github spring-projects/spring-security 6.4.0-M1
on GitHub

latest releases: 6.4.0-M3, 6.3.3, 6.3.2...
pre-releaseone month ago

⏪ Breaking Changes

  • Adapt to form data not adding charset if it is UTF-8 #15275

⭐ New Features

  • AclAuthorizationStrategyImpl should use RoleHierarchy #4186
  • Add CachingRelyingPartyRegistrationRepository #15341
  • Add interface IterableRelyingPartyRegistrationRepository or similar #15027
  • Add Kotlin support to DefaultMethodSecurityExpressionHandler #15093
  • Add Kotlin support to PreFilter and PostFilter annotations #15095
  • Add RequestMatcher for matching parameters #15342
  • Add saml2Logout Kotlin DSL support #14935
  • Add SecurityContextRepository to Kotlin Reactive DSL #15013
  • Add setter method for userDetailsChecker in CasAuthenticationProvider(#10277) #15047
  • Add support checking AnyRequestMatcher securityFilterChains #15221
  • Add support configuring OAuth2AuthorizationRequestResolver as bean #15237
  • Add support remember-me cookie customization #15203
  • Adds missing translated messages for PT-BR #15181
  • Adjust DefaultSecurityFilterChain Logging Level and Simplify Filter Logging #15096
  • Clarify the behavior of Concurrent Session Management when an IdP is involved #15206
  • CSRF example for Single-Page Apps could be improved #15105
  • Deprecate authorizeRequests from Kotlin DSL #15173
  • Deprecate OpenSamlRelyingPartyRegistration #15343
  • Description of securityMatcher and multiple filter chains has now more details #15029
  • Document the role of CredentialsContainer #15322
  • Expose user name attribute name in OAuth2UserAuthority #15012
  • LDAP bind failures due to invalid credentials don't cause AuthenticationFailure events to be fired #3834
  • Mention all required dependencies in LDAP documentation #15246
  • OIDC Backchannel Logout should allow logout tokens having typ header of logout+jwt #15003
  • Remove Deprecated Usages for Spring LDAP #15274
  • SAML metadata Content-Type should be application/samlmetadata+xml #15147
  • Support GrantedAuthorityDefaults Bean in authorizeHttpRequests Kotlin DSL #15171
  • Support RoleHierarchy Bean in authorizeHttpRequests Kotlin DSL #15136
  • Support signing SAML metadata #14916
  • Update Kotlin example for MockMvc and Spring Security #15177
  • Update the OAuth2 jwt and opaque Resource Server documentation #15362
  • Use Javadoc macro #15386

🪲 Bug Fixes

  • Assert WebSession is not null #15180
  • Docs: Fix import for reactive example with Kotlin DSL #15200
  • Fix Compromised Password Checker Docs Sample Not Working #15306
  • Fix Java example in multitenanci.adoc #15164
  • Fix link in the In-Memory Authentication documentation #14689
  • Fix malformed list in "Using Method Parameters" documentation #15325
  • Fix typos and formatting in documentation #15353
  • Fix wrong explanation for @PostAuthorize annotation #15222
  • Resolving invalid CSRF token values is not consistent #15187
  • The docs reference #7537 which is closed #15263

🔨 Dependency Upgrades

  • Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #15158
  • Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs #15332
  • Bump com.fasterxml.jackson:jackson-bom from 2.17.1 to 2.17.2 #15371
  • Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 #15370
  • Bump com.gradle.develocity from 3.17.4 to 3.17.5 #15242
  • Bump Gradle Wrapper from 8.7 to 8.8 #15188
  • Bump io-spring-javaformat from 0.0.41 to 0.0.42 #15214
  • Bump io.projectreactor:reactor-bom from 2023.0.7 to 2023.0.8 #15387
  • Bump org-apache-maven-resolver from 1.9.20 to 1.9.21 #15369
  • Bump org-eclipse-jetty from 11.0.21 to 11.0.22 #15357
  • Bump org.apache.maven:maven-resolver-provider from 3.9.6 to 3.9.7 #15169
  • Bump org.apache.maven:maven-resolver-provider from 3.9.7 to 3.9.8 #15270
  • Bump org.hibernate.orm:hibernate-core from 6.4.8.Final to 6.4.9.Final #15234
  • Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #15190
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.15 to 4.33.16 #15175
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.16 to 4.33.17 #15215
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.17 to 4.33.19 #15259
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.19 to 4.33.20 #15269
  • Bump org.junit:junit-bom from 5.10.2 to 5.10.3 #15313
  • Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 #15334
  • Bump org.springframework.data:spring-data-bom from 2024.0.0 to 2024.0.1 #15258
  • Bump org.springframework.data:spring-data-bom from 2024.0.1 to 2024.0.2 #15420
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.3 to 3.2.4 #15250
  • Bump org.springframework:spring-framework-bom from 6.1.8 to 6.1.9 #15249
  • Bump org.springframework:spring-framework-bom from 6.2.0-M4 to 6.2.0-M5 #15403
  • Upgrade to Spring Framework 6.2.0-M4 #15266

🔩 Build Updates

  • Automate check of expected branch version #15311
  • Bump spring-io/spring-doc-actions from 5a57bcc6a0da2a1474136cf29571b277850432bc to 852920ba3fb1f28b35a2f13201133bc00ef33677 #15289
  • Configure Build to Confirm UnboundId 7 Compatibility #15400
  • Fixing URL on README #15350

❤️ Contributors

Thank you to all the contributors who worked on this release:

@CrazyParanoid, @Doremi203, @Junhyunny, @Kyoungwoong, @Marcono1234, @Seungpang, @Sti2nd, @abimael-turing, @arey, @baezzys, @caio-henrique, @call-me-baki, @dependabot[bot], @earlgrey02, @filiphr, @github-actions[bot], @juhachmann, @lukasdo, and @mateusscheper

Check out latest releases or
releases around spring-projects/spring-security 6.4.0-M1

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.

Get notifications