⭐ New Features
- Update to Reactor Dysprosium-M3 #7186
- Update to Spring Data Moore RC2 #7185
- Update to Spring Framework 5.2.0.RC1 #7184
- Downgrade modifier from public to protected #7180
- AuthenticationFilter#attemptAuthentication should be protected #7177
- Use org.mockito.ArgumentMatchers in favor of org.mockito.Matchers #7176
- Migrate VersionsResourceTasks groovy->java #7173
- Add support for allowedHostnames in StrictHttpFirewall #7158
- Upgrade org.springframework.boot:spring-boot-xxx to 2.2.0.M4 #7143
- Remove exceptions from lambda security configuration #7131
- Remove exception from security configuration methods #7128
- Support nested builder in DSL for reactive apps #7121
- Prevent disabled user from logging in on reactive applications #7113
- Oauth2 BearerTokenAuthenticationFilter logging issue #7110
- Add support for nested builders in the DSL for reactive apps #7107
- Error description by BearerTokenAccessDeniedHandler is misleading #7089
- Throws exception when passed IP address with too long mask #7084
- Allow configuration of SessionAuthenticationStrategy for CSRF #7083
- Add Chinese Traditional localized messages. #7082
- Changed docs to reflect that init should apply configurers #7080
- Update to Gradle 5.5.1 #7078
- Migrate TrangPlugin groovy->java #7077
- Cleanup redundant type casts #7073
- Allow upgrading between different SCrypt encodings #7057
- DSL nested builder for HTTP security #7046
- Add @nullable to UsernamePasswordAuthenticationFilter #7043
- Allow upgrading between different BCrypt encodings #7042
- Can't use a custom authorization grant type in a ClientRegistration #7040
- Add Generic AuthenticationFilter #7025
- Migrate DefaultLoginPageConfigurerTests groovy->java #6956
- Add generic getClaim() method in ClaimAccessor #6947
- Mock Jwt Support should accept a fully-configured Jwt #6896
- OpenID Connect Userinfo not fetched for custom claims #6886
- OAuth2LoginAuthenticationFilter sets AuthenticationDetails #6884
- OAuth2LoginAuthenticationFilter should set AuthenticationDetails #6866
- Introduce OAuth2AuthorizedClient Manager/Provider #6845
- Replace strange hashCode() implementations #6542
- Add Generic AuthenticationFilter #6506
- Allow in-memory authorized client services to be constructed with a map #5994
- Please add support for nested builders in the DSL #5557
- Allow configuration of added SessionAuthenticationStrategy for CsrfConfigurer #5300
🪲 Bug Fixes
- Basic authentication scheme is not case-insensitive #7163
- Fix CSRF session authentication strategy since version #7127
- Incorrect Javadoc for methods in HeadersConfigurer #7123
- Loggin Fix for printing the full stack trace, spring-projects/spring-… #7111
- Fix infinite loop in role hierarchy resolving #7106
- Fixed typo in documentation. #7092
- Fix typo in documentation #7050
- Allow custom ReactiveAuthenticationManager for basic and form auth #7048
- Fixed validation in ClientRegistration.Builder #7047
- Fix blocking in ServletOAuth2AuthorizedClientExchangeFilterFunction #7037
- Infinite loop in role hierarchy resolving #7035
- ServerBearerTokenAuthenticationConverter Handles Empty Tokens #7020
- Reactive OAuth2 using query parameters for access_token can cause HTTP 500s #7011
- OAuth2Login should process authenticated requests #6890
- Ensure ServletOAuth2AuthorizedClientExchangeFilterFunction is non-blocking #6589
- ServerHttpSecurity can't set multiple authentication managers #5660
- SCryptPasswordEncoder constructor javadoc needs to be fixed #4004
- SEC-2576: ArrayIndexOutOfBoundsException in IpAddressMatcher #2790
❤️ Contributors
We'd like to thank all the contributors who worked on this release!