⭐ New Features
- Consider adding a link checker to build #9972
- Use Job Outputs to Transmit Error #9928
- Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository #9917
- Combine different OS Build in one CI Job #9798
- Use GPG_PRIVATE_KEY directly #9778
🪲 Bug Fixes
- Update links to point to migrated samples #9971
- Add messaging to documentation about sample migration #9970
- Fix broken links in docs #9969
- CORS section is missing in Reactive reference documentation #9952
- RSocket documentation mentions non-existent class #9950
- Disabling logout keeps LogoutPageGeneratingWebFilter registered at /logout #9941
- Missing log of "caused by" exception when OP document metadata cannot be reached #9939
- Missing support for private_key_jwt in ClientRegistrations #9936
- Allow client registration from issuer uri with no authorize_endpoint #9935
- Missing support for urn:ietf:params:oauth:grant-type:jwt-bearer in ClientRegistrations #9934
- Using the SecurityMockServerConfigurers.java requires the com.nimbusds oauth2-oidc-sdk on the classpath #9929
- Jwt client authentication converter should detect new key #9927
- Adding filters relative to custom ones is broken #9906
- SEC-3139: Anonymous authentication token not passed to Controller #9890
- Clarify quick start section in README #9885
- RSocket and WebClient with Security refCount: 0 #9870
- spring-security-config kotlin-stdlib-jdk8 dependency isn't optional #9864
- Client credentials not correctly encoded in Basic Auth #9858
- Docs should state default value for Resource Server validation clock skew is 60 seconds #9849
- OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #9819
- DefaultSpringSecurityContextSource can't handle spaces in baseDn #9806
- OAuth2ErrorResponseErrorHandler throws IllegalArgumentException for a nonstandard HTTP status code response #9805
- NPE in HttpSessionSecurityContextRepository.isTransientAuthentication #9801
- Fix Build Scan in Build Windows CI Job #9797
- GitHub Actions only Activated for main #9777
- Artifactory missing mavenJava publication #9774
- spring-security-core depends on spring-security-crypto #9773
🔨 Dependency Upgrades
- Update org.springframework to 5.3.8 #9984
- Update org.slf4j to 1.7.31 #9983
- Update org.jetbrains.kotlin to 1.5.10 #9982
- Update hibernate-entitymanager to 5.4.32.Final #9981
- Update org.eclipse.jetty to 9.4.42.v20210604 #9980
- Update io.rsocket to 1.1.1 #9979
- Remove commons-codec constraint #9977
- Update to OpenSAML 4.1.1 #9976
- Update to nimbus-jose-jwt 9.10 #9975
- Update to oauth2-oidc-sdk 9.9 #9974