⏪ Breaking Changes
- CsrfAuthenticationStrategy is not consistent with CsrfFilter #12235
- Register FilterChainProxy for all dispatcher types #12180
⭐ New Features
- Add test runtime hints for annotations using
@WithSecurityContext#12215 - Add WebTestUtils test runtime hints #12216
- Align with Servlet API 6 #12146
- Document Configure Default SessionAuthenticationStrategy #12192
- Document DelegatingSecurityContextRepository #12185
- Improve deprecation notice in WebSecurityConfigurerAdapter #12262
- Log a warning when
AuthorizationGrantTypedoes not exactly match a pre-defined constant #12234 - Migration guide for the removal of CAS #12163
- Polish Span and Meter Names #12225
- Register FilterChainProxy for All Dispatcher Types Migration Steps #12212
- Restructure 6.0 Migration Guide #12242
- Support Jakarta WebSocket 2.1 #12148
🪲 Bug Fixes
- CsrfAuthenticationStrategy does not check for existing token #12241
- Ensure instrumentation names align with semantic conventions #12156
- Incorrect scope map fix #12207
- SAML logout: Incorrect log messages #12210
- Saml2MetadataFilter response should configure writer to UTF-8 #12223
🔨 Dependency Upgrades
- Update micrometer-observation to 1.10.1 #12250
- Update org.springframework to 6.0.0 #12255
- Update org.springframework.data to 2022.0.0 #12256
- Update r2dbc-h2 to 1.0.0.RELEASE #12251
- Update slf4j-api to 2.0.4 #12254
- Update spring-ldap-core to 3.0.0 #12257
❤️ Contributors
We'd like to thank all the contributors who worked on this release!