github spring-projects/spring-security 6.3.1

latest releases: 6.4.0-RC1, 5.7.13, 5.8.15...
5 months ago

⭐ New Features

  • Clarify the behavior of Concurrent Session Management when an IdP is involved #15071
  • Mention all required dependencies in LDAP documentation #15245
  • Minor docs fix #15144

🪲 Bug Fixes

  • AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #15211
  • Assert WebSession is not null #15179
  • DispatcherServletDelegatingRequestMatcher causes errors when running tests with MockMvc #15197
  • Documentation clarification after #12783 has been closed is needed. #15208
  • Fix Java example in multitenanci.adoc #15151
  • Fix Kotlin example in authorize-http-requests.adoc #15129
  • Incorrect documentation for OIDC Back-Channel Logout #15212
  • IpAddressMatcher.matches(String address) still accepts URLs #15172
  • LDIF file on official documentation breaks the startup process #15167
  • Link to article with remember-me-persistent-token strategy is broken #15149
  • OpenSaml4AssertionValidator is not respecting clock skew settings #15183
  • Resolving invalid CSRF token values is not consistent #15186
  • spring-security/docs/modules/ROOT/pages/servlet/authorization /method-security #15143
  • SpringOpaqueTokenIntrospector does not add scopes as granted authorities properly #15165

🔨 Dependency Upgrades

  • Bump io.micrometer:micrometer-observation from 1.12.6 to 1.12.7 #15225
  • Bump io.projectreactor:reactor-bom from 2023.0.6 to 2023.0.7 #15229
  • Bump org.apache.directory.shared:shared-ldap from 0.9.15 to 0.9.19 #15161
  • Bump org.apache.maven:maven-resolver-provider from 3.9.6 to 3.9.7 #15168
  • Bump org.gretty:gretty from 4.1.3 to 4.1.4 #15133
  • Bump org.hibernate.orm:hibernate-core from 6.4.8.Final to 6.4.9.Final #15228
  • Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #15193
  • Bump org.springframework.data:spring-data-bom from 2024.0.0 to 2024.0.1 #15260
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.3 to 3.2.4 #15251
  • Bump org.springframework:spring-framework-bom from 6.1.7 to 6.1.8 #15134
  • Bump org.springframework:spring-framework-bom from 6.1.8 to 6.1.9 #15252

🔩 Build Updates

  • Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #15159
  • Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #15141
  • Bump com.gradle.develocity from 3.17.4 to 3.17.5 #15239
  • Bump gradle/gradle-build-action from 2 to 3 #15157
  • Bump io-spring-javaformat from 0.0.41 to 0.0.42 #15219
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.15 to 4.33.16 #15176
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.16 to 4.33.17 #15218
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.17 to 4.33.19 #15261
  • Bump spring-io/spring-doc-actions from 17ed79ea5fbd65813c69ef1062a024d4a37ff0ca to 5a57bcc6a0da2a1474136cf29571b277850432bc #15139

❤️ Contributors

Thank you to all the contributors who worked on this release:

@dependabot[bot] and @theHacker

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.