spring-projects/spring-security 6.4.3 on GitHub

⭐ New Features

withValue used incorrectly #16527
Fix for JdbcOneTimeTokenService cleanupExpiredTokens failing with PostgreSQL #16344
Fix GenerateOneTimeTokenWebFilter double publish of chain.filter(...) #16459
Fix Kotlin DSL webAuthn { } #16338
Fix loader has changed while resolving nodes in WebAuthnWebDriverTests #16463
Fix logoutRequestRepository not set on Saml2RelyingPartyInitiatedLogoutSuccessHandler #16310
Implement Serializable for WebAuthnAuthentication #16285
Make AuthorizationDecision Serializable #16544
Make PublicKeyCredentialRequestOptions Serializable Backport #16584
Make Saml2AuthenticationToken Serializable #16287
Make WebAuthnAuthentication Serializable #16273
Make WebAuthnAuthenticationRequestToken Serializable #16602
Make WebAuthnAuthenticationTokenRequest Serializable #16481
Misconfigured OAuth2LoginAuthenticationFilter when combining OAuth2 login and OAuth2 client configuration #16466
OTT Should Use non-static member to capture the last OneTimeToken #16471
webauthn js should ensure allowCredentials[].id is an ArrayBuffer #16440

Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16 #16364
Bump com.nimbusds:oauth2-oidc-sdk from 9.43.5 to 9.43.6 #16598
Bump com.webauthn4j:webauthn4j-core from 0.28.4.RELEASE to 0.28.5.RELEASE #16523
Bump io.micrometer:micrometer-observation from 1.14.3 to 1.14.4 #16565
Bump io.mockk:mockk from 1.13.14 to 1.13.16 #16399
Bump io.projectreactor:reactor-bom from 2023.0.14 to 2023.0.15 #16576
Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 #16534
Bump org.hibernate.orm:hibernate-core from 6.6.7.Final to 6.6.8.Final #16610
Bump org.junit:junit-bom from 5.11.3 to 5.11.4 #16292
Bump org.springframework.data:spring-data-bom from 2024.1.2 to 2024.1.3 #16611
Bump org.springframework.ldap:spring-ldap-core from 3.2.10 to 3.2.11 #16597
Bump org.springframework:spring-framework-bom from 6.2.2 to 6.2.3 #16599
Update to oauth2-oidc-sdk 9.43.5 #16583

Thank you to all the contributors who worked on this release: