⭐ New Features
- #12811 - compressing simple class name for observation #12955
- Add new DaoAuthenticationProvider constructor #12964
- Add NimbusJwtDecoder#withIssuerLocation #10309
- Clarify documentation code snippet(s) (unclear where static imported methods come from) #12993
- Deprecate shouldFilterAllDispatcherTypes #12138
- Document in the reference how to migrate to lambda #12628
- Documentation should mention that an empty SecurityContext should also be saved #12942
- Don't use raw xml saml authentication request for response validation #12962
- Ensure access token isn't resolved from query for form-encoded requests #12990
- Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist #12933
- Remove OpenSaml deprecation warnings #12947
- Replace deprecated OpenSaml methods #12948
- We should deprecate .and() along with non lambda DSL methods #12629
🪲 Bug Fixes
- Fix a javadoc typo in ReactiveAuthorizationManager #13001
- Fix a javadoc typo in ReactiveAuthorizationManager #12984
- Fix documentation code block bug. #12981
- HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support #12920
- MessageMatcherDelegatingAuthorizationManager not extracting path variables for authorization context #12924
- NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed #13006
- Observation Spans are not nested correctly in Webflux #12934
- Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver #12937
🔨 Dependency Upgrades
- Update reactor-netty to 1.1.6 #13047
❤️ Contributors
We'd like to thank all the contributors who worked on this release!