⭐ New Features
- Abstract Common Code in
UnmodifiableListDeserializerandUnmodifiableSetDeserializer#15673 - Add API for Registering Security Hints #15772
- Add cookie customizer to CookieRequestCache #15685
- Add DefaultResourcesFitler to XML configuration #15790
- Add One-Time Token Login support to Kotlin DSL #15727
- Add RestClient implementations #15337
- Add Support for One-Time Token Login #15114
- Cache Annotation Lookups #15799
- Consider adding
RestClientimplementations ofOAuth2AccessTokenResponseClient#15298 - Deprecate default
OAuth2AccessTokenResponseClients in favor ofRestClient-based ones #15737 - Document how to configure One-Time Token TTL #15743
- EnableReactiveMethodSecurity Supports Custom MethodSecurityExpressionHandler #15719
- Fix adding more implied roles in the RoleHierarchy Builder. #15717
- Include FilterChain on SessionInformationExpiredEvent to allow continuing the request #14077
- Make OidcSessionRegistry Configurable in Kotlin #15814
- Oidc Logout Improvements #15540
- Pick Up OidcSessionRegistry bean in OIDC Configuration #15813
- Polish OneTimeTokenLogin #15750
- Provide Runtime Hints for Beans used in Pre/PostAuthorize Expressions #15794
- Remove the need for
@JsonSerializewhen serializing authorization proxy objects with Jackson #15687 - Remove trailing spaces in default UIs #15791
- Serve static resources (JS, CSS) from dedicated filter #15723
- Throw AuthorizationDeniedException when AuthorizationResult is available #15706
- Use HTML templating in default UIs #15580
🪲 Bug Fixes
- Correct Title in logout.adoc #15736
- Disabling credentials erasure on custom AuthenticationManager is not working #15809
- Fix getBeansWithName in global authentication configurers #15781
- Fix variable targetClassToUse is not passed into the synthesize method #15568
- Fixed typo in the Servlet API Integration documentation #15691
- Fixed typos in the Servlet and Reactive Observability documents #15692
- Hardcode ott-username input name in DefaultLoginPageGeneratingFilter #15740
- SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #15768
🔨 Dependency Upgrades
- Bump ch.qos.logback:logback-classic from 1.5.7 to 1.5.8 #15762
- Bump com.gradle.develocity from 3.17.6 to 3.18 #15682
- Bump io.micrometer:micrometer-observation from 1.13.3 to 1.13.4 #15777
- Bump io.projectreactor:reactor-bom from 2023.0.9 to 2023.0.10 #15787
- Bump io.spring.develocity.conventions from 0.0.20 to 0.0.21 #15795
- Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.1 to 3.0.2 #15695
- Bump org-eclipse-jetty from 11.0.23 to 11.0.24 #15732
- Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.8.1 to 1.9.0 #15810
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.21 to 4.33.22 #15763
- Bump org.mockito:mockito-bom from 5.12.0 to 5.13.0 #15703
- Bump org.seleniumhq.selenium:selenium-java from 4.23.1 to 4.24.0 #15708
- Bump org.springframework.data:spring-data-bom from 2024.0.3 to 2024.0.4 #15811
- Bump org.springframework:spring-framework-bom from 6.2.0-M7 to 6.2.0-RC1 #15801
🔩 Build Updates
- Bump
@springio/asciidoctor-extensions from 1.0.0-alpha.12 to 1.0.0-alpha.13 in /docs #15755 - Check samples is stuck on an old snapshot dependency #15798
- Update Spring Boot links #15720
❤️ Contributors
Thank you to all the contributors who worked on this release:
@CrazyParanoid, @Kehrlann, @dependabot[bot], @fb64, @hyunmin0317, @jzheaux, @kse-music, @marcusdacoregio, @ngocnhan-tran1996, @nielsbasjes, @sjohnr, and @ximinghui