github spring-projects/spring-security 6.4.2
on GitHub

one day ago

⭐ New Features

  • Add 6.4 Sample Serializations for Serializable classes #16274
  • Add @inheritDoc to sessionIdChanged method #16216
  • Fix typo in oauth2 resource server documentation #16053
  • Fixed confusing phrasing in the docs for a better clarity. #16169
  • Improve AuthorizationManager configuration error messages #16194
  • Polish #16148
  • Use Documentation Tags for Maven and Gradle in Getting Started #16234
  • Add WebDriver WebAuthn test #15969

🪲 Bug Fixes

  • Add Deprecated ObjectPostProcessor constructor #16212
  • Add RuntimeHints for webauthn Javascript resource #16159
  • Always return current ClientRegistration in loadAuthorizedClient #16139
  • Avoid requesting an unnecessary attestation statement when creating a webauthn credential #16252
  • CI is not using the correct secret for Develocity #16263
  • Dark mode rendering issue with images on CSRF and Method Security pages #16176
  • DefaultSaml2AuthenticatedPrincipal should define a serialVersionUID #16163
  • Delay initialization of AuthenticationProvider in Global Authentication #16147
  • Fix Documentation Typos #16054
  • Correct OAuth2ClientHttpRequestInterceptor Usage Documentation #16172
  • Fix Typo in 'What's New' Documentation #16183
  • Fix WebAuthnWebdriverTests #16279
  • Correct OpenSAML 5.x Documentation #16195
  • Issue when using @AuthenticationPrincipal on interfaces #16177
  • Mutate breaks functionality of StrictFirewallHttpHeaders with recently modified HttpHeaders#writabeHttpHeaders #16261
  • Remove duplicate cache in AuthenticationPrincipalArgumentResolverand CurrentSecurityContextArgumentResolver #16202
  • Resolve ObjectPostProcessor collisions between RSocket and WebFlux security configuration #16161
  • Restore @AuthenticationPrincipal/@CurrentSecurityContext Interface Support #16245
  • Restore Servlet 5 Compatiblity for CookieCsrfTokenRepository #16220
  • Spelling error in opensaml.adoc #16146
  • Update document regarding PublicKeyCredentialCreationOptions.attestation value #16264
  • Verification Options Should Return Saved Transports for Credentials #16084

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.1 to 2.18.2 #16184
  • Bump com.webauthn4j:webauthn4j-core from 0.28.2.RELEASE to 0.28.3.RELEASE #16203
  • Bump io.micrometer:micrometer-observation from 1.14.1 to 1.14.2 #16255
  • Bump io.projectreactor:reactor-bom from 2023.0.12 to 2023.0.13 #16256
  • Bump org.gradle.wrapper-upgrade from 0.11.4 to 0.12 #16209
  • Bump org.gretty:gretty from 4.1.5 to 4.1.6 #16247
  • Bump org.hibernate.orm:hibernate-core from 6.6.2.Final to 6.6.3.Final #16145
  • Bump org.htmlunit:htmlunit from 4.6.0 to 4.7.0 #16205
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.22 to 4.33.23 #16180
  • Bump org.seleniumhq.selenium:htmlunit3-driver from 4.26.0 to 4.27.0 #16204
  • Bump org.seleniumhq.selenium:selenium-java from 4.26.0 to 4.27.0 #16167
  • Bump org.springframework.data:spring-data-bom from 2024.1.0 to 2024.1.1 #16290
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.8 to 3.2.10 #16270
  • Bump org.springframework:spring-framework-bom from 6.2.0 to 6.2.1 #16271

🔩 Build Updates

  • Bump @antora/collector-extension from 1.0.0 to 1.0.1 in /docs #16239
  • Bump antora from 3.2.0-alpha.6 to 3.2.0-alpha.8 in /docs #16237
  • Bump gradle/gradle-build-action from 2 to 3 #16278
  • Remove 5.8.x and 6.2.x dependabot configuration #16268
  • Remove 5.8.x from Auto Merge Forward Dependabot PRs #15770

❤️ Contributors

Thank you to all the contributors who worked on this release:

@12OneTwo12, @Kehrlann, @MuhammadNFadhil, @OrangeDog, @Spikhalskiy, @dependabot[bot], @harpreets789, @kse-music, @martin-tarjanyi, @ngocnhan-tran1996, and @ynojima

Check out latest releases or
releases around spring-projects/spring-security 6.4.2

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.

Get notifications