spring-projects/spring-security 7.0.1 on GitHub

⭐ New Features

An unexpected dependency appeared for spring-security-config of spring-security-web #18307
Fix "typ" header value in NimbusJwtEncoder-encoded JWT #18270
Fix broken link to Spring Boot docs #18236
Fix documentation resource server sample title #18231
Fix MyCustomDsl to use csrf(Customizer) instead of removed csrf().disabled() #18223
Fix typo in AnnotationTemplateExpressionDefaults documentation #18255
Fix typos in documentation depenendencies->dependencies #18209
NimbusJwtEncoder produces JWT with wrong "typ" header value #18269
OAuth2AuthorizationEndpointFilter should be applied after AuthorizationFilter #18251
Remove requireProofKey warning for non-auth-code flows #18221
Remove throws from MyCustomDsl in docs #18224

Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 #18214
Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 #18311
Bump com.fasterxml.jackson:jackson-bom from 2.20.0 to 2.20.1 #18245
Bump com.unboundid:unboundid-ldapsdk from 7.0.3 to 7.0.4 #18262
Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #18189
Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 #18277
Bump io.mockk:mockk from 1.14.6 to 1.14.7 #18274
Bump io.projectreactor:reactor-bom from 2025.0.0 to 2025.0.1 #18289
Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.13 #18187
Bump org-aspectj from 1.9.24 to 1.9.25 #18186
Bump org.apache.kerby:kerb-simplekdc from 2.1.0 to 2.1.1 #18215
Bump org.junit:junit-bom from 6.0.0 to 6.0.1 #18188
Bump org.springframework.data:spring-data-bom from 2025.1.0 to 2025.1.1 #18312
Bump org.springframework:spring-framework-bom from 7.0.0 to 7.0.1 #18213
Bump org.springframework:spring-framework-bom from 7.0.1 to 7.0.2 #18310
Bump tools.jackson:jackson-bom from 3.0.1 to 3.0.2 #18212
Bump tools.jackson:jackson-bom from 3.0.2 to 3.0.3 #18244

Thank you to all the contributors who worked on this release: