring Security Reference Doc have a error #10736
- Replace StringUtils class of oauth2-oidc-sdk completely #10805
- RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext #10779
- Update docs to use multi-tenancy #10829
- web.ignoring().mvcMatchers is confuse in someway about the debug output in the console #9334
🔨 Dependency Upgrades
- Update aspectj-plugin to 6.4.1 #10880
- Update com.nimbusds to 9.27 #10879
- Update hibernate-entitymanager to 5.6.5.Final #10888
- Update htmlunit to 2.58.0 #10885
- Update htmlunit-driver to 2.58.0 #10890
- Update io.projectreactor to 2020.0.16 #10881
- Update io.r2dbc to 0.9.1.RELEASE #10883
- Update io.spring.javaformat to 0.0.31 #10884
- Update org.aspectj to 1.9.8 #10886
- Update org.eclipse.jetty to 9.4.45.v20220203 #10887
- Update org.jetbrains.kotlin to 1.6.20-M1 #10889
- Update org.slf4j to 1.7.36 #10891
- Update org.springframework to 5.3.16 #10892
- Update reactor-netty to 1.0.16 #10882
❤️ Contributors
We'd like to thank all the contributors who worked on this release!