spring-projects/spring-security 5.6.0-M1 on GitHub

⏪ Breaking Changes

Client credentials not correctly encoded in Basic Auth #9610
CookieClearingLogoutHandler cannot delete cookie when servlet context path is set #8846
spring-security-core depends on spring-security-crypto #9767

⭐ New Features

Access Token Response supports any data type #9779
Add AuthenticationDetailsSource to Form Login Kotlin DSL #9837
Add AuthenticationDetailsSource to OAuth2 Login Kotlin DSL #9838
Add Kotlin samples to the reference documentation #8172
Add method authorizeHttpRequests with defaults only #9612
Add RequestedUrlRedirectInvalidSessionStrategy implemention of InvalidSessionStrategy #9632
Add SecurityContext to delegating TaskScheduler #9532
Add support for any data type in Access Token Response #9685
Allow configuration of AuthenticationManager in saml2Login Kotlin DSL #9905
Allow multiple security annotations on a method (combining result of evaluations with AND operator) #4003
Anonymous in ExceptionTranslationWebFilter #9508
AuthorizationManager + Method Security Support #9289
Consider adding a link checker to build #9818
Consider adding springFrameworkVersion property #9954
DigestAuthenticationFilter decodes nonce only once #8455
GlobalMethodSecurity and multiple annotation ordering #4103
HttpSecurity DSL should accept an AuthenticationManager #10040
HttpSecurityConfigurer should have a no-parameter method for authorizeHttpRequests #9498
Improve Error Message for Invalid Properties in InMemoryUserDetailsManager #9919
Improve Error Messages in XsdDocumentedTests #9829
Include Port in DNS SRV type lookups #9030
Introduce samplesBranch property #10019
JWT Kotlin DSL should accept an AuthenticationManager #10045
Load ReactiveJwtAuthenticationConverter bean in OAuth2 Resource Server config #9699
Make XsdDocumentedTests Parsing More Lenient #9830
Mark methodSecurityMetadataSource as infrastructure bean #9860
Migrate JUnit 4 to 5 #9467
Multiple Pre or PostAuthorization Annotations #9452
OpaqueToken Kotlin DSL should accept an AuthenticationManager #10044
Provide KeyInfo as part of the Signature object when an object is signed #9746
Remove DependencySetPlugin #10070
Remove PowerMock Dependency #6025
Replace < and > with &lt and &gt in Javadoc #9847
SAML docs should encourage OpenSAML 4 usage #10014
ServerHttpSecurity Kotlin DSL should accept a ReactiveAuthenticationManager #10053
Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository #9912
Support A Well-Known URL for Changing Passwords #8688
Support for X509 Certificate in RsaKeyConverters #9736 #9853
Update to Spring Security 5.6 #9695
Use GPG_PRIVATE_KEY directly #9776
Use the new springFrameworkVersion property in docs' links #9987

🔨 Dependency Upgrades

Update assertj-core to 3.20.2 #10096
Update com.nimbusds to 9.10.1 #10089
Update hibernate-entitymanager to 5.5.3.Final #10099
Update htmlunit to 2.51.0 #10094
Update htmlunit-driver to 2.51.0 #10102
Update io.projectreactor to 2020.0.9 #10091
Update io.rsocket to 1.1.1 #10093
Update jackson-bom to 2.12.4 #10086
Update jackson-databind to 2.12.4 #10087
Update jackson-datatype-jsr310 to 2.12.4 #10088
Update mockk to 1.12.0 #10090
Update org.aspectj to 1.9.7 #10095
Update org.bouncycastle to 1.69 #10097
Update org.eclipse.jetty to 9.4.43.v20210629 #10098
Update org.jetbrains.kotlin to 1.5.21 #10100
Update org.jetbrains.kotlinx to 1.5.1 #10101
Update org.slf4j to 1.7.31 #10103
Update org.springframework to 5.3.9 #10104
Update org.springframework.data to 2021.1.0-M1 #10105
Update reactor-netty to 1.0.9 #10092
Update to org.mockito 3.11.2 #10054

❤️ Contributors

We'd like to thank all the contributors who worked on this release!