github spring-projects/spring-security 6.1.0-M2
on GitHub

latest releases: 6.2.4, 6.1.9, 5.8.12...
pre-release14 months ago

⭐ New Features

  • Add RelayState Customizer to SAML Logout #12582
  • Add saml2Metadata to the DSL #11828
  • Allow configuring SecurityContextRepository for BasicAuthenticationFilter #12031
  • Allow Relying Party to be Deduced from LogoutRequest #12843
  • Allow UserBuilder to easily build a user without any authorities #12533
  • Cookie no support for field 'version' and 'comment' #12454
  • Copies of RelyingPartyRegistration should preserve custom fields #12841
  • CsrfTokenRequestAttributeHandler documentation should reflect that default is XorCsrfTokenRequestAttributeHandler #12684
  • Extract placeholder resolution from DefaultRelyingPartyRegstrationResolver #12842
  • Incomplete documentation regarding Hierarchical roles. #12784
  • Move classpath checks to class member variable #12640
  • move code comment to callout #12536
  • NimbusReactiveJwtDecoder support mono chain #12521
  • Polish DefaultLoginPageGeneratingFilter #12657
  • Propagate match results in OrRequestMatcher and AndRequestMatcher #12847
  • Re-add support for CAS #11674
  • Relax final method implementations on AbstractRememberMeServices #12145
  • RelyingPartyRegistrationRepository should support lookup by asserting party entity id #12848
  • Remove deprecated SecurityContextPersistenceFilter from docs #12809
  • Restore CAS module and update it for cas-client-core 4.0.0 #12362
  • Revisit Session Management Documentation #12681
  • Rewrite AbstractAuthenticationTargetUrlRequestHandler#determineTargetUrl logic for clarity #12468
  • SAML 2.0 metadata endpoint should return all relying parties when none is given #12846
  • Saml2MetadataResolver should accept multiple relying parties and create an EntitiesDescriptor #12844
  • Support Device Authorization Response #12852
  • Support LogoutRequest when already logged out #12845
  • Update javadoc in EnableWebSecurity #12613
  • Use a custom authentication type for CAS #12304

🪲 Bug Fixes

  • 200 response is returned when ObservationMarkingRequestRejectedHandler is in use #12593
  • @EnableReactiveMethodSecurity causes premature initialization of the ObservationRegistry and prevents it from being post-processed #12781
  • A typo in form login doc #12730
  • Broken links in form login section of docs #12839
  • Document XMLObject retreival for Asserting Party metadata #12800
  • EntityId ignored in xml relying-party-registration #12778
  • Fix CSRF protection provided by @EnableWebSocketSecurity / Stomp #12594
  • Fix image in servlet architecture docs section #12609
  • Fix javadox typo #12643
  • fix missing semi-colon java example in observability documentation #12761
  • fix typo and update javadoc in AbstractAuthenticationFilterConfigurer #12634
  • javax.json.bind.Jsonb to jakarta.json.bind.Jsonb #12621
  • JdkSerializationRedisSerializer is not able to serialize Saml2LogoutRequest because of a lambda encoder #12768
  • Missing spring-security-oauth2 xsds after release #12807
  • No provider found for OAuth2AuthorizationCodeAuthenticationToken when running Spring Native Reactive app using OAuth2 #12625
  • NoSuchElementException in org.springframework.security.web.server.ObservationWebFilterChainDecorator$AroundWebFilterObservation$SimpleAroundWebFilterObservation.start(ObservationWebFilterChainDecorator.java:274 #12831
  • NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard #12688
  • SessionManagementConfigurer ignores custom SecurityContextRepository for SessionManagementFilter #12641
  • SwitchUserFilter should use HttpSessionSecurityContextRepository by default #12837
  • Typo in Authentication Migrations page #12660
  • WebTestUtilsTestRuntimeHints should only be invoked for Servlet #12626

🔨 Dependency Upgrades

  • Update Gradle Enterprise plugin #12669
  • Update hibernate-core to 6.1.7.Final #12898
  • Update httpclient to 4.5.14 #12894
  • Update io.projectreactor to 2022.0.5 #12890
  • Update io.spring.javaformat to 0.0.38 #12891
  • Update io.spring.nohttp to 0.0.11 #12892
  • Update jackson-bom to 2.14.2 #12886
  • Update jakarta.servlet.jsp-api to 3.1.1 #12893
  • Update junit-bom to 5.9.2 #12900
  • Update logback-classic to 1.4.6 #12885
  • Update maven-resolver-provider to 3.8.8 #12895
  • Update micrometer-observation to 1.10.5 #12888
  • Update mockk to 1.13.4 #12889
  • Update org.aspectj to 1.9.19 #12896
  • Update org.eclipse.jetty to 11.0.14 #12897
  • Update org.jetbrains.kotlin to 1.8.20-RC #12899
  • Update org.springframework to 6.0.7 #12902
  • Update org.springframework.data to 2022.0.3 #12903
  • Update slf4j-api to 2.0.7 #12901
  • Update spring-ldap-core to 3.0.1 #12904
  • Update spring-ldap-core to 3.0.1 #12727
  • Update to Kotlin 1.8.10 #12788
  • Update unboundid-ldapsdk to 6.0.8 #12887

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

Check out latest releases or
releases around spring-projects/spring-security 6.1.0-M2

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.

Get notifications