Skip to content

Releases: spring-projects/spring-security

5.7.11

18 Sep 16:10
Compare
Choose a tag to compare

⭐ New Features

  • Automate spring-security.xsd #13819

6.2.0-M2

21 Aug 15:46
Compare
Choose a tag to compare
6.2.0-M2 Pre-release
Pre-release

⭐ New Features

  • Add MvcRequestMatcher reference documentation #13727
  • Adds integrity attribute for bootstrap signin.css #13608
  • Allow JWT issuer AuthenticationManagerResolvers to accept predicate issuer validator #13428
  • Default RequestMatchers for Saml2WebSsoAuthenticationFilter and OpenSamlAuthenticationTokenConverter should align #13653
  • Fix method typo in Gh3409Tests (gh-3409) #13402
  • Fix minor typo in docs #13304
  • Fix typo: you're -> your #13430
  • Fixing ArrayIndexOutOfBoundsException in XorCsrfTokenRequestAttribute… #13550
  • Include information about -parameters flag in 6.2 upgrade notes #13552
  • Polishing #13470
  • requestMatchers servlet validation error should include information about servlet paths #13723
  • requestMatchers should not count servlets without mappings #13725
  • Return content-type from saved request #13440
  • Return statement of the roleHierarchy method is omitted in the Reference #13636
  • Simplify configuration of OAuth2 Client component model #13587

πŸͺ² Bug Fixes

  • Fix typo in docs #13638
  • Referrer Header is set in Reactive Web Applications by default, although doc says it is not. #13591
  • RequestMatcherMetadataResponseResolver only shows last RelyingPartyRegistration #13701
  • saml2Login should not override OpenSaml4AuthenticationProvider bean #13656
  • The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered #13581
  • Update links in adocs #13634

πŸ”¨ Dependency Upgrades

  • Update hibernate-core to 6.3.0.CR1 #13691
  • Update io.projectreactor to 2023.0.0-M2 #13686
  • Update junit-bom to 5.10.0 #13694
  • Update junit-platform-launcher to 1.10.0 #13696
  • Update logback-classic to 1.4.11 #13683
  • Update maven-resolver-provider to 3.9.4 #13688
  • Update micrometer-observation to 1.12.0-M2 #13684
  • Update mockk to 1.13.7 #13685
  • Update org.apache.maven.resolver to 1.9.15 #13689
  • Update org.aspectj to 1.9.20 #13690
  • Update org.jetbrains.kotlinx to 1.7.3 #13693
  • Update org.junit.jupiter to 5.10.0 #13695
  • Update org.springframework to 6.1.0-M4 #13697
  • Update org.springframework.data to 2023.1.0-M2 #13698
  • Update reactor-netty to 1.1.10 #13687
  • Update spring-ldap-core to 3.2.0-M2 #13699

❀️ Contributors

We'd like to thank all the contributors who worked on this release!

6.1.3

21 Aug 18:19
Compare
Choose a tag to compare

⭐ New Features

  • Add MvcRequestMatcher reference documentation #13726
  • Refactor for readability #13472
  • requestMatchers servlet validation error should include information about servlet paths #13722
  • requestMatchers should not count servlets without mappings #13724

πŸͺ² Bug Fixes

  • Add return statement of the roleHierachy method in the servlet/author… #13596
  • Fix typo in docs #13637
  • Referrer Header is set in Reactive Web Applications by default, although doc says it is not. #13590
  • RequestMatcherMetadataResponseResolver only shows last RelyingPartyRegistration #13700
  • saml2Login should not override OpenSaml4AuthenticationProvider bean #13655
  • The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered #13580
  • Update links in adocs #13632

πŸ”¨ Dependency Upgrades

  • Update io.projectreactor to 2022.0.10 #13674
  • Update logback-classic to 1.4.11 #13669
  • Update micrometer-observation to 1.10.10 #13672
  • Update mockk to 1.13.7 #13673
  • Update org.aspectj to 1.9.20 #13676
  • Update org.springframework.data to 2022.0.9 #13677
  • Update reactor-netty to 1.1.10 #13675
  • Update spring-ldap-core to 3.0.5 #13678

❀️ Contributors

We'd like to thank all the contributors who worked on this release!

6.0.6

21 Aug 15:53
Compare
Choose a tag to compare

⭐ New Features

  • requestMatchers servlet validation error should include information about servlet paths #13721
  • requestMatchers should not count servlets without mappings #13720

πŸͺ² Bug Fixes

  • Doc : typo in Custom DSLs section #13325
  • Fix typo in docs #13605
  • Referrer Header is set in Reactive Web Applications by default, although doc says it is not. #13589
  • saml2Login should not override OpenSaml4AuthenticationProvider bean #13654
  • The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered #13579
  • Update links in adocs #13565

πŸ”¨ Dependency Upgrades

  • Update io.projectreactor to 2022.0.10 #13710
  • Update logback-classic to 1.4.11 #13707
  • Update micrometer-observation to 1.10.10 #13708
  • Update mockk to 1.13.7 #13709
  • Update org.aspectj to 1.9.20 #13712
  • Update org.springframework.data to 2022.0.9 #13713
  • Update reactor-netty to 1.1.10 #13711
  • Update spring-ldap-core to 3.0.5 #13714

❀️ Contributors

We'd like to thank all the contributors who worked on this release!

5.8.6

21 Aug 16:09
Compare
Choose a tag to compare

⭐ New Features

  • Closes #11450 - Add Java beans configuration for Remmember Me Docs #13570
  • Dependencies are resolved from appropriate repositories #13582
  • requestMatchers servlet validation error should include information about servlet paths #13667
  • requestMatchers should not count servlets without mappings #13666

πŸͺ² Bug Fixes

  • Fix Bearer Token RestTemplate Support example #13434
  • Referrer Header is set in Reactive Web Applications by default, although doc says it is not. #13561
  • The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered #13572

πŸ”¨ Dependency Upgrades

  • Update io.projectreactor to 2020.0.35 #13702
  • Update org.aspectj to 1.9.20 #13704
  • Update org.springframework.data to 2021.2.15 #13705
  • Update reactor-netty to 1.0.35 #13703

❀️ Contributors

We'd like to thank all the contributors who worked on this release!

6.2.0-M1

17 Jul 21:56
Compare
Choose a tag to compare
6.2.0-M1 Pre-release
Pre-release

⭐ New Features

  • Add meta-annotation support for EnableMethodSecurity #13120
  • Add with() method to apply SecurityConfigurerAdapter #13432
  • Assert is missing object. It was useless before Spring Framework 6.1 and will not compile on 6.1 #13412
  • authorizeHttpRequests should consider GrantedAuthorityDefaults #13215
  • Automatically enable .cors() if CorsConfigurationSource bean is present #5011
  • Change TestingAuthenticationToken to Accept Collection GrantedAuthorities #12953
  • Create NoOpAccessDeniedHandler #13109
  • Create NoOpAuthenticationEntryPoint #13107
  • Deprecate AbstractConfiguredSecurityBuilder#apply that returns SecurityConfigurerAdapter #13436
  • Make class OidcClientInitiatedLogoutSuccessHandler extensible #13007
  • Optimize Querying of RequestCache -> continue parameter #13489
  • Optimize Querying of RequestCache -> continue parameter #13483
  • Prepare for Spring Security 6.2 #13416
  • Remove LazyCsrfTokenRepository usage #13202
  • Replace deprecated methods #13307
  • Simplify RequestMatcherDelegatingAuthorizationManager.Builder matcher registration #13110
  • Use SecurityContextHolderStrategy in CasAuthenticationFilter #13418
  • Using modern Java features #12569

πŸͺ² Bug Fixes

  • Docs link leads to wrong section on What's New #13492
  • Error message should show underlying Client Authentication method #13499
  • Javadoc for AuthorizationFilter#filterErrorDispatch is wrong #13466
  • once-per-request="true" does not work in XML configuration #13495
  • Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration #13422
  • Unable to Use hasIpAddress() Method After Migrating to authorizeHttpRequests() in Spring Security 6 #13479
  • Usage of deprecated function in JWT documentation #13501
  • Use default PathPatternParser instance #13475

πŸ”¨ Dependency Upgrades

  • Update aspectj-plugin to 6.6.3 #13531
  • Update hibernate-core to 6.2.6.Final #13538
  • Update htmlunit to 2.70.0 #13535
  • Update htmlunit-driver to 2.70.0 #13543
  • Update io.projectreactor to 2023.0.0-M1 #13533
  • Update jackson-bom to 2.15.2 #13530
  • Update jakarta.websocket to 2.1.1 #13534
  • Update junit-bom to 5.10.0-RC1 #13541
  • Update maven-resolver-provider to 3.9.3 #13536
  • Update micrometer-observation to 1.12.0-M1 #13532
  • Update org.apache.maven.resolver to 1.9.13 #13537
  • Update org.jetbrains.kotlin to 1.9.0 #13539
  • Update org.jetbrains.kotlinx to 1.7.2 #13540
  • Update org.mockito to 4.11.0 #13542
  • Update org.springframework to 6.1.0-M2 #13544
  • Update org.springframework.data to 2022.0.8 #13529
  • Update org.springframework.data to 2022.0.8 #13523
  • Update spring-ldap-core to 3.2.0-M1 #13545

❀️ Contributors

We'd like to thank all the contributors who worked on this release!

6.1.2

17 Jul 22:01
Compare
Choose a tag to compare

⭐ New Features

  • Improve RequestMatcher Validation #13557
  • Improve Security Filters Documentation #13414
  • Optimize Querying of RequestCache -> continue parameter #13488
  • Optimize Querying of RequestCache -> continue parameter #13482

πŸͺ² Bug Fixes

  • Error message should show underlying Client Authentication method #13498
  • Javadoc for AuthorizationFilter#filterErrorDispatch is wrong #13465
  • once-per-request="true" does not work in XML configuration #13494
  • Spring Security 6 combined with AspectJ weaving of spring-security-aspects executes PreAuthorize twice #13199
  • Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration #13421
  • Unable to Use hasIpAddress() Method After Migrating to authorizeHttpRequests() in Spring Security 6 #13478
  • update l179 of jwt docs #13480
  • Use default PathPatternParser instance #13464

πŸ”¨ Dependency Upgrades

  • Update io.projectreactor to 2022.0.9 #13525
  • Update jakarta.websocket to 2.1.1 #13526
  • Update micrometer-observation to 1.10.9 #13524
  • Update org.springframework to 6.0.11 #13527
  • Update org.springframework.data to 2022.0.8 #13528
  • Update org.springframework.data to 2022.0.8 #13522

❀️ Contributors

We'd like to thank all the contributors who worked on this release!

6.0.5

17 Jul 21:56
Compare
Choose a tag to compare

⭐ New Features

  • Improve RequestMatcher Validation #13556
  • Improve Security Filters Documentation #13413
  • Optimize Querying of RequestCache -> continue parameter #13487
  • Optimize Querying of RequestCache -> continue parameter #13481

πŸͺ² Bug Fixes

  • Error message should show underlying Client Authentication method #13496
  • Javadoc for AuthorizationFilter#filterErrorDispatch is wrong #13456
  • once-per-request="true" does not work in XML configuration #13491
  • Spring Security 6 combined with AspectJ weaving of spring-security-aspects executes PreAuthorize twice #13198
  • Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration #13420
  • Unable to Use hasIpAddress() Method After Migrating to authorizeHttpRequests() in Spring Security 6 #13477
  • Use default PathPatternParser instance #13463

πŸ”¨ Dependency Upgrades

  • Update io.projectreactor to 2022.0.9 #13518
  • Update jakarta.websocket to 2.1.1 #13519
  • Update micrometer-observation to 1.10.9 #13517
  • Update org.springframework to 6.0.11 #13520
  • Update org.springframework.data to 2022.0.8 #13521

5.8.5

17 Jul 21:46
Compare
Choose a tag to compare

⭐ New Features

  • Improve RequestMatcher Validation #13551
  • Improve Security Filters Documentation #8167

πŸͺ² Bug Fixes

  • Optimize Querying of RequestCache -> continue parameter #13438
  • Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration #13417
  • Use default PathPatternParser instance #13462

πŸ”¨ Dependency Upgrades

  • Update io.projectreactor to 2020.0.34 #13513
  • Update org.springframework to 5.3.29 #13515
  • Update org.springframework.data to 2021.2.14 #13516
  • Update reactor-netty to 1.0.34 #13514

5.7.10

17 Jul 21:52
Compare
Choose a tag to compare

πŸͺ² Bug Fixes

  • Use default PathPatternParser instance #13461

πŸ”¨ Dependency Upgrades

  • Update io.projectreactor to 2020.0.34 #13509
  • Update org.springframework to 5.3.29 #13511
  • Update org.springframework.data to 2021.2.14 #13512
  • Update reactor-netty to 1.0.34 #13510