⭐ New Features
- Add release line extension #12078
- Add SpringTestContext.addFilter #12071
- Document Defer load CsrfToken #12106
- Document how to opt-in for SHA256 in RememberMe #12119
- Document how to use the new
requestMatchers
andsecurityMatchers
#12151 - Document Saved Requests Spring Security 6 Migration #12091
- SAML: OpenSaml4AuthenticationProvider.createDefaultAssertionValidator() should make it easier to add ValidationContext static parameters #12149
- sync local-antora-playbook.yml with antora-playbook.yml #12085
🪲 Bug Fixes
- AuthenticationServiceException propagation flag is unconfigurable in 5.8 #12133
- CsrfAuthenticationStrategy does not regenerate CsrfToken with CookieCsrfTokenRepository #12142
- IpAddressServerWebExchangeMatcher throws NullPointerException with framework forward-headers-strategy #12077
- Remove antMatcher usage from Multiple HttpSecurity docs #12150
- SEC-2839: SecurityNamespaceHandler - related to SEC-1455 #12127
- Unauthorized when authenticated user is shown an error page #12070
- Update the RP-initiated Logout links #12123
🔨 Dependency Upgrades
- Change gradle.plugin.org.gretty:gretty:3.0.1 to org.gretty:gretty:3.0.9 #12155
- Update Gradle to 7.5.1 #12159
- Update hibernate-core to 6.1.5.Final #12173
- Update hsqldb to 2.7.1 #12174
- Update htmlunit to 2.66.0 #12172
- Update htmlunit-driver to 2.66.0 #12176
- Update io.projectreactor to 2022.0.0 #12170
- Update jackson-bom to 2.14.0 #12166
- Update jackson-databind to 2.14.0 #12167
- Update jackson-datatype-jsr310 to 2.14.0 #12168
- Update micrometer-observation to 1.10.0 #12169
- Update org.jetbrains.kotlin to 1.7.21 #12175
- Update org.springframework to 6.0.0-RC4 #12178
- Update reactor-netty to 1.1.0 #12171
- Update spring-data-jpa to 3.0.0-RC2 #12177
❤️ Contributors
We'd like to thank all the contributors who worked on this release!