⭐ New Features
- Improve HttpSessionSecurityContextSessionRepository Performance #9391
- Improve HttpSessionSecurityContextSessionRepository Performance #9389
- Migrate SAML 2.0 Samples to Use PCFOne #9370
- Resolve artifacts from Maven Central first #9368
- Use constant time comparisons for CSRF tokens #9358
🪲 Bug Fixes
- OAuth2ResourceServerSpecTests and OAuth2WebClientControllerTests fail #9427
- CurrentSecurityContextArgumentResolver should configure BeanResolver #9405
- Fix beanResolver missing in CurrentSecurityContextArgumentResolver. #9404
- Remove notEmpty check for authorities in DefaultOAuth2User #9397
- Wrong example name in Spring Security documentation #9384
- CsrfWebFilter creates CsrfException with incorrect message when no token is found #9339
- webflux-x509 sample cert needs renewal #9323
- OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray #9259