github spring-projects/spring-security 6.3.2
on GitHub

latest releases: 6.4.0-M3, 6.3.3
27 days ago

⭐ New Features

  • ActiveDirectoryLdapAuthenticationProvider does not implement support for multiple urls #15495
  • Document the role of CredentialsContainer #15321
  • OIDC Backchannel Logout should allow logout tokens having typ header of logout+jwt #15410

🪲 Bug Fixes

  • A broken link in Spring Security reference #15297
  • Documentation for ServletBearerExchangeFilterFunction incomplete or incorrect #15460
  • EnableMethodSecurity should publish only one bean of each AuthorizationAdvisor #15592
  • Fix Compromised Password Checker Docs Sample Not Working #15305
  • Fix for #15172 introduces significant performance degredation #15324
  • Pre/PostAuthorize should not ignore HandleAuthorizationDenied#handlerClass when ApplicationContext is not provided #15535
  • Update prerequisites documentation with Java 17 #15340
  • Use Correct Meta-Annotation in Kotlin Sample #15472
  • Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' #15440

🔨 Dependency Upgrades

  • Bump ch.qos.logback:logback-classic from 1.5.6 to 1.5.7 #15619
  • Bump com.fasterxml.jackson:jackson-bom from 2.17.1 to 2.17.2 #15374
  • Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 #15373
  • Bump io.micrometer:micrometer-observation from 1.12.7 to 1.12.8 #15383
  • Bump io.micrometer:micrometer-observation from 1.12.8 to 1.12.9 #15581
  • Bump io.mockk:mockk from 1.13.11 to 1.13.12 #15430
  • Bump io.projectreactor:reactor-bom from 2023.0.7 to 2023.0.8 #15388
  • Bump io.projectreactor:reactor-bom from 2023.0.8 to 2023.0.9 #15597
  • Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.0 to 3.0.1 #15582
  • Bump org-apache-maven-resolver from 1.9.20 to 1.9.21 #15372
  • Bump org-apache-maven-resolver from 1.9.21 to 1.9.22 #15545
  • Bump org-eclipse-jetty from 11.0.21 to 11.0.22 #15356
  • Bump org.apache.maven:maven-resolver-provider from 3.9.7 to 3.9.8 #15268
  • Bump org.apache.maven:maven-resolver-provider from 3.9.8 to 3.9.9 #15642
  • Bump org.gretty:gretty from 4.1.4 to 4.1.5 #15431
  • Bump org.hibernate.orm:hibernate-core from 6.4.9.Final to 6.4.10.Final #15530
  • Bump org.jetbrains.kotlin:kotlin-bom from 1.9.24 to 1.9.25 #15456
  • Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.24 to 1.9.25 #15455
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.19 to 4.33.20 #15267
  • Bump org.junit:junit-bom from 5.10.2 to 5.10.3 #15315
  • Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 #15336
  • Bump org.slf4j:slf4j-api from 2.0.13 to 2.0.14 #15529
  • Bump org.slf4j:slf4j-api from 2.0.14 to 2.0.15 #15546
  • Bump org.slf4j:slf4j-api from 2.0.15 to 2.0.16 #15571
  • Bump org.springframework.data:spring-data-bom from 2024.0.1 to 2024.0.2 #15421
  • Bump org.springframework.data:spring-data-bom from 2024.0.2 to 2024.0.3 #15643
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.4 to 3.2.6 #15620
  • Bump org.springframework:spring-framework-bom from 6.1.10 to 6.1.11 #15402
  • Bump org.springframework:spring-framework-bom from 6.1.11 to 6.1.12 #15613
  • Bump org.springframework:spring-framework-bom from 6.1.9 to 6.1.10 #15279

🔩 Build Updates

  • Automate check of expected branch version #15310
  • Bump @antora/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs #15449
  • Bump @antora/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs #15482
  • Bump @antora/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs #15560
  • Bump @antora/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs #15637
  • Bump @springio/antora-extensions from 1.11.1 to 1.12.0 in /docs #15418
  • Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs #15517
  • Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs #15561
  • Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs #15636
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs #15419
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs #15515
  • Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs #15329
  • Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs #15480
  • Bump com.gradle.develocity from 3.17.5 to 3.17.6 #15464
  • Bump io-spring-javaformat from 0.0.42 to 0.0.43 #15650
  • Fix typos and formatting in documentation #15380
  • Migrate slack notifications to GChat #15505
  • Use explicit types instead of var #15537

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Kehrlann, @dependabot[bot], and @tahakorkem

Check out latest releases or
releases around spring-projects/spring-security 6.3.2

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.

Get notifications