github spring-projects/spring-security 6.1.0-RC1

latest releases: 6.4.0-RC1, 5.7.13, 5.8.15...
pre-release19 months ago

⭐ New Features

  • #12811 - compressing simple class name for observation #12955
  • Add new DaoAuthenticationProvider constructor #12964
  • Add NimbusJwtDecoder#withIssuerLocation #10309
  • Clarify documentation code snippet(s) (unclear where static imported methods come from) #12993
  • Deprecate shouldFilterAllDispatcherTypes #12138
  • Document in the reference how to migrate to lambda #12628
  • Documentation should mention that an empty SecurityContext should also be saved #12942
  • Don't use raw xml saml authentication request for response validation #12962
  • Ensure access token isn't resolved from query for form-encoded requests #12990
  • Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist #12933
  • Remove OpenSaml deprecation warnings #12947
  • Replace deprecated OpenSaml methods #12948
  • We should deprecate .and() along with non lambda DSL methods #12629

🪲 Bug Fixes

  • Fix a javadoc typo in ReactiveAuthorizationManager #13001
  • Fix a javadoc typo in ReactiveAuthorizationManager #12984
  • Fix documentation code block bug. #12981
  • HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support #12920
  • MessageMatcherDelegatingAuthorizationManager not extracting path variables for authorization context #12924
  • NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed #13006
  • Observation Spans are not nested correctly in Webflux #12934
  • Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver #12937

🔨 Dependency Upgrades

  • Update reactor-netty to 1.1.6 #13047

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.