⭐ New Features
- Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository #9921
🪲 Bug Fixes
- Disabling logout keeps LogoutPageGeneratingWebFilter registered at /logout #9948
- Adding filters relative to custom ones is broken #9910
- SEC-3139: Anonymous authentication token not passed to Controller #9893
- Clarify quick start section in README #9888
- RSocket and WebClient with Security refCount: 0 #9873
- URL encode client credentials #9866
- Client credentials not correctly encoded in Basic Auth #9863
- Docs should state default value for Resource Server validation clock skew is 60 seconds #9851
- DefaultSpringSecurityContextSource can't handle spaces in baseDn #9809
- OAuth2ErrorResponseErrorHandler throws IllegalArgumentException for a nonstandard HTTP status code response #9804
- docs.af.pivotal.io->docs-ip.spring.io #9688
- WebFlux httpBasic() should match on XHR requests #9665
- HttpSecurity.addFilter* with same Filter in Different Position Places in Incorrect Location #9645
- oauth2Login() generates authorization links for "client_credentials" grant type #9639
🔨 Dependency Upgrades
- Update to Spring LDAP Core 2.3.4.RELEASE #9968
- Update to org.slf4j 1.7.31 #9967
- Update to HSQLDB 2.5.2 #9966
- Update to hibernate-entitymanager 5.4.32.Final #9965
- Update to Jetty 9.4.42.v20210604 #9964
- Update to embedded Apache Tomcat 9.0.48 #9963
- Update to embedded Tomcat websocket 8.5.68 #9962
- Update ehcache to 2.10.9.2 #9961
- Update to jaxb-impl 2.3.4 #9960
- Update to RSocket 1.0.5 #9959
- Update to Spring Framework 5.2.15.RELEASE #9958
- Update to Reactor Dysprosium-SR20 #9957
- Upgrade to nohttp 0.0.8 #9956
❤️ Contributors
We'd like to thank all the contributors who worked on this release!