⭐ New Features
- Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository #9920
🪲 Bug Fixes
- Disabling logout keeps LogoutPageGeneratingWebFilter registered at /logout #9942
- Missing log of "caused by" exception when OP document metadata cannot be reached #9940
- Using the SecurityMockServerConfigurers.java requires the com.nimbusds oauth2-oidc-sdk on the classpath #9930
- Adding filters relative to custom ones is broken #9908
- SEC-3139: Anonymous authentication token not passed to Controller #9891
- Clarify quick start section in README #9886
- RSocket and WebClient with Security refCount: 0 #9871
- Client credentials not correctly encoded in Basic Auth #9861
- Docs should state default value for Resource Server validation clock skew is 60 seconds #9848
- OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #9820
- DefaultSpringSecurityContextSource can't handle spaces in baseDn #9807
- OAuth2ErrorResponseErrorHandler throws IllegalArgumentException for a nonstandard HTTP status code response #9802
- NPE in HttpSessionSecurityContextRepository.isTransientAuthentication #9800
- docs.af.pivotal.io->docs-ip.spring.io #9686
- Buffer LEAK detected by ResourceLeakDetector in AuthenticationPayloadExchangeConverter #9681
- NullPointerException in StrictHttpFirewall spring-security-web version 5.4.5 #9674
- WebFlux httpBasic() should match on XHR requests #9662
- HttpSecurity.addFilter* with same Filter in Different Position Places in Incorrect Location #9643
- oauth2Login() generates authorization links for "client_credentials" grant type #9637