github spring-projects/spring-security 7.1.0-M2
on GitHub

pre-releaseone day ago

⭐ New Features

  • Fail on compiler warnings for spring-security-javascript #18569
  • TestingAuthenticationToken.credentials should be @Nullable #18615
  • Ability to configure authenticationDetailsSource in AnonymousConfigurer #17878
  • Add @Nullable to changePassword parameters in UserDetailsManager #18271
  • Add missing @Nullable to setters of Nullable fields #18618
  • Create Checkstyle Rules for Nullability Usage #18564
  • Document RegisteredClient.ClientSettings #18614
  • Enable Null checking in spring-security-ldap via JSpecify #17818
  • Enable Null checking in spring-security-oauth2-core via JSpecify #17820
  • Fail on compiler warnings for spring-security-access #18555
  • Fail on compiler warnings for spring-security-acl #18557
  • Fail on compiler warnings for spring-security-bom #18576
  • Fail on compiler warnings for spring-security-dependencies #18568
  • Fail on compiler warnings for spring-security-kerberos-client #18570
  • Fail on compiler warnings for spring-security-taglibs #18578
  • Fail spring-security-cas on javadoc warnings #18517
  • Fail spring-security-ldap on javadoc warnings #18547
  • Fail spring-security-messaging on javadoc warnings #18546
  • Fail spring-security-oauth2-authorization-server on javadoc warnings #18602
  • Fail spring-security-oauth2-core on javadoc warnings #18603
  • Fail spring-security-oauth2-jose on javadoc warnings #18604
  • Fail spring-security-rsocket on javadoc warnings #18605
  • Fail spring-security-saml2-service-provider on javadoc warnings #18606
  • Fail spring-security-taglibs on javadoc warnings #18607
  • Fail spring-security-webauthn on javadoc warnings #18608
  • Fix compiler warnings in spring-security-acl #18626
  • Fix compiler warnings in spring-security-aspects #18581
  • Fix HttpSecurity javadoc formatting #18526
  • Fix javadoc warnings for spring-security-config #18545
  • Fix javadoc warnings for spring-security-data #18532
  • Fix Javadoc warnings in spring-security-crypto #18519
  • Introduce resource_metadata parameter resolver for BearerTokenAuthenticationEntryPoint #18542
  • Null safety via JSpecify spring-security-access #18398
  • Null safety via JSpecify spring-security-acl #18401
  • Null safety via JSpecify spring-security-aspects #18400
  • Null safety via JSpecify spring-security-kerberos #18397
  • Null safety via JSpecify spring-security-kerberos-client #18552
  • Null safety via JSpecify spring-security-kerberos-core #18549
  • Null safety via JSpecify spring-security-kerberos-web #18550
  • Remove @NullUnmarked #18491
  • Remove compiler warnings for spring-security-cas #18579
  • Remove compiler warnings for spring-security-docs #18601
  • Remove compiler warnings for spring-security-kerberos-core #18571
  • Remove compiler warnings for spring-security-kerberos-test #18572
  • Remove compiler warnings for spring-security-kerberos-web #18573
  • Remove compiler warnings for spring-security-messaging #18575
  • Remove compiler warnings for spring-security-oauth2-authorization-server #18562
  • Remove compiler warnings for spring-security-rsocket #18567
  • Remove compiler warnings for spring-security-saml2-service-provider #18577
  • Remove compiler warnings for spring-security-webauthn #18556
  • Remove compiler warnings in spring-security-data #18580
  • Remove compiler warnings in spring-security-ldap #18559
  • Support hasScope in Method Security #18151

🪲 Bug Fixes

  • Create SHA-1 MessageDigest for every new check request in Compromised Password Checker #18595
  • ExpressionJwtGrantedAuthoritiesConverter is undocumented #18300
  • Fix docs #18488
  • Fix typo in authorize-http-requests.adoc #18600
  • Fix typos in contributing guide #18635

🔨 Dependency Upgrades

  • Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 #18588
  • Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 #18637
  • Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 #18628
  • Bump ch.qos.logback:logback-classic from 1.5.27 to 1.5.28 #18697
  • Bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.20.2 #18529
  • Bump com.fasterxml.jackson:jackson-bom from 2.20.2 to 2.21.0 #18696
  • Bump com.jayway.jsonpath:json-path from 2.9.0 to 2.10.0 #18690
  • Bump github/codeql-action from 3 to 4 #18669
  • Bump gradle-wrapper from 9.2.1 to 9.3.1 #18700
  • Bump io.freefair.gradle:aspectj-plugin from 8.13.1 to 8.14.4 #18664
  • Bump io.micrometer:context-propagation from 1.1.3 to 1.2.0 #18671
  • Bump io.micrometer:context-propagation from 1.2.0 to 1.2.1 #18702
  • Bump io.micrometer:micrometer-observation from 1.14.14 to 1.16.2 #18689
  • Bump io.mockk:mockk from 1.14.7 to 1.14.9 #18597
  • Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 #18533
  • Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.10 to 0.0.11 #18636
  • Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.10 to 0.0.11 #18612
  • Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.9 to 0.0.10 #18554
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 #18691
  • Bump org-bouncycastle from 1.80 to 1.83 #18663
  • Bump org-jetbrains-kotlin from 2.3.0 to 2.3.10 #18685
  • Bump org-opensaml5 from 5.1.6 to 5.2.0 #18656
  • Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.2 to 5.6 #18654
  • Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 #18587
  • Bump org.hibernate.orm:hibernate-core from 7.0.10.Final to 7.2.3.Final #18695
  • Bump org.hibernate.orm:hibernate-core from 7.2.3.Final to 7.2.4.Final #18699
  • Bump org.htmlunit:htmlunit from 4.11.1 to 4.21.0 #18688
  • Bump org.mockito:mockito-bom from 5.17.0 to 5.21.0 #18661
  • Bump org.seleniumhq.selenium:htmlunit3-driver from 4.30.0 to 4.40.0 #18662
  • Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.40.0 #18653
  • Bump org.springframework.data:spring-data-bom from 2025.1.2 to 2025.1.3 #18734
  • Bump org.springframework.ldap:spring-ldap-core from 4.0.1 to 4.0.2 #18730
  • Bump org.springframework:spring-framework-bom from 7.0.3 to 7.0.4 #18729
  • Bump spring-io/spring-security-release-tools from 1.0.13 to 1.0.14 #18727
  • Bump spring-io/spring-security-release-tools/.github/workflows/perform-release.yml from 1.0.13 to 1.0.14 #18726
  • Bump tools.jackson:jackson-bom from 3.0.3 to 3.0.4 #18553

🔩 Build Updates

  • Enable javadoc-warnings-error for oauth2-resource-server #18504
  • Fix javadoc warnings for spring-security-kerberos-client #18537
  • Fix javadoc warnings for spring-security-kerberos-core #18538
  • Fix javadoc warnings for spring-security-kerberos-test #18539
  • Fix javadoc warnings for spring-security-kerberos-web #18540
  • Fix Javadoc warnings in spring-security-acl #18493
  • Fix Javadoc warnings in spring-security-core #18516

❤️ Contributors

Thank you to all the contributors who worked on this release:

@JiHunparkkk, @Kehrlann, @NYgomets, @ParamjotSingh5, @alpin87, @austinhong22, @bloomsei, @c-arianna, @chanjin23, @cmmttd, @coehgns, @congcoding, @dasog94, @dlwldnjs1009, @gisu1102, @jayychoi, @jieun-dev1, @kse-music, @ngocnhan-tran1996, @pocj8ur4in, @ronodhirSoumik, @therepanic, @thuri, and @zooo-code

Check out latest releases or
releases around spring-projects/spring-security 7.1.0-M2

Don't miss a new spring-security release

NewReleases is sending notifications on new releases.

Get notifications