⭐ New Features
- Add XorCsrfChannelInterceptor #12562
- Document
@EnableWebFluxSecurityrequiring@Configurationin 6.0.0 #12434 - fix unclosed block in docs #12553
- Improve documentation on what changed in the default behaviour in version 6 vs 5.7 #12462
- Spring Security 6.0 Migration Guide Should Mention
@ConfigurationMeta-Annotation Removal From Configuration Annotations #12486
🪲 Bug Fixes
- AuthorizationManager method security documentation should use AnnotationMatchingPointcut #12516
- DefaultSavedRequest.doesRequestMatch does not work, when matchingRequestParameterName is set #12665
- Document XMLObject retreival for Asserting Party metadata #12693
- Jackson serialization of
DefaultSaml2AuthenticatedPrincipal:LinkedMultiValueMap is not in the allowlist#12458 - NimbusJwtDecoder unknown KID scenario is not correctly tested #12494
- NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard #12686
- SwitchUserFilter not working in Spring Security 6 #12510
- Wrong name of the filter in the SecurityContextHolderFilter diagram #12526
🔨 Dependency Upgrades
- Update blockhound to 1.0.7.RELEASE #12719
- Update hibernate-entitymanager to 5.6.15.Final #12722
- Update io.projectreactor to 2020.0.28 #12717
- Update io.spring.nohttp to 0.0.11 #12720
- Update jackson-bom to 2.13.5 #12714
- Update jackson-databind to 2.13.5 #12715
- Update jackson-datatype-jsr310 to 2.13.5 #12716
- Update junit-bom to 5.9.2 #12723
- Update org.aspectj to 1.9.19 #12721
- Update org.junit.jupiter to 5.9.2 #12724
- Update org.springframework to 5.3.25 #12725
- Update org.springframework.data to 2021.2.8 #12739
- Update org.springframework.data to 2021.2.8 #12726
- Update reactor-netty to 1.0.28 #12718
❤️ Contributors
We'd like to thank all the contributors who worked on this release!