All Versions
57
Latest Version
Avg Release Cycle
47 days
Latest Release
1125 days ago

Changelog History
Page 4

  • v5.1.13.RELEASE Changes

    October 07, 2020

    ๐Ÿฑ ๐Ÿž Bug Fixes

    • ๐Ÿ”’ SpringSecurityCoreVersion.java getSpringVersion() method does not close stream. #9059

    โฌ†๏ธ ๐Ÿ”จ Dependency Upgrades

    • ๐Ÿš€ Update to Spring Boot 2.1.17.RELEASE #9078
    • โšก๏ธ Update to Hibernate Validator 6.0.21 #9077
    • โšก๏ธ Update to org.aspectj 1.9.6 #9076
    • โšก๏ธ Update to GAE 1.9.82 #9075
    • โšก๏ธ Update to Jackson Databind 2.9.10.6 #9074
    • โšก๏ธ Update to Spring Data Lovelace-SR20 #9073
    • โšก๏ธ Update to Spring Framework 5.1.18 #9072
    • โšก๏ธ Update to Reactor Californium-SR21 #9071
  • v5.1.12.RELEASE Changes

    August 05, 2020

    ๐Ÿฑ โญ New Features

    • โž• Add logging #8891
    • ๐Ÿ”’ Document improvement for configure(WebSecurity web) and configure(HttpSecurity http) #8857
    • ๐Ÿ”’ Use Github Actions PR pipeline and remove Travis for 5.1.x #8722
    • ๐Ÿ”’ Use Github Actions PR pipeline in 5.1.x #8717

    ๐Ÿฑ ๐Ÿž Bug Fixes

    • ๐Ÿ”’ ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8898
    • ๐Ÿ”’ Resolved bearer token has no padding indicators #8839
    • ๐Ÿ›  Fix ProviderManager Javadoc typo #8813
    • ๐Ÿ”’ LoginPageGeneratingWebFilter should honor context path #8810
    • ๐Ÿ”’ RoleHierarchy is not used by AbstractAuthorizeTag #8681
    • ๐Ÿ”’ OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException #8674

    โฌ†๏ธ ๐Ÿ”จ Dependency Upgrades

    • โšก๏ธ Update to Spring Ldap 2.3.3 #8943
    • โšก๏ธ Update to Hibernate Validator 6.0.20 #8942
    • โšก๏ธ Update to Hibernate Entitymanager 5.3.17 #8941
    • โšก๏ธ Update to Groovy 2.4.20 #8940
    • ๐Ÿš€ Update to Spring Boot 2.1.16.RELEASE #8939
    • โšก๏ธ Update to Google App Engine 1.9.81 #8938
    • โšก๏ธ Update to Jackson Databind 2.9.10.5 #8937
    • โšก๏ธ Update to Project Reactor Californium-SR20 #8936
    • โšก๏ธ Update to Spring Framework 5.1.17 #8935
    • โšก๏ธ Update to Spring Data Lovelace-SR19 #8934

    ๐Ÿฑ โค๏ธ Contributors

    ๐Ÿš€ We'd like to thank all the contributors who worked on this release!

  • v5.1.11.RELEASE Changes

    June 03, 2020

    ๐Ÿฑ โญ New Features

    • ๐Ÿ”’ HTTP Host header attack #8641

    ๐Ÿฑ ๐Ÿž Bug Fixes

    • โœ‚ Remove unused field 'digester' in Md4PasswordEncoder #8577
    • ๐Ÿ”’ ACL : AclImpl.hashCode leads to StackOverflowError #8571
    • ๐Ÿ”’ Blocking in WebSessionServerCsrfTokenRepository #8546
    • ๐Ÿ›  Fix AntPathRequestMatcher Javadoc #8528
    • ๐Ÿ”’ Document NoOpPasswordEncoder will not be removed #8523
    • ๐Ÿ›  Fix non-standard HTTP method for CsrfWebFilter #8517

    โฌ†๏ธ ๐Ÿ”จ Dependency Upgrades

    • โšก๏ธ Update to okhttp 3.12.12 #8635
    • โšก๏ธ Update to jaxb-impl 2.3.3 #8634
    • โšก๏ธ Update to mockwebserver 3.12.12 #8633
    • ๐Ÿš€ Update to Spring Boot 2.1.14.RELEASE #8632
  • v5.1.10.RELEASE Changes

    May 06, 2020

    ๐Ÿฑ โญ New Features

    • ๐Ÿ”’ BCryptPasswordEncoder.encode() throws NPE #8347

    ๐Ÿฑ ๐Ÿž Bug Fixes

    • ๐Ÿ›  Fix Javadoc punctuation #8496
    • โž• Add ROLE_INFRASTRUCTURE to infrastructure beans #8440
    • ๐Ÿ”’ SEC-2664: ActiveDirectoryLdapAuthenticationProvider should wrap communication exceptions in InternalAuthenticationServiceException #8431
    • ๐Ÿ›  Fix typo with correct capitalization #8410
    • ๐Ÿ”’ Global ServerSecurityContextRepository ignored by logout #8388
    • ๐Ÿ›  Fix example in javadoc of FilterChainProxy #8353
    • ๐Ÿ›  Fix typo in Javadoc of ServerHttpSecurity#hasAuthority #8339
    • ๐Ÿ”’ Java Doc of org.springframework.security.config.annotation.web.builders.HttpSecurity contains grammatical errors #8313

    โฌ†๏ธ ๐Ÿ”จ Dependency Upgrades

    • โšก๏ธ Update to org.powermock 2.0.7 #8475
    • โšก๏ธ Update to Spring Data Lovelace-SR17 #8474
    • โšก๏ธ Update to Reactor Californium-SR18 #8473
    • ๐Ÿš€ Update to Spring Framework 5.1.15.RELEASE #8472
    • โšก๏ธ Update to GAE 1.9.80 #8470
  • v5.1.9.RELEASE Changes

    April 01, 2020

    ๐Ÿฑ โญ๏ธ New Features

    • ๐Ÿ”’ OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #8236
    • ๐Ÿ”’ SwitchUserFilter vulnerable to CSRF #8224
    • ๐Ÿ“š Update Encryptors documentation for standard and stronger #8215
    • ๐Ÿ“š Typo 'properites' -> 'properties' in documentation #8100
    • ๐Ÿ”’ Typo 'hasPermision()' in GlobalMethodSecurityBeanDefinitionParser.java #8068
    • โœ‚ Remove unwanted code #7949

    ๐Ÿฑ ๐Ÿž Bug Fixes

    • ๐Ÿ”’ HttpServletRequest.logout() not functioning #8242
    • ๐Ÿ”’ oauth2Login WebFlux should not auto-redirect for XHR request #8203
    • ๐Ÿ”’ Make OAuth2ErrorHttpMessageConverter more resilient #8181
    • ๐Ÿ›  Fix typo in Javadoc of HttpSecurity#csrf() #8135
    • ๐Ÿ›  Fix typo in AntPathRequestMatcher contructor comment #8046
    • ๐Ÿ”’ An AuthenticationManager is required. Oauth2ResourceServer + anonymous disable #8043
    • ๐Ÿ”’ OAuth2 access token response parsing fails with nested JSON object #8022
    • ๐Ÿ”’ OAuth2AuthorizationCodeGrantWebFilter should also match on query parameters #7968
    • ๐Ÿ”’ OAuth2AuthorizationCodeGrantFilter should also match on query parameters #7965

    โฌ†๏ธ ๐Ÿ”จ Dependency Upgrades

    • โšก๏ธ Update to httpclient 4.5.12 #8294
    • โšก๏ธ Update to hibernate-validator 6.0.19.Final #8293
    • โšก๏ธ Update to reactive-streams 1.0.3 #8292
    • โšก๏ธ Update to hibernate-core 5.2.18.Final #8291
    • โšก๏ธ Update to groovy 2.4.19 #8290
    • โšก๏ธ Update to unboundid-ldapsdk 4.0.14 #8289
    • โšก๏ธ Update to okhttp 3.12.10 #8288
    • โšก๏ธ Update to mockwebserver 3.12.10 #8287
    • โšก๏ธ Update to org.powermock 2.0.6 #8286
    • ๐Ÿš€ Update to Spring Boot 2.1.13.RELEASE #8285
    • โšก๏ธ Update to GAE 1.9.79 #8284
    • โšก๏ธ Update to Reactor Californium-SR17 #8283
    • โšก๏ธ Update to Spring Data Lovelace-SR16 #8282
    • ๐Ÿš€ Update to Spring Framework 5.1.14.RELEASE #8281
    • โšก๏ธ Update to Jetty 9.4.22.v20191022 #8093

    ๐Ÿฑ โค๏ธ Contributors

    ๐Ÿš€ We'd like to thank all the contributors who worked on this release!

  • v5.1.8.RELEASE Changes

    February 05, 2020

    ๐Ÿฑ โญ๏ธ New Features

    • โœ‚ Remove redundant validation for redirect-uri #7708
    • ๐Ÿ”’ WebClient support should get new access token when expired and client_credentials #7685

    ๐Ÿฑ ๐Ÿž Bug Fixes

    • ๐Ÿ”’ Default LDIF file not picked up in LDAP "unboundid" mode #7853
    • ๐Ÿ”’ CompositeServerHttpHeadersWriter Should Execute Sequentially #7735
    • ๐Ÿ”’ DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7730
    • ๐Ÿ”’ DelegatingServerLogoutHandler Should Execute Sequentially #7727
    • ๐Ÿ”’ WebFlux oauth2Login returns 500 when bad client credentials #7704

    โฌ†๏ธ ๐Ÿ”จ Dependency Upgrades

    • โšก๏ธ Update to Spring Boot 2.1.12 #7923
    • โšก๏ธ Update to org.slf4j 1.7.30 #7922
    • โšก๏ธ Update to org.powermock 2.0.5 #7921
    • โšก๏ธ Update to hibernate-validator 6.0.18.Final #7920
    • โšก๏ธ Update to hibernate-entitymanager 5.3.15.Final #7919
    • โšก๏ธ Update to org.bouncycastle:bcpkix-jdk15on 1.64 #7918
    • โšก๏ธ Update to org.aspectj 1.9.5 #7917
    • โšก๏ธ Update to httpclient 4.5.11 #7916
    • โšก๏ธ Update to com.squareup.okhttp3 3.12.8 #7915
    • โšก๏ธ Update to Jackson 2.9.10 #7914
    • โšก๏ธ Update to Reactor Californium-SR15 #7913
    • โšก๏ธ Update to Spring Data Lovelace SR15 #7912
    • โšก๏ธ Update to Spring Framework 5.1.13 #7911
  • v5.1.7.RELEASE Changes

    November 04, 2019

    ๐Ÿฑ โญ๏ธ New Features

    • ๐Ÿ”’ CookieServerCsrfRepositoryTests should not start domain with a dot #7501
    • ๐Ÿ›  Fix docs typo WebSecurityConfigurationAdapter->WebSecurityConfigurerAdapter #7225

    ๐Ÿฑ ๐Ÿž Bug Fixes

    • ๐Ÿ”’ OAuth2AuthorizationCodeGrantWebFilter should not restrict redirect-uri #7469
    • ๐Ÿ”’ RequestContextSubscriber could put null value in Reactor Context #7410
    • ๐Ÿ”’ OAuth2AuthorizationRequest not removed from session #7369
    • ๐Ÿ”’ InMemoryReactiveClientRegistrationRepository should not use ConcurrentReferenceHashMap #7359
    • ๐Ÿ”’ NimbusJwtDecoderJwkSupport only sets 'application/json' Accept header #7340
    • ๐Ÿ”’ SEC-2971: Footnotes are messed up in online docs #7326
    • ๐Ÿ”’ Confusing example - WebMvcConfigurer vs WebSecurityConfigurerAdapter #7303
    • ๐Ÿ”’ OnCommittedResponseWrapper fails on static resources served by Tomcat 8.5 #7297
    • ๐Ÿ›  Fix WebClient Memory Leaks #7294
    • ๐Ÿ”’ Ensure filter order is maintained when using springSecurity() along with other filters #7267
    • ๐Ÿ”’ SessionAuthenticationStrategy make HttpSecurity.sessionManagement().maximumSessions(1) unavailability #7262
    • ๐Ÿ”’ SEC-2980: Possible race condition in SessionRegistryImpl #7226
  • v5.1.6.RELEASE

    August 05, 2019
  • v5.1.5.RELEASE

    April 02, 2019
  • v5.1.4.RELEASE

    February 13, 2019