github spring-projects/spring-security 5.3.10.RELEASE

latest releases: 6.4.2, 6.3.6, 6.4.1...
3 years ago

⭐ New Features

  • Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository #9915

🪲 Bug Fixes

  • Disabling logout keeps LogoutPageGeneratingWebFilter registered at /logout #9945
  • Using the SecurityMockServerConfigurers.java requires the com.nimbusds oauth2-oidc-sdk on the classpath #9932
  • Adding filters relative to custom ones is broken #9909
  • SEC-3139: Anonymous authentication token not passed to Controller #9892
  • Clarify quick start section in README #9887
  • RSocket and WebClient with Security refCount: 0 #9872
  • Client credentials not correctly encoded in Basic Auth #9862
  • Docs should state default value for Resource Server validation clock skew is 60 seconds #9850
  • OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #9821
  • DefaultSpringSecurityContextSource can't handle spaces in baseDn #9808
  • OAuth2ErrorResponseErrorHandler throws IllegalArgumentException for a nonstandard HTTP status code response #9803
  • NPE in HttpSessionSecurityContextRepository.isTransientAuthentication #9799
  • docs.af.pivotal.io->docs-ip.spring.io #9687
  • Buffer LEAK detected by ResourceLeakDetector in AuthenticationPayloadExchangeConverter #9682
  • WebFlux httpBasic() should match on XHR requests #9664
  • HttpSecurity.addFilter* with same Filter in Different Position Places in Incorrect Location #9644
  • oauth2Login() generates authorization links for "client_credentials" grant type #9638

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.