All Versions
35
Latest Version
Avg Release Cycle
51 days
Latest Release
25 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v5.4.0-M1
May 06, 2020🍱 ⭐ New Features
- 🔒 Jenkins does not need to build on JDK 9 and 10 #8482
- 🔒 Upgrade Freefair AspectJ plugin to v5.0.1 #8456
- 🔒 AesBytesEncryptor constructor that uses secret key #8443
- 🔒 Rename Preface to Introduction #8411
- 🔒 TestSaml2X509Credentials should only return Saml2X509Credential instances #8404
- 🔒 Saml2CryptoTestSupport and TestSaml2AuthenticationObjects should be one class #8403
- 👍 Allow creating AesBytesEncryptor with key #8402
- ➕ Add Flag to enable searching of LDAP groups on subtrees #8400
- 🔒 Documented dependencies for opaque Resource Server #8394
- 👍 Allow expose JwtAuthenticationConverter as a bean for Resource Server #8379
- 🔒 Use Kotlin DSL Marker Annotations to prevent scope leaking in WebFlux DSL #8366
- 🔒 Saml2AuthenticationRequestContext should be extendible #8356 #8364
- ➕ Add constructors receiving AuthenticationManager #8362
- 👍 Allow the ability to configure AuthoritiesMapper in Reactive OAuth2Login #8361
- 🔒 Saml2WebSsoAuthenticationRequestFilter should not use OpenSamlAuthenticationRequestFactory by default #8359
- 🔒 Validate ID Token Issuer #8357
- 🔒 Saml2AuthenticationRequestContext should be extendible #8356
- ➕ Add authorize() DSL method that accepts HttpMethod #8350
- 👍 Allow custom header during bearer token extraction #8341
- 👍 Allow specify header in ServerBearerTokenAuthenticationConverter #8337
- 🔒 Provide possibility to use custom cache to store JWK Set #8332
- ➕ Adding Map support to DefaultMethodSecurityExpressionHandler #8331
- 🔒 BCryptPasswordEncoder rawPassword cannot be null #8330
- 👍 Allow the ability to configure AuthoritiesMapper in Reactive OAuth2Login #8324
- 🔒 Open ID Connect ID Token Issuer not validated #8321
- ➕ Add addFilterAfter and addFilterBefore to Kotlin DSL #8319
- ➕ Added setPrincipalClaimName to JwtAuthenticationConverter #8318
- 🔒 BCryptPasswordEncoder.encode() throws NPE #8317
- 🔒 HttpSecurityDsl does not support addFilterBefore and addFilterAfter #8316
- 🔒 AuthorizeRequestsDsl doesn't allow HTTP Method to be specified #8307
- 🔒 SpringTestContext returns ConfigurableWebApplicationContext #8233
- 🔒 Clarify use case for
ServerBearerExchangeFilterFunction#8220 - 📚 Update Encryptors documentation for standard and stronger #8208
- 🔒 Upgrade to Gradle Enterprise Plugin 3.2 #8205
- ➕ Add Figures to Resource Server Docs #8184
- ➕ Add Figures to Resource Server Docs #8182
- 🔒 Document JwtGrantedAuthoritiesConverter #8176
- 🛠 Fix userNameAttribute property case style #8171
- 💅 userNameAttribute case style is different others #8169
- 💅 Polish SAML 2.0 Login Sample #8163
- 🔒 Document AuthorizedClientServiceOAuth2AuthorizedClientManager #8152
- 🔒 Assign sensible default for OAuth2AuthorizedClientProvider #8150
- 🔒 OpenSamlImplementation should not use reflection #8147
- 👍 Allow port=0 for LDAP Servers #8139
- 🔒 LDAP server configuration should support port=0 #8138
- 🔒 Use io.spring.gradle-enterprise-conventions #8115
- 🔒 Replace VersionsResourceTasks with WriteProperties #8114
- 👌 Improve Build Performance #8113
- 🔒 Document OAuth 2.0 Login XML Support #8110
- 🛠 Fix exception from empty basic auth header token #8109
- 🛠 Fix typo 'properites' -> 'properties' in documentation #8096
- 🔒 Document AuthenticationEventPublisher improvements #8081
- 🔒 Document AuthNRequest POST binding support #8079
- 🔒 Document AuthNRequest signature support #8078
- 🔒 Document OAuth 2.0 Resource Server XML Support #8077
- 🔒 Document Jackson serialization support for OAuth 2.0 Client #8075
- 🔒 Document OAuth 2.0 Client XML Support #8074
- 🔒 Document OAuth2Authorization success and failure handlers #8073
- 🔒 Document OIDC Logout Success Handler Improvements #8072
- 🔒 Document OAuth 2.0 Authorization Request improvements #8071
- ➕ Add OAuth 2.0 Test Support Docs #8050
- ➕ Add server request cache that uses cookie #8033
- 🔒 Basic auth header without user results in exception #7976
- ➕ Add RequestRejectedHandler #7052
- 🔒 OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #5633
- 🔒 Idiomatic Kotlin DSL for configuring HTTP security #5558
- 🔒 SessionRegistryImpl is now aware of SessionIdChangedEvent #5439
- 🔒 SessionRegistryImpl is not aware of SessionIdChange events. #5438
- 🔒 SwitchUserFilter vulnerable to CSRF #4183
🍱 🐞 Bug Fixes
- 🛠 Fix Javadoc punctuation #8480
- 🛠 Fixed typos in documentation #8454
- 👌 Support update when saving with JdbcOAuth2AuthorizedClientService #8435
- ⚡️ JdbcOAuth2AuthorizedClientService should support update when saving #8425
- 🔒 OAuth2 Resource Server docs not in sync - authorityPrefix can't be set to "" #8421
- 🔒 ActiveDirectoryLdapAuthenticationProvider uses InternalAuthenticationServiceException #8418
- 🛠 Fix mismatch between CONTRIBUTING.adoc and .editorconfig #8417
- 🛠 Fix Documentation to Refer to BasicAuthenticationFilter #8414
- ➕ Add ROLE_INFRASTRUCTURE to infrastructure beans #8407
- 🛠 Fix typo with correct capitalization #8406
- 🔒 Global ServerSecurityContextRepository ignored by logout #8375
- 🛠 Fix example in javadoc of FilterChainProxy #8344
- 🛠 Fix typo in Javadoc of ServerHttpSecurity#hasAuthority #8336
- 🛠 Fixes gh-8187 : OAuth2 ClientRegistrations UserInfo endpoint NPE fix #8206
- 🔒 OAuth2 ClientRegistrations NPE when UserInfo endpoint missing #8187
- 🛠 Fix OAuth2AuthorizationRequest additionalParameters/attributes Consumer #8177
- 🔒 Make OAuth2ErrorHttpMessageConverter more resilient #8157
- 🔒 RSocket test should throw AccessDeniedException #8154
- 🛠 Fix typo in Javadoc of HttpSecurity#csrf() #8130
- 🛠 Fix Documentation to Refer to BasicAuthenticationFilter #8119
- 🔒 oauth2Login WebFlux should not auto-redirect for XHR request #8118
- 🔒 NPE thrown when token response contains a null value #8108
- 🔒 HttpServletRequest.logout() not functioning #4760
- 🔒 Java Doc of org.springframework.security.config.annotation.web.builders.HttpSecurity contains grammatical errors #4404
⬆️ 🔨 Dependency Upgrades
- ⚡️ Update to aspectj-plugin:4.1.6 #8305
🍱 ⏪ Non-passive
- 🔒 Transfer session's max inactive interval in SessionFixationProtectionStrategy #5441
- 🔒 SEC-2470: SessionFixationProtectionStrategy should migrate maxInactiveInterval #2693
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
- @ahrytsiuk
- @pgerhard
- @leonard84
- @20fps
- @antonin-arquey
- @wilkinsona
- @souphorn
- @alan-czajkowski
- @bberto
- @evgeniycheban
- @shazin
- @mengelbrecht
- @evpaassen
- @hotire
- @dadikovi
- @VonUniGE
- @martinnemec3
- @maxtacco
- @jzheaux
- @bigdaz
- @corneliouzbett
- @furti
- @eleftherias
- @zeeshanadnan
- @TJReinert
- @mustafau
- @komuro-hiraku
- @aj-jaswanth
- @stavshamir
- @adamu
- @HomoEfficio
-
v5.3.2.RELEASE
May 06, 2020🍱 ⭐ New Features
🍱 🐞 Bug Fixes
- 🛠 Fix Javadoc punctuation #8490
- 🛠 Fixed typos in documentation #8460
- ⚡️ JdbcOAuth2AuthorizedClientService should support update when saving #8448
- ➕ Add ROLE_INFRASTRUCTURE to infrastructure beans #8437
- 🛠 Fix Documentation to Refer to BasicAuthenticationFilter #8423
- 🛠 Fix typo with correct capitalization #8408
- 🔒 Global ServerSecurityContextRepository ignored by logout #8385
- 🛠 Fix example in javadoc of FilterChainProxy #8351
- 🔒 Java Doc of org.springframework.security.config.annotation.web.builders.HttpSecurity contains grammatical errors #8311
⬆️ 🔨 Dependency Upgrades
- ⚡️ Update to aspectj-plugin:4.1.6 #8306
-
v5.3.1.RELEASE
March 31, 2020🍱 ⭐️ New Features
- 🔒 SpringTestContext returns ConfigurableWebApplicationContext #8237
- 🔒 OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #8234
- 🔒 SwitchUserFilter vulnerable to CSRF #8222
- 🔒 Clarify use case for
ServerBearerExchangeFilterFunction#8221 - 📚 Update Encryptors documentation for standard and stronger #8211
- 🔒 Document JwtGrantedAuthoritiesConverter #8183
- 💅 userNameAttribute case style is different others #8179
- 🔒 Document AuthNRequest POST binding support #8165
- 💅 Polish SAML 2.0 Login Sample #8164
- 🔒 OpenSamlImplementation should not use reflection #8161
- 🔒 Document AuthorizedClientServiceOAuth2AuthorizedClientManager #8153
- 🔒 Assign sensible default for OAuth2AuthorizedClientProvider #8151
- 🔒 Document OAuth2Authorization success and failure handlers #8146
- 🔒 Document Jackson serialization support for OAuth 2.0 Client #8145
- 🔒 Document OAuth 2.0 Authorization Request improvements #8133
- 🔒 Document OAuth 2.0 Login XML Support #8132
- 🔒 Document OAuth 2.0 Client XML Support #8131
- 🔒 Basic auth header without user results in exception #8122
- 🔒 Document AuthenticationEventPublisher improvements #8103
- 📚 Typo 'properites' -> 'properties' in documentation #8098
- 🔒 Document OAuth 2.0 Resource Server XML Support #8094
- 🔒 Provide spring-security-5*.xsd for https://www.springframework.org/schema/security/ #8091
- 🔒 Document OIDC Logout Success Handler Improvements #8088
- ➕ Add OAuth 2.0 Test Support Docs #8087
- ⚡️ Update test to have comment about secure salt length #8084
- 🔒 Document JwtClaimValidator #8076
🍱 🐞 Bug Fixes
- 🔒 HttpServletRequest.logout() not functioning #8238
- 🔒 OAuth2 ClientRegistrations NPE when UserInfo endpoint missing #8209
- 🔒 oauth2Login WebFlux should not auto-redirect for XHR request #8201
- 🛠 Fix OAuth2AuthorizationRequest additionalParameters/attributes Consumer #8178
- 🔒 RSocket test should throw AccessDeniedException #8160
- 🔒 Make OAuth2ErrorHttpMessageConverter more resilient #8158
- 🛠 Fix typo in Javadoc of HttpSecurity#csrf() #8134
- 🔒 NPE thrown when token response contains a null value #8121
- 🔒 Google's top result for "Spring Security Reference" returns a 404 #8086
- 📚 5.3.0 Documentation What's New has some broken links #8069
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
-
v5.3.0.RELEASE
March 04, 2020🍱 ⭐️ New Features
- ⚡️ Update What's New Section #8062
- 🔒 Document JdbcOAuth2AuthorizedClientService #8061
- ➕ Add oauth2login xml sample #8060
- ⚡️ Update doc diagram palette to use sans-serif font #8057
- ➕ Add SecurityFilterChain Figure #8055
- 🔒 oauth2Client Test Support should allow configuration of principal name #8054
- ➕ Add Kotlin Configuration section to docs #8051
- ➕ Add anchors to SAML 2.0 documentation #8049
- ⚡️ Update UserDetailsService Docs #8048
- ➕ Add Figures to Basic Authentication Docs #8039
- ➕ Add Link to DispatcherServlet in Filter Review Doc #8036
- ➕ Add Figures to Form Log In Docs #8035
- ➕ Add Figure for AuthenticationEntryPoint Docs #8030
- ➕ Add ProviderManager to Docs #8029
- 🔒 Custom ServerHttpHeadersWriter to HeaderSpec #8028
- ➕ Add hasRole(String) to authorizeRequests in Kotlin DSL #8023
- ➕ Add missing @FunctionalInterface in oauth2 modules #8020
- 🔒 Provide configurable Clock in OidcIdTokenValidator #8019
- ➕ Add OAuth2AuthorizeRequest.Builder.principal(String) #8018
- 🔒 Extract AuthenticationManager Docs #8006
- 🔒 Extract SecurityContextHolder, SecurityContext, Authentication, and GrantedAuthority Docs #8005
- ➕ Add AbstractAuthenticationProcessingFilter Docs #8004
- 🔒 Extract AuthenticationEntryPoint Docs #8003
- 🔒 Extract ExceptionTranslationFilter Docs #8002
- 🔒 Extract FilterSecurityInterceptor Docs #8001
- 🔒 Use Color Palette that is Accessible for Color Blind #8000
- 🔒 Create a palette.odg #7999
- ➕ Add Numbers Icons #7998
- 🔒 Instantiate exceptions lazily #7996
- 🔒 JwtIssuerReactiveAuthenticationManagerResolver eagerly creates Exceptions #7995
- 🔒 OAuth2AuthorizationRequest.Builder should configure additional parameters with a consumer #7993
- ➕ Add OAuth2Authorization success/failure handlers #7986
- ♻️ Refactor Duplicate Security Filter Chain Doc #7979
- 🛠 Fix Asciidoctor Warnings #7973
- 🔒 Use Kotlin DSL Marker Annotations to prevent scope leaking #7971
- ➕ Add JwtClaimValidator #7962
- 👌 Support custom filter in Kotlin DSL #7951
- 🔒 Option for default event in DefaultAuthenticationEventPublisher #7937
- 🔒 DefaultAuthenticationEventPublisher is now configurable via a Map #7925
- ➕ Add oauth2Client WebTestClient Test Support #7910
- 🔒 Nimbus OpaqueTokenIntrospectors should differentiate token and service errors #7902
- 🔒 OAuth 2.0 Client supports application clustering #7889
- ➕ Add JwtIssuerReactiveAuthenticationManagerResolver #7887
- 🔒 Consider adding JwtClaimValidator #7860
- ➕ Add ReactiveJwtIssuerAuthenticationManagerResolver and Reactive Multi Tentant Examples #7857
- ➕ Add JDBC implementation of OAuth2AuthorizedClientService #7855
- 🔒 Set default redirect in OidcClientInitiatedServerLogoutSuccessHandler #7842
- 🔒 Introduce OAuth2Authorization success/failure handlers #7840
- ➕ Add Opaque Token Reactive Test Support #7827
- 🔒 DefaultAuthenticationEventPublisher should allow configuring a default event #7825
- 🔒 DefaultAuthenticationEventPublisher should be configurable via Map #7824
- 🔒 Oauth2login xmlconfig implementation #7821
- 🔒 OAuth 2.0 Resource Server XML Support #7775
- 🔒 SAML AuthNRequest Signatures - Step 2 #7759
- 🔒 SAML AuthNRequest Signatures - Step 1 #7758
- 🔒 Simplify customizing OAuth2AuthorizationRequest #7748
- 🔒 SAML2 HTTP-Redirect: Missing Signature and SigAlg parameters in SAMLRequest Url (AuthNRequest) #7711
- 🔒 Consider adding switch to enable or disable OIDC nonce #7696
- 🔒 Getting OAuth2AuthenticationException when Bearer token is empty #7668
- 🔒 Provide JDBC implementation of OAuth2AuthorizedClientService #7655
- ➕ Add custom ServerHttpHeadersWriter to HeadersSpec #7636
- 🔒 RefreshTokenOAuth2AuthorizedClientProvider does not handle expired refresh token #7583
- 🛠 Fix typo 'is' -> 'if' in javadoc #7559
- 🔒 Saml2LoginConfigurer should expose AuthenticationManager setter #7374
- 🔒 Provide XML namespace support for OAuth 2.0 Resource Server #5185
- 🔒 Provide XML namespace support for OAuth 2.0 Client #5184
- 🔒 Migrate Groovy to Java #4939
- 🔒 Provide XML namespace support for OAuth2Login #4557
🍱 🐞 Bug Fixes
- 🔒 Typo fix #8059
- 🛠 Fix typo in AntPathRequestMatcher contructor comment #8042
- 📄 Docs Should Style Links that are Code as Link #8038
- 🔒 An AuthenticationManager is required. Oauth2ResourceServer + anonymous disable #8031
- 📚 Tab switching does not work in documentation code samples #8025
- 🔒 Build failure with NoClassDefFoundError on javax/mail/internet #7994
- ✂ Remove Duplicate Runtime Environment From Docs #7980
- 🔒 OAuth2AuthorizationCodeGrantWebFilter should also match on query parameters #7966
- 🔒 OAuth2AuthorizationCodeGrantFilter should also match on query parameters #7963
- 🛠 fix #7952 Don't force downcasting of RequestAttributes to ServletRequestAttributes #7953
- 🔒 ClassCastException for ServletRequestAttributes #7952
- 🔒 Prevent double-escaping of authorize URL parameters #7881
- 🔒 Resource Server clientCredentials take precedence over introspector in Kotlin DSL #7878
- 🔒 Resource Server jwkSetUri takes precedence over jwtDecoder in Kotlin DSL #7877
- 🔒 Error in WebSecurityConfigurer Javadoc #7876
- 🔒 Query parameters in authorization-url are double-encoded #7871
- 🔒 OAuth2 access token response parsing fails with nested JSON object #6463
⬆️ 🔨 Dependency Upgrades
- ⚡️ Update to Gradle 6.2.2 #8065
- ⚡️ Update Kotlin to 1.3.70 #8064
- ⚡️ Update Spring Boot to 2.2.5 #8063
- 🚀 Update to spring-build-conventions:0.0.31.RELEASE #8058
- ⚡️ Update dependencies #8056
- 🚀 Update to spring-build-conventions:0.0.29.RELEASE #7974
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
-
v5.3.0.RC1
February 05, 2020🍱 ⭐️ New Features
- ➕ Add RSocket Authentication Extension Support #7935
- 🔒 SecurityEvaluationContextExtension.getRootObject() Specific Type #7891
- ➕ Add oauth2Client MockMvc Test Support #7886
- 🔒 Nimbus JwtDecoders should differentiate token and service errors #7885
- ✂ Remove redundant branches from SessionManagementConfigurer #7879
- 🔒 AuthenticationWebFilter's ReactiveAuthenticationManagerResolver should take a ServerWebExchange #7872
- 🔒 SAML2: Wrong IdP response URL throws NPE (for non-existing "RelyingParty") #7865
- 🔒 Typo in doc #7830
- ➕ Add oauth2Login Reactive Test support #7828
- 👌 Improve Bearer Token Error Handling #7826
- ➕ Add BearerTokenErrors #7823
- ➕ Add InvalidBearerTokenException #7822
- 🔒 Make OAuth2AccessToken converters public #7815
- 🔒 AuthenticationEventPublisher Lookup #7802
- 📚 Modernize Documentation Styling #7801
- 🔒 Invalid OAuth2 login attempts don't emit a corresponding ApplicationEvent #7793
- 🔒 Set secure on cookie when logging out #7764
- 🔒 Introduce Reactive OAuth2Authorization success/failure handlers #7756
- 🔒 ProviderManager should have a varargs constructor #7713
- 🔒 Introduce Reactive OAuth2Authorization success/failure handlers #7699
- 🔒 Migrate LDAP integration tests groovy->java #7691
- 🔒 WebSecurityConfigurerAdapter: Unable to use custom AuthenticationEventPublisher #7515
- ➕ Add Jackson support to OAuth2 session related classes #4886
🍱 🐞 Bug Fixes
- 🔒 Build failing with NoSuchMethodError #7888
- 🔒 cassample integration tests are failing #7874
- 🔒 Form login requiresAuthenticationMatcher is not used in WebFlux #7863
- 🔒 BasicAuthenticationFilter ignores credentials charset #7835
- 🔒 Default LDIF file not picked up in LDAP "unboundid" mode #7833
- 📚 Incorrect LDIF file example in LDAP documentation #7832
- 🔒 OpaqueTokenRequestPostProcessor should respect configuration order #7800
- 🔒 Form Login authenticationFailureHandler is not used in ServerHttpSecurity #7782
⬆️ 🔨 Dependency Upgrades
- ⚡️ Update to Gradle 6.1.1 #7936
- ⚡️ Update to GAE 1.9.78 #7893
- 🚀 Update to Spring Boot 2.2.4.RELEASE #7892
- ⚡️ Update Gradle 6.1 #7838
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
-
v5.3.0.M1
January 08, 2020🍱 ⭐️ New Features
- 👍 Allow disabling dependency locking #7799
- 🔒 Build task "snapshots" should not use locked dependencies #7798
- ➕ Add oauth2Login MockMvc Test Support #7789
- 🔒 Manage Versions using Version Locking #7788
- 🔒 Use Gradle Platform / Constraints #7787
- 🔒 Idiomatic Kotlin DSL for configuring HTTP security in servlet based applications #7785
- 🛠 Fix description of PasswordEncoder #7784
- 🛠 Fix unchecked assignment and possible NPE #7773
- 🔒 Resolve JavaType only once for whitelisted class #7755
- 🔒 Set secure when cancelling remember-me cookie #7726
- ➕ Add JwtIssuerAuthenticationManagerResolver #7724
- ➕ Add opaque token test support #7712
- ✂ Remove redundant validation for redirect-uri #7706
- 🔒 Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7702
- 🔒 Enable AuthenticationManager configuration in saml2Login #7693
- 📚 Incomplete Documentation for Setting Up MockMvc and Spring Security #7688
- ➕ Add Oidc Login Reactive Test Support #7680
- ✂ Remove consecutive-word duplications in Javadocs #7673
- 🛠 Fix InitializeAuthenticationProviderBeanManagerConfigurer Javadoc #7666
- 🛠 Fix minor typo in HttpSecurity documentation #7663
- 🔒 Check BCrypt hashed value of a byte array #7661
- 👍 Allow configuring authenticationManagerResolver for SAML2 #7654
- ➕ Add oidcLogin MockMvc Test Support #7618
- ➕ Add OidcUserInfo.Builder #7593
- ➕ Add OidcIdToken.Builder #7592
- 🔒 Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7569
- 🔒 Specify return type in InitializeUserDetailsBeanManagerConfigurer method Javadoc #7557
- 🔒 In Test @AuthenticationPrincipal is null because ServerWebExchange is not wrapped #6598
- 🔒 Make MethodSecurityEvaluationContext Delegates to MethodBasedEvaluationContext #6249
- 🔒 Override the key to avoid CookieTheftException #5509
- ➕ Add resource server support for multiple trusted JWT access token issuers #5385
- 🔒 RememberMeConfigurer does not use the key from RememberMeServices #4140
- 🔒 Option in BasicAuthenticationFilter to log more exception info #3308
🍱 🐞 Bug Fixes
- 🔒 OidcLoginRequestPostProcessor should respect configuration order #7794
- 🛠 Fix var typo and code readability in resource server documentation #7772
- 📄 Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7737
- 🔒 Use the custom ServerRequestCache for Oauth2LoginSpec #7734
- 🔒 CompositeServerHttpHeadersWriter Should Execute Sequentially #7731
- 🔒 DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7728
- 🔒 DelegatingServerLogoutHandler Should Execute Sequentially #7723
- 🔒 RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7721
- 🔒 Disabling logout in WebFlux does nothing #7682
- 🔒 Saml2Authentication isn't serializable #7681
- 🔒 Correctly configure authorization requests repository for OAuth2 login #7675
- 🔒 Error in javadoc for oauth2ResourceServer #7670
- 🔒 DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7544
- 🔒 WebFlux oauth2Login returns 500 when bad client credentials #5562
⬆️ 🔨 Dependency Upgrades
🍱 ⏪ Non-passive
- 🔒 UsernamePasswordAuthenticationTokenDeserializer doesn't deserialize details to correct type #7482
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
-
v5.2.4.RELEASE
May 06, 2020🍱 ⭐ New Features
🍱 🐞 Bug Fixes
- 🛠 Fix Javadoc punctuation #8494
- ➕ Add ROLE_INFRASTRUCTURE to infrastructure beans #8438
- 🔒 SEC-2664: ActiveDirectoryLdapAuthenticationProvider should wrap communication exceptions in InternalAuthenticationServiceException #8430
- 🔒 OAuth2 Resource Server docs not in sync - authorityPrefix can't be set to "" #8426
- 🛠 Fix typo with correct capitalization #8409
- 🔒 Global ServerSecurityContextRepository ignored by logout #8386
- 🛠 Fix example in javadoc of FilterChainProxy #8352
- 🛠 Fix typo in Javadoc of ServerHttpSecurity#hasAuthority #8338
- 🔒 Java Doc of org.springframework.security.config.annotation.web.builders.HttpSecurity contains grammatical errors #8312
⬆️ 🔨 Dependency Upgrades
- ⚡️ Update to Byte Buddy 1.9.16 #8481
- 🔒 Upgrade to embedded Apache Tomcat 9.0.34 #8469
- ⚡️ Update RSocket to 1.0.0-RC7 #8468
- ⚡️ Update to GAE 1.9.80 #8467
- ⚡️ Update to Jackson 2.10.4 #8466
- ⚡️ Update to org.powermock 2.0.7 #8465
- ⚡️ Update to Reactor Dysprosium-SR7 #8464
- 🚀 Update to Spring Framework 5.2.6.RELEASE #8463
- ⚡️ Update to Spring Data Moore-SR7 #8462
-
v5.2.3.RELEASE
April 01, 2020🍱 ⭐️ New Features
- 🔒 SpringTestContext returns ConfigurableWebApplicationContext #8240
- 🔒 OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #8235
- 🔒 SwitchUserFilter vulnerable to CSRF #8223
- 📚 Update Encryptors documentation for standard and stronger #8212
- 🔒 Getting OAuth2AuthenticationException when Bearer token is empty #8207
- 🔒 Document AuthorizedClientServiceOAuth2AuthorizedClientManager #8159
- 🔒 Basic auth header without user results in exception #8123
- 📚 Typo 'properites' -> 'properties' in documentation #8099
🍱 🐞 Bug Fixes
- ⚡️ Update tests to use absolute paths #8260
- 🔒 HttpServletRequest.logout() not functioning #8241
- 🔒 OAuth2 ClientRegistrations NPE when UserInfo endpoint missing #8210
- 🔒 oauth2Login WebFlux should not auto-redirect for XHR request #8202
- 🔒 Make OAuth2ErrorHttpMessageConverter more resilient #8180
- 🔒 RSocket test should throw AccessDeniedException #8155
- 🛠 Fix typo in Javadoc of HttpSecurity#csrf() #8137
- 🔒 Empty RelayState causes errors with ADFS #8070
- 🛠 Fix typo in AntPathRequestMatcher contructor comment #8045
- 🔒 An AuthenticationManager is required. Oauth2ResourceServer + anonymous disable #8040
- 🔒 OAuth2 access token response parsing fails with nested JSON object #8021
- 🛠 Fix typo in snippet code 'jwtAuthenticationConveter' -> 'jwtAuthenticationConverter' #7969
- 🔒 OAuth2AuthorizationCodeGrantWebFilter should also match on query parameters #7967
- 🔒 OAuth2AuthorizationCodeGrantFilter should also match on query parameters #7964
- 🔒 Query parameters in authorization-url are double-encoded #7960
- 🔒 Don't force downcasting of RequestAttributes to ServletRequestAttributes #7959
- 🔒 ClassCastException for ServletRequestAttributes #7958
⬆️ 🔨 Dependency Upgrades
- ⚡️ Update RSocket to 1.0.0-RC6 #8280
- ⚡️ Update to reactive-streams 1.0.3 #8279
- ⚡️ Update to OpenSAML 3.4.5 #8278
- ⚡️ Update to hibernate-entitymanager 5.4.13.Final #8277
- ⚡️ Update to hibernate-core 5.2.18.Final #8276
- 🚀 Update blockhound to 1.0.3.RELEASE #8275
- ⚡️ Update to unboundid-ldapsdk 4.0.14 #8274
- ⚡️ Update to okhttp 3.14.7 #8259
- ⚡️ Update to Jackson 2.10.3 #8258
- ⚡️ Update to mockwebserver 3.14.7 #8257
- ⚡️ Update to org.powermock 2.0.6 #8255
- 🔒 Upgrade to embedded Apache Tomcat 9.0.33 #8254
- ⚡️ Update to httpclient 4.5.12 #8253
- 🚀 Update to Spring Boot 2.2.6.RELEASE #8252
- ⚡️ Update to GAE 1.9.79 #8251
- ⚡️ Update to Reactor Dysprosium-SR6 #8250
- ⚡️ Update to Spring Framework 5.2.5 #8249
- ⚡️ Update to Spring Data Moore-SR6 #8248
- ⚡️ Update to Jetty 9.4.22.v20191022 #7507
-
v5.2.2.RELEASE
February 05, 2020🍱 ⭐️ New Features
- 🔒 Don't cache requests with
Accept: text/event-streamby default. #7744 - 🔒 Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7717
- ✂ Remove redundant validation for redirect-uri #7707
- 💅 Polish oauth2-client Error-handling Tests #7647
- ✂ Remove unnecessary code in SecurityExpressionRoot #7635
- 📚 Extract HTTPS Documentation #7626
- ✂ Remove unnecessary code in SecurityExpressionRoot #7601
- 🔒 Make jwks_uri optional for RFC 8414 and required for OpenID Connect #7573
🍱 🐞 Bug Fixes
- 🔒 Form login requiresAuthenticationMatcher is not used in WebFlux #7867
- 🔒 Form Login authenticationFailureHandler is not used in ServerHttpSecurity #7866
- 🔒 BasicAuthenticationFilter ignores credentials charset #7859
- 🔒 Default LDIF file not picked up in LDAP "unboundid" mode #7852
- 📚 Incorrect LDIF file example in LDAP documentation #7849
- 🔒 Use the custom ServerRequestCache that the user configures #7753
- 🔒 RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7751
- 🔒 Disabling logout in WebFlux does nothing #7742
- 🔒 Saml2Authentication isn't serializable #7739
- 📄 Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7738
- 🔒 CompositeServerHttpHeadersWriter Should Execute Sequentially #7732
- 🔒 DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7729
- 🔒 DelegatingServerLogoutHandler Should Execute Sequentially #7725
- 🔒 WebFlux oauth2Login returns 500 when bad client credentials #7703
- 🔒 Correctly configure authorization requests repository for OAuth2 login #7690
- 🔒 Correctly configure authorization requests repository for OAuth2 login #7689
- 🔒 DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7684
- ⚡️ Update @MessageMapping to match input/output cardinality #7669
- ➕ Add http and https spring.schema mappings #7623
- 🔒 Avoid toString in favor of getName in order to extract sid #6354
⬆️ 🔨 Dependency Upgrades
- ⚡️ Update to Spring Boot 2.2.4 #7909
- ⚡️ Update to org.slf4j 1.7.30 #7908
- ⚡️ Update to org.powermock 2.0.5 #7907
- ⚡️ Update to hibernate-validator 6.1.2.Final #7906
- ⚡️ Update to hibernate-entitymanager 5.4.10.Final #7905
- ⚡️ Update to org.aspectj 1.9.5 #7904
- ⚡️ Update to httpclient 4.5.11 #7903
- ⚡️ Update to commons-codec 1.14 #7899
- ⚡️ Update to com.squareup.okhttp3 3.14.6 #7898
- ⚡️ Update to Jackson 2.10.2 #7897
- ⚡️ Update to Reactor Dysprosium SR4 #7896
- ⚡️ Update to Spring Data Moore SR3 #7895
- ⚡️ Update to Spring Framework 5.2.3 #7894
- ⚡️ Update nimbus-jose-jwt because of CVE-2019-17195 #7570
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
- 🔒 Don't cache requests with
-
v5.2.1.RELEASE
November 04, 2019🍱 ⭐️ New Features
- 🛠 Fix variable reference in sample code #7571
- 🔒 spring-security-saml2-service-provider impossible to use different format of assertionConsumerServiceUrlTemplate #7565
- ➕ Add Resource Server Multi-tenancy Documentation #7532
- ⚡️ Update SAML sample to use boot auto config #7521
- ➕ Add Reactive CSRF Documentation #6487
🍱 🐞 Bug Fixes
- 🔒 Restore Removed Throws Clauses #7580
- 🔒 CsrfWebFilter should handle multipart/form-data #7576
- 🔒 Make saveAuthorizedClient save the authorized client #7551
- 🔒 DefaultReactiveOAuth2AuthorizedClientManager.saveAuthorizedClient does not save authorized client #7546
- 🔒
throws Exceptionwas removed from WebSecurityConfigurerAdapter#configure(WebSecurity) #7541 - 🔒 SAML2 Provider SubjectConfirmation validation failure #7514
- 🔒 SAML2 Provider AuthNRequest Hardcoded Protocol Binding #7513
- 🔒 Clock skew to check access token expiration has wrong sign #7511
⬆️ 🔨 Dependency Upgrades
- 🚀 Upgrade to Spring Boot 2.2.0.RELEASE #7566
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!