github spring-projects/spring-security 5.8.0
on GitHub

latest releases: 6.4.0-M4, 6.4.0-M3, 6.3.3...
22 months ago

⭐ New Features

  • Add Kotlin example showing integration with WebTestClient #11611
  • Add MethodExpressionAuthorizationManager #11502
  • Add Polish localization to error messages from ExceptionTranslationFi… #12201
  • Add support AuthorizationManager + #11503
  • AnonymousAuthenticationFilter should cache its Supplier #11900
  • CookieServerCsrfTokenRepository doesn't support setting MaxAge #11441
  • DefaultFilterChainValidator should check AuthorizationFilter #11473
  • Deprecate Resource Owner Password Credentials grant #11591
  • Document Configure Default CsrfToken BREACH Protection #12107
  • Document Defer load CsrfToken #12105
  • Document DelegatingSecurityContextRepository #12069
  • Document deprecations in oauth2-client #12193
  • Document how to opt-in for SHA256 in RememberMe #12097
  • Document how to use the new requestMatchers and securityMatchers #12100
  • Document Migration to SecurityContextHolderFilter #12098
  • Document new oauth2Login() authority defaults #12188
  • Document reactive CSRF migration steps #12226
  • Document Saved Requests Spring Security 6 Migration #12089
  • Document Update to 5.8 for Migration Guide #12196
  • Fix Javadoc in EnableWebSocketSecurity #12211
  • Improve deprecation notice in WebSecurityConfigurerAdapter #12261
  • InterceptMethodsBeanDefinitionDecorator should allow using AuthorizationManager #11469
  • Migration guide for CAS support removal #12240
  • Preparation and Migration Guides should point to each other #12093
  • Preparation Guide should follow Reference Manual standards #12096
  • Preparation Guide should show opt-out steps after opt-in steps #12104
  • Provide guide for migrating from FilterSecurityInterceptor to AuthorizationFilter #11337
  • Register FilterChainProxy for All Dispatcher Types Migration Steps #12186
  • SAML: OpenSaml4AuthenticationProvider.createDefaultAssertionValidator() should make it easier to add ValidationContext static parameters #11675
  • trigger partial docs build on push (5.8.x) #12195

🪲 Bug Fixes

  • AuthenticationServiceException propagation flag is unconfigurable in 5.8 #12132
  • CsrfAuthenticationStrategy does not check for existing token #12236
  • CsrfAuthenticationStrategy does not regenerate CsrfToken with CookieCsrfTokenRepository #12141
  • fix deploy docs workflow (5.8.x) #12197
  • Fix saganCreateRelease saganDeleteRelease Required Permissions #11424
  • Incorrect scope map fix #12206
  • IpAddressServerWebExchangeMatcher throws NullPointerException with framework forward-headers-strategy #12076
  • org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute" #11604
  • SAML logout: Incorrect log messages #12209
  • Saml2MetadataFilter response should configure writer to UTF-8 #12222
  • SEC-2839: SecurityNamespaceHandler - related to SEC-1455 #12126
  • SecurityContextRepository.loadContext(HttpServletRequest) cache result #11391
  • Spring Security Bcrypt with strength/log rounds = 31 results in 'Bad number of rounds' error although 31 should be ok #11483
  • Update the RP-initiated Logout links #12122

🔨 Dependency Upgrades

  • Change gradle.plugin.org.gretty:gretty:3.0.1 to org.gretty:gretty:3.0.9 #12154
  • Update aspectj-plugin to 6.5.0.3 #11583
  • Update assertj-core to 3.23.1 #11572
  • Update com.nimbusds to 9.38.1 #11570
  • Update Gradle to 7.5.1 #12158
  • Update hibernate-entitymanager to 5.6.10.Final #11578
  • Update hibernate-entitymanager to 5.6.14.Final #12245
  • Update hsqldb to 2.7.1 #12246
  • Update htmlunit to 2.63.0 #11575
  • Update htmlunit-driver to 2.63.0 #11580
  • Update io.projectreactor to 2020.0.21 #11567
  • Update io.projectreactor to 2020.0.25 #12243
  • Update io.spring.javaformat to 0.0.34 #11573
  • Update jackson-bom to 2.13.3 #11574
  • Update jsonassert to 1.5.1 #11581
  • Update junit-bom to 5.9.0-RC1 #11571
  • Update mockk to 1.12.4 #11568
  • Update org.eclipse.jetty to 9.4.48.v20220622 #11576
  • Update org.jetbrains.kotlin to 1.7.10 #11582
  • Update org.jetbrains.kotlin to 1.7.21 #12247
  • Update org.jetbrains.kotlinx to 1.6.4 #11566
  • Update org.springframework to 5.3.22 #11569
  • Update org.springframework to 5.3.24 #12248
  • Update org.springframework.data to 2021.2.2 #11579
  • Update org.springframework.data to 2021.2.6 #12249
  • Update reactor-netty to 1.0.25 #12244
  • Update spring-ldap-core to 2.4.1 #11577

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

Check out latest releases or
releases around spring-projects/spring-security 5.8.0

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.

Get notifications