github spring-projects/spring-security 6.4.0-M4
on GitHub

latest releases: 6.4.0-RC1, 5.7.13, 5.8.15...
pre-releaseone month ago

⭐ New Features

  • Abstract Common Code in UnmodifiableListDeserializer and UnmodifiableSetDeserializer #15673
  • Add API for Registering Security Hints #15772
  • Add cookie customizer to CookieRequestCache #15685
  • Add DefaultResourcesFitler to XML configuration #15790
  • Add One-Time Token Login support to Kotlin DSL #15727
  • Add RestClient implementations #15337
  • Add Support for One-Time Token Login #15114
  • Cache Annotation Lookups #15799
  • Consider adding RestClient implementations of OAuth2AccessTokenResponseClient #15298
  • Deprecate default OAuth2AccessTokenResponseClients in favor of RestClient-based ones #15737
  • Document how to configure One-Time Token TTL #15743
  • EnableReactiveMethodSecurity Supports Custom MethodSecurityExpressionHandler #15719
  • Fix adding more implied roles in the RoleHierarchy Builder. #15717
  • Include FilterChain on SessionInformationExpiredEvent to allow continuing the request #14077
  • Make OidcSessionRegistry Configurable in Kotlin #15814
  • Oidc Logout Improvements #15540
  • Pick Up OidcSessionRegistry bean in OIDC Configuration #15813
  • Polish OneTimeTokenLogin #15750
  • Provide Runtime Hints for Beans used in Pre/PostAuthorize Expressions #15794
  • Remove the need for @JsonSerialize when serializing authorization proxy objects with Jackson #15687
  • Remove trailing spaces in default UIs #15791
  • Serve static resources (JS, CSS) from dedicated filter #15723
  • Throw AuthorizationDeniedException when AuthorizationResult is available #15706
  • Use HTML templating in default UIs #15580

🪲 Bug Fixes

  • Correct Title in logout.adoc #15736
  • Disabling credentials erasure on custom AuthenticationManager is not working #15809
  • Fix getBeansWithName in global authentication configurers #15781
  • Fix variable targetClassToUse is not passed into the synthesize method #15568
  • Fixed typo in the Servlet API Integration documentation #15691
  • Fixed typos in the Servlet and Reactive Observability documents #15692
  • Hardcode ott-username input name in DefaultLoginPageGeneratingFilter #15740
  • SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #15768

🔨 Dependency Upgrades

  • Bump ch.qos.logback:logback-classic from 1.5.7 to 1.5.8 #15762
  • Bump com.gradle.develocity from 3.17.6 to 3.18 #15682
  • Bump io.micrometer:micrometer-observation from 1.13.3 to 1.13.4 #15777
  • Bump io.projectreactor:reactor-bom from 2023.0.9 to 2023.0.10 #15787
  • Bump io.spring.develocity.conventions from 0.0.20 to 0.0.21 #15795
  • Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.1 to 3.0.2 #15695
  • Bump org-eclipse-jetty from 11.0.23 to 11.0.24 #15732
  • Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.8.1 to 1.9.0 #15810
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.21 to 4.33.22 #15763
  • Bump org.mockito:mockito-bom from 5.12.0 to 5.13.0 #15703
  • Bump org.seleniumhq.selenium:selenium-java from 4.23.1 to 4.24.0 #15708
  • Bump org.springframework.data:spring-data-bom from 2024.0.3 to 2024.0.4 #15811
  • Bump org.springframework:spring-framework-bom from 6.2.0-M7 to 6.2.0-RC1 #15801

🔩 Build Updates

  • Bump @springio/asciidoctor-extensions from 1.0.0-alpha.12 to 1.0.0-alpha.13 in /docs #15755
  • Check samples is stuck on an old snapshot dependency #15798
  • Update Spring Boot links #15720

❤️ Contributors

Thank you to all the contributors who worked on this release:

@CrazyParanoid, @Kehrlann, @dependabot[bot], @fb64, @hyunmin0317, @jzheaux, @kse-music, @marcusdacoregio, @ngocnhan-tran1996, @nielsbasjes, @sjohnr, and @ximinghui

Check out latest releases or
releases around spring-projects/spring-security 6.4.0-M4

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.

Get notifications