All Versions
18
Latest Version
Avg Release Cycle
67 days
Latest Release
15 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v5.3.0.M1
January 08, 2020π± βοΈ New Features
- π Allow disabling dependency locking #7799
- π Build task "snapshots" should not use locked dependencies #7798
- β Add oauth2Login MockMvc Test Support #7789
- π Manage Versions using Version Locking #7788
- π Use Gradle Platform / Constraints #7787
- π Idiomatic Kotlin DSL for configuring HTTP security in servlet based applications #7785
- π Fix description of PasswordEncoder #7784
- π Fix unchecked assignment and possible NPE #7773
- π Resolve JavaType only once for whitelisted class #7755
- π Set secure when cancelling remember-me cookie #7726
- β Add JwtIssuerAuthenticationManagerResolver #7724
- β Add opaque token test support #7712
- β Remove redundant validation for redirect-uri #7706
- π Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7702
- π Enable AuthenticationManager configuration in saml2Login #7693
- π Incomplete Documentation for Setting Up MockMvc and Spring Security #7688
- β Add Oidc Login Reactive Test Support #7680
- β Remove consecutive-word duplications in Javadocs #7673
- π Fix InitializeAuthenticationProviderBeanManagerConfigurer Javadoc #7666
- π Fix minor typo in HttpSecurity documentation #7663
- π Check BCrypt hashed value of a byte array #7661
- π Allow configuring authenticationManagerResolver for SAML2 #7654
- β Add oidcLogin MockMvc Test Support #7618
- β Add OidcUserInfo.Builder #7593
- β Add OidcIdToken.Builder #7592
- π Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7569
- π Specify return type in InitializeUserDetailsBeanManagerConfigurer method Javadoc #7557
- π In Test @AuthenticationPrincipal is null because ServerWebExchange is not wrapped #6598
- π Make MethodSecurityEvaluationContext Delegates to MethodBasedEvaluationContext #6249
- π Override the key to avoid CookieTheftException #5509
- β Add resource server support for multiple trusted JWT access token issuers #5385
- π RememberMeConfigurer does not use the key from RememberMeServices #4140
- π Option in BasicAuthenticationFilter to log more exception info #3308
π± π Bug Fixes
- π OidcLoginRequestPostProcessor should respect configuration order #7794
- π Fix var typo and code readability in resource server documentation #7772
- π Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7737
- π Use the custom ServerRequestCache for Oauth2LoginSpec #7734
- π CompositeServerHttpHeadersWriter Should Execute Sequentially #7731
- π DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7728
- π DelegatingServerLogoutHandler Should Execute Sequentially #7723
- π RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7721
- π Disabling logout in WebFlux does nothing #7682
- π Saml2Authentication isn't serializable #7681
- π Correctly configure authorization requests repository for OAuth2 login #7675
- π Error in javadoc for oauth2ResourceServer #7670
- π DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7544
- π WebFlux oauth2Login returns 500 when bad client credentials #5562
β¬οΈ π¨ Dependency Upgrades
- π Update to Spring Boot 2.2.2.RELEASE #7797
- π Upgrade com.nimbusds:nimbus-jose-jwt dependency #7720
π± βͺ Non-passive
- π UsernamePasswordAuthenticationTokenDeserializer doesn't deserialize details to correct type #7482
π± β€οΈ Contributors
π We'd like to thank all the contributors who worked on this release!
-
v5.2.1.RELEASE
November 04, 2019π± βοΈ New Features
- π Fix variable reference in sample code #7571
- π spring-security-saml2-service-provider impossible to use different format of assertionConsumerServiceUrlTemplate #7565
- β Add Resource Server Multi-tenancy Documentation #7532
- β‘οΈ Update SAML sample to use boot auto config #7521
- β Add Reactive CSRF Documentation #6487
π± π Bug Fixes
- π Restore Removed Throws Clauses #7580
- π CsrfWebFilter should handle multipart/form-data #7576
- π Make saveAuthorizedClient save the authorized client #7551
- π DefaultReactiveOAuth2AuthorizedClientManager.saveAuthorizedClient does not save authorized client #7546
- π
throws Exceptionwas removed from WebSecurityConfigurerAdapter#configure(WebSecurity) #7541 - π SAML2 Provider SubjectConfirmation validation failure #7514
- π SAML2 Provider AuthNRequest Hardcoded Protocol Binding #7513
- π Clock skew to check access token expiration has wrong sign #7511
β¬οΈ π¨ Dependency Upgrades
- π Upgrade to Spring Boot 2.2.0.RELEASE #7566
π± β€οΈ Contributors
π We'd like to thank all the contributors who worked on this release!
-
v5.2.0.RELEASE
September 30, 2019 -
v5.2.0.RC1
September 06, 2019π± βοΈ New Features
- β Add attributes Consumer to OAuth2AuthorizationContext #7385
- π Improve DefaultReactiveOAuth2UserService handling IOException #7370
- β Add RSocket Support #7360
- π Polish Server|ServletBearerExchangeFilterFunction #7355
- β»οΈ Refactor Servlet/Server BearerExchangeFilterFunction #7353
- π OAuth2AuthorizeRequest supports attributes #7352
- π Grant Individual Authorities From Claims #7351
- π DefaultOAuth2AuthorizedClientManager and DefaultServerOAuth2AuthorizedClientManager Alignment #7350
- π Align Servlet ClearSiteData expression of directives #7347
- β Add Adapter to Translate Jwt to BearerTokenAuthentication #7346
- π Opaque Token Introspector should return an Authenticated Principal #7345
- π Opaque Token Introspection Strategy Flexibility #7344
- β Add BearerTokenAuthentication #7343
- β Add OAuth2AuthenticatedPrincipal #7342
- π OAuth2AuthorizeRequest supports attributes #7341
- π DefaultOAuth2UserService should extract authorities #7339
- π InMemoryReactiveClientRegistrationRepository should check for duplicates #7338
- β Add Servlet and ServerBearerExchangeFilterFunction #7330
- β‘οΈ Update to Gradle 5.6.1 #7323
- π Simplify and improve the buildSrc gradle plugin #7302
- β‘οΈ Update to Gradle 5.6 #7300
- β Add Catalan localization messages #7288
- β Add Catalan localization messages #7287
- π Resource Server should support WebClient Bearer Token propagation #7284
- π Sample should use UserDetailsService bean instead of configureGlobal method #7283
- π Mock Jwt Test Samples #7278
- π Allow to set default securityContextRepository for each authenticatioβ¦ #7275
- π Resource Server Multi-tenancy Sample Should Manage Its Own Jwt Decoder #7272
- β Add setter for authorities claim name in JwtGrantedAuthoritiesConverter #7271
- π Jwk Set Uri Nimbus Jwt Decoder builders should take SignatureAlgorithm #7270
- β Add setContentLengthLong detection to OnCommittedResponseWrapper. #7264
- π Consolidate shared code between JwtDecoders and ReactiveJwtDecoders #7263
- β Remove MultiTenantAuthenticationManagerResolver #7259
- β Add setter for authority prefix in JwtGrantedAuthoritiesConverter #7256
- π Prevent IntelliJ IDEA from generating spaces for indentation #7253
- π TokenBasedRememberMeServices.processAutoLoginCookie (TokenBasedRememberMeServices.java:134) java.lang.NullPointerException #7251
- π Authentication Mechanisms Should Default their ServerSecurityContextRepository #7249
- π Rename OAuth2TokenIntrospectionClient #7246
- π Consider renaming OAuth2TokenIntrospectionClient #7245
- β Add OAuth2LoginSpec#securityContextRepository #7244
- π Cleanup Code Style Issues #7238
- β Add Checkstyle configuration for IntelliJ IDEA #7237
- π Expose getPort in ApacheDsContainer #7236
- π OAuth2LoginConfigurer should discover OAuth2UserService beans #7232
- π Make ldap integration tests independent #7231
- β Remove unused imports #7229
- π ServerHttpSecurity: oauth2Login() ignores securityContextRepository() #7222
- π Use the 'io.freefair.aspectj' gradle plugin #7183
- β Add RequestMatcher.matcher(HttpServletRequest) #7172
- π ignore Multipart requests in HttpSessionRequestCache.requestMatcher #7167
- β Add test examples for Oauth2 Resource Server sample #7159
- β Add unbounid support in xml #7149
- π OAuth2AuthorizedClientManager implementation works outside of request #7122
- π Improve OAuth2 Resource Server tests #7118
- π Introduce Reactive OAuth2AuthorizedClient Manager/Provider #7116
- π Allow configurable Clock in OAuth2AuthorizedClientProvider impls #7114
- π JwtGrantedAuthoritiesConverter should allow configuring the authority prefix #7101
- π JwtGrantedAuthoritiesConverter should allow configuring the authorities claim name #7100
- β Add authenticationFailureHandler method in OAuth2LoginSpec #7071
- π v5.2.0.M3 docs contain Deprecated example code #7062
- π Multipartfile request with no authentication is still consumed even after an AccessDeniedException is thrown #7060
- β Add OAuth2LoginSpec.authenticationFailureHandler #7051
- β Add Argon2PasswordEncoder #7045
- π Fix docs typo WebSecurityConfigurationAdapter->WebSecurityConfigurerAdapter #7026
- β Add support for Resource Owner Password Credentials grant #7013
- π Jwt decoding should support multiple algorithms #6883
- π Polish Resource Server DSL Error Messaging #6876
- β Remove Invalid WebMvcConfigurer from Sample Documentation #6822
- π Align code in oauth2-client extensions for WebClient #6811
- π OAuth2 Client Credentials Flow: Getting access tokens in the service/data tier #6780
- π Provide Servlet equivalent of UnAuthenticatedServerOAuth2AuthorizedClientRepository #6683
- π Spring Boot + spring-security-oauth2-resource-server should not throw a ClassNotFoundException once it supports more than one token format #6209
- π Support Resource Owner Password Credentials grant #6003
- β Add Argon2PasswordEncoder #5354
- β Add BearerExchangeFilterFunction #5334
π± π Bug Fixes
- β Remove package tangle in headers #7380
- β Remove OAuth2AuthorizationRequest when a distributed session is used #7334
- π OAuth2AuthorizationRequest not removed from session #7327
- π Use ConcurrentHashMap in InMemoryReactiveClientRegistrationRepository #7308
- π fix footnotes markup #7305
- β add media type jwk-set+json to accept header #7304
- π InMemoryReactiveClientRegistrationRepository should not use ConcurrentReferenceHashMap #7299
- π Fix WebClient Memory Leaks #7293
- π NimbusJwtDecoderJwkSupport only sets 'application/json' Accept header #7290
- π Fix typo in docs #7277
- π Fix UserDetailsPasswordService JavaDoc #7266
- π Ensure filter order is maintained when using springSecurity() along with other filters #7265
- π OnCommittedResponseWrapper fails on static resources served by Tomcat 8.5 #7261
- π Expire as many sessions as exceed maximum allowed #7258
- π Use UTF-8 for compilation #7254
- π Fix NPE in RequestContextSubscriber #7235
- π RequestContextSubscriber could put null value in Reactor Context #7228
- π Fix docs typo WebSecurityConfigurationAdapter->WebSecurityConfigurerAdapter #7181
- π SessionRegistryImpl uses Map.compute #7178
- π SessionAuthenticationStrategy make HttpSecurity.sessionManagement().maximumSessions(1) unavailability #7166
- π Misleading documentation for websocket security #4845
- π SEC-2980: Possible race condition in SessionRegistryImpl #3189
- π SEC-2971: Footnotes are messed up in online docs #3180
β¬οΈ π¨ Dependency Upgrades
- β‘οΈ Update to Gretty 2.3.1 #7389
- β‘οΈ Update to OpenSaml 3.3.1 #7388
- β‘οΈ Update to cglib 3.3.0 #7387
- β‘οΈ Update to Spring Data Moore RC3 #7386
- β‘οΈ Update to Spring Framework 5.2.0.RC2 #7371
- β‘οΈ Update to Spring Boot 2.2.0.M5 #7320
- β‘οΈ Update to org.seleniumhq.selenium:htmlunit-driver 2.36.0 #7319
- β‘οΈ Update to hibernate-entitymanager 5.4.4.Final #7318
- β‘οΈ Update to net.sourceforge.htmlunit:htmlunit 2.36.0 #7317
- β‘οΈ Update to commons-codec 1.13 #7316
- β‘οΈ Update to nimbus-jose-jwt 7.8 #7315
- β‘οΈ Update to GAE 1.9.76 #7314
π± β€οΈ Contributors
π We'd like to thank all the contributors who worked on this release!
-
v5.2.0.M4
August 05, 2019 -
v5.2.0.M3
June 14, 2019 -
v5.2.0.M2
April 15, 2019 -
v5.2.0.M1
January 16, 2019 -
v5.1.7.RELEASE
November 04, 2019π± βοΈ New Features
- π CookieServerCsrfRepositoryTests should not start domain with a dot #7501
- π Fix docs typo WebSecurityConfigurationAdapter->WebSecurityConfigurerAdapter #7225
π± π Bug Fixes
- π OAuth2AuthorizationCodeGrantWebFilter should not restrict redirect-uri #7469
- π RequestContextSubscriber could put null value in Reactor Context #7410
- π OAuth2AuthorizationRequest not removed from session #7369
- π InMemoryReactiveClientRegistrationRepository should not use ConcurrentReferenceHashMap #7359
- π NimbusJwtDecoderJwkSupport only sets 'application/json' Accept header #7340
- π SEC-2971: Footnotes are messed up in online docs #7326
- π Confusing example - WebMvcConfigurer vs WebSecurityConfigurerAdapter #7303
- π OnCommittedResponseWrapper fails on static resources served by Tomcat 8.5 #7297
- π Fix WebClient Memory Leaks #7294
- π Ensure filter order is maintained when using springSecurity() along with other filters #7267
- π SessionAuthenticationStrategy make HttpSecurity.sessionManagement().maximumSessions(1) unavailability #7262
- π SEC-2980: Possible race condition in SessionRegistryImpl #7226
-
v5.1.6.RELEASE
August 05, 2019