Skip to content

Releases: spring-projects/spring-security

6.2.6

19 Aug 21:05
@spring-builds spring-builds
6.2.6
182cbbb
Compare
Choose a tag to compare
6.2.6

⭐ New Features

  • ActiveDirectoryLdapAuthenticationProvider does not implement support for multiple urls #15494
  • Document the role of CredentialsContainer #15320
  • OIDC Backchannel Logout should allow logout tokens having typ header of logout+jwt #15277

πŸͺ² Bug Fixes

  • A broken link in Spring Security reference #15288
  • Correct HttpSessionCsrfTokenRepository Documentation #15392
  • Documentation for ServletBearerExchangeFilterFunction incomplete or incorrect #15459
  • Restrict automatic CORS configuration to UrlBasedCorsConfigurationSource #15444
  • Update prerequisites documentation with Java 17 #15323
  • Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' #15439

πŸ”¨ Dependency Upgrades

  • Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 #15376
  • Bump io.micrometer:micrometer-observation from 1.12.7 to 1.12.8 #15381
  • Bump io.micrometer:micrometer-observation from 1.12.8 to 1.12.9 #15588
  • Bump io.mockk:mockk from 1.13.11 to 1.13.12 #15427
  • Bump io.projectreactor:reactor-bom from 2023.0.7 to 2023.0.8 #15389
  • Bump io.projectreactor:reactor-bom from 2023.0.8 to 2023.0.9 #15599
  • Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.0 to 3.0.1 #15589
  • Bump org-apache-maven-resolver from 1.9.20 to 1.9.21 #15377
  • Bump org-apache-maven-resolver from 1.9.21 to 1.9.22 #15543
  • Bump org-eclipse-jetty from 11.0.21 to 11.0.22 #15358
  • Bump org.apache.maven:maven-resolver-provider from 3.9.7 to 3.9.8 #15271
  • Bump org.apache.maven:maven-resolver-provider from 3.9.8 to 3.9.9 #15645
  • Bump org.jetbrains.kotlin:kotlin-bom from 1.9.24 to 1.9.25 #15452
  • Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.24 to 1.9.25 #15451
  • Bump org.junit:junit-bom from 5.10.2 to 5.10.3 #15314
  • Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 #15333
  • Bump org.slf4j:slf4j-api from 2.0.13 to 2.0.14 #15528
  • Bump org.slf4j:slf4j-api from 2.0.14 to 2.0.15 #15544
  • Bump org.slf4j:slf4j-api from 2.0.15 to 2.0.16 #15570
  • Bump org.springframework.data:spring-data-bom from 2023.1.7 to 2023.1.8 #15422
  • Bump org.springframework.data:spring-data-bom from 2023.1.8 to 2023.1.9 #15644
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.4 to 3.2.6 #15618
  • Bump org.springframework:spring-framework-bom from 6.1.10 to 6.1.11 #15404
  • Bump org.springframework:spring-framework-bom from 6.1.11 to 6.1.12 #15614
  • Bump org.springframework:spring-framework-bom from 6.1.9 to 6.1.10 #15280

πŸ”© Build Updates

  • Automate check of expected branch version #15309
  • Bump @antora/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs #15445
  • Bump @antora/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs #15488
  • Bump @antora/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs #15563
  • Bump @antora/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs #15639
  • Bump @springio/antora-extensions from 1.11.1 to 1.12.0 in /docs #15415
  • Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs #15516
  • Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs #15562
  • Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs #15638
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs #15414
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs #15518
  • Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs #15328
  • Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs #15489
  • Bump com.gradle.develocity from 3.17.5 to 3.17.6 #15465
  • Bump io-spring-javaformat from 0.0.42 to 0.0.43 #15649
  • Migrate slack notifications to GChat #15504

❀️ Contributors

Thank you to all the contributors who worked on this release:

@Junhyunny, @Kehrlann, @OLibutzki, @arey, @baezzys, and @dependabot[bot]

Contributors

arey, OLibutzki, and 4 other contributors
Loading

5.8.14

19 Aug 21:10
@github-actions github-actions
5.8.14
0115e8a
Compare
Choose a tag to compare
5.8.14

⭐ New Features

  • Document the role of CredentialsContainer #15319

πŸͺ² Bug Fixes

  • Clarify url Parameter Usage in AD Provider Constructor #15409
  • Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' #15363

πŸ”¨ Dependency Upgrades

  • Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 #15375
  • Bump io.projectreactor.netty:reactor-netty from 1.0.46 to 1.0.47 #15391
  • Bump io.projectreactor.netty:reactor-netty from 1.0.47 to 1.0.48 #15606
  • Bump io.projectreactor:reactor-bom from 2020.0.45 to 2020.0.46 #15390
  • Bump io.projectreactor:reactor-bom from 2020.0.46 to 2020.0.47 #15604
  • Bump org-eclipse-jetty from 9.4.54.v20240208 to 9.4.55.v20240627 #15360
  • Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.2 #15291
  • Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 #15335
  • Bump org.springframework:spring-framework-bom from 5.3.37 to 5.3.39 #15615

πŸ”© Build Updates

  • Automate check of expected branch version #15226
  • Bump @antora/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs #15447
  • Bump @antora/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs #15484
  • Bump @antora/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs #15558
  • Bump @antora/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs #15633
  • Bump @springio/antora-extensions from 1.11.1 to 1.12.0 in /docs #15417
  • Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs #15523
  • Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs #15559
  • Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs #15632
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs #15416
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs #15524
  • Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs #15330
  • Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs #15481
  • Bump com.gradle.develocity from 3.17.5 to 3.17.6 #15463

❀️ Contributors

We'd like to thank all the contributors who worked on this release!

Loading

6.4.0-M1

15 Jul 19:28
@spring-builds spring-builds
6.4.0-M1
33d8315
Compare
Choose a tag to compare
6.4.0-M1 Pre-release
Pre-release

βͺ Breaking Changes

  • Adapt to form data not adding charset if it is UTF-8 #15275

⭐ New Features

  • AclAuthorizationStrategyImpl should use RoleHierarchy #4186
  • Add CachingRelyingPartyRegistrationRepository #15341
  • Add interface IterableRelyingPartyRegistrationRepository or similar #15027
  • Add Kotlin support to DefaultMethodSecurityExpressionHandler #15093
  • Add Kotlin support to PreFilter and PostFilter annotations #15095
  • Add RequestMatcher for matching parameters #15342
  • Add saml2Logout Kotlin DSL support #14935
  • Add SecurityContextRepository to Kotlin Reactive DSL #15013
  • Add setter method for userDetailsChecker in CasAuthenticationProvider(#10277) #15047
  • Add support checking AnyRequestMatcher securityFilterChains #15221
  • Add support configuring OAuth2AuthorizationRequestResolver as bean #15237
  • Add support remember-me cookie customization #15203
  • Adds missing translated messages for PT-BR #15181
  • Adjust DefaultSecurityFilterChain Logging Level and Simplify Filter Logging #15096
  • Clarify the behavior of Concurrent Session Management when an IdP is involved #15206
  • CSRF example for Single-Page Apps could be improved #15105
  • Deprecate authorizeRequests from Kotlin DSL #15173
  • Deprecate OpenSamlRelyingPartyRegistration #15343
  • Description of securityMatcher and multiple filter chains has now more details #15029
  • Document the role of CredentialsContainer #15322
  • Expose user name attribute name in OAuth2UserAuthority #15012
  • LDAP bind failures due to invalid credentials don't cause AuthenticationFailure events to be fired #3834
  • Mention all required dependencies in LDAP documentation #15246
  • OIDC Backchannel Logout should allow logout tokens having typ header of logout+jwt #15003
  • Remove Deprecated Usages for Spring LDAP #15274
  • SAML metadata Content-Type should be application/samlmetadata+xml #15147
  • Support GrantedAuthorityDefaults Bean in authorizeHttpRequests Kotlin DSL #15171
  • Support RoleHierarchy Bean in authorizeHttpRequests Kotlin DSL #15136
  • Support signing SAML metadata #14916
  • Update Kotlin example for MockMvc and Spring Security #15177
  • Update the OAuth2 jwt and opaque Resource Server documentation #15362
  • Use Javadoc macro #15386

πŸͺ² Bug Fixes

  • Assert WebSession is not null #15180
  • Docs: Fix import for reactive example with Kotlin DSL #15200
  • Fix Compromised Password Checker Docs Sample Not Working #15306
  • Fix Java example in multitenanci.adoc #15164
  • Fix link in the In-Memory Authentication documentation #14689
  • Fix malformed list in "Using Method Parameters" documentation #15325
  • Fix typos and formatting in documentation #15353
  • Fix wrong explanation for @PostAuthorize annotation #15222
  • Resolving invalid CSRF token values is not consistent #15187
  • The docs reference #7537 which is closed #15263

πŸ”¨ Dependency Upgrades

  • Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #15158
  • Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs #15332
  • Bump com.fasterxml.jackson:jackson-bom from 2.17.1 to 2.17.2 #15371
  • Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 #15370
  • Bump com.gradle.develocity from 3.17.4 to 3.17.5 #15242
  • Bump Gradle Wrapper from 8.7 to 8.8 #15188
  • Bump io-spring-javaformat from 0.0.41 to 0.0.42 #15214
  • Bump io.projectreactor:reactor-bom from 2023.0.7 to 2023.0.8 #15387
  • Bump org-apache-maven-resolver from 1.9.20 to 1.9.21 #15369
  • Bump org-eclipse-jetty from 11.0.21 to 11.0.22 #15357
  • Bump org.apache.maven:maven-resolver-provider from 3.9.6 to 3.9.7 #15169
  • Bump org.apache.maven:maven-resolver-provider from 3.9.7 to 3.9.8 #15270
  • Bump org.hibernate.orm:hibernate-core from 6.4.8.Final to 6.4.9.Final #15234
  • Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #15190
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.15 to 4.33.16 #15175
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.16 to 4.33.17 #15215
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.17 to 4.33.19 #15259
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.19 to 4.33.20 #15269
  • Bump org.junit:junit-bom from 5.10.2 to 5.10.3 #15313
  • Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 #15334
  • Bump org.springframework.data:spring-data-bom from 2024.0.0 to 2024.0.1 #15258
  • Bump org.springframework.data:spring-data-bom from 2024.0.1 to 2024.0.2 #15420
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.3 to 3.2.4 #15250
  • Bump org.springframework:spring-framework-bom from 6.1.8 to 6.1.9 #15249
  • Bump org.springframework:spring-framework-bom from 6.2.0-M4 to 6.2.0-M5 #15403
  • Upgrade to Spring Framework 6.2.0-M4 #15266

πŸ”© Build Updates

  • Automate check of expected branch version #15311
  • Bump spring-io/spring-doc-actions from 5a57bcc6a0da2a1474136cf29571b277850432bc to 852920ba3fb1f28b35a2f13201133bc00ef33677 #15289
  • Configure Build to Confirm UnboundId 7 Compatibility #15400
  • Fixing URL on README #15350

❀️ Contributors

Thank you to all the contributors who worked on this release:

@CrazyParanoid, @Doremi203, @Junhyunny, @Kyoungwoong, @Marcono1234, @Seungpan...

Read more

Contributors

arey, filiphr, and 16 other contributors
Loading

6.3.1

17 Jun 16:26
@spring-builds spring-builds
6.3.1
6adc3b3
Compare
Choose a tag to compare
6.3.1

⭐ New Features

  • Clarify the behavior of Concurrent Session Management when an IdP is involved #15071
  • Mention all required dependencies in LDAP documentation #15245
  • Minor docs fix #15144

πŸͺ² Bug Fixes

  • AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #15211
  • Assert WebSession is not null #15179
  • DispatcherServletDelegatingRequestMatcher causes errors when running tests with MockMvc #15197
  • Documentation clarification after #12783 has been closed is needed. #15208
  • Fix Java example in multitenanci.adoc #15151
  • Fix Kotlin example in authorize-http-requests.adoc #15129
  • Incorrect documentation for OIDC Back-Channel Logout #15212
  • IpAddressMatcher.matches(String address) still accepts URLs #15172
  • LDIF file on official documentation breaks the startup process #15167
  • Link to article with remember-me-persistent-token strategy is broken #15149
  • OpenSaml4AssertionValidator is not respecting clock skew settings #15183
  • Resolving invalid CSRF token values is not consistent #15186
  • spring-security/docs/modules/ROOT/pages/servlet/authorization /method-security #15143
  • SpringOpaqueTokenIntrospector does not add scopes as granted authorities properly #15165

πŸ”¨ Dependency Upgrades

  • Bump io.micrometer:micrometer-observation from 1.12.6 to 1.12.7 #15225
  • Bump io.projectreactor:reactor-bom from 2023.0.6 to 2023.0.7 #15229
  • Bump org.apache.directory.shared:shared-ldap from 0.9.15 to 0.9.19 #15161
  • Bump org.apache.maven:maven-resolver-provider from 3.9.6 to 3.9.7 #15168
  • Bump org.gretty:gretty from 4.1.3 to 4.1.4 #15133
  • Bump org.hibernate.orm:hibernate-core from 6.4.8.Final to 6.4.9.Final #15228
  • Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #15193
  • Bump org.springframework.data:spring-data-bom from 2024.0.0 to 2024.0.1 #15260
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.3 to 3.2.4 #15251
  • Bump org.springframework:spring-framework-bom from 6.1.7 to 6.1.8 #15134
  • Bump org.springframework:spring-framework-bom from 6.1.8 to 6.1.9 #15252

πŸ”© Build Updates

  • Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #15159
  • Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #15141
  • Bump com.gradle.develocity from 3.17.4 to 3.17.5 #15239
  • Bump gradle/gradle-build-action from 2 to 3 #15157
  • Bump io-spring-javaformat from 0.0.41 to 0.0.42 #15219
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.15 to 4.33.16 #15176
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.16 to 4.33.17 #15218
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.17 to 4.33.19 #15261
  • Bump spring-io/spring-doc-actions from 17ed79ea5fbd65813c69ef1062a024d4a37ff0ca to 5a57bcc6a0da2a1474136cf29571b277850432bc #15139

❀️ Contributors

Thank you to all the contributors who worked on this release:

@dependabot[bot] and @theHacker

Contributors

theHacker and dependabot
Loading

6.2.5

17 Jun 18:13
@spring-builds spring-builds
6.2.5
2966a72
Compare
Choose a tag to compare
6.2.5

⭐ New Features

  • doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #15063
  • Enhance Logging in RequestMatcherDelegatingAuthorizationManage #14922
  • InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #14974
  • Mention all required dependencies in LDAP documentation #15244

πŸͺ² Bug Fixes

  • Assert WebSession is not null #15178
  • AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #15210
  • DispatcherServletDelegatingRequestMatcher causes errors when running tests with MockMvc #15196
  • Fix Java example in multitenanci.adoc #15150
  • Incorrect documentation for OIDC Back-Channel Logout #15198
  • InMemoryUserDetailsManager Setting User Roles in Official Documentation Example Causes Error #14972
  • LDIF file on official documentation breaks the startup process #15166
  • Link to article with remember-me-persistent-token strategy is broken #15148
  • OIDC Logout section is not shown in the navbar #15112
  • OpenSaml4AssertionValidator is not respecting clock skew settings #15022
  • ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #14958
  • Resolving invalid CSRF token values is not consistent #15185
  • spring-security/docs/modules/ROOT/pages/servlet/authorization /method-security #15045
  • Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #14995

πŸ”¨ Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.17.1 #15011
  • Bump io.micrometer:micrometer-observation from 1.12.5 to 1.12.6 #15069
  • Bump io.micrometer:micrometer-observation from 1.12.6 to 1.12.7 #15224
  • Bump io.mockk:mockk from 1.13.10 to 1.13.11 #15079
  • Bump io.projectreactor:reactor-bom from 2023.0.5 to 2023.0.6 #15075
  • Bump io.projectreactor:reactor-bom from 2023.0.6 to 2023.0.7 #15232
  • Bump org-apache-maven-resolver from 1.9.18 to 1.9.19 #14939
  • Bump org-apache-maven-resolver from 1.9.19 to 1.9.20 #15031
  • Bump org-aspectj from 1.9.22 to 1.9.22.1 #15049
  • Bump org-eclipse-jetty from 11.0.20 to 11.0.21 #15080
  • Bump org.apache.maven:maven-resolver-provider from 3.9.6 to 3.9.7 #15170
  • Bump org.hibernate.orm:hibernate-core from 6.4.4.Final to 6.4.5.Final #14949
  • Bump org.hibernate.orm:hibernate-core from 6.4.5.Final to 6.4.6.Final #14953
  • Bump org.hibernate.orm:hibernate-core from 6.4.6.Final to 6.4.7.Final #14960
  • Bump org.hibernate.orm:hibernate-core from 6.4.7.Final to 6.4.8.Final #14981
  • Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #15192
  • Bump org.jetbrains.kotlin:kotlin-bom from 1.9.23 to 1.9.24 #15024
  • Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.23 to 1.9.24 #15023
  • Bump org.opensaml:opensaml-core4 from 4.3.1 to 4.3.2 #14947
  • Bump org.springframework.data:spring-data-bom from 2023.1.5 to 2023.1.6 #15101
  • Bump org.springframework.data:spring-data-bom from 2023.1.6 to 2023.1.7 #15262
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.3 to 3.2.4 #15248
  • Bump org.springframework:spring-framework-bom from 6.1.6 to 6.1.7 #15081
  • Bump org.springframework:spring-framework-bom from 6.1.7 to 6.1.8 #15132
  • Bump org.springframework:spring-framework-bom from 6.1.8 to 6.1.9 #15247
  • Update to OAuth2 OIDC SDK 9.43.4 #14920
  • Upgrade nimbus-jose-jwt to version 9.37.3 #14836

πŸ”© Build Updates

  • Attach Antora Docs to Pull Requests #15060
  • Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #15163
  • Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #15142
  • Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #15032
  • Bump com.gradle.develocity from 3.17.2 to 3.17.3 #15050
  • Bump com.gradle.develocity from 3.17.3 to 3.17.4 #15102
  • Bump com.gradle.develocity from 3.17.4 to 3.17.5 #15241
  • Bump io-spring-javaformat from 0.0.41 to 0.0.42 #15216
  • Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #14961
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.2 to 1.0.3 #14924
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.13 to 4.33.15 #14950
  • Consider Adding a Build Updates section to the release changelog #15038

❀️ Contributors

Thank you to all the contributors who worked on this release:

@dependabot[bot]

Contributors

dependabot
Loading

5.8.13

17 Jun 15:59
@github-actions github-actions
5.8.13
20332fe
Compare
Choose a tag to compare
5.8.13

⭐ New Features

  • doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #14779
  • Enhance Logging in RequestMatcherDelegatingAuthorizationManage #14837
  • Improve PasswordEncoder Error Messaging #14951
  • InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #14880
  • Mention all required dependencies in LDAP documentation #15235
  • Remove useBase64 parameter #14862

πŸͺ² Bug Fixes

  • AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #13849
  • Always Use Request-Level ServletContext to Evaluate Request Matcher Paths #15195
  • Assert WebSession is not null #14977
  • Conditionally Add Conventions Plugin #15152
  • DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext #14418
  • Fix Java example in multitenanci.adoc #15146
  • LDIF file on official documentation breaks the startup process #15089
  • Link to article with remember-me-persistent-token strategy is broken #14358
  • ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #14931
  • Resolving invalid CSRF token values is not consistent #15184
  • Restore Build Scan Capability #15120
  • Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #14855

πŸ”¨ Dependency Upgrades

  • Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 #15074
  • Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 #15231
  • Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE #14923
  • Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 #15073
  • Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 #15230
  • Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #15191
  • Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 #15085
  • Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 #15135
  • Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 #15253
  • Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 #14938

πŸ”© Build Updates

  • Attach Antora Docs to Pull Requests #14992
  • Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #15160
  • Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #15140
  • Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #15001
  • Bump com.gradle.develocity from 3.17.2 to 3.17.4 #15099
  • Bump com.gradle.develocity from 3.17.4 to 3.17.5 #15240
  • Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #14959
  • Consider Adding a Build Updates section to the release changelog #14485
  • Migrate to com.gradle.develocity plugin #15021
  • Update Gradle Enterprise plugin to 3.17.2 #15020

❀️ Contributors

We'd like to thank all the contributors who worked on this release!

Loading

6.3.0

20 May 16:36
@spring-builds spring-builds
6.3.0
5d3c062
Compare
Choose a tag to compare
6.3.0

⭐ New Features

  • Add getters to OAuth2AuthorizedClientId #13648
  • Add timeout defaults to JwtDecoders #14890
  • doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #15065
  • Improve logging for Global Authentication #14711
  • Minor docs fix #15043
  • Minor Documentation update on import needed for using Kotlin DSL #14969
  • OAuth2 Client Authentication docs are incomplete #14982
  • Proofread CasAuthenticationFilter documentation #14883
  • Replace "Spring Boot 2.x" with "Spring Boot" #14919
  • Simplify Disabling application/x-www-form-urlencoded Encoding Client ID and Secret #14859
  • Support Specifying Identifier for relying-party-registrations Element #14487
  • Update What's New in 6.3 #14918

πŸͺ² Bug Fixes

  • Do Not Invalidate Current Session When Its Registered #15066
  • Fix MethodAuthorizationDeniedPostProcessor does not exist in java doc #14955
  • fix docs error in AuthenticatedReactiveAuthorizationManager #14979
  • OIDC Logout section is not shown in the navbar #15113
  • Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #14996

πŸ”¨ Dependency Upgrades

  • Bump ch.qos.logback:logback-classic from 1.5.5 to 1.5.6 #14926
  • Bump com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.17.1 #15010
  • Bump com.gradle.develocity from 3.17.2 to 3.17.3 #15051
  • Bump com.gradle.develocity from 3.17.3 to 3.17.4 #15104
  • Bump io.micrometer:micrometer-observation from 1.12.5 to 1.12.6 #15068
  • Bump io.mockk:mockk from 1.13.10 to 1.13.11 #15086
  • Bump io.projectreactor:reactor-bom from 2023.0.5 to 2023.0.6 #15076
  • Bump org-apache-maven-resolver from 1.9.18 to 1.9.19 #14940
  • Bump org-apache-maven-resolver from 1.9.19 to 1.9.20 #14987
  • Bump org-aspectj from 1.9.22 to 1.9.22.1 #15052
  • Bump org-bouncycastle from 1.78 to 1.78.1 #14929
  • Bump org-eclipse-jetty from 11.0.20 to 11.0.21 #15087
  • Bump org.hibernate.orm:hibernate-core from 6.4.4.Final to 6.4.5.Final #14948
  • Bump org.hibernate.orm:hibernate-core from 6.4.5.Final to 6.4.6.Final #14952
  • Bump org.hibernate.orm:hibernate-core from 6.4.6.Final to 6.4.7.Final #14962
  • Bump org.hibernate.orm:hibernate-core from 6.4.7.Final to 6.4.8.Final #14980
  • Bump org.jetbrains.kotlin:kotlin-bom from 1.9.23 to 1.9.24 #15025
  • Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.23 to 1.9.24 #15026
  • Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.8.0 to 1.8.1 #15053
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.13 to 4.33.15 #14945
  • Bump org.springframework.data:spring-data-bom from 2024.0.0-RC1 to 2024.0.0 #15103
  • Bump org.springframework:spring-framework-bom from 6.1.6 to 6.1.7 #15088

πŸ”© Build Updates

  • Attach Antora Docs to Pull Requests #15061
  • Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.12 #14986
  • Bump com.github.spullara.mustache.java:compiler from 0.9.12 to 0.9.13 #14999
  • Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #14963
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.2 to 1.0.3 #14928
  • Consider Adding a Build Updates section to the release changelog #15039

❀️ Contributors

Thank you to all the contributors who worked on this release:

@Crain-32, @Kehrlann, @MrJovanovic13, @ch4mpy, @dependabot[bot], @joaquinjsb, @kse-music, @madorb, @rishiraj88, and @vvaadd

Contributors

madorb, vvaadd, and 8 other contributors
Loading

6.3.0-RC1

15 Apr 15:49
@spring-builds spring-builds
6.3.0-RC1
52ce49b
Compare
Choose a tag to compare
6.3.0-RC1 Pre-release
Pre-release

⭐ New Features

  • [ISSUE-11725] Add secondary statusCode messages on error #14743
  • Add Authorization Denied Handlers for Method Security #14712
  • Add ClientAuthenticationMethod constants tls_client_auth and self_signed_tls_client_auth #14889
  • Add reference documentation for Token Exchange #14698
  • Add Value-Type Ignore Support #14780
  • Allow customization of redirect strategy in CasAuthenticationEntrypoint #14881
  • Create Authorized Proxy of Return Values #14669
  • Handle SpEL AuthorizationDeniedExceptions #14882
  • Improve logging in AuthenticationWebFilter #14764
  • InitializeUserDetailsBeanManagerConfigurer inject PasswordEncoder into DaoAuthenticationProvider constructor #14766
  • Provide Password (Compromised) Checking API #7395
  • Simplification of creation of OAuth2TokenValidator with JwtValidators defaults. #14832
  • Support Certificate-Bound (POP) JWT Access Token Validation #10538
  • Support SpEL Returning AuthorizationDecision #14840
  • Update reactive OAuth2 docs landing page with examples #14758

πŸͺ² Bug Fixes

  • SpaCsrfTokenRequestHandler(Kotlin) documented in csrf-integration-javascript-spa causes NullPointerException #14806
  • docs: fix typo in FilterChainProxy #14861
  • Fix continueOnError default value in java doc #14871
  • ReactiveOAuth2AuthorizedClientManagerConfiguration has been created too early #14900
  • Transactional annotation breaks AOT for native image #14866
  • Update the documentation of AuthenticationProvider.java #14710

πŸ”¨ Dependency Upgrades

  • Bump ch.qos.logback:logback-classic from 1.5.3 to 1.5.4 #14875
  • Bump ch.qos.logback:logback-classic from 1.5.4 to 1.5.5 #14905
  • Bump com.gradle.enterprise from 3.16.2 to 3.17 #14849
  • Bump io.micrometer:micrometer-observation from 1.12.4 to 1.12.5 #14868
  • Bump io.projectreactor:reactor-bom from 2023.0.4 to 2023.0.5 #14874
  • Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 #14820
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.1 to 1.0.2 #14785
  • Bump org-aspectj from 1.9.21.2 to 1.9.22 #14800
  • Bump org.gretty:gretty from 4.1.2 to 4.1.3 #14776
  • Bump org.slf4j:slf4j-api from 2.0.12 to 2.0.13 #14906
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.2 to 3.2.3 #14893
  • Bump org.springframework:spring-framework-bom from 6.1.5 to 6.1.6 #14892
  • Upgrade to Spring Data Bom 2024.0.0-RC1 #14901

❀️ Contributors

Thank you to all the contributors who worked on this release:

@Ali-Hassan33, @CrazyParanoid, @ThomasHagelberg, @dependabot[bot], @erie0210, @jzheaux, @kse-music, @marcusdacoregio, and @youngkih

Contributors

jzheaux, marcusdacoregio, and 7 other contributors
Loading

6.2.4

15 Apr 17:35
@spring-builds spring-builds
6.2.4
acc96f1
Compare
Choose a tag to compare
6.2.4

πŸͺ² Bug Fixes

  • SpaCsrfTokenRequestHandler(Kotlin) documented in csrf-integration-javascript-spa causes NullPointerException #14805
  • Address AuthorizationObservationConvention Package Tangle #14795
  • bug org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector introspect method error #14848
  • Transactional annotation breaks AOT for native image #14865

πŸ”¨ Dependency Upgrades

  • Bump io.micrometer:micrometer-observation from 1.12.4 to 1.12.5 #14867
  • Bump io.projectreactor:reactor-bom from 2023.0.4 to 2023.0.5 #14873
  • Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 #14821
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.1 to 1.0.2 #14786
  • Bump org-aspectj from 1.9.21.2 to 1.9.22 #14798
  • Bump org.slf4j:slf4j-api from 2.0.12 to 2.0.13 #14907
  • Bump org.springframework.data:spring-data-bom from 2023.1.4 to 2023.1.5 #14908
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.2 to 3.2.3 #14896
  • Bump org.springframework:spring-framework-bom from 6.1.5 to 6.1.6 #14895
  • Update org.opensaml:opensaml-core4 to 4.3.1 #14850

❀️ Contributors

Thank you to all the contributors who worked on this release:

@dependabot[bot]

Contributors

dependabot
Loading

6.1.9

15 Apr 15:59
@spring-builds spring-builds
6.1.9
4bab573
Compare
Choose a tag to compare
6.1.9

⭐ New Features

  • Bump Gradle Wrapper from 8.6 to 8.7 #14796

πŸͺ² Bug Fixes

  • SpaCsrfTokenRequestHandler(Kotlin) documented in csrf-integration-javascript-spa causes NullPointerException #14634
  • Address AuthorizationObservationConvention Package Tangle #14794
  • bug org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector introspect method error #14847
  • Transactional annotation breaks AOT for native image #14825

πŸ”¨ Dependency Upgrades

  • Bump io.projectreactor:reactor-bom from 2022.0.17 to 2022.0.18 #14876
  • Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 #14823
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.1 to 1.0.2 #14783
  • Bump org-aspectj from 1.9.21.2 to 1.9.22 #14799
  • Bump org.slf4j:slf4j-api from 2.0.12 to 2.0.13 #14909
  • Bump org.springframework:spring-framework-bom from 6.0.18 to 6.0.19 #14894

❀️ Contributors

Thank you to all the contributors who worked on this release:

@dependabot[bot] and @github-actions[bot]

Contributors

dependabot
Loading