This release fixes a problem with the release of 5.4.3
⭐ New Features
- Migrate SAML 2.0 Samples to Use PCFOne #9369
- Resolve artifacts from Maven Central first #9367
- Use constant time comparisons for CSRF tokens #9357
- Improve HttpSessionSecurityContextSessionRepository Performance #9388
🪲 Bug Fixes
- OAuth2ResourceServerSpecTests and OAuth2WebClientControllerTests fail #9426
- Fix custom marshaller example #9409
- Fix beanResolver missing in CurrentSecurityContextArgumentResolver. #9403
- CurrentSecurityContextArgumentResolver should configure BeanResolver #9402
- Consider downgrading to Nimbus 8 #9399
- Remove notEmpty check for authorities in DefaultOAuth2User #9396
- Wrong example name in Spring Security documentation #9383
- Make user info response status check error only #9376
- Malformed WWW-Authenticate Causes NPE #9364
- CsrfWebFilter creates CsrfException with incorrect message when no token is found #9338
- Exception when declaring multiple AuthenticationManager beans #9332
- webflux-x509 sample cert needs renewal #9322
- OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray #9258