github spring-projects/spring-security 6.3.0-RC1
on GitHub

latest releases: 6.4.0-RC1, 5.7.13, 5.8.15...
pre-release7 months ago

⭐ New Features

  • [ISSUE-11725] Add secondary statusCode messages on error #14743
  • Add Authorization Denied Handlers for Method Security #14712
  • Add ClientAuthenticationMethod constants tls_client_auth and self_signed_tls_client_auth #14889
  • Add reference documentation for Token Exchange #14698
  • Add Value-Type Ignore Support #14780
  • Allow customization of redirect strategy in CasAuthenticationEntrypoint #14881
  • Create Authorized Proxy of Return Values #14669
  • Handle SpEL AuthorizationDeniedExceptions #14882
  • Improve logging in AuthenticationWebFilter #14764
  • InitializeUserDetailsBeanManagerConfigurer inject PasswordEncoder into DaoAuthenticationProvider constructor #14766
  • Provide Password (Compromised) Checking API #7395
  • Simplification of creation of OAuth2TokenValidator with JwtValidators defaults. #14832
  • Support Certificate-Bound (POP) JWT Access Token Validation #10538
  • Support SpEL Returning AuthorizationDecision #14840
  • Update reactive OAuth2 docs landing page with examples #14758

🪲 Bug Fixes

  • SpaCsrfTokenRequestHandler(Kotlin) documented in csrf-integration-javascript-spa causes NullPointerException #14806
  • docs: fix typo in FilterChainProxy #14861
  • Fix continueOnError default value in java doc #14871
  • ReactiveOAuth2AuthorizedClientManagerConfiguration has been created too early #14900
  • Transactional annotation breaks AOT for native image #14866
  • Update the documentation of AuthenticationProvider.java #14710

🔨 Dependency Upgrades

  • Bump ch.qos.logback:logback-classic from 1.5.3 to 1.5.4 #14875
  • Bump ch.qos.logback:logback-classic from 1.5.4 to 1.5.5 #14905
  • Bump com.gradle.enterprise from 3.16.2 to 3.17 #14849
  • Bump io.micrometer:micrometer-observation from 1.12.4 to 1.12.5 #14868
  • Bump io.projectreactor:reactor-bom from 2023.0.4 to 2023.0.5 #14874
  • Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 #14820
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.1 to 1.0.2 #14785
  • Bump org-aspectj from 1.9.21.2 to 1.9.22 #14800
  • Bump org.gretty:gretty from 4.1.2 to 4.1.3 #14776
  • Bump org.slf4j:slf4j-api from 2.0.12 to 2.0.13 #14906
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.2 to 3.2.3 #14893
  • Bump org.springframework:spring-framework-bom from 6.1.5 to 6.1.6 #14892
  • Upgrade to Spring Data Bom 2024.0.0-RC1 #14901

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Ali-Hassan33, @CrazyParanoid, @ThomasHagelberg, @dependabot[bot], @erie0210, @jzheaux, @kse-music, @marcusdacoregio, and @youngkih

Check out latest releases or
releases around spring-projects/spring-security 6.3.0-RC1

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.

Get notifications