github spring-projects/spring-security 5.3.1.RELEASE

latest releases: 6.4.2, 6.3.6, 6.4.1...
4 years ago

⭐ New Features

  • SpringTestContext returns ConfigurableWebApplicationContext #8237
  • OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #8234
  • SwitchUserFilter vulnerable to CSRF #8222
  • Clarify use case for ServerBearerExchangeFilterFunction #8221
  • Update Encryptors documentation for standard and stronger #8211
  • Document JwtGrantedAuthoritiesConverter #8183
  • userNameAttribute case style is different others #8179
  • Document AuthNRequest POST binding support #8165
  • Polish SAML 2.0 Login Sample #8164
  • OpenSamlImplementation should not use reflection #8161
  • Document AuthorizedClientServiceOAuth2AuthorizedClientManager #8153
  • Assign sensible default for OAuth2AuthorizedClientProvider #8151
  • Document OAuth2Authorization success and failure handlers #8146
  • Document Jackson serialization support for OAuth 2.0 Client #8145
  • Document OAuth 2.0 Authorization Request improvements #8133
  • Document OAuth 2.0 Login XML Support #8132
  • Document OAuth 2.0 Client XML Support #8131
  • Basic auth header without user results in exception #8122
  • Document AuthenticationEventPublisher improvements #8103
  • Typo 'properites' -> 'properties' in documentation #8098
  • Document OAuth 2.0 Resource Server XML Support #8094
  • Provide spring-security-5*.xsd for https://www.springframework.org/schema/security/ #8091
  • Document OIDC Logout Success Handler Improvements #8088
  • Add OAuth 2.0 Test Support Docs #8087
  • Update test to have comment about secure salt length #8084
  • Document JwtClaimValidator #8076

🪲 Bug Fixes

  • HttpServletRequest.logout() not functioning #8238
  • OAuth2 ClientRegistrations NPE when UserInfo endpoint missing #8209
  • oauth2Login WebFlux should not auto-redirect for XHR request #8201
  • Fix OAuth2AuthorizationRequest additionalParameters/attributes Consumer #8178
  • RSocket test should throw AccessDeniedException #8160
  • Make OAuth2ErrorHttpMessageConverter more resilient #8158
  • Fix typo in Javadoc of HttpSecurity#csrf() #8134
  • NPE thrown when token response contains a null value #8121
  • Google's top result for "Spring Security Reference" returns a 404 #8086
  • 5.3.0 Documentation What's New has some broken links #8069

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.