github spring-projects/spring-security 5.8.9

latest releases: 6.4.0-RC1, 5.7.13, 5.8.15...
10 months ago

⭐ New Features

  • Document that Shibboleth Repository is Required for SAML Support #14286
  • OAuth2 Resource Server is exposing server information. #13730
  • Resolve RequestMatcher at request-time #14078
  • Update Java Config Spring MVC documentation #14220

🪲 Bug Fixes

  • AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #13625
  • Authentication not propagated correctly after migrating to SB3 #12877
  • Authorization does not show up on Features section #14099
  • Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #13718
  • Fix caching error state in ReactiveRemoteJWKSource #13976
  • fix wrong document about "jws-algorithms" #14252
  • Improve error message when ServletRegistration API is unavailable #14221
  • References to WebFlux docs do not link to them #14100
  • relay_state should not be included in signing calculation when it is null #13913
  • Security configuration is failed to be initialized in a Servlet 6.0 container #13794
  • Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #13644
  • X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #11948
  • XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #12483

🔨 Dependency Upgrades

  • Bump actions/checkout from 3 to 4 #14313
  • Bump actions/setup-java from 3 to 4 #14307
  • Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 #14240
  • Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14301
  • Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14153
  • Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 #14143
  • Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 #14290
  • Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 #14142
  • Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 #14291
  • Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 #14170
  • Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 #14154
  • Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14303
  • Bump spring-io/spring-gradle-build-action from 1 to 2 #14308

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.