github spring-projects/spring-security 6.1.1

latest releases: 6.4.0-RC1, 5.7.13, 5.8.15...
16 months ago

⭐ New Features

  • Add initial Native section to reference docs #13236
  • Align Resource Server documentation with Boot's capabilities #13239
  • Convert to Asciidoctor Tabs #13407
  • Document How to Handle Method Security in Native Image #13237
  • Improve javadoc about deprecation of .and() and non-Customizer methods #13273
  • Make eclipse/vscode project import work #13284
  • Mention that authorizeHttpRequests does not support GrantedAuthorityDefaults #13229
  • mockOAuth2Login() does not work in collaboration with Spring Cloud Gateway and TokenRelayGatewayFilter #13254
  • Use Antora name of security #13331

🪲 Bug Fixes

  • Additional filters registered when using Custom DSL #13282
  • AOT Fails to proxy #13369
  • CasAuthenticationFilter.successfulAuthentication missing call to securityContextRepository.saveContext #13243
  • DefaultAuthorizationCodeTokenResponseClient.getTokenResponse(OAuth2AuthorizationCodeGrantRequest) can return null #13223
  • Deprecated hint on BasicAuthenticationFilter #13279
  • Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository #13193
  • Fix Antora Warnings #13294
  • Fix constant value in XContentTypeOptionsServerHttpHeadersWriter #13221
  • Fix Documentation Title #13318
  • Fix legacy-websocket-configuration cross-reference #13206
  • Fix type on method-security.adoc #13212
  • http://www.springframework.org/schema/security/spring-security.xsd returns 404 #13209
  • Migration to EnableMethodSecurity break Transactional on custom PermissionEvaluator #13218
  • No longer maintained net.sourceforge.nekohtml with known security issues #13287
  • Provide meaningful error when invalid client-authentication-method is provided #13309
  • Proxy Server section is not linked in nav #13324
  • Use consistent list of micrometer tags in web observation handler #13190
  • UserBuilder does not allow authorities to be overridden #13290

🔨 Dependency Upgrades

  • Update cas-client-core to 4.0.2 #13342
  • Update com.nimbusds to 9.43.3 #13335
  • Update hsqldb to 2.7.2 #13343
  • Update io.projectreactor to 2022.0.8 #13338
  • Update io.rsocket to 1.1.4 #13340
  • Update io.spring.javaformat to 0.0.39 #13341
  • Update logback-classic to 1.4.8 #13334
  • Update micrometer-observation to 1.10.8 #13337
  • Update org.jetbrains.kotlin to 1.8.22 #13344
  • Update org.springframework to 6.0.10 #13345
  • Update org.springframework.data to 2022.0.7 #13346
  • Update reactor-netty to 1.1.8 #13339
  • Update spring-ldap-core to 3.0.4 #13347
  • Update unboundid-ldapsdk to 6.0.9 #13336

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.