spring-projects/spring-security 6.5.0-M2 on GitHub

⭐ New Features

Add FormPostRedirectStrategy to enable POST OIDC Logout #16214
Add HttpStatusAccessDeniedHandler #16502
Add support for OAuth 2.0 Demonstrating Proof of Possession (DPoP) #16574
Add Support GenerateOneTimeTokenRequestResolver #16297
Add Support ServerGenerateOneTimeTokenRequestResolver #16489
Consistently NonNull annotation #16587
Consistently Spring Security javadocs #16586
Display default login page with only one-time token login #16414
Generic error message in Log In page and debug messages #16575
Lazily compose debug message in AbstractUserDetailsAuthenticationProv… #16513
Make PublicKeyCredentialRequestOptions Serializable #16438
One time token authentication filter should be its own class #16539
One Time Token login registers the default login page #16480
Polish OneTimeTokenLoginConfigurer #16468
Refactor authorization manager variable naming #16559
Remove Deprecated Usages of RemoteJWKSet #16537
Support JWK Selection Strategy in NimbusJwtEncoder #16570
Update DelegatingPasswordEncoder.java #16479
Update reference Spring Framwork links #16564
Update settings.gradle to correct the behavior if creating a new subproject with default buildFile name #16387
Update UsernameNotFoundException message #16508

Fix javadoc typo onResponseCommmitted-> onResponseCommitted #16535
Fix loader has changed while resolving nodes in WebAuthnWebDriverTests #16464
Fix RestClient Documentation Header #16562
Fix serializeCurrentVersionClasses #16443
Fixed assertion in DefaultGenerateOneTimeTokenRequestResolver #16507
GenerateOneTimeTokenWebFilter triggers double execution of the downstream WebFilterChain #16465
Implement Serializable for WebAuthnAuthentication #16474
Misconfigured OAuth2LoginAuthenticationFilter when combining OAuth2 login and OAuth2 client configuration #16467
OTT Should Use non-static member to capture the last OneTimeToken #16472
OTT Tests should use mocks instead of comparing expires #16515

Bump com.github.ben-manes:gradle-versions-plugin from 0.51.0 to 0.52.0 #16475
Bump com.google.code.gson:gson from 2.12.0 to 2.12.1 #16511
Bump com.nimbusds:oauth2-oidc-sdk from 9.43.5 to 9.43.6 #16593
Bump com.webauthn4j:webauthn4j-core from 0.28.4.RELEASE to 0.28.5.RELEASE #16522
Bump esbuild from 0.23.0 to 0.25.0 in /javascript #16580
Bump io.freefair.gradle:aspectj-plugin from 8.12 to 8.12.1 #16531
Bump io.micrometer:micrometer-observation from 1.14.3 to 1.14.4 #16568
Bump io.projectreactor:reactor-bom from 2023.0.14 to 2023.0.15 #16578
Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 #16532
Bump org.hibernate.orm:hibernate-core from 6.6.7.Final to 6.6.8.Final #16609
Bump org.htmlunit:htmlunit from 4.8.0 to 4.9.0 #16469
Bump org.seleniumhq.selenium:htmlunit3-driver from 4.27.0 to 4.28.0 #16476
Bump org.seleniumhq.selenium:selenium-java from 4.28.0 to 4.28.1 #16477
Bump org.springframework.data:spring-data-bom from 2024.1.2 to 2024.1.3 #16608
Bump org.springframework.ldap:spring-ldap-core from 3.2.10 to 3.2.11 #16592
Bump org.springframework:spring-framework-bom from 6.2.2 to 6.2.3 #16591
Bump serialize-javascript and mocha in /javascript #16581

Add GenerateOneTimeTokenFilterTests #16327
Add TestBytes #16462
Bump @springio/asciidoctor-extensions from 1.0.0-alpha.14 to 1.0.0-alpha.16 in /docs #16518

Thank you to all the contributors who worked on this release: