⭐ New Features
- OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #8236
- SwitchUserFilter vulnerable to CSRF #8224
- Update Encryptors documentation for standard and stronger #8215
- Typo 'properites' -> 'properties' in documentation #8100
- Typo 'hasPermision()' in GlobalMethodSecurityBeanDefinitionParser.java #8068
- Remove unwanted code #7949
🪲 Bug Fixes
- HttpServletRequest.logout() not functioning #8242
- oauth2Login WebFlux should not auto-redirect for XHR request #8203
- Make OAuth2ErrorHttpMessageConverter more resilient #8181
- Fix typo in Javadoc of HttpSecurity#csrf() #8135
- Fix typo in AntPathRequestMatcher contructor comment #8046
- An AuthenticationManager is required. Oauth2ResourceServer + anonymous disable #8043
- OAuth2 access token response parsing fails with nested JSON object #8022
- OAuth2AuthorizationCodeGrantWebFilter should also match on query parameters #7968
- OAuth2AuthorizationCodeGrantFilter should also match on query parameters #7965
🔨 Dependency Upgrades
- Update to httpclient 4.5.12 #8294
- Update to hibernate-validator 6.0.19.Final #8293
- Update to reactive-streams 1.0.3 #8292
- Update to hibernate-core 5.2.18.Final #8291
- Update to groovy 2.4.19 #8290
- Update to unboundid-ldapsdk 4.0.14 #8289
- Update to okhttp 3.12.10 #8288
- Update to mockwebserver 3.12.10 #8287
- Update to org.powermock 2.0.6 #8286
- Update to Spring Boot 2.1.13.RELEASE #8285
- Update to GAE 1.9.79 #8284
- Update to Reactor Californium-SR17 #8283
- Update to Spring Data Lovelace-SR16 #8282
- Update to Spring Framework 5.1.14.RELEASE #8281
- Update to Jetty 9.4.22.v20191022 #8093
❤️ Contributors
We'd like to thank all the contributors who worked on this release!