⭐ New Features
- Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository #9915
🪲 Bug Fixes
- Disabling logout keeps LogoutPageGeneratingWebFilter registered at /logout #9945
- Using the SecurityMockServerConfigurers.java requires the com.nimbusds oauth2-oidc-sdk on the classpath #9932
- Adding filters relative to custom ones is broken #9909
- SEC-3139: Anonymous authentication token not passed to Controller #9892
- Clarify quick start section in README #9887
- RSocket and WebClient with Security refCount: 0 #9872
- Client credentials not correctly encoded in Basic Auth #9862
- Docs should state default value for Resource Server validation clock skew is 60 seconds #9850
- OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #9821
- DefaultSpringSecurityContextSource can't handle spaces in baseDn #9808
- OAuth2ErrorResponseErrorHandler throws IllegalArgumentException for a nonstandard HTTP status code response #9803
- NPE in HttpSessionSecurityContextRepository.isTransientAuthentication #9799
- docs.af.pivotal.io->docs-ip.spring.io #9687
- Buffer LEAK detected by ResourceLeakDetector in AuthenticationPayloadExchangeConverter #9682
- WebFlux httpBasic() should match on XHR requests #9664
- HttpSecurity.addFilter* with same Filter in Different Position Places in Incorrect Location #9644
- oauth2Login() generates authorization links for "client_credentials" grant type #9638