Releases: spring-projects/spring-security
Releases · spring-projects/spring-security
6.5.3
⭐ New Features
- Add META-INF/LICENSE.txt to published jars #17639
- Update Angular documentation links in csrf.adoc #17653
- Update Shibboleth Repository URL #17637
- Use 2004-present Copyright #17634
🪲 Bug Fixes
- Add Missing Navigation in Preparing for 7.0 Guide #17731
- DPoP authentication throws JwtDecoderFactory ClassNotFoundException #17249
- OpenSamlAssertingPartyDetails Should Be Serializable #17727
- Use final values in equals and hashCode #17621
🔨 Dependency Upgrades
- Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17739
- Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17690
- Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17684
- Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17661
- Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17615
- Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17599
- Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17737
- Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17701
- Bump io.mockk:mockk from 1.14.4 to 1.14.5 #17614
- Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #17647
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17733
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17711
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17612
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17598
- Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #17742
- Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17613
- Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17595
- Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17760
- Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17692
- Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17683
- Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17671
- Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17616
- Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17597
- Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final #17646
- Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final #17660
- Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17694
- Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17685
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2 #17650
- Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17645
- Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17757
- Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17651
- Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17596
- Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #17735
❤️ Contributors
Thank you to all the contributors who worked on this release:
Contributors
codingtim
Assets 2
6.4.9
⭐ New Features
- Add META-INF/LICENSE.txt to published jars #17638
- Update Angular documentation links in csrf.adoc #17652
- Update Shibboleth Repository URL #17636
- Use 2004-present Copyright #17633
🪲 Bug Fixes
- OpenSamlAssertingPartyDetails Should Be Serializable #17622
🔨 Dependency Upgrades
- Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17611
- Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17604
- Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17756
- Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17699
- Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #17643
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17741
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17717
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17609
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17603
- Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #17736
- Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17607
- Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17602
- Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17641
- Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final #17630
- Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final #17659
- Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17695
- Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #17680
- Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17696
- Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17682
- Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17642
- Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17600
- Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.9 #17738
- Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17745
- Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17610
- Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17601
- Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #17744
7.0.0-M1
⏪ Breaking Changes
- Address BouncyCastle's deprecated AESFastEngine usage #16164
- Default to XorCsrfChannelInterceptor in XML configuration #17323
- Don't cache WebSocket request in RequestCache #16741
- Improve JdbcUserDetailsManager.userExists method #14649
- Remove .and() and non lambda methods from DSL #13067
- Remove
authorizeRequests#15174 - Remove AbstractConfiguredSecurityBuilder apply method #17498
- Remove AbstractSecurityWebSocketMessageBrokerConfigurer #17328
- Remove ApacheDS #13852
- Remove APPLICATION_JSON_UTF8 usage #17070
- Remove AssertingPartyDetails from APIs in favor of AssertingPartyMetadata #17304
- Remove deprecated classes moved to other packages #17330
- Remove deprecated elements from DaoAuthenticationProvider #17315
- Remove deprecated elements of RoleHierarchyImpl #17313
- Remove deprecated elements using AuthorizationDecision #17322
- Remove deprecated implementations of OAuth2AccessTokenResponseClient #16909
- Remove deprecated methods from CookieServerCsrfTokenRepository #14139
- Remove deprecations from CookieCsrfTokenRepository #14132
- Remove EnableWebMvcSecurity #17311
- Remove HandlerMappingIntrospector Usage #16886
- Remove LazyCsrfTokenRepository #13196
- Remove Nimbus(Reactive)OpaqueTokenIntrospector #17326
- Remove no-version Open SAML implementations #17306
- Remove PrePostTemplateDefaults #17312
- Remove RelyingPartyRegistration deprecations #17329
- Remove RequestVariablesExtractor #17320
- Remove Resource Owner Password Credentials grant #17446
- Remove shouldFilterAllDispatcherTypes #17505
- Remove shouldFilterAllDispatcherTypes #12139
- Remove usage of PathMatcher in messaging #17501
- Use
LdapNameinstead ofDistinguishedName#17325
⭐ New Features
- Add basePath to PathPatternParserRequestMatcherBuilderFactoryBean #17579
- Add BearerTokenAuthenticationConverter #14791
- Add default authorizationRequestBaseUri to DefaultOAuth2AuthorizationRequestResolver #16384
- Add Equals and HashCode methods for better comparison. #16842
- Add JdbcAssertingPartyMetadataRepository #17077
- Add null check for authentication token in JwtAuthenticationProvider #17251
- Add NullReturningMethodAuthorizationDeniedHandler #17084
- Add OAuth Support for HTTP Interface Client #16858
- Add PathPatternRequestMatcher static factory shortcuts #17476
- Add possibility to customize JwkSource of NimbusJwtDecoder #17046
- Add Support Credentialless COEP Header #17027
- Add Support Extracting DN From X500Principal #16984
- Add TestMockHttpServletRequests #17450
- Add Twitter/X to CommonOAuth2Provider #16510
- Add username property to UsernameNotFoundException #17179
- Begin Spring Security 7 to 8 Migration Guide #17182
- Create CsrfCustomizer for SPA configuration #16966
- Create demonstration of include-code usage #17163
- Create Spring Security 7.0.x branch #17047
- Decouple SAML 2.0 Single Logout from the authenticated principal's type #11338
- Deprecate the X5T JOSE Header name #17130
- Exceptions for Authorized Objects should propagate when returned from a Controller #17074
- Fix the problem of not deserializing SwitchUserGrantedAuthority in Webflux #17064
- Force Snapshot Build is separate workflow #17558
- Improve logging clarity in CsrfFilter #17425
- Improve OAuth2ResourceServerConfigurer to eliminate deprecated operations #16963
- Include UsernameNotFoundException in BadCredentialsException #16512
- JwtTimestampsValidator can require exp and nbf claims #17030
- Kotlin 2.2 Upgrade #16884
- Make AuthorizationProxyFactory.proxy generic #16996
- NimbusJwtEncoder should simplify constructing with javax.security Keys #17033
- Polish Webauthn4JRelyingPartyOperations #17224
- Remove 32-byte minimum keyLength restriction in
Base64StringKeyGenerator#17091 - Remove GET request support from Saml2AuthenticationTokenConverter #17108
- Replace deprecated #check calls with #authorize #16965
- Replace deprecated NimbusReactiveOpaqueTokenIntrospector with SpringReactiveOpaqueTokenIntrospector #16964
- Send saml logout response even when validation errors happen #14676
- Setup include-code extension for docs #17162
- Simplify Expression Migration for authorizeRequests #17504
- Simplify Websocket Csrf Processor XML Configuration #17248
- Standarize Mock Request Paths #17449
- Support Filtering Events in SpringAuthorizationEventPublisher #17503
- Support Spring Data container types for AuthorizeReturnObject #16953
- Update document regarding Stream usage #17219
- Update Type Validation Defaults #17181
- Use UserWebTestClientConfigurer #17496
- We should remove usage of PathMatcher in web modules #16887
🪲 Bug Fixes
Contributors
msqr, quaff, and 31 other contributors
Assets 2
6.5.2
🪲 Bug Fixes
<websocket-message-broker>should pick up a bean namedcsrfChannelInterceptor#17495- Add 7.0 Migration Steps for Messaging PathPattern Usage #17509
- EnableReactiveMethodSecurity should not import Servlet configuration #17545
- Fix equals and hashCode in
PathPatternRequestMatcherto include HTTP method #17337 - Fix securityContextRepository() initialization in oauth2Login() DSL #17557
- OAuth2Login DSL should support post-processing AuthenticationProvider implementations #17176
- Websocket XML config should pick up PathPatternMessageMatcher.Builder #17508
🔨 Dependency Upgrades
- Bump com.webauthn4j:webauthn4j-core from 0.29.3.RELEASE to 0.29.4.RELEASE #17444
- Bump io-spring-javaformat from 0.0.46 to 0.0.47 [#17470](#17470
- Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 [#17570](#17570
- Bump io.mockk:mockk from 1.14.2 to 1.14.4 #17467
- Bump io.mockk:mockk from 1.14.4 to 1.14.5 #17572
- Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #17469
- Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17555
- Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.20.Final #17491
- Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final #17571
- Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17466
- Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17569
- Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17468
- Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17481
- Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17568
❤️ Contributors
Thank you to all the contributors who worked on this release:
@fkowal and @therepanic
Contributors
fkowal and therepanic
Assets 2
6.4.8
🪲 Bug Fixes
<websocket-message-broker>should pick up a bean namedcsrfChannelInterceptor#17494- Fix securityContextRepository() initialization in oauth2Login() DSL #17502
- Support add nested security configurers during builder initialization #17020
🔨 Dependency Upgrades
- Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17464
- Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17576
- Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #17463
- Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17574
- Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final #17465
- Bump org.hibernate.orm:hibernate-core from 6.6.19.Final to 6.6.20.Final #17490
- Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final #17575
- Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17480
- Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17577
- Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17462
- Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17461
- Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17578
❤️ Contributors
Thank you to all the contributors who worked on this release:
Contributors
marcusdacoregio and kse-music
Assets 2
6.5.1
⭐ New Features
🪲 Bug Fixes
- ClearSiteDataHeaderWriter log is misleading #17166
- Fix to allow multiple AuthenticationFilter instances to process each request #17216
- Inconsistent constructor declaration on bean with name '_reactiveMethodSecurityConfiguration' #17210
- OAuth2ResourceServer using authenticationManagerResolver results in
tokenAuthenticationManager cannot be nullwhile startup #17172 - Publishing a default TargetVisitor should not override Spring MVC support #17189
- Use HttpStatus in back-channel logout filters #17157
🔨 Dependency Upgrades
- Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #17233
- Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE #17192
- Bump io-spring-javaformat from 0.0.43 to 0.0.45 #17152
- Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #17220
- Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #17232
- Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #17204
- Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #17214
- Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #17184
- Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17256
- Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17257
- Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17239
- Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17238
❤️ Contributors
Thank you to all the contributors who worked on this release:
Contributors
evgeniycheban
Assets 2
6.4.7
🪲 Bug Fixes
- ClearSiteDataHeaderWriter log is misleading #17165
- Fix inconsistent constructor declaration for
ReactiveAuthorizationManagerMethodSecurityConfiguration#17197 - Fix to allow multiple AuthenticationFilter instances to process each request #17215
- Use HttpStatus in back-channel logout filters #17156
🔨 Dependency Upgrades
- Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #17229
- Bump io-spring-javaformat from 0.0.43 to 0.0.45 #17148
- Bump io-spring-javaformat from 0.0.45 to 0.0.46 #17199
- Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #17221
- Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #17230
- Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #17206
- Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #17212
- Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #17183
- Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #17253
- Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17254
- Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17237
- Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17236
❤️ Contributors
Thank you to all the contributors who worked on this release:
Contributors
damable-nuvolex
Assets 2
6.3.10
⭐ New Features
- Add SAML 2.0 migration guide from Spring Security SAML Extension #17076
- Advise overriding equals() and hashCode() in UserDetails implementations #17141
- Bump Gradle Wrapper from 8.13 to 8.14 #16999
🪲 Bug Fixes
- Clear Site Data references non-existent constructor #16948
- ClearSiteDataHeaderWriter log is misleading #17126
- ClientRegistrations#fromIssuerLocation should not swallow 4xx exception messages #16993
- Correct method name in document #17044
- Fix IllegalArgumentException message for unknown Argon2 types #16971
- Fix to allow multiple AuthenticationFilter instances to process each request #17186
- Improve AbstractPreAuthenticatedProcessingFilter docs #16985
- Remove duplicate lines from X.509 documentation #17010
- StrictFirewallServerWebExchange should still protect when request is mutated #16978
- Update the docs to use assertingparty instead of identityprovider to close #12810 #17081
- Use HttpStatus in back-channel logout filters #17128
- Use proper configuration key in Opaque Token documentation #17005
🔨 Dependency Upgrades
- Bump io-spring-javaformat from 0.0.43 to 0.0.45 #17151
- Bump io-spring-javaformat from 0.0.45 to 0.0.46 #17198
- Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #17101
- Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #17231
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #17039
- Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #17085
- Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #17211
- Bump org.springframework.data:spring-data-bom from 2024.0.10 to 2024.0.11 #16982
- Bump org.springframework.data:spring-data-bom from 2024.0.11 to 2024.0.12 #17135
- Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13 #17255
- Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17241
- Bump org.springframework:spring-framework-bom from 6.1.19 to 6.1.20 #17122
- Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21 #17240
- Update to io.spring.gradle:spring-security-release-plugin:1.0.5 #16975
🔩 Build Updates
- Release 6.3.10 #17140
❤️ Contributors
Thank you to all the contributors who worked on this release:
@Gurunathan16, @danilopiazza, @evgeniycheban, @joaquinjsb, @m0rk4, @ngocnhan-tran1996, @quaff, @rntrp, @ronodhirSoumik, @snowykte0426, and @therepanic
Contributors
quaff, danilopiazza, and 9 other contributors
Assets 2
6.5.0
⭐ New Features
- Add documentation for DPoP support #17072
- Add logging to CsrfTokenRequestHandler implementations #16994
- Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter #16806
- Bump Gradle Wrapper from 8.13 to 8.14 #17018
- ClientRegistrations.fromIssuerLocation does not include failure information #17015
- Fix Typo In SubjectDnX509PrincipalExtractorTests #16997
- Implement internal cache in JtiClaimValidator #17107
- Polish javadoc #16924
- Remove unused classes #16935
- Replace NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in Documentation #16962
- RequestHeaderAuthenticationFilter creates a session even if not configured to do so #17147
🪲 Bug Fixes
- Add FunctionalInterface To X509PrincipalExtractor #16952
- Change NonNull import from reactor to spring #16571
- Fix DPoP jkt claim to be JWK SHA-256 thumbprint #17080
- Minor error in the Handling Logouts documentation #17049
- SecurityAnnotationScanner's method comparison should use .equals #17145
- Use proper configuration key in Opaque Token documentation #17014
🔨 Dependency Upgrades
- Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #17069
- Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 #16995
- Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 #16990
- Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to 0.29.1.RELEASE #17024
- Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to 0.29.2.RELEASE #17095
- Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #17096
- Bump io.mockk:mockk from 1.14.0 to 1.14.2 #17019
- Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #17111
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #17040
- Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #17088
- Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #16761
- Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #17089
- Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #17105
- Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 #17037
- Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #16981
- Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 #17137
- Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #17124
🔩 Build Updates
- Release 6.5.0 #17138
❤️ Contributors
Thank you to all the contributors who worked on this release:
@dkowis, @franticticktick, @hammadirshad, @jearton, @ngocnhan-tran1996, @quaff, and @yybmion
Contributors
dkowis, quaff, and 5 other contributors
Assets 2
6.4.6
⭐ New Features
- Bump Gradle Wrapper from 8.13 to 8.14 #17017
- ClientRegistrations.fromIssuerLocation does not include failure information #17016
- RequestHeaderAuthenticationFilter creates a session even if not configured to do so #17146
🪲 Bug Fixes
- Clear Site Data references non-existent constructor #17034
- Ensure Serializable Components Have Serialization Sample #17038
- Minor error in the Handling Logouts documentation #17048
- NPE in BaseOpenSamlAuthenticationProvider #17008
- SecurityAnnotationScanner's method comparison should use .equals #17143
- StrictFirewallServerWebExchange should still protect when request is mutated #17032
- Use proper configuration key in Opaque Token documentation #17013
🔨 Dependency Upgrades
- Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #17065
- Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #17094
- Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #17110
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #17042
- Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #17086
- Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #17087
- Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #17103
- Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #16983
- Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #17121
🔩 Build Updates
- Release Security 6.4.6 #17139