⭐ New Features
- Add ExpressionTemplateValueProvider #17448
- Add META-INF/LICENSE.txt to published jars #17640
- Add OAuth2User to OidcUser Conversion Params #17626
- Apply missing diamond operators #17310
- Clarify instructional nature when when withDefaultPasswordEncoder is used in documentation #17624
- Correct
@NonNulland@Nullablepackage name #17512 - Enable Null checking in spring-security-core via JSpecify #17534
- Enable Null checking in spring-security-crypto via JSpecify #17533
- Extract spring-security-webauthn #17586
- Improve authoritiesClaimName validation in JwtGrantedAuthoritiesConverter #17247
- Improve Spring Boot's integration with PathPatternRequestMatcher.Builder #17746
- Make stricter IP format check in
IpAddressMatcher#17500 - Polish document #17654
- Polish ExpressionTemplateValueProvider JavaDoc #17666
- Remove OpenSAML 4 support #17707
- Replace "shameless coverage code" in SecurityNamespaceHandlerTests with meaningful tests #17689
- Simplify error message for unsupported Security XSD versions #17488
- Use 2004-present Copyright #17635
🪲 Bug Fixes
- AuthorizationManager null safety annotation on generic type is incorrectly specified #17667
- OpenSamlAssertingPartyDetails Should Be Serializable #17728
🔨 Dependency Upgrades
- Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2 #17589
- Bump com.nimbusds:oauth2-oidc-sdk from 11.26 to 11.26.1 #17644
- Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17700
- Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17681
- Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #17657
- Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #17697
- Bump io.projectreactor:reactor-bom from 2025.0.0-M5 to 2025.0.0-M6 #17703
- Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #17619
- Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #17590
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #17725
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17620
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #17588
- Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.1 to 0.0.2 #17591
- Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #17743
- Bump org-opensaml5 from 5.1.2 to 5.1.5 #17734
- Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17691
- Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17679
- Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17670
- Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17618
- Bump org.gretty:gretty from 4.1.6 to 4.1.7 #17587
- Bump org.hibernate.orm:hibernate-core from 7.0.6.Final to 7.0.8.Final #17649
- Bump org.hibernate.orm:hibernate-core from 7.0.8.Final to 7.0.10.Final #17693
- Bump org.hibernate.orm:hibernate-core from 7.0.8.Final to 7.0.10.Final #17678
- Bump org.hibernate.orm:hibernate-core from 7.0.8.Final to 7.0.9.Final #17658
- Bump org.jetbrains.kotlin:kotlin-bom from 2.2.0 to 2.2.10 #17721
- Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 2.2.0 to 2.2.10 #17719
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2 #17648
- Bump org.springframework.data:spring-data-bom from 2025.1.0-M4 to 2025.1.0-M5 #17740
- Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17722
- Bump org.springframework:spring-framework-bom from 7.0.0-M7 to 7.0.0-M8 #17724
- Support UnboundID LDAP SDK 7.0 #14772
🔩 Build Updates
- Bump
@antora/collector-extension from 1.0.1 to 1.0.2 in /docs #17712 - Bump
@springio/antora-extensions from 1.14.6 to 1.14.7 in /docs #17564 - Bump antora from 3.2.0-alpha.8 to 3.2.0-alpha.9 in /docs #17714
- Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2 #17617
- Update to UnboundID 7.0.3 #17730
❤️ Contributors
Thank you to all the contributors who worked on this release:
@DeepDhamala, @chanbinme, @mheath, @ml054, @ngocnhan-tran1996, @seongm1n, and @therepanic