⭐ New Features
- Add initial Native section to reference docs #12029
- Align Resource Server documentation with Boot's capabilities #13238
- Convert to Asciidoctor Tabs #13406
- Document How to Handle Method Security in Native Image #13226
- Error On Unsupported Client Authentication Methods #13240
- Make eclipse/vscode project import work #12930
- Mention that authorizeHttpRequests does not support GrantedAuthorityDefaults #13228
- mockOAuth2Login() does not work in collaboration with Spring Cloud Gateway and TokenRelayGatewayFilter #13253
- Use Antora name of security #13330
🪲 Bug Fixes
- Additional filters registered when using Custom DSL #13281
- AffirmativeBased vs. AuthorizationManagers.anyOf(...) documentation #13086
- AOT Fails to proxy #13368
- AuthorizationAnnotationUtils.findUniqueAnnotation broken for synthetic methods #13153
- Clarify that Kotlin DSL needs an import #13102
- DefaultAuthorizationCodeTokenResponseClient.getTokenResponse(OAuth2AuthorizationCodeGrantRequest) can return null #13222
- Delete duplicate line from oauth2/client/core.adoc #13233
- Deprecated hint on BasicAuthenticationFilter #13278
- Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository #13192
- Fix Antora Warnings #13293
- Fix code snippets in Authorize HttpServletRequest #13125
- Fix constant value in XContentTypeOptionsServerHttpHeadersWriter #13220
- Fix Documentation Title #13317
- Fix legacy-websocket-configuration cross-reference #13205
- http://www.springframework.org/schema/security/spring-security.xsd returns 404 #13208
- java.lang.IllegalArgumentException: Context does not have an entry for key [class io.micrometer.core.instrument.Timer$Sample] #13133
- Links between migration docs are out of date #13156
- Migration to EnableMethodSecurity break Transactional on custom PermissionEvaluator #13217
- No longer maintained net.sourceforge.nekohtml with known security issues #13286
- Proxy Server section is not linked in nav #13323
- RememberMeAuthenticationFilter does not use SecurityContextRepository configured in HttpSecurity #13127
- rolePrefix with empty string returns HTTP 400 as of version 6.0.3 #13079
- SAML login fails in Internet Explorer 11 #13141
- SimpleAroundFilterObservation.wrap calls scope.close() duplicated #12787
- Spring Boot 3.0 application failing to start with oauth2-resource-server and spring actuator #13084
- Spring Security SAML signature validation issue #13182
- The "http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)" does not work if x.509 authentication is added. #13008
- Use consistent list of micrometer tags in web observation handler #13179
- X-XSS-Protection is now disabled #13129
🔨 Dependency Upgrades
- Update com.nimbusds to 9.43.3 #13352
- Update hsqldb to 2.7.2 #13359
- Update io.projectreactor to 2022.0.8 #13355
- Update io.rsocket to 1.1.4 #13357
- Update io.spring.javaformat to 0.0.39 #13358
- Update jackson-bom to 2.14.3 #13349
- Update jackson-databind to 2.14.3 #13350
- Update jackson-datatype-jsr310 to 2.14.3 #13351
- Update junit-bom to 5.9.3 #13360
- Update junit-platform-launcher to 1.9.3 #13362
- Update logback-classic to 1.4.8 #13348
- Update micrometer-observation to 1.10.8 #13354
- Update org.junit.jupiter to 5.9.3 #13361
- Update org.springframework to 6.0.10 #13363
- Update org.springframework.data to 2022.0.7 #13364
- Update reactor-netty to 1.1.8 #13356
- Update spring-ldap-core to 3.0.4 #13365
- Update unboundid-ldapsdk to 6.0.9 #13353
❤️ Contributors
We'd like to thank all the contributors who worked on this release!