github spring-projects/spring-security 5.2.3.RELEASE
on GitHub

latest releases: 6.4.0-RC1, 5.7.13, 5.8.15...
4 years ago

⏪ Non-passive

  • SwitchUserFilter vulnerable to CSRF #8223

⭐ New Features

  • SpringTestContext returns ConfigurableWebApplicationContext #8240
  • OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #8235
  • Update Encryptors documentation for standard and stronger #8212
  • Getting OAuth2AuthenticationException when Bearer token is empty #8207
  • Document AuthorizedClientServiceOAuth2AuthorizedClientManager #8159
  • Basic auth header without user results in exception #8123
  • Typo 'properites' -> 'properties' in documentation #8099

🪲 Bug Fixes

  • Update tests to use absolute paths #8260
  • HttpServletRequest.logout() not functioning #8241
  • OAuth2 ClientRegistrations NPE when UserInfo endpoint missing #8210
  • oauth2Login WebFlux should not auto-redirect for XHR request #8202
  • Make OAuth2ErrorHttpMessageConverter more resilient #8180
  • RSocket test should throw AccessDeniedException #8155
  • Fix typo in Javadoc of HttpSecurity#csrf() #8137
  • Empty RelayState causes errors with ADFS #8070
  • Fix typo in AntPathRequestMatcher contructor comment #8045
  • An AuthenticationManager is required. Oauth2ResourceServer + anonymous disable #8040
  • OAuth2 access token response parsing fails with nested JSON object #8021
  • Fix typo in snippet code 'jwtAuthenticationConveter' -> 'jwtAuthenticationConverter' #7969
  • OAuth2AuthorizationCodeGrantWebFilter should also match on query parameters #7967
  • OAuth2AuthorizationCodeGrantFilter should also match on query parameters #7964
  • Query parameters in authorization-url are double-encoded #7960
  • Don't force downcasting of RequestAttributes to ServletRequestAttributes #7959
  • ClassCastException for ServletRequestAttributes #7958

🔨 Dependency Upgrades

  • Update RSocket to 1.0.0-RC6 #8280
  • Update to reactive-streams 1.0.3 #8279
  • Update to OpenSAML 3.4.5 #8278
  • Update to hibernate-entitymanager 5.4.13.Final #8277
  • Update to hibernate-core 5.2.18.Final #8276
  • Update blockhound to 1.0.3.RELEASE #8275
  • Update to unboundid-ldapsdk 4.0.14 #8274
  • Update to okhttp 3.14.7 #8259
  • Update to Jackson 2.10.3 #8258
  • Update to mockwebserver 3.14.7 #8257
  • Update to org.powermock 2.0.6 #8255
  • Upgrade to embedded Apache Tomcat 9.0.33 #8254
  • Update to httpclient 4.5.12 #8253
  • Update to Spring Boot 2.2.6.RELEASE #8252
  • Update to GAE 1.9.79 #8251
  • Update to Reactor Dysprosium-SR6 #8250
  • Update to Spring Framework 5.2.5 #8249
  • Update to Spring Data Moore-SR6 #8248
  • Update to Jetty 9.4.22.v20191022 #7507
Check out latest releases or
releases around spring-projects/spring-security 5.2.3.RELEASE

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.

Get notifications