github spring-projects/spring-security 5.2.0.RC1
on GitHub

latest releases: 6.2.5, 6.3.1, 5.8.13...
pre-release4 years ago

⭐ New Features

  • Add attributes Consumer to OAuth2AuthorizationContext #7385
  • Improve DefaultReactiveOAuth2UserService handling IOException #7370
  • Add RSocket Support #7360
  • Polish Server|ServletBearerExchangeFilterFunction #7355
  • Refactor Servlet/Server BearerExchangeFilterFunction #7353
  • OAuth2AuthorizeRequest supports attributes #7352
  • Grant Individual Authorities From Claims #7351
  • DefaultOAuth2AuthorizedClientManager and DefaultServerOAuth2AuthorizedClientManager Alignment #7350
  • Align Servlet ClearSiteData expression of directives #7347
  • Add Adapter to Translate Jwt to BearerTokenAuthentication #7346
  • Opaque Token Introspector should return an Authenticated Principal #7345
  • Opaque Token Introspection Strategy Flexibility #7344
  • Add BearerTokenAuthentication #7343
  • Add OAuth2AuthenticatedPrincipal #7342
  • OAuth2AuthorizeRequest supports attributes #7341
  • DefaultOAuth2UserService should extract authorities #7339
  • InMemoryReactiveClientRegistrationRepository should check for duplicates #7338
  • Add Servlet and ServerBearerExchangeFilterFunction #7330
  • Update to Gradle 5.6.1 #7323
  • Simplify and improve the buildSrc gradle plugin #7302
  • Update to Gradle 5.6 #7300
  • Add Catalan localization messages #7288
  • Add Catalan localization messages #7287
  • Resource Server should support WebClient Bearer Token propagation #7284
  • Sample should use UserDetailsService bean instead of configureGlobal method #7283
  • Mock Jwt Test Samples #7278
  • Allow to set default securityContextRepository for each authenticatio… #7275
  • Resource Server Multi-tenancy Sample Should Manage Its Own Jwt Decoder #7272
  • Add setter for authorities claim name in JwtGrantedAuthoritiesConverter #7271
  • Jwk Set Uri Nimbus Jwt Decoder builders should take SignatureAlgorithm #7270
  • Add setContentLengthLong detection to OnCommittedResponseWrapper. #7264
  • Consolidate shared code between JwtDecoders and ReactiveJwtDecoders #7263
  • Remove MultiTenantAuthenticationManagerResolver #7259
  • Add setter for authority prefix in JwtGrantedAuthoritiesConverter #7256
  • Prevent IntelliJ IDEA from generating spaces for indentation #7253
  • TokenBasedRememberMeServices.processAutoLoginCookie (TokenBasedRememberMeServices.java:134) java.lang.NullPointerException #7251
  • Authentication Mechanisms Should Default their ServerSecurityContextRepository #7249
  • Rename OAuth2TokenIntrospectionClient #7246
  • Consider renaming OAuth2TokenIntrospectionClient #7245
  • Add OAuth2LoginSpec#securityContextRepository #7244
  • Cleanup Code Style Issues #7238
  • Add Checkstyle configuration for IntelliJ IDEA #7237
  • Expose getPort in ApacheDsContainer #7236
  • OAuth2LoginConfigurer should discover OAuth2UserService beans #7232
  • Make ldap integration tests independent #7231
  • Remove unused imports #7229
  • ServerHttpSecurity: oauth2Login() ignores securityContextRepository() #7222
  • Use the 'io.freefair.aspectj' gradle plugin #7183
  • Add RequestMatcher.matcher(HttpServletRequest) #7172
  • ignore Multipart requests in HttpSessionRequestCache.requestMatcher #7167
  • Add test examples for Oauth2 Resource Server sample #7159
  • Add unbounid support in xml #7149
  • OAuth2AuthorizedClientManager implementation works outside of request #7122
  • Improve OAuth2 Resource Server tests #7118
  • Introduce Reactive OAuth2AuthorizedClient Manager/Provider #7116
  • Allow configurable Clock in OAuth2AuthorizedClientProvider impls #7114
  • JwtGrantedAuthoritiesConverter should allow configuring the authority prefix #7101
  • JwtGrantedAuthoritiesConverter should allow configuring the authorities claim name #7100
  • Add authenticationFailureHandler method in OAuth2LoginSpec #7071
  • v5.2.0.M3 docs contain Deprecated example code #7062
  • Multipartfile request with no authentication is still consumed even after an AccessDeniedException is thrown #7060
  • Add OAuth2LoginSpec.authenticationFailureHandler #7051
  • Add Argon2PasswordEncoder #7045
  • Fix docs typo WebSecurityConfigurationAdapter->WebSecurityConfigurerAdapter #7026
  • Add support for Resource Owner Password Credentials grant #7013
  • Jwt decoding should support multiple algorithms #6883
  • Polish Resource Server DSL Error Messaging #6876
  • Remove Invalid WebMvcConfigurer from Sample Documentation #6822
  • Align code in oauth2-client extensions for WebClient #6811
  • OAuth2 Client Credentials Flow: Getting access tokens in the service/data tier #6780
  • Provide Servlet equivalent of UnAuthenticatedServerOAuth2AuthorizedClientRepository #6683
  • Spring Boot + spring-security-oauth2-resource-server should not throw a ClassNotFoundException once it supports more than one token format #6209
  • Support Resource Owner Password Credentials grant #6003
  • Add Argon2PasswordEncoder #5354
  • Add BearerExchangeFilterFunction #5334

🪲 Bug Fixes

  • Remove package tangle in headers #7380
  • Remove OAuth2AuthorizationRequest when a distributed session is used #7334
  • OAuth2AuthorizationRequest not removed from session #7327
  • Use ConcurrentHashMap in InMemoryReactiveClientRegistrationRepository #7308
  • fix footnotes markup #7305
  • add media type jwk-set+json to accept header #7304
  • InMemoryReactiveClientRegistrationRepository should not use ConcurrentReferenceHashMap #7299
  • Fix WebClient Memory Leaks #7293
  • NimbusJwtDecoderJwkSupport only sets 'application/json' Accept header #7290
  • Fix typo in docs #7277
  • Fix UserDetailsPasswordService JavaDoc #7266
  • Ensure filter order is maintained when using springSecurity() along with other filters #7265
  • OnCommittedResponseWrapper fails on static resources served by Tomcat 8.5 #7261
  • Expire as many sessions as exceed maximum allowed #7258
  • Use UTF-8 for compilation #7254
  • Fix NPE in RequestContextSubscriber #7235
  • RequestContextSubscriber could put null value in Reactor Context #7228
  • Fix docs typo WebSecurityConfigurationAdapter->WebSecurityConfigurerAdapter #7181
  • SessionRegistryImpl uses Map.compute #7178
  • SessionAuthenticationStrategy make HttpSecurity.sessionManagement().maximumSessions(1) unavailability #7166
  • Misleading documentation for websocket security #4845
  • SEC-2980: Possible race condition in SessionRegistryImpl #3189
  • SEC-2971: Footnotes are messed up in online docs #3180

🔨 Dependency Upgrades

  • Update to Gretty 2.3.1 #7389
  • Update to OpenSaml 3.3.1 #7388
  • Update to cglib 3.3.0 #7387
  • Update to Spring Data Moore RC3 #7386
  • Update to Spring Framework 5.2.0.RC2 #7371
  • Update to Spring Boot 2.2.0.M5 #7320
  • Update to org.seleniumhq.selenium:htmlunit-driver 2.36.0 #7319
  • Update to hibernate-entitymanager 5.4.4.Final #7318
  • Update to net.sourceforge.htmlunit:htmlunit 2.36.0 #7317
  • Update to commons-codec 1.13 #7316
  • Update to nimbus-jose-jwt 7.8 #7315
  • Update to GAE 1.9.76 #7314

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

Check out latest releases or
releases around spring-projects/spring-security 5.2.0.RC1

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.

Get notifications