github spring-projects/spring-security 5.3.0.RELEASE
on GitHub

latest releases: 6.4.2, 6.3.6, 6.4.1...
4 years ago

⭐ New Features

  • Update What's New Section #8062
  • Document JdbcOAuth2AuthorizedClientService #8061
  • Add oauth2login xml sample #8060
  • Update doc diagram palette to use sans-serif font #8057
  • Add SecurityFilterChain Figure #8055
  • oauth2Client Test Support should allow configuration of principal name #8054
  • Add Kotlin Configuration section to docs #8051
  • Add anchors to SAML 2.0 documentation #8049
  • Update UserDetailsService Docs #8048
  • Add Figures to Basic Authentication Docs #8039
  • Add Link to DispatcherServlet in Filter Review Doc #8036
  • Add Figures to Form Log In Docs #8035
  • Add Figure for AuthenticationEntryPoint Docs #8030
  • Add ProviderManager to Docs #8029
  • Custom ServerHttpHeadersWriter to HeaderSpec #8028
  • Add hasRole(String) to authorizeRequests in Kotlin DSL #8023
  • Add missing @FunctionalInterface in oauth2 modules #8020
  • Provide configurable Clock in OidcIdTokenValidator #8019
  • Add OAuth2AuthorizeRequest.Builder.principal(String) #8018
  • Extract AuthenticationManager Docs #8006
  • Extract SecurityContextHolder, SecurityContext, Authentication, and GrantedAuthority Docs #8005
  • Add AbstractAuthenticationProcessingFilter Docs #8004
  • Extract AuthenticationEntryPoint Docs #8003
  • Extract ExceptionTranslationFilter Docs #8002
  • Extract FilterSecurityInterceptor Docs #8001
  • Use Color Palette that is Accessible for Color Blind #8000
  • Create a palette.odg #7999
  • Add Numbers Icons #7998
  • Instantiate exceptions lazily #7996
  • JwtIssuerReactiveAuthenticationManagerResolver eagerly creates Exceptions #7995
  • OAuth2AuthorizationRequest.Builder should configure additional parameters with a consumer #7993
  • Add OAuth2Authorization success/failure handlers #7986
  • Refactor Duplicate Security Filter Chain Doc #7979
  • Fix Asciidoctor Warnings #7973
  • Use Kotlin DSL Marker Annotations to prevent scope leaking #7971
  • Add JwtClaimValidator #7962
  • Support custom filter in Kotlin DSL #7951
  • Option for default event in DefaultAuthenticationEventPublisher #7937
  • DefaultAuthenticationEventPublisher is now configurable via a Map #7925
  • Add oauth2Client WebTestClient Test Support #7910
  • Nimbus OpaqueTokenIntrospectors should differentiate token and service errors #7902
  • OAuth 2.0 Client supports application clustering #7889
  • Add JwtIssuerReactiveAuthenticationManagerResolver #7887
  • Consider adding JwtClaimValidator #7860
  • Add ReactiveJwtIssuerAuthenticationManagerResolver and Reactive Multi Tentant Examples #7857
  • Add JDBC implementation of OAuth2AuthorizedClientService #7855
  • Set default redirect in OidcClientInitiatedServerLogoutSuccessHandler #7842
  • Introduce OAuth2Authorization success/failure handlers #7840
  • Add Opaque Token Reactive Test Support #7827
  • DefaultAuthenticationEventPublisher should allow configuring a default event #7825
  • DefaultAuthenticationEventPublisher should be configurable via Map #7824
  • Oauth2login xmlconfig implementation #7821
  • OAuth 2.0 Resource Server XML Support #7775
  • SAML AuthNRequest Signatures - Step 2 #7759
  • SAML AuthNRequest Signatures - Step 1 #7758
  • Simplify customizing OAuth2AuthorizationRequest #7748
  • SAML2 HTTP-Redirect: Missing Signature and SigAlg parameters in SAMLRequest Url (AuthNRequest) #7711
  • Consider adding switch to enable or disable OIDC nonce #7696
  • Getting OAuth2AuthenticationException when Bearer token is empty #7668
  • Provide JDBC implementation of OAuth2AuthorizedClientService #7655
  • Add custom ServerHttpHeadersWriter to HeadersSpec #7636
  • RefreshTokenOAuth2AuthorizedClientProvider does not handle expired refresh token #7583
  • Fix typo 'is' -> 'if' in javadoc #7559
  • Saml2LoginConfigurer should expose AuthenticationManager setter #7374
  • Provide XML namespace support for OAuth 2.0 Resource Server #5185
  • Provide XML namespace support for OAuth 2.0 Client #5184
  • Migrate Groovy to Java #4939
  • Provide XML namespace support for OAuth2Login #4557

🪲 Bug Fixes

  • Typo fix #8059
  • Fix typo in AntPathRequestMatcher contructor comment #8042
  • Docs Should Style Links that are Code as Link #8038
  • An AuthenticationManager is required. Oauth2ResourceServer + anonymous disable #8031
  • Tab switching does not work in documentation code samples #8025
  • Build failure with NoClassDefFoundError on javax/mail/internet #7994
  • Remove Duplicate Runtime Environment From Docs #7980
  • OAuth2AuthorizationCodeGrantWebFilter should also match on query parameters #7966
  • OAuth2AuthorizationCodeGrantFilter should also match on query parameters #7963
  • fix #7952 Don't force downcasting of RequestAttributes to ServletRequestAttributes #7953
  • ClassCastException for ServletRequestAttributes #7952
  • Prevent double-escaping of authorize URL parameters #7881
  • Resource Server clientCredentials take precedence over introspector in Kotlin DSL #7878
  • Resource Server jwkSetUri takes precedence over jwtDecoder in Kotlin DSL #7877
  • Error in WebSecurityConfigurer Javadoc #7876
  • Query parameters in authorization-url are double-encoded #7871
  • OAuth2 access token response parsing fails with nested JSON object #6463

🔨 Dependency Upgrades

  • Update to Gradle 6.2.2 #8065
  • Update Kotlin to 1.3.70 #8064
  • Update Spring Boot to 2.2.5 #8063
  • Update to spring-build-conventions:0.0.31.RELEASE #8058
  • Update dependencies #8056
  • Update to spring-build-conventions:0.0.29.RELEASE #7974

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

Check out latest releases or
releases around spring-projects/spring-security 5.3.0.RELEASE

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.

Get notifications