🪲 Bug Fixes
- StaticServerHttpHeadersWriter should work with case-insensitive header names #10583
- Invalid_request failures in JwtTokenValidators are always turned into invalid_token errors #10562
- MissingCsrfTokenException message is misleading when not storing the CSRF tokens in the session #10532
- Documentation has wrong code example in the 'Customizing OpenSAML’s AuthnRequest Instance' section #10528
- Multi-tenancy Documentation -
com.nimbusds.jwt.proc.JWTProcessor
does not have asetJWTClaimSetJWSKeySelector
method #10521 - Multi-tenancy Documentation - JwtDecoder sample has multiple errors #10517
- Oauth2 Resource Server will not retry on first failure with Multi-tenancy #10485
- WebInvocationPrivilegeEvaluator does not provide a way to pass a ServletContext #10437