⏪ Breaking Changes
- Make X-Xss-Protection header value configurable in ServerHttpSecurity #11908
⭐ New Features
- Add 'securityMatcher' as an alias of 'requestMatcher' #9159
- Add CsrfTokenRepository.loadDeferredToken(HttpServletRequest, HttpServletResponse) #11918
- Add csrfTokenRequestHandler to Kotlin DSL #11952
- Add DeferredSecurityContext and DelegatingSecurityContextRepository #12044
- Add opt-in strategy in for Authentication(Web)Filter should return a 500 on AuthenticationServiceExceptions #11932
- Add reactive support for BREACH to CsrfWebFilter #11959
- Add SecurityContextHolderStrategy to RequestAttributeSecurityContextRepository #11895
- Add static factory method to AntPathRequestMather and RegexRequestMather #11965
- Add static factory methods to RequestMatcher implementations #11938
- Add X-Xss-Protection headerValue to XML config #11936
- Add XML support for
shouldFilterAllDispatcherTypes#11492 - automatically manage docs version (with collector) #11956
- Cache Xor CSRF token in supplier #11988
- CSRF tokens are vulnerable to a BREACH attack #4001
- Deprecate AccessDecisionManager and related classes #11302
- Deprecate HPKP security header #10144
- HttpSecurityConfiguration should configure ContentNegotiationStrategy #11916
- ListeningSecurityContextHolderStrategy should work with deferred contexts #11817
- Oauth2 client: Allow deescalating logged ERROR for invalid client registration ID #11344
- Provide common super class for AuthorizationDeniedEvent and AuthorizationGrantedEvent #11972
- SessionManagementDsl.requireExplicitAuthenticationStrategy #11927
- Simplify AuthorizationManager composition #11625
- Simplify Java Configuration RequestMatcher Usage #11347
- Update default configuration for Pbkdf2PasswordEncoder #10489
- Update PasswordEncoder Minimums #10506
- Update What's New for 5.8 #12021
🪲 Bug Fixes
- Build fails with missing project property cloneOutputDirectory #11980
- SAML Logout move onload script to body tag #11879
🔨 Dependency Upgrades
- Update hibernate-entitymanager to 5.6.12.Final #12059
- Update htmlunit to 2.65.1 #12058
- Update htmlunit-driver to 2.65.0 #12064
- Update io.projectreactor to 2020.0.24 #12055
- Update io.spring.javaformat to 0.0.35 #12057
- Update jackson-bom to 2.13.4.20221013 #12052
- Update jackson-databind to 2.13.4.2 #12053
- Update junit-bom to 5.9.1 #12061
- Update mockk to 1.13.2 #12054
- Update org.jetbrains.kotlin to 1.7.20 #12060
- Update org.junit.jupiter to 5.9.1 #12062
- Update org.mockito to 4.8.1 #12063
- Update org.springframework.data to 2021.2.5 #12065
- Update reactor-netty to 1.1.0-M6 #12056
❤️ Contributors
We'd like to thank all the contributors who worked on this release!