github spring-projects/spring-security 6.4.0-M2
on GitHub

latest releases: 6.4.0-RC1, 5.7.13, 5.8.15...
pre-release2 months ago

⭐ New Features

  • (Spring Boot 2.7->3.2) Duplicate @PreAuthorize annotation error across class hierarchy #15097
  • Add @FunctionalInterface to AuthenticationManager #15441
  • Add RestClient interceptor #15437
  • Add AssertingPartyMetadataRepository #15349
  • Add AuthorizationDeniedException(String) constructor #15607
  • Add methods to augment allowed headers and parameters in StrictHttpFi… #15048
  • Bad return type for HeadersConfigurer#permissionsPolicy method with customizer #14803
  • Fix NPE when nameAttributeValue is null (#15338) #15407
  • Improve @AuthenticationPrincipal meta-annotations #15344
  • Improve @CurrentSecurityContext meta-annotations #15553
  • Inline CSS for default login and logout page #15303
  • Method Annotations Should Support @AliasFor #15436
  • Preserve custom user type in InMemoryUserDetailsManager #15498
  • RelyingPartyRegistrations typically produces unusable registrationId #15017
  • Validate asserting party metadata signature #12116

🪲 Bug Fixes

  • @DeniedHandler should not require an ApplicationContext to function #15496
  • AuthorizationAnnotationUtils.findUniqueAnnotation is broken when interface is inherited #13490
  • EnableMethodSecurity should publish only one bean of each AuthorizationAdvisor #15608

🔨 Dependency Upgrades

  • Bump ch.qos.logback:logback-classic from 1.5.6 to 1.5.7 #15621
  • Bump com.google.code.gson:gson from 2.10.1 to 2.11.0 #15575
  • Bump io.freefair.gradle:aspectj-plugin from 8.6 to 8.7.1 #15586
  • Bump io.micrometer:micrometer-observation from 1.12.8 to 1.13.3 #15585
  • Bump io.mockk:mockk from 1.13.11 to 1.13.12 #15429
  • Bump io.projectreactor:reactor-bom from 2023.0.8 to 2023.0.9 #15600
  • Bump jakarta-websocket from 2.1.1 to 2.2.0 #15573
  • Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.0 to 3.0.1 #15587
  • Bump jakarta.servlet:jakarta.servlet-api from 6.0.0 to 6.1.0 #15576
  • Bump org-apache-maven-resolver from 1.9.21 to 1.9.22 #15548
  • Bump org.apache.maven:maven-resolver-provider from 3.9.8 to 3.9.9 #15641
  • Bump org.assertj:assertj-core from 3.25.3 to 3.26.3 #15577
  • Bump org.gretty:gretty from 4.1.4 to 4.1.5 #15428
  • Bump org.hibernate.orm:hibernate-core from 6.4.10.Final to 6.6.0.Final #15603
  • Bump org.hibernate.orm:hibernate-core from 6.4.9.Final to 6.4.10.Final #15531
  • Bump org.htmlunit:htmlunit from 4.1.0 to 4.4.0 #15612
  • Bump org.jetbrains.kotlin:kotlin-bom from 1.9.24 to 1.9.25 #15453
  • Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.24 to 1.9.25 #15454
  • Bump org.junit:junit-bom from 5.10.3 to 5.11.0 #15610
  • Bump org.mockito:mockito-bom from 5.11.0 to 5.12.0 #15584
  • Bump org.seleniumhq.selenium:htmlunit3-driver from 4.20.0 to 4.23.0 #15574
  • Bump org.seleniumhq.selenium:selenium-java from 4.20.0 to 4.23.1 #15602
  • Bump org.slf4j:slf4j-api from 2.0.13 to 2.0.14 #15532
  • Bump org.slf4j:slf4j-api from 2.0.13 to 2.0.15 #15547
  • Bump org.slf4j:slf4j-api from 2.0.15 to 2.0.16 #15569
  • Bump org.springframework.data:spring-data-bom from 2024.0.2 to 2024.0.3 #15640
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.4 to 3.2.6 #15622
  • Bump org.springframework:spring-framework-bom from 6.2.0-M5 to 6.2.0-M6 #15443
  • Bump org.springframework:spring-framework-bom from 6.2.0-M6 to 6.2.0-M7 #15611

🔩 Build Updates

  • Bump @antora/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs #15448
  • Bump @antora/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs #15485
  • Bump @antora/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs #15564
  • Bump @antora/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs #15634
  • Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs #15520
  • Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs #15565
  • Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs #15635
  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs #15519
  • Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs #15483
  • Bump com.gradle.develocity from 3.17.5 to 3.17.6 #15462
  • Bump io-spring-javaformat from 0.0.42 to 0.0.43 #15646
  • Fix code formatting in documentation #15572
  • Migrate slack notifications to GChat #15506
  • Remove duplicated "the" in JavaDoc #15469
  • Update spring-test to Mock TestContext in Tests #15579

❤️ Contributors

Thank you to all the contributors who worked on this release:

@HyoJongPark, @Kehrlann, @MrJovanovic13, @baezzys, @benelog, @crusherd, @dependabot[bot], @jzheaux, @kse-music, @pongdangx2, and @sjohnr

Check out latest releases or
releases around spring-projects/spring-security 6.4.0-M2

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.

Get notifications