Releases: spring-projects/spring-security
Releases · spring-projects/spring-security
5.7.0-RC1
⭐ New Features
- Add authorizeHttpRequests to Kotlin DSL #10895
- Add authorizeHttpRequests to Kotlin DSL #10481
- Add DisableEncodeUrlFilter #11084
- Add Option to Filter All Dispatcher Types #11094
- Add Option to Filter All Dispatcher Types #11092
- Add support for authorization events in DelegatingAuthorizationManager #9527
- Add Support for Explicitly Saving SecurityContext #10949
- Create ForceEagerSessionCreationFilter #11109
- DelegatingAuthorizationManager Should Fire Events #9288
- Deprecate loadContext(RequestResponseHolder) in 5.x #11032
- Deprecate Saml2AuthenticationRequestFactory #11080
- Fix saml2 authentication-requests documentation #11034
- HttpSessionSecurityContextRepository.loadContext support null HttpServletResponse #11029
- RequestMatcherDelegatingAuthorizationManager should use RequestMatcherEntry #11046
🪲 Bug Fixes
- AuthorizationManagerWebInvocationPrivilegeEvaluator does not provide access to ServletContext #10908
- ExceptionTranslationWebFilter causes a blocking call in case of missing/wrong authentication #10864
- Fix typo in reference documentation #11058
- Make the
DelegatingPasswordEncoderwork correctly, even if the prefix and suffix are the same #10933 - Update saganCreateRelease property referenceDocUrl #11031
- Update saganCreateRelease task property referenceDocUrl #11016
🔨 Dependency Upgrades
- Update aspectj-plugin to 6.4.2 #11143
- Update com.nimbusds to 9.34 #11142
- Update hibernate-entitymanager to 5.6.8.Final #11149
- Update io.projectreactor to 2020.0.18 #11144
- Update io.rsocket to 1.1.2 #11146
- Update org.aspectj to 1.9.9.1 #11147
- Update org.eclipse.jetty to 9.4.46.v20220331 #11148
- Update org.jetbrains.kotlin to 1.6.20 #11150
- Update org.jetbrains.kotlinx to 1.6.1 #11151
- Update org.springframework to 5.3.19 #11152
- Update reactor-netty to 1.1.0-M1 #11145
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.6.3
🪲 Bug Fixes
- AuthorizationManagerWebInvocationPrivilegeEvaluator should grant access when AuthorizationManager abstains #10951
- Change HashSet to LinkedHashSet for RelyingPartyRegistration credentials #10916
- Fix saml2 authentication-requests documentation #11047
- Remove "Hi servlet/authentication/architecture there" from docs #10963
🔨 Dependency Upgrades
- Update hibernate-entitymanager to 5.6.8.Final #11124
- Update io.projectreactor to 2020.0.18 #11119
- Update io.rsocket to 1.1.2 #11121
- Update jackson-bom to 2.13.2.20220328 #11115
- Update jackson-databind to 2.13.2.2 #11116
- Update jackson-datatype-jsr310 to 2.13.2 #11117
- Update logback-classic to 1.2.11 #11114
- Update mockk to 1.12.3 #11118
- Update org.aspectj to 1.9.9.1 #11122
- Update org.eclipse.jetty to 9.4.46.v20220331 #11123
- Update org.springframework to 5.3.19 #11125
- Update org.springframework.data to 2021.1.3 #11126
- Update reactor-netty to 1.0.18 #11120
- Update spring-ldap-core to 2.3.7.RELEASE #11127
5.5.6
🪲 Bug Fixes
- AuthorizationManagerWebInvocationPrivilegeEvaluator should grant access when AuthorizationManager abstains #10952
- Change HashSet to LinkedHashSet for RelyingPartyRegistration credentials #10917
🔨 Dependency Upgrades
- Update com.fasterxml.jackson.core to 2.13.2.2 #11130
- Update com.fasterxml.jackson.datatype to 2.13.2 #11131
- Update io.projectreactor to 2020.0.18 #11132
- Update io.rsocket to 1.1.2 #11134
- Update jackson-bom to 2.12.6.20220326 #11129
- Update logback-classic to 1.2.11 #11128
- Update org.aspectj to 1.9.9.1 #11135
- Update org.eclipse.jetty to 9.4.46.v20220331 #11136
- Update org.springframework to 5.3.19 #11137
- Update org.springframework.data to 2021.0.10 #11138
- Update reactor-netty to 1.0.18 #11133
- Update spring-ldap-core to 2.3.7.RELEASE #11139
6.0.0-M3
6.0.0-M2
⏪ Breaking Changes
- Fixed ClientAuthenticationMethod inconsistent equals and hashCode #10559
⭐ New Features
- Add default value for version in gitHubCheckMilestoneHasNoOpenIssues task #10921
- Add gradle task for updating to next development version #10975
- Do not run CI on tags #10974
- Remove
spring-security-openidmodule #10773 - Update CI pipeline to push next snapshot version after release #10977
🪲 Bug Fixes
- commons-logging:commons-logging is a transitive dependency of some modules #10499
- Do not rely on javax. group ids #10501
🔨 Dependency Upgrades
- Update aspectj-plugin to 6.4.1 #10984
- Update com.nimbusds to 9.30 #10983
- Update hibernate-core-jakarta to 5.6.7.Final #10992
- Update htmlunit to 2.59.0 #10990
- Update htmlunit-driver to 2.59.0 #10993
- Update io.projectreactor to 2020.0.17 #10986
- Update io.r2dbc to 0.9.1.RELEASE #10988
- Update io.spring.javaformat to 0.0.31 #10989
- Update jackson-bom to 2.13.2 #10980
- Update jackson-databind to 2.13.2 #10981
- Update jackson-datatype-jsr310 to 2.13.2 #10982
- Update logback-classic to 1.2.11 #10979
- Update mockk to 1.12.3 #10985
- Update org.eclipse.jetty to 11.0.8 #10991
- Update org.slf4j to 1.7.36 #10994
- Update reactor-netty to 1.0.17 #10987
- Update spring-ldap-core to 2.3.6.RELEASE #10995
- Upgrade to AspectJ 1.9.8 #10349
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.7.0-M3
⏪ Breaking Changes
- ServerHttpBasicAuthenticationConverter uses platform's default charset #10903
- Use utf-8 in ServerHttpBasicAuthenticationConverter #10911
⭐ New Features
OidcClientInitiatedLogoutSuccessHandlerresolves redirect uri placeholders #10935- Add support in xml configuration #9012
- Add InResponseTo validation support #9174
- Add Jackson Support for saml2 Module #10907
- Add Kotlin example for SecuritySocketAcceptorInterceptor of RSocket #10932
- Add method to customize EntityDescriptor and SPSSODescriptor #10925
- Add OpenSamlMetadataResolver#setEntityDescriptorCustomizer #10839
- Add Persistence to Documentation #10962
- Add RequestAttributeSecurityContextRepository #10918
- Add SAML 2.0 Login and Logout XML Support #10685
- Add SAML 2.0 Single Logout XML Support #10842
- Add SecurityContextHolderFilter #9635
- Add support for customizing claims in JWT Client Assertion #10972
- Add support for validation of InResponseTo attribute when validating SAML2 responses #10849
- Consider adding factory method to
UsernamePasswordAuthenticationToken#10790 - Consider enabling PKCE for confidential clients #6548
- fix gh_10846 #10898
- HttpSessionSecurityContextRepository saves with original response #10947
- Implemented Add Kotlin example for SecuritySocketAcceptorInterceptor o… #10936
- OAuth2AuthorizedClientArgumentResolver couldn't use ReactiveOAuth2AuthorizedClientManager registered in the Context #10846
- Polish UsernamePasswordAuthenticationFilter method #10970
- Provide ability to customize claims in Jwt Client Assertion #9855
- UsernamePasswordAuthenticationToken factory methods #10901
🪲 Bug Fixes
- AuthorizationManagerWebInvocationPrivilegeEvaluator should grant access when AuthorizationManager abstains #10950
- Change HashSet to LinkedHashSet for RelyingPartyRegistration credentials #10912
- DefaultSecurityFilterChain: Wrong log message "Will not secure" #10909
- Edit declaration of PasswordEncoder interface of Cryptography section #10922
- Edit declaration of PasswordEncoder interface of Cryptography section #10910
- Line breaks in Base64 encoded LogoutResponse cause an IllegalArgumentException #10923
- Preserve order of RelyingPartRegistration credentials #10924
🔨 Dependency Upgrades
- Update com.nimbusds to 9.31 #11003
- Update hibernate-entitymanager to 5.6.7.Final #11008
- Update htmlunit to 2.60.0 #11007
- Update htmlunit-driver to 2.60.0 #11010
- Update io.projectreactor to 2020.0.17 #11005
- Update jackson-bom to 2.13.2 #11000
- Update jackson-databind to 2.13.2 #11001
- Update jackson-datatype-jsr310 to 2.13.2 #11002
- Update logback-classic to 1.2.11 #10999
- Update mockk to 1.12.3 #11004
- Update org.jetbrains.kotlin to 1.6.20-RC #11009
- Update org.springframework to 5.3.17 #11011
- Update reactor-netty to 1.0.17 #11006
- Update spring-data-bom to 2021.2.0-M4 #11014
- Update spring-data-jpa to 2.7.0-M4 #11012
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.7.0-M2
⭐ New Features
- Add
serialVersionUIDtoDefaultSavedRequestandSavedCookie#10594 - Add EntitiesDescriptor Support #10787
- add Kotlin example for logout configuration of reactive authentication #10823
- Add Kotlin example for logout configuration of reactive authentication #10819
- Add LDAP AuthenticationManager factory #10138
- Add OpenSaml custom types to Saml2AuthenticatedPrincipal #10809
- Add OpenSamlAssertingPartyDetails #10794
- Add Request AuthenticationManagerResolvers #7366
- Add Saml2AuthenticationRequestResolver #10355
- Add Saml2AuthenticationRequestResolver #9277
- Add serialVersionUID to DefaultSavedRequest and SavedCookie #10676
- Add Session Index Support #10784
- Consider Adding OpenSamlAssertingPartyDetails #10781
- Deprecate WebSecurityConfigurerAdapter #10822
- Document SecurityFilterChain bean based configuration #10003
- Expose JDBC default user schema DDL location as public constant #10837
- Fix for gh10663 encryptedID #10689
- Introduce a Map-based AuthenticationManagerResolver #6762
- Make Saml2AuthenticationRequests serializable #10608
- Make WebAuthenticationDetails constructor public #10830
- Print ignore message DefaultSecurityFilterChain #9526
- RelyingPartyRegistrations should read all entities #10782
- SAML 2.0 Response handling should have a better error message when decryption is not allowed #10220
- Saml2AuthenticationRequests not serializable cause exception when using jdbc session #10550
- Support
@TransientSecurityContext and Provide TransientSecurityContext #9995 - Support extensions of WebAuthenticationDetails when using Jackson serialization #10564
- Support multiple RequestRejectedHandler beans. #10603
- Update reference documentation to use LDAP AuthenticationManager factory #10789
🪲 Bug Fixes
- add Kotlin examples for Spring Data Integration of servlet application #10834
- Add Kotlin examples for Spring Data Integration of servlet application #10827
- Apply configurers from spring.factories to HttpSecurity bean #10815
- Cannot create OrRequestMatcher with List.of(...) #10703
- commons-logging:commons-logging is a transitive dependency of some modules #10771
- Default configurer in spring.factories is not applied when using SecurityFilterChain #10814
- Do not rely on javax. group ids #10769
- Fix broken link to SAML2 login example #10800
- Fix typo in role hierarchy document #10804
- Getting Spring Security Reference Doc have a error #10736
- Replace StringUtils class of oauth2-oidc-sdk completely #10805
- RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext #10779
- Update docs to use multi-tenancy #10829
- web.ignoring().mvcMatchers is confuse in someway about the debug output in the console #9334
🔨 Dependency Upgrades
- Update aspectj-plugin to 6.4.1 #10880
- Update com.nimbusds to 9.27 #10879
- Update hibernate-entitymanager to 5.6.5.Final #10888
- Update htmlunit to 2.58.0 #10885
- Update htmlunit-driver to 2.58.0 #10890
- Update io.projectreactor to 2020.0.16 #10881
- Update io.r2dbc to 0.9.1.RELEASE #10883
- Update io.spring.javaformat to 0.0.31 #10884
- Update org.aspectj to 1.9.8 #10886
- Update org.eclipse.jetty to 9.4.45.v20220203 #10887
- Update org.jetbrains.kotlin to 1.6.20-M1 #10889
- Update org.slf4j to 1.7.36 #10891
- Update org.springframework to 5.3.16 #10892
- Update reactor-netty to 1.0.16 #10882
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.6.2
⏪ Breaking Changes
- Saml2 metadata includes SingleLogoutService even if saml2 logout is disabled / not configured #10734
⭐ New Features
- Document Authorize HTTP Requests for Reactive Security #10801
- Introduce
AuthorizationManagerWebInvocationPrivilegeEvaluator#10682
🪲 Bug Fixes
- add Kotlin examples for Spring Data Integration of servlet application #10848
- commons-logging:commons-logging is a transitive dependency of some modules #10772
- Do not rely on javax. group ids #10770
- Fix broken link to SAML2 login example #10806
- Getting Spring Security Reference Docs have a error #10796
- Make source code compatible with JDK 8 #10699
- Replace StringUtils class of oauth2-oidc-sdk completely #10824
- RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext #10792
- WebInvocationPrivilegeEvaluator Bean should support multiple
SecurityFilterChains #10680
🔨 Dependency Upgrades
- Update hibernate-entitymanager to 5.6.5.Final #10873
- Update io.projectreactor to 2020.0.16 #10867
- Update io.spring.javaformat to 0.0.31 #10870
- Update logback-classic to 1.2.10 #10865
- Update mockk to 1.12.2 #10866
- Update org.aspectj to 1.9.8 #10871
- Update org.eclipse.jetty to 9.4.45.v20220203 #10872
- Update org.slf4j to 1.7.36 #10874
- Update org.springframework to 5.3.16 #10875
- Update org.springframework.data to 2021.1.2 #10876
- Update r2dbc-h2 to 0.8.5.RELEASE #10869
- Update reactor-netty to 1.0.16 #10868
- Update spring-ldap-core to 2.3.6.RELEASE #10877
5.5.5
⭐ New Features
- Introduce
AuthorizationManagerWebInvocationPrivilegeEvaluator#10683
🪲 Bug Fixes
- Add Kotlin examples for Spring Data Integration of servlet application #10847
- Replace StringUtils class of oauth2-oidc-sdk completely #10825
- Getting Spring Security Reference Docs have a error #10797
- RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext #10791
- Make source code compatible with JDK 8 #10700
WebInvocationPrivilegeEvaluatorBean should support multipleSecurityFilterChains #10681
🔨 Dependency Upgrades
- Update spring-ldap-core to 2.3.6.RELEASE #10863
- Update org.springframework.data to 2021.0.9 #10862
- Update org.springframework to 5.3.16 #10861
- Update org.slf4j to 1.7.36 #10860
- Update org.eclipse.jetty to 9.4.45.v20220203 #10859
- Update org.aspectj to 1.9.8 #10858
- Update io.spring.javaformat to 0.0.31 #10857
- Update r2dbc-h2 to 0.8.5.RELEASE #10856
- Update reactor-netty to 1.0.16 #10855
- Update io.projectreactor to 2020.0.16 #10854
- Update logback-classic to 1.2.10 #10851
6.0.0-M1
⏪ Breaking Changes
- move HttpSecurityDsl and common files to annotation package #10474
- Resolve HttpSecurityDsl Package Tangle #10333
⭐ New Features
- Add NameIdFormat support to RelyingPartyRegistration #9115
- Clean up Reference Documentation #9668
- Clear null authentication to fix ThreadLocal leak #9877
- Gh-10333 move HttpSecurityDsl to another package #10429
- LdapAuthoritiesPopulator should be postProcessed #9276
- make SP NameIDPolicy configurable in RelyingPartyRegistration #9227
- PermitAllSupport supports AuthorizeHttpRequestsConfigurer #10543
- Update Authorization Documentation #10442
🪲 Bug Fixes
- #10504 Replace setJWTClaimSetJWSKeySelector in example code #10508
- Documentation fix in Customizing OpenSAML’s AuthnRequest Instance section #10463
- Fix JwtClaimValidator error type #10500
- Structure101 Plugin uses a dead repository link #10697
- Test fails due to HttpMethod changes #10569
🔨 Dependency Upgrades
- Switch workflows to use a JDK17 baseline #10353
- Update aspectj-plugin to 6.3.0 #10498
- Update assertj-core to 3.22.0 #10748
- Update cas-client-core to 3.6.4 #10753
- Update com.nimbusds to 9.22 #10741
- Update hibernate-core-jakarta to 5.6.3.Final #10751
- Update hsqldb to 2.6.1 #10752
- Update htmlunit to 2.56.0 #10747
- Update htmlunit-driver to 2.56.0 #10756
- Update io.projectreactor to 2020.0.15 #10743
- Update io.r2dbc to 0.9.0.RELEASE #10745
- Update jackson-bom to 2.13.1 #10738
- Update jackson-databind to 2.13.1 #10739
- Update jackson-datatype-jsr310 to 2.13.1 #10740
- Update jakarta.annotation-api to 2.1.0-B1 #10746
- Update junit-bom to 5.8.2 #10754
- Update logback-classic to 1.2.10 #10737
- Update mockk to 1.12.2 #10742
- Update org.bouncycastle to 1.70 #10749
- Update org.eclipse.jetty to 11.0.7 #10750
- Update org.junit.jupiter to 5.8.2 #10755
- Update org.slf4j to 1.7.33 #10757
- Update reactor-netty to 1.0.15 #10744
- Update spring-data-bom to 2022.0.0-M1 #10759
- Update spring-ldap-core to 2.3.5.RELEASE #10758
- Update to Gradle 7.3 #10480
- Update to Spring Framework 6.0 #10360
- Upgrade to JDK 17 #10343
- Upgrade to Kotlin Coroutines 1.6.0 #10707
- Upgrade to Spring Framework 6.0.0-M2 #10706
❤️ Contributors
We'd like to thank all the contributors who worked on this release!