github spring-projects/spring-security 5.2.2.RELEASE

latest releases: 6.4.2, 6.3.6, 6.4.1...
4 years ago

⭐ New Features

  • Don't cache requests with Accept: text/event-stream by default. #7744
  • Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7717
  • Remove redundant validation for redirect-uri #7707
  • Polish oauth2-client Error-handling Tests #7647
  • Remove unnecessary code in SecurityExpressionRoot #7635
  • Extract HTTPS Documentation #7626
  • Remove unnecessary code in SecurityExpressionRoot #7601
  • Make jwks_uri optional for RFC 8414 and required for OpenID Connect #7573

🪲 Bug Fixes

  • Form login requiresAuthenticationMatcher is not used in WebFlux #7867
  • Form Login authenticationFailureHandler is not used in ServerHttpSecurity #7866
  • BasicAuthenticationFilter ignores credentials charset #7859
  • Default LDIF file not picked up in LDAP "unboundid" mode #7852
  • Incorrect LDIF file example in LDAP documentation #7849
  • Use the custom ServerRequestCache that the user configures #7753
  • RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7751
  • Disabling logout in WebFlux does nothing #7742
  • Saml2Authentication isn't serializable #7739
  • Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7738
  • CompositeServerHttpHeadersWriter Should Execute Sequentially #7732
  • DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7729
  • DelegatingServerLogoutHandler Should Execute Sequentially #7725
  • WebFlux oauth2Login returns 500 when bad client credentials #7703
  • Correctly configure authorization requests repository for OAuth2 login #7690
  • Correctly configure authorization requests repository for OAuth2 login #7689
  • DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7684
  • Update @MessageMapping to match input/output cardinality #7669
  • Add http and https spring.schema mappings #7623
  • Avoid toString in favor of getName in order to extract sid #6354

🔨 Dependency Upgrades

  • Update to Spring Boot 2.2.4 #7909
  • Update to org.slf4j 1.7.30 #7908
  • Update to org.powermock 2.0.5 #7907
  • Update to hibernate-validator 6.1.2.Final #7906
  • Update to hibernate-entitymanager 5.4.10.Final #7905
  • Update to org.aspectj 1.9.5 #7904
  • Update to httpclient 4.5.11 #7903
  • Update to commons-codec 1.14 #7899
  • Update to com.squareup.okhttp3 3.14.6 #7898
  • Update to Jackson 2.10.2 #7897
  • Update to Reactor Dysprosium SR4 #7896
  • Update to Spring Data Moore SR3 #7895
  • Update to Spring Framework 5.2.3 #7894
  • Update nimbus-jose-jwt because of CVE-2019-17195 #7570

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.