Releases: spring-projects/spring-security
Releases · spring-projects/spring-security
5.3.6.RELEASE
5.2.8.RELEASE
🪲 Bug Fixes
- Remove empty Appendix Section from docs #9172
- Tests should not combine Authentication and @AuthenticationPrincipal #9126
🔨 Dependency Upgrades
- Update to Spring LDAP Core 2.3.3 #9245
- Update to Powermock 2.0.9 #9244
- Update to HSQLDB 2.5.1 #9243
- Update to Hibernate EntityManager 5.4.25 #9242
- Update to Jetty 9.4.35 #9241
- Update to HttpComponents HttpClient 4.5.13 #9240
- Update to RSocket 1.0.3 #9239
- Update to Reactor Dysprosium-SR14 #9238
- Update to Google App Engine 1.9.83 #9237
- Update to Jackson Databind 2.10.5.1 #9236
- Update to Spring Data Moore-SR11 #9235
- Update to Spring 5.2.11 #9234
- Update to Spring Boot 2.2.11 #9233
5.5.0-M1
⭐ New Features
- Add unsupported_token_type in OAuth2ErrorCodes #9184
- Add token and token_type_hint to OAuth2ParameterNames #9183
- Introduce JwaAlgorithm #9182
- WithSecurityContextTestExecutionListener Should Support Nested Classes #9179
- Add WebFlux Documentation for Multiple Filter Chains #9178
- SAML 2.0 Asserting Party Metadata resolution should read SigningMethod elements #9177
- Enable customization of BearerTokenResolver by adding a setter for JwtClaimIssuerConverter on JwtIssuerAuthenticationManagerResolver #9168
- Reactive doc points to unit tests #9157
- Invoke Kotlin MockMvc result matchers with parentheses #9155
- Change guard expressions order #9153
- It is not necessary to fetch all user sessions if unlimited sessions are set in the ConcurrentSessionControlAuthenticationStrategy. #9152
- Add refresh token expiration support #9146
- JwtIssuerValidator handles issuer (iss) claim values as Strings and URLs #9137
- OpenSamlAuthenticationProvider should decrypt attributes #9131
- Update snapshot build dependencies #9124
- spring-security-test should include jackson-datatype-jsr310 as a test dependency #9123
- Update to Gradle 6.6.1 #9122
- Use LobHandler in JdbcOAuth2AuthorizedClientService #9070
- Changed metadata converter to accept files as well #9056
- Add HSM Support for Decrypting Assertions #9055
- File-based Configuration for Asserting Party Metadata #9028
- Prevent PR builds from running on forks #8993
- Provide a R2dbc implementation of ReactiveOuath2AuthorizedClientService #8765
- Add support for dynamic JWS signature algorithm with JWKs (2) - Issue 7160 #8752
- Support customization of BearerTokenResolver in JwtIssuerAuthenticationManagerResolver #8535
- Provide reactive JDBC implementation of ReactiveOAuth2AuthorizedClientService #7890
- JwtDecoders and ReactiveJwtDecoders should determine algorithm from JWK Set Endpoint #7160
- OAuth2Token interface for AbstractOAuth2Token #5502
🪲 Bug Fixes
- [docs]Add white space before strong notation. #9145
- Bug with JwtValidators.createDefaultWithIssuer(String)? #9136
- Tests should not combine Authentication and @AuthenticationPrincipal #9121
- Closes gh-8196 appendix indentation #9118
- Fixes in documentation #9099
🔨 Dependency Upgrades
- Set rsocketVersion to 1.1.0 #9167
- Set reactorVersion to 2020.0.+ #9166
- Set springVersion to 5.3.+ #9165
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.4.1
⭐ New Features
- Replace expired msdn link with latest web archive copy #9050
- Add documentation for StrictHttpFirewall enhancements #9038
- Replace Tomcat6 URL for SSL Guide to Tomcat 10 #9034
- Use AssertJ for exception testing #9013
🪲 Bug Fixes
- Add try-with-resources to close stream #9053
- RelyingPartyRegistrations Fails to Read Keycloak Metadata #9051
- fix miswritten comment of FormLoginDsl.kt #9042
- Adapt to WebClient's new exception wrapping #9031
- StandardInterceptUrlRegistry should not refer to ExpressionUrlAuthorizationConfigurer #9026
- Fix broken Mono chain #9022
- Use Schedulers.boundedElastic for UUID.randomUUID #9021
- CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #9018
- WebSessionServerCsrfTokenRepository#generateToken() don't use Schedulers.boundedElastic() #9017
- NullPointerException SessionRegistryImpl.onApplicationEvent(SessionRegistryImpl.java:111) #9011
- Quick javadoc fix for DelegatingPasswordEncoder #8890
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.3.5.RELEASE
5.2.7.RELEASE
🪲 Bug Fixes
- SpringSecurityCoreVersion.java getSpringVersion() method does not close stream. #9058
- CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #9025
🔨 Dependency Upgrades
- Update to Spring Data Moore-SR10 #9088
- Update to Hibernate Entity manager 5.4.22 #9087
- Update to Hibernate Validator 6.1.6 #9086
- Upgrade to embedded Apache Tomcat 9.0.38 #9085
- Update to RSocket 1.0.2 #9084
- Update to Spring Framework 5.2.9 #9083
- Update to Reactor Dysprosium-SR12 #9082
- Update to Spring Boot 2.2.10 #9081
- Update to GAE 1.9.82 #9080
- Update to org.aspectj 1.9.6 #9079
5.1.13.RELEASE
🪲 Bug Fixes
- SpringSecurityCoreVersion.java getSpringVersion() method does not close stream. #9059
🔨 Dependency Upgrades
- Update to Spring Boot 2.1.17.RELEASE #9078
- Update to Hibernate Validator 6.0.21 #9077
- Update to org.aspectj 1.9.6 #9076
- Update to GAE 1.9.82 #9075
- Update to Jackson Databind 2.9.10.6 #9074
- Update to Spring Data Lovelace-SR20 #9073
- Update to Spring Framework 5.1.18 #9072
- Update to Reactor Californium-SR21 #9071
5.0.19.RELEASE
🪲 Bug Fixes
- SpringSecurityCoreVersion.java getSpringVersion() method does not close stream. #9060
🔨 Dependency Upgrades
4.2.19.RELEASE
5.4.0
⭐ New Features
- Add What's New in 5.4 #9002
- Add What's New in 5.4 Section to Docs #9001
- Add Resource Server Servlet Logging #9000
- Simplify saml2Login Samples #8990
- Remove Framework Tests from saml2Login Sample #8989
- Add authenticationManagerResolver to resource server Kotlin DSL #8981
- Generalize SAML 2.0 Assertion Validation Support #8970
- Update abstract-authentication-processing-filter.adoc #8965
- Add spring-javaformat checkstyle and formatting #8946
- Add hasAnyRole and hasAnyAuthority to authorizeRequests in Kotlin DSL #8926
- Add hasAnyAuthority(String...) and hasAnyRole(String...) to authorizeRequests in Kotlin DSL #8892
- Resolve oauth2 client-id, client-secret placeholders #8880
- Restructure SAML 2.0 documentation #8763
- security:client-registrations doesn't take propertyconfigurer properties #8453
🪲 Bug Fixes
- Clickjacking demo in docs: YouTube link in X-Frame-Options section leads to private video #8986
- NoClassDefFoundError: AuthMetadataFlyweight at o.s.s.r.m.SimpleAuthenticationEncoder #8948
- SAML attributes not parsed correctly with prefixed XML elements #8864
- Don't use oidc scopes_supported for scope as default in ClientRegistrations #8790
- scopes_supported metadata should not be used as default in ClientRegistrations #8514
🔨 Dependency Upgrades
❤️ Contributors
We'd like to thank all the contributors who worked on this release!