spring-projects/spring-security 5.8.9 on GitHub

⭐ New Features

AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #13625
Authentication not propagated correctly after migrating to SB3 #12877
Authorization does not show up on Features section #14099
Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #13718
Fix caching error state in ReactiveRemoteJWKSource #13976
fix wrong document about "jws-algorithms" #14252
Improve error message when ServletRegistration API is unavailable #14221
References to WebFlux docs do not link to them #14100
relay_state should not be included in signing calculation when it is null #13913
Security configuration is failed to be initialized in a Servlet 6.0 container #13794
Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #13644
X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #11948
XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #12483

Bump actions/checkout from 3 to 4 #14313
Bump actions/setup-java from 3 to 4 #14307
Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 #14240
Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14301
Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14153
Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 #14143
Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 #14290
Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 #14142
Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 #14291
Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 #14170
Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 #14154
Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14303
Bump spring-io/spring-gradle-build-action from 1 to 2 #14308

We'd like to thank all the contributors who worked on this release!