⭐ New Features
- Improve HttpSessionSecurityContextSessionRepository Performance #9390
- Migrate SAML 2.0 Samples to Use PCFOne #9371
- Use constant time comparisons for CSRF tokens #9359
🪲 Bug Fixes
- OAuth2ResourceServerSpecTests and OAuth2WebClientControllerTests fail #9428
- Fix beanResolver missing in CurrentSecurityContextArgumentResolver. #9406
- Remove notEmpty check for authorities in DefaultOAuth2User #9398
- CsrfWebFilter creates CsrfException with incorrect message when no token is found #9340
- webflux-x509 sample cert needs renewal #9321
- OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray #9260
🔨 Dependency Upgrades
- Update to GAE 1.9.86 #9442
- Update to Tomcat 9.0.43 #9441
- Update to Jetty 9.4.36.v20210114 #9440
- Update to hibernate-validator 6.1.7.Final #9439
- Update to hibernate-entitymanager 5.4.28.Final #9438
- Update to thymeleaf-spring5 3.0.12 #9437
- Update to Spring Data Moore-SR12 #9436
- Update to Reactor Dysprosium-SR16 #9435
- Update to Spring Framework 5.2.12.RELEASE #9434
- Update to Spring Boot 2.2.13.RELEASE #9433