⭐ New Features
- CookieServerCsrfRepositoryTests should not start domain with a dot #7501
- Fix docs typo WebSecurityConfigurationAdapter->WebSecurityConfigurerAdapter #7225
🪲 Bug Fixes
- OAuth2AuthorizationCodeGrantWebFilter should not restrict redirect-uri #7469
- RequestContextSubscriber could put null value in Reactor Context #7410
- OAuth2AuthorizationRequest not removed from session #7369
- InMemoryReactiveClientRegistrationRepository should not use ConcurrentReferenceHashMap #7359
- NimbusJwtDecoderJwkSupport only sets 'application/json' Accept header #7340
- SEC-2971: Footnotes are messed up in online docs #7326
- Confusing example - WebMvcConfigurer vs WebSecurityConfigurerAdapter #7303
- OnCommittedResponseWrapper fails on static resources served by Tomcat 8.5 #7297
- Fix WebClient Memory Leaks #7294
- Ensure filter order is maintained when using springSecurity() along with other filters #7267
- SessionAuthenticationStrategy make HttpSecurity.sessionManagement().maximumSessions(1) unavailability #7262
- SEC-2980: Possible race condition in SessionRegistryImpl #7226