spring-projects/spring-security 5.8.13

on GitHub

⭐ New Features

• doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #14779
• Enhance Logging in RequestMatcherDelegatingAuthorizationManage #14837
• Improve PasswordEncoder Error Messaging #14951
• InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified #14880
• Mention all required dependencies in LDAP documentation #15235
• Remove useBase64 parameter #14862

🪲 Bug Fixes

• AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #13849
• Always Use Request-Level ServletContext to Evaluate Request Matcher Paths #15195
• Assert WebSession is not null #14977
• Conditionally Add Conventions Plugin #15152
• DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext #14418
• Fix Java example in multitenanci.adoc #15146
• LDIF file on official documentation breaks the startup process #15089
• Link to article with remember-me-persistent-token strategy is broken #14358
• ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class #14931
• Resolving invalid CSRF token values is not consistent #15184
• Restore Build Scan Capability #15120
• Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #14855

🔨 Dependency Upgrades

• Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 #15074
• Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 #15231
• Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE #14923
• Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 #15073
• Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 #15230
• Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #15191
• Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 #15085
• Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 #15135
• Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 #15253
• Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 #14938

🔩 Build Updates

• Attach Antora Docs to Pull Requests #14992
• Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #15160
• Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #15140
• Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 #15001
• Bump com.gradle.develocity from 3.17.2 to 3.17.4 #15099
• Bump com.gradle.develocity from 3.17.4 to 3.17.5 #15240
• Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #14959
• Consider Adding a Build Updates section to the release changelog #14485
• Migrate to com.gradle.develocity plugin #15021
• Update Gradle Enterprise plugin to 3.17.2 #15020

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @caio-henrique
• @jzheaux
• @dukbong
• @Harsh4902
• @abimael-turing
• @dependabot[bot]
• @sheriumair
• @paschm