⭐ New Features
- AuthorizationManager[Before/After]ReactiveMethodInterceptor doesn't support Kotlin coroutines #12080
- Simplify configuration of OAuth2 Client component model #11783
🪲 Bug Fixes
- On Cancel, ObservationWebFilterDecorator Starts After-Filter Span without Stopping It #14064
- Authentication not propagated correctly after migrating to SB3 #14112
- Authorization does not show up on Features section #14105
- Fix obsolete comment and typos #14060
- Fix typo in documentation #14130
- improve render in headers.adoc #14102
- ReactiveRemoteJWKSource caches invalid response status into jwkSetURL #14042
- References to WebFlux docs do not link to them #14108
- relay_state should not be included in signing calculation when it is null #14039
- samesite set by Tomcat CookieProcessor ignored when creating XSRF-TOKEN cookie in CsrfTokenRepository #14138
- Security configuration is failed to be initialized in a Servlet 6.0 container #14166
- Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #14115
- Spring Security metric names should not contain dashes #14067
- spring.security counters inaccurate due onComplete and cancel() #14147
- The latest "OAuth2AuthorizedClientManager" class is not AOT ready #14094
- UnboundIdContainer should be marked as not running at shutdown #14095
🔨 Dependency Upgrades
- Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14156
- Bump io.micrometer:micrometer-observation from 1.12.0-RC1 to 1.12.0 #14135
- Bump io.projectreactor:reactor-bom from 2023.0.0-RC1 to 2023.0.0 #14145
- Bump org.junit:junit-bom from 5.10.0 to 5.10.1 #14097
- Bump org.springframework.data:spring-data-bom from 2023.1.0-RC1 to 2023.1.0 #14172
- Bump org.springframework.ldap:spring-ldap-core from 3.2.0-RC1 to 3.2.0 #14155
- Bump org.springframework:spring-framework-bom from 6.1.0-RC1 to 6.1.0-RC2 #14055
- Bump org.springframework:spring-framework-bom from 6.1.0-RC2 to 6.1.0 #14157
❤️ Contributors
We'd like to thank all the contributors who worked on this release!