⏪ Breaking Changes
- ServerHttpBasicAuthenticationConverter uses platform's default charset #10903
- Use utf-8 in ServerHttpBasicAuthenticationConverter #10911
⭐ New Features
OidcClientInitiatedLogoutSuccessHandlerresolves redirect uri placeholders #10935- Add support in xml configuration #9012
- Add InResponseTo validation support #9174
- Add Jackson Support for saml2 Module #10907
- Add Kotlin example for SecuritySocketAcceptorInterceptor of RSocket #10932
- Add method to customize EntityDescriptor and SPSSODescriptor #10925
- Add OpenSamlMetadataResolver#setEntityDescriptorCustomizer #10839
- Add Persistence to Documentation #10962
- Add RequestAttributeSecurityContextRepository #10918
- Add SAML 2.0 Login and Logout XML Support #10685
- Add SAML 2.0 Single Logout XML Support #10842
- Add SecurityContextHolderFilter #9635
- Add support for customizing claims in JWT Client Assertion #10972
- Add support for validation of InResponseTo attribute when validating SAML2 responses #10849
- Consider adding factory method to
UsernamePasswordAuthenticationToken#10790 - Consider enabling PKCE for confidential clients #6548
- fix gh_10846 #10898
- HttpSessionSecurityContextRepository saves with original response #10947
- Implemented Add Kotlin example for SecuritySocketAcceptorInterceptor o… #10936
- OAuth2AuthorizedClientArgumentResolver couldn't use ReactiveOAuth2AuthorizedClientManager registered in the Context #10846
- Polish UsernamePasswordAuthenticationFilter method #10970
- Provide ability to customize claims in Jwt Client Assertion #9855
- UsernamePasswordAuthenticationToken factory methods #10901
🪲 Bug Fixes
- AuthorizationManagerWebInvocationPrivilegeEvaluator should grant access when AuthorizationManager abstains #10950
- Change HashSet to LinkedHashSet for RelyingPartyRegistration credentials #10912
- DefaultSecurityFilterChain: Wrong log message "Will not secure" #10909
- Edit declaration of PasswordEncoder interface of Cryptography section #10922
- Edit declaration of PasswordEncoder interface of Cryptography section #10910
- Line breaks in Base64 encoded LogoutResponse cause an IllegalArgumentException #10923
- Preserve order of RelyingPartRegistration credentials #10924
🔨 Dependency Upgrades
- Update com.nimbusds to 9.31 #11003
- Update hibernate-entitymanager to 5.6.7.Final #11008
- Update htmlunit to 2.60.0 #11007
- Update htmlunit-driver to 2.60.0 #11010
- Update io.projectreactor to 2020.0.17 #11005
- Update jackson-bom to 2.13.2 #11000
- Update jackson-databind to 2.13.2 #11001
- Update jackson-datatype-jsr310 to 2.13.2 #11002
- Update logback-classic to 1.2.11 #10999
- Update mockk to 1.12.3 #11004
- Update org.jetbrains.kotlin to 1.6.20-RC #11009
- Update org.springframework to 5.3.17 #11011
- Update reactor-netty to 1.0.17 #11006
- Update spring-data-bom to 2021.2.0-M4 #11014
- Update spring-data-jpa to 2.7.0-M4 #11012
❤️ Contributors
We'd like to thank all the contributors who worked on this release!