spring-projects/spring-security 6.0.3

on GitHub

⭐ New Features

• Add new DaoAuthenticationProvider constructor #12874
• Clarify documentation code snippet(s) (unclear where static imported methods come from) #12992
• Documentation should mention that an empty SecurityContext should also be saved #12941
• Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist #12932
• Incomplete documentation regarding Hierarchical roles. #12766
• Remove deprecated SecurityContextPersistenceFilter from docs #12690

🪲 Bug Fixes

• @EnableReactiveMethodSecurity causes premature initialization of the ObservationRegistry and prevents it from being post-processed #12780
• Broken links in form login section of docs #12822
• chore: typo, removed extra "s" in word implementationss #12882
• EntityId ignored in xml relying-party-registration #12777
• Fix a javadoc typo in ReactiveAuthorizationManager #13000
• Fix a javadoc typo in ReactiveAuthorizationManager #12983
• Fix broken links in form login section #12823
• Fix docs typo #12745
• Fix documentation code block bug. #12980
• Fix typo architecture.adoc #12851
• fix typo in RequestCacheResultMatcher #12814
• HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support #12919
• JdkSerializationRedisSerializer is not able to serialize Saml2LogoutRequest because of a lambda encoder #12767
• MessageMatcherDelegatingAuthorizationManager not extracting path variables for authorization context #12540
• Missing spring-security-oauth2 xsds after release #12806
• NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed #13005
• NoSuchElementException in org.springframework.security.web.server.ObservationWebFilterChainDecorator$AroundWebFilterObservation$SimpleAroundWebFilterObservation.start(ObservationWebFilterChainDecorator.java:274 #12829
• Observation Spans are not nested correctly in Webflux #12849
• RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present #13055
• Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver #12936
• Spring Security 6.0.2 ObservationFilterChainDecorator produce wrong instrument names #12811
• SwitchUserFilter should use HttpSessionSecurityContextRepository by default #12836

🔨 Dependency Upgrades

• Update assertj-core to 3.24.2 #13038
• Update io.projectreactor to 2022.0.6 #13034
• Update io.spring.javaformat to 0.0.38 #13036
• Update logback-classic to 1.4.6 #13030
• Update maven-resolver-provider to 3.8.8 #13037
• Update micrometer-observation to 1.10.6 #13032
• Update mockk to 1.13.5 #13033
• Update org.eclipse.jetty to 11.0.15 #13039
• Update org.springframework to 6.0.8 #13041
• Update org.springframework.data to 2022.0.5 #13042
• Update reactor-netty to 1.1.6 #13035
• Update slf4j-api to 2.0.7 #13040
• Update spring-ldap-core to 3.0.2 #13043
• Update unboundid-ldapsdk to 6.0.8 #13031

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @twosom
• @1993heqiang
• @rai-sandeep
• @psvo
• @gabriel-maciel
• @jesperronn
• @KshZh