⭐ New Features
- Clarify the behavior of Concurrent Session Management when an IdP is involved #15071
- Mention all required dependencies in LDAP documentation #15245
- Minor docs fix #15144
🪲 Bug Fixes
- AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #15211
- Assert WebSession is not null #15179
- DispatcherServletDelegatingRequestMatcher causes errors when running tests with MockMvc #15197
- Documentation clarification after #12783 has been closed is needed. #15208
- Fix Java example in multitenanci.adoc #15151
- Fix Kotlin example in authorize-http-requests.adoc #15129
- Incorrect documentation for OIDC Back-Channel Logout #15212
- IpAddressMatcher.matches(String address) still accepts URLs #15172
- LDIF file on official documentation breaks the startup process #15167
- Link to article with remember-me-persistent-token strategy is broken #15149
- OpenSaml4AssertionValidator is not respecting clock skew settings #15183
- Resolving invalid CSRF token values is not consistent #15186
- spring-security/docs/modules/ROOT/pages/servlet/authorization /method-security #15143
- SpringOpaqueTokenIntrospector does not add scopes as granted authorities properly #15165
🔨 Dependency Upgrades
- Bump io.micrometer:micrometer-observation from 1.12.6 to 1.12.7 #15225
- Bump io.projectreactor:reactor-bom from 2023.0.6 to 2023.0.7 #15229
- Bump org.apache.directory.shared:shared-ldap from 0.9.15 to 0.9.19 #15161
- Bump org.apache.maven:maven-resolver-provider from 3.9.6 to 3.9.7 #15168
- Bump org.gretty:gretty from 4.1.3 to 4.1.4 #15133
- Bump org.hibernate.orm:hibernate-core from 6.4.8.Final to 6.4.9.Final #15228
- Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #15193
- Bump org.springframework.data:spring-data-bom from 2024.0.0 to 2024.0.1 #15260
- Bump org.springframework.ldap:spring-ldap-core from 3.2.3 to 3.2.4 #15251
- Bump org.springframework:spring-framework-bom from 6.1.7 to 6.1.8 #15134
- Bump org.springframework:spring-framework-bom from 6.1.8 to 6.1.9 #15252
🔩 Build Updates
- Bump
@antora
/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #15159 - Bump
@springio
/antora-extensions from 1.10.0 to 1.11.1 in /docs #15141 - Bump com.gradle.develocity from 3.17.4 to 3.17.5 #15239
- Bump gradle/gradle-build-action from 2 to 3 #15157
- Bump io-spring-javaformat from 0.0.41 to 0.0.42 #15219
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.15 to 4.33.16 #15176
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.16 to 4.33.17 #15218
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.17 to 4.33.19 #15261
- Bump spring-io/spring-doc-actions from 17ed79ea5fbd65813c69ef1062a024d4a37ff0ca to 5a57bcc6a0da2a1474136cf29571b277850432bc #15139
❤️ Contributors
Thank you to all the contributors who worked on this release:
@dependabot[bot] and @theHacker