spring-projects/spring-security 6.5.0-M1 on GitHub

⭐ New Features

Add @AuthenticationPrincipal/@CurrentSecurityContext Interface Support for Expression Templates #16201
Add ClientRegistration.clientSettings.requireProofKey to Enable PKCE #16386
Add support checking same security matchers #16186
Add Support disableDefaultRegistrationPage to WebAuthnDsl #16404
Add support fullyAuthenticated to Kotlin DSL #16190
Add Support JDBC Repositories For WebAuthn #16282
Add Support OAuth2AuthorizationRequestResolver As Bean #16381
Add UserDetailsService Constructor #15984
Add WebAuthnConfigurer HttpMessageConverter Support #16397
Added a constant for DPOP in OAuth2AccessToken.TokenType #16087
Allow configuring custom ServerHttpHeadersWriter for Kotlin DSL #16136
Avoid unnecessary instantiation of HttpSecurity #16370
Consider making the constructor of OAuth2AccessToken.TokenType public #16086
Customize Redirect URI in OidcClientInitiatedServerLogoutSuccessHandler #14808
Documentation code snippets should consistently use joint tabs for java, kotlin, & XML #16228
Fix OAuth reference documentation typo #16350
Redirect using a relative URL #7273
Set PublicKeyCredentialCreationOptionsRepository by DSL or Bean #16396
Suggest replacing size() == 0 with isEmpty() for collection check #16428
Support Determining Max Sessions by Authentication #16218
Use relative URLs in /login redirects #14714

Encode clientId and clientSecret for OpaqueTokenIntrospector and ReactiveOpaqueTokenIntrospector #16008
Fix broken link #16416
Fix broken link to MockMvc documentation #16415
Fix for JdbcOneTimeTokenService cleanupExpiredTokens failing with PostgreSQL #16409
Fix incorrect rendering of SpEL expression example tabs #16343
Fix Kotlin DSL webAuthn { } #16403
Fix logout code snippet for Kotlin #16341
Fix missing space in documentation #16353
Fix WebAuthnWebdriverTests #16283
Fixed grammatical mistakes/errors in the docs. #16232
Fixed typo in WebAuthnDsl #16413
Kotlin MVC Integration Docs should use servlet path parameter #16426
method-security: fix invalid Kotlin syntax #16375
Update docs to link to AuthorizationFilter instead of deprecated FilterSecurityInterceptor #16352
Use spring.security prefix instead of security.security #16427
WebAuthn login fails when CredentialsRequestOptions.publicKey.allowCredentials is not empty #16441

Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16 #16366
Bump com.webauthn4j:webauthn4j-core from 0.28.3.RELEASE to 0.28.4.RELEASE #16356
Bump io.micrometer:micrometer-observation from 1.14.2 to 1.14.3 #16411
Bump io.mockk:mockk from 1.13.14 to 1.13.16 #16402
Bump io.projectreactor:reactor-bom from 2023.0.13 to 2023.0.14 #16419
Bump org-bouncycastle from 1.79 to 1.80 #16418
Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 #16447
Bump org.hibernate.orm:hibernate-core from 6.6.4.Final to 6.6.5.Final #16448
Bump org.htmlunit:htmlunit from 4.7.0 to 4.8.0 #16401
Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.10.0 to 1.10.1 #16333
Bump org.junit:junit-bom from 5.11.3 to 5.11.4 #16293
Bump org.mockito:mockito-bom from 5.14.2 to 5.15.2 #16360
Bump org.springframework.data:spring-data-bom from 2024.1.1 to 2024.1.2 #16449
Bump org.springframework:spring-framework-bom from 6.2.1 to 6.2.2 #16435

Thank you to all the contributors who worked on this release: