github spring-projects/spring-security 6.5.0-M3
on GitHub

latest releases: 6.3.8, 6.4.4
pre-releaseone day ago

⭐ New Features

  • Add HttpsRedirectFilter #16678
  • Add BadCredentialsException to OneTimeTokenAuthenticationProvider #16506
  • Add customizable RowMappers for user details and authorities in JdbcUserDetailsManager #16561
  • Add JwtAudienceValidator #16682
  • Add page section to migration-7 #16663
  • Add PathPatternRequestMatcher #16499
  • Add PathPatternRequestMatcher #16429
  • Add SingleResultAuthorizationManager #16612
  • Add support for automatic context-propagation with Micrometer #16665
  • Add Support ServerFormPostRedirectStrategy #16551
  • Add Type Validator #16672
  • Allow at+jwt, according to RFC-9068 #13186
  • Deprecate ChannelDecisionManager and components #16681
  • Deprecate ChannelSecurityConfigurer and components #16680
  • JwtDecoders should support issuer hostnames containing underscores #15853
  • Make DefaultOneTimeToken Serializable #16618
  • Polish AbstractAuthenticationTargetUrlRequestHandler #16557
  • Refactored Http403ForbiddenEntryPoint to use HttpStatus.FORBIDDEN.value #16616
  • Replace HttpSecurity#requiresChannel with HttpSecurity#redirectToHttps #16679
  • Use PortResolver Beans by Default #16664

🪲 Bug Fixes

  • Add missing migration-7/web.adoc to nav.adoc #16661
  • Add testRuntimeOnly junit-platform-launcher #16757
  • Disable Flaky WebAuthnWebDriverTests #16754
  • Fix JdbcUserCredentialRepository Save #16621
  • Fix ordering for security filter configuration #16558
  • Fix source type of migration-7/web.adoc #16662

🔨 Dependency Upgrades

  • Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.17 #16654
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.2 to 2.18.3 #16689
  • Bump com.webauthn4j:webauthn4j-core from 0.28.5.RELEASE to 0.28.6.RELEASE #16690
  • Bump io.freefair.gradle:aspectj-plugin from 8.12.2.1 to 8.13 #16723
  • Bump io.micrometer:micrometer-observation from 1.14.4 to 1.14.5 #16716
  • Bump io.mockk:mockk from 1.13.16 to 1.13.17 #16674
  • Bump io.projectreactor:reactor-bom from 2023.0.15 to 2023.0.16 #16722
  • Bump org.hibernate.orm:hibernate-core from 6.6.10.Final to 6.6.11.Final #16745
  • Bump org.htmlunit:htmlunit from 4.9.0 to 4.10.0 #16639
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.23 to 4.34.1 #16671
  • Bump org.junit:junit-bom from 5.11.4 to 5.12.0 #16643
  • Bump org.junit:junit-bom from 5.11.4 to 5.12.1 #16744
  • Bump org.mockito:mockito-bom from 5.16.0 to 5.16.1 #16746
  • Bump org.seleniumhq.selenium:htmlunit3-driver from 4.28.0 to 4.29.0 #16641
  • Bump org.seleniumhq.selenium:selenium-java from 4.28.1 to 4.29.0 #16625
  • Bump org.slf4j:slf4j-api from 2.0.16 to 2.0.17 #16653
  • Bump org.springframework:spring-framework-bom from 6.2.3 to 6.2.4 #16736

🔩 Build Updates

  • Bump @springio/antora-extensions from 1.14.2 to 1.14.4 in /docs #16636
  • Deprecate PortResolver #15972

❤️ Contributors

Thank you to all the contributors who worked on this release:

@big-cir, @bodograumann, @dependabot[bot], @franticticktick, @jzheaux, @matthewgreene, @vpavic, @yelm-212, and @ymajoros

Check out latest releases or
releases around spring-projects/spring-security 6.5.0-M3

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.

Get notifications