All Versions
57
Latest Version
Avg Release Cycle
47 days
Latest Release
826 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v5.5.0-M1 Changes
November 04, 2020🍱 ⭐ New Features
- Add unsupported_token_type in OAuth2ErrorCodes #9184
- Add token and token_type_hint to OAuth2ParameterNames #9183
- 🔒 Introduce JwaAlgorithm #9182
- 🔒 WithSecurityContextTestExecutionListener Should Support Nested Classes #9179
- ➕ Add WebFlux Documentation for Multiple Filter Chains #9178
- 📇 SAML 2.0 Asserting Party Metadata resolution should read SigningMethod elements #9177
- 🔒 Enable customization of BearerTokenResolver by adding a setter for JwtClaimIssuerConverter on JwtIssuerAuthenticationManagerResolver #9168
- 🔒 Reactive doc points to unit tests #9157
- 🔒 Invoke Kotlin MockMvc result matchers with parentheses #9155
- 🔒 Change guard expressions order #9153
- 🔒 It is not necessary to fetch all user sessions if unlimited sessions are set in the ConcurrentSessionControlAuthenticationStrategy. #9152
- ➕ Add refresh token expiration support #9146
- 🔒 JwtIssuerValidator handles issuer (iss) claim values as Strings and URLs #9137
- 🔒 OpenSamlAuthenticationProvider should decrypt attributes #9131
- ⚡️ Update snapshot build dependencies #9124
- 🔒 spring-security-test should include jackson-datatype-jsr310 as a test dependency #9123
- ⚡️ Update to Gradle 6.6.1 #9122
- 🔒 Use LobHandler in JdbcOAuth2AuthorizedClientService #9070
- 📇 Changed metadata converter to accept files as well #9056
- ➕ Add HSM Support for Decrypting Assertions #9055
- 📇 File-based Configuration for Asserting Party Metadata #9028
- 🔒 Prevent PR builds from running on forks #8993
- 🔒 Provide a R2dbc implementation of ReactiveOuath2AuthorizedClientService #8765
- ➕ Add support for dynamic JWS signature algorithm with JWKs (2) - Issue 7160 #8752
- 👌 Support customization of BearerTokenResolver in JwtIssuerAuthenticationManagerResolver #8535
- 🔒 Provide reactive JDBC implementation of ReactiveOAuth2AuthorizedClientService #7890
- 🔒 JwtDecoders and ReactiveJwtDecoders should determine algorithm from JWK Set Endpoint #7160
- 🔒 OAuth2Token interface for AbstractOAuth2Token #5502
🍱 🐞 Bug Fixes
- 🔒 [docs]Add white space before strong notation. #9145
- 🐛 Bug with JwtValidators.createDefaultWithIssuer(String)? #9136
- 🔒 Tests should not combine Authentication and @AuthenticationPrincipal #9121
- 🔒 Closes gh-8196 appendix indentation #9118
- 🛠 Fixes in documentation #9099
⬆️ 🔨 Dependency Upgrades
- 🔒 Set rsocketVersion to 1.1.0 #9167
- 🔒 Set reactorVersion to 2020.0.+ #9166
- 🔒 Set springVersion to 5.3.+ #9165
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
-
v5.4.2 Changes
December 03, 2020 -
v5.4.1 Changes
October 07, 2020🍱 ⭐ New Features
- 🔒 Replace expired msdn link with latest web archive copy #9050
- ➕ Add documentation for StrictHttpFirewall enhancements #9038
- 🔒 Replace Tomcat6 URL for SSL Guide to Tomcat 10 #9034
- 🔒 Use AssertJ for exception testing #9013
🍱 🐞 Bug Fixes
- ➕ Add try-with-resources to close stream #9053
- 📇 RelyingPartyRegistrations Fails to Read Keycloak Metadata #9051
- 🛠 fix miswritten comment of FormLoginDsl.kt #9042
- 🔒 Adapt to WebClient's new exception wrapping #9031
- 🔒 StandardInterceptUrlRegistry should not refer to ExpressionUrlAuthorizationConfigurer #9026
- 🛠 Fix broken Mono chain #9022
- 🔒 Use Schedulers.boundedElastic for UUID.randomUUID #9021
- 🔒 CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #9018
- 🔒 WebSessionServerCsrfTokenRepository#generateToken() don't use Schedulers.boundedElastic() #9017
- 🔒 NullPointerException SessionRegistryImpl.onApplicationEvent(SessionRegistryImpl.java:111) #9011
- 🔒 Quick javadoc fix for DelegatingPasswordEncoder #8890
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
-
v5.4.0 Changes
September 09, 2020🍱 ⭐ New Features
- ➕ Add What's New in 5.4 #9002
- ➕ Add What's New in 5.4 Section to Docs #9001
- ➕ Add Resource Server Servlet Logging #9000
- 🔒 Simplify saml2Login Samples #8990
- ✂ Remove Framework Tests from saml2Login Sample #8989
- ➕ Add authenticationManagerResolver to resource server Kotlin DSL #8981
- 🔒 Generalize SAML 2.0 Assertion Validation Support #8970
- ⚡️ Update abstract-authentication-processing-filter.adoc #8965
- ➕ Add spring-javaformat checkstyle and formatting #8946
- ➕ Add hasAnyRole and hasAnyAuthority to authorizeRequests in Kotlin DSL #8926
- ➕ Add hasAnyAuthority(String...) and hasAnyRole(String...) to authorizeRequests in Kotlin DSL #8892
- 🔒 Resolve oauth2 client-id, client-secret placeholders #8880
- 📚 Restructure SAML 2.0 documentation #8763
- 🔒 security:client-registrations doesn't take propertyconfigurer properties #8453
🍱 🐞 Bug Fixes
- 🔒 Clickjacking demo in docs: YouTube link in X-Frame-Options section leads to private video #8986
- 📇 NoClassDefFoundError: AuthMetadataFlyweight at o.s.s.r.m.SimpleAuthenticationEncoder #8948
- 🔒 SAML attributes not parsed correctly with prefixed XML elements #8864
- 🔒 Don't use oidc scopes_supported for scope as default in ClientRegistrations #8790
- 📇 scopes_supported metadata should not be used as default in ClientRegistrations #8514
⬆️ 🔨 Dependency Upgrades
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
-
v5.4.0-RC1 Changes
August 05, 2020🍱 ⭐ New Features
- 🔒 Deprecate CustomUserTypesOAuth2UserService #8908
- 🔒 Deprecate ClientRegistration.redirectUriTemplate #8906
- 👍 Allow for custom ClientRegistration.clientAuthenticationMethod #8903
- 🔒 Deprecate ImplicitGrantConfigurer #8902
- ✂ Remove use of Mono.deferWithContext() #8901
- 🔒 Consider adding RelyingPartyRegistrationResolver #8887
- ➕ Add HttpMessageConverter that constructs a RelyingPartyRegistration #8877
- 🔒 RelyingPartyRegistration should default the ACS Location #8876
- ⚡️ Update SimpleSaml2AuthenticatedPrincipal class name #8861
- 🔒 Introduce AuthenticationConverterServerWebExchangeMatcher #8854
- 🔒 Make class SimpleSaml2AuthenticatedPrincipal public #8852
- 👌 Support custom filter in Server Kotlin DSL #8850
- 🔒 Saml2AuthenticationToken should take a RelyingPartyRegistration #8845
- 🔒 Wording changes #8832
- 🔒 -gh 8784 Document improvement for WebSecurityConfigure #8825
- 🔒 Consider making BearerTokenServerWebExchangeMatcher public and more generic #8824
- ➕ Add custom HeaderWriter in Kotlin DSL #8823
- ➕ Add Static Factories to Saml2X509Credential #8822
- 👍 Allow disabling headers in Kotlin DSL #8816
- ✂ Remove need for WebSecurityConfigurerAdapter #8805
- 🔒 Configure HTTP Security without extending WebSecurityConfigurerAdapter #8804
- 🛠 Fix #8693 Support SAML 2.0 SP Metadata Endpoints #8795
- ➕ Add Static Factories to Saml2X509Credential #8789
- 🔒 RelyingPartyRegistration Credentials Should Be Split by Party #8788
- 👌 Support custom filter in Server Kotlin DSL #8783
- 🔒 mongolian translation for messages.properties #8780
- 🔒 Mongolian translation required for messages.propeperties #8778
- 📇 RelyingPartyRegistration should use metadata spec language #8777
- 🔒 ACS Binding should be in RelyingPartyRegistration #8776
- ✂ Remove OpenSamlImplementation #8775
- 🔒 OpenSamlAuthenticationRequestFactory should use OpenSAML directly #8774
- 🔒 OpenSamlAuthenticationProvider should use OpenSAML directly #8773
- 🔒 OpenSAML should get initialized as part of container lifecycle #8772
- 🔒 SAML Assertion validation fails when OneTimeUse condition is sent from the IdP #8769
- 👌 Improve error message when invalid content-type for UserInfo response #8764
- 🔒 Simplify retrieving Introspection-specific attributes #8740
- 🔒 Reactive SwitchUserWebFilter for user impersonation #8687
- 🔒 Change getMethod() to return configured value in SimpleSavedRequest #8675
- 🔒 gh-8589 Additional Jwt validation debug messages #8665
- ➕ Adds cookie based RequestCache #8653
- 🔒 Missing Reactive SwitchUserWebFilter for user impersonation #8599
- 🔒 Use String to specify custom HTTP method in mock request #8592
- ➕ Add logging #8589
- 👌 Support for dynamic configuration using IDP metadata URL for SAML SSO integration #8484
- 🔒 SAML Authentication Provider assertions #8471
- 🔒 Throw exception when specified ldif file does not exist #8434
- 🔒 SAML: Add RequestedAuthnContext to AuthnRequest in OpenSamlAuthenticationRequestFactory #8141
- ➕ Add request cache that uses cookie #8034
- 🔒 No log message or exception if expected ldif file does not exist #7791
🍱 🐞 Bug Fixes
- 🔒 Move RSocket Integration Tests to integration tests #8944
- 🛠 Fix snapshot build failure related to reactor-netty #8909
- 🔒 Resolve Bearer token after subscribing to publisher #8894
- 🔒 ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8865
- ⚡️ Update README.adoc #8851
- 🔒 Saml2Error should be in a core package #8835
- 🛠 Fix #8797: Add OAuth2AuthenticationException to allowlist #8827
- 🔒 CookieRequestCache "REDIRECT_URI" removed by any request #8820
- 🔒 use CookieRequestCache something went wrong #8817
- 🔒 LoginPageGeneratingWebFilter should honor context path #8807
- 🛠 Fix ProviderManager Javadoc typo #8800
- 🔒 OAuth2AuthenticationException should be in allowlist #8797
- 🔒 tutorial uses hasRole but should use hasAuthority #8796
- 🔒 Saml2WebSsoAuthenticationFilter does not follow standard patterns for request matching. #8768
- 🔒 Bearer Token Padding #8511
- 🔒 Resolved bearer token has no padding indicators #8502
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
-
v5.4.0-M2 Changes
July 01, 2020🍱 ⭐ New Features
- ➕ Add reified function variants to security DSL #8771
- 🔒 OAuth2AccessTokenResponse.Builder.expiresIn works after withResponse #8766
- 🔒 LDAP Integration Tests Should Use Random Port #8762
- 🔒 Use memory-saving Collections.singletonList in JdbcAclService.readAclById() #8756
- 🔒 Merge Spring security with dependencies #8755
- ➕ Add Configurable secure flag in CookieCsrfTokenRepository #8749
- 🛠 Fix typo in OAuth2AccessTokenResponse #8746
- 👍 Allow customizing
JWTProcessor
passed toNimbusJwtDecoder
#8745 - 🔒 Use Spring Snapshots in Snapshot Build Again #8712
- ⚡️ Update pipeline to run for PRs to all branches #8711
- ✂ Remove Travis pipeline and README badge #8710
- 🔒 Reject the NULL character in paths in StrictHttpFirewall #8703
- 🔒 OAuth2AccessTokenResponse.expiresIn() is ignored when initialized from another response #8702
- 🔒 OAuth2AuthorizedClientArgumentResolver could use OAuth2AuthorizedClientManager registered in context #8700
- 🔒 Kotlin Configuration DSL: Use reified types wherever a class is used as a parameter #8697
- 🔒 ProviderManager Should Use CollectionUtils#contains #8695
- 🔒 ProviderManager#checkState() throws NullPointerException #8689
- 🔒 Set up Github Actions pipeline for PRs #8680
- 🔒 Deprecate X-Frame-Options ALLOW-FROM #8677
- 🔒 Replace whitelist/blacklist with allowlist/blocklist #8676
- 🔒 Register OAuth2AuthorizedClientArgumentResolver for XML Config #8669
- 🔒 Getting response attributes from Saml2AuthenticatedPrincipal #8667
- 🔒 Ability to easily read attribute values from SAML response #8661
- 🔒 DefaultOAuth2AuthorizationRequestResolver Should Not Consume Request Body #8651
- 🔒 StrictHttpFirewall: Validate headers and parameters #8644
- 🔒 JwtDecoder should use Nimbus multiple-algorithm support #8623
- ✂ Remove ClientRegistrationRepository Mock Beans from Samples #8606
- 🔒 oauth2Client Test Support should not require an HttpSessionOAuth2AuthorizedClientRepository #8603
- ➕ Add tokenFromMultipartDataEnabled to server CSRF Kotlin DSL #8602
- ➕ Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter #8587
- 🔒 FilterInvocation Support Default Methods on HttpServletRequest #8566
- ⚡️ Update to JQuery 3.5.1 #8557
- 🔒 Saml2WebSsoAuthenticationRequesFilter should be post-processed #8552
- 🔒 Move TestRelyingPartyRegistrations #8551
- 🔒 Configuration defaults to SessionRegistry bean #8548
- 📚 Update BCryptPasswordEncoder documentation with default strength #8542
- 🔒 authorization_code grant should use same ServerRequestCache #8536
- Avoid using "/path/**/other" patterns in WebFlux PathPatternParser #8513
- ➕ Add debug logging to Reactive Web #8504
- ➕ Add issuerUri to ClientRegistration.providerDetails #8501
- 🔒 Use Opaquetoken properties to configure timeouts #8488
- ⚡️ Update Traditional Chinese translation. #8483
- 👍 Allow port=0 for ApacheDSContainer #8416
- 🔒 Throw exception if URL does not include context path when context relative #8399
- ➕ Added setter to make RequestCache injectable #8392
- 🔒 Consider adding ClientRegistration.providerDetails.issuerUri #8326
- 🔒 Merge Project Modules and Dependencies Section of the docs #8199
- ➕ Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter #8120
- 🔒 formLogin() does not work with REST Docs #7572
🍱 🐞 Bug Fixes
- 🔒 SwitchUserFilter.setExitUserMatcher Javadoc is incorrect #8744
- 🔒 SwitchUserFilter.setUserDetailsChecker is missing Javadoc #8743
- 🛠 Fix SecurityContext creation for TEST_EXECUTION #8738
- 🔒 ReactorContext not available in PayloadSocketAcceptor delegate.accept #8654
- 🔒 DefaultWebSecurityExpressionHandler uses RoleHierarchy bean #8652
- 🔒 DefaultOAuth2AuthorizationRequestResolver erroneously consumes POST request body #8650
- 🛠 Fix broken link in spring security reference document #8618
- 🔒 Delay AuthenticationPrincipalArgumentResolver Lookup #8613
- 🔒 OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException #8609
- 🔒 spring-security-oauth2-client:5.3.2 and spring-boot-starter-test:2.3.0 clash over version of transitive dependency json-smart #8608
- 🛠 Fix typos in BCryptPasswordEncoder documentation #8586
- 🛠 Fixing typo in SAML 2.0 Sample README #8581
- 🔒 Message Compose in JavaConfig hellojs Sample Fails #8556
- 🔒 Java Config hellojs Sample Login Fails #8555
- 🔒 XML OpenID sample should POST to logout #8554
- ✂ Remove unused field 'digester' in Md4PasswordEncoder #8553
- 📚 Polish JDBC Authentication documentation #8550
- 🛠 Fix Kotlin Sample Documentation #8540
- 🔒 Object ID Identicy conversion to long fails on old schema #8538
- 🔒 Create the CSRF token on the bounded elactic scheduler #8534
- 🛠 Fix AntPathRequestMatcher Javadoc #8512
- 🔒 Document NoOpPasswordEncoder will not be removed #8508
- 🔒 Document NoOpPasswordEncoder will not be removed #8506
- 🛠 Fix code snippets to configure timeouts #8487
- 🛠 Fix non-standard HTTP method for CsrfWebFilter #8452
- 🔒 Blocking in WebSessionServerCsrfTokenRepository #8128
- 🔒 Object ID Identity conversion to long fails on old schema #7621
- 🔒 RoleHierarchy is not used by AbstractAuthorizeTag #7059
- 🔒 Prevent StackOverflowError for AccessControlEntryImpl.hashCode #6820
- 🔒 ACL : AclImpl.hashCode leads to StackOverflowError #5401
⬆️ 🔨 Dependency Upgrades
- ⚡️ Update to Spring Boot 2.4.0-M1 #8787
- ⚡️ Update to Kotlin 1.3.72 #8786
- ⚡️ Update to Google App Engine 1.7.80 #8785
- 🚀 Update to spring-build-conventions:0.0.33.RELEASE #8759
- ⚡️ Update to Spring Boot 2.3.0 #8605
- ⚡️ Update to Gradle 6.4.1 #8604
- 🚀 Update to spring-build-conventions:0.0.32.RELEASE #8499
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
- @dkodippily
- @islamazhar
- @thomasturrell
- @eamelink
- @gonozalviii
- @benba
- @evgeniycheban
- @Maxvgrad
- @mengelbrecht
- @yoshikawaa
- @jrehwaldt
- @mouellet
- @candrews
- @cbornet
- @dadikovi
- @AndreasVolkmann
- @yukihane
- @tan9
- @unix1982
- @eleftherias
- @justmehyp
- @atarynin
- @ractive
- @sgilson
- @elliedori
- @kostic017
- @michaldo
- @parikshitdutta
- @MGabr
- @stsypanov
- @ThomasVitale
-
v5.4.0-M1 Changes
May 06, 2020🍱 ⭐ New Features
- 🔒 Jenkins does not need to build on JDK 9 and 10 #8482
- 🔒 Upgrade Freefair AspectJ plugin to v5.0.1 #8456
- 🔒 AesBytesEncryptor constructor that uses secret key #8443
- 🔒 Rename Preface to Introduction #8411
- 🔒 TestSaml2X509Credentials should only return Saml2X509Credential instances #8404
- 🔒 Saml2CryptoTestSupport and TestSaml2AuthenticationObjects should be one class #8403
- 👍 Allow creating AesBytesEncryptor with key #8402
- ➕ Add Flag to enable searching of LDAP groups on subtrees #8400
- 🔒 Documented dependencies for opaque Resource Server #8394
- 👍 Allow expose JwtAuthenticationConverter as a bean for Resource Server #8379
- 🔒 Use Kotlin DSL Marker Annotations to prevent scope leaking in WebFlux DSL #8366
- 🔒 Saml2AuthenticationRequestContext should be extendible #8356 #8364
- ➕ Add constructors receiving AuthenticationManager #8362
- 👍 Allow the ability to configure AuthoritiesMapper in Reactive OAuth2Login #8361
- 🔒 Saml2WebSsoAuthenticationRequestFilter should not use OpenSamlAuthenticationRequestFactory by default #8359
- 🔒 Validate ID Token Issuer #8357
- 🔒 Saml2AuthenticationRequestContext should be extendible #8356
- ➕ Add authorize() DSL method that accepts HttpMethod #8350
- 👍 Allow custom header during bearer token extraction #8341
- 👍 Allow specify header in ServerBearerTokenAuthenticationConverter #8337
- 🔒 Provide possibility to use custom cache to store JWK Set #8332
- ➕ Adding Map support to DefaultMethodSecurityExpressionHandler #8331
- 🔒 BCryptPasswordEncoder rawPassword cannot be null #8330
- 👍 Allow the ability to configure AuthoritiesMapper in Reactive OAuth2Login #8324
- 🔒 Open ID Connect ID Token Issuer not validated #8321
- ➕ Add addFilterAfter and addFilterBefore to Kotlin DSL #8319
- ➕ Added setPrincipalClaimName to JwtAuthenticationConverter #8318
- 🔒 BCryptPasswordEncoder.encode() throws NPE #8317
- 🔒 HttpSecurityDsl does not support addFilterBefore and addFilterAfter #8316
- 🔒 AuthorizeRequestsDsl doesn't allow HTTP Method to be specified #8307
- 🔒 SpringTestContext returns ConfigurableWebApplicationContext #8233
- 🔒 Clarify use case for
ServerBearerExchangeFilterFunction
#8220 - 📚 Update Encryptors documentation for standard and stronger #8208
- 🔒 Upgrade to Gradle Enterprise Plugin 3.2 #8205
- ➕ Add Figures to Resource Server Docs #8184
- ➕ Add Figures to Resource Server Docs #8182
- 🔒 Document JwtGrantedAuthoritiesConverter #8176
- 🛠 Fix userNameAttribute property case style #8171
- 💅 userNameAttribute case style is different others #8169
- 💅 Polish SAML 2.0 Login Sample #8163
- 🔒 Document AuthorizedClientServiceOAuth2AuthorizedClientManager #8152
- 🔒 Assign sensible default for OAuth2AuthorizedClientProvider #8150
- 🔒 OpenSamlImplementation should not use reflection #8147
- 👍 Allow port=0 for LDAP Servers #8139
- 🔒 LDAP server configuration should support port=0 #8138
- 🔒 Use io.spring.gradle-enterprise-conventions #8115
- 🔒 Replace VersionsResourceTasks with WriteProperties #8114
- 👌 Improve Build Performance #8113
- 🔒 Document OAuth 2.0 Login XML Support #8110
- 🛠 Fix exception from empty basic auth header token #8109
- 🛠 Fix typo 'properites' -> 'properties' in documentation #8096
- 🔒 Document AuthenticationEventPublisher improvements #8081
- 🔒 Document AuthNRequest POST binding support #8079
- 🔒 Document AuthNRequest signature support #8078
- 🔒 Document OAuth 2.0 Resource Server XML Support #8077
- 🔒 Document Jackson serialization support for OAuth 2.0 Client #8075
- 🔒 Document OAuth 2.0 Client XML Support #8074
- 🔒 Document OAuth2Authorization success and failure handlers #8073
- 🔒 Document OIDC Logout Success Handler Improvements #8072
- 🔒 Document OAuth 2.0 Authorization Request improvements #8071
- ➕ Add OAuth 2.0 Test Support Docs #8050
- ➕ Add server request cache that uses cookie #8033
- 🔒 Basic auth header without user results in exception #7976
- ➕ Add RequestRejectedHandler #7052
- 🔒 OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #5633
- 🔒 Idiomatic Kotlin DSL for configuring HTTP security #5558
- 🔒 SessionRegistryImpl is now aware of SessionIdChangedEvent #5439
- 🔒 SessionRegistryImpl is not aware of SessionIdChange events. #5438
- 🔒 SwitchUserFilter vulnerable to CSRF #4183
🍱 🐞 Bug Fixes
- 🛠 Fix Javadoc punctuation #8480
- 🛠 Fixed typos in documentation #8454
- 👌 Support update when saving with JdbcOAuth2AuthorizedClientService #8435
- ⚡️ JdbcOAuth2AuthorizedClientService should support update when saving #8425
- 🔒 OAuth2 Resource Server docs not in sync - authorityPrefix can't be set to "" #8421
- 🔒 ActiveDirectoryLdapAuthenticationProvider uses InternalAuthenticationServiceException #8418
- 🛠 Fix mismatch between CONTRIBUTING.adoc and .editorconfig #8417
- 🛠 Fix Documentation to Refer to BasicAuthenticationFilter #8414
- ➕ Add ROLE_INFRASTRUCTURE to infrastructure beans #8407
- 🛠 Fix typo with correct capitalization #8406
- 🔒 Global ServerSecurityContextRepository ignored by logout #8375
- 🛠 Fix example in javadoc of FilterChainProxy #8344
- 🛠 Fix typo in Javadoc of ServerHttpSecurity#hasAuthority #8336
- 🛠 Fixes gh-8187 : OAuth2 ClientRegistrations UserInfo endpoint NPE fix #8206
- 🔒 OAuth2 ClientRegistrations NPE when UserInfo endpoint missing #8187
- 🛠 Fix OAuth2AuthorizationRequest additionalParameters/attributes Consumer #8177
- 🔒 Make OAuth2ErrorHttpMessageConverter more resilient #8157
- 🔒 RSocket test should throw AccessDeniedException #8154
- 🛠 Fix typo in Javadoc of HttpSecurity#csrf() #8130
- 🛠 Fix Documentation to Refer to BasicAuthenticationFilter #8119
- 🔒 oauth2Login WebFlux should not auto-redirect for XHR request #8118
- 🔒 NPE thrown when token response contains a null value #8108
- 🔒 HttpServletRequest.logout() not functioning #4760
- 🔒 Java Doc of org.springframework.security.config.annotation.web.builders.HttpSecurity contains grammatical errors #4404
⬆️ 🔨 Dependency Upgrades
- ⚡️ Update to aspectj-plugin:4.1.6 #8305
🍱 ⏪ Non-passive
- 🔒 Transfer session's max inactive interval in SessionFixationProtectionStrategy #5441
- 🔒 SEC-2470: SessionFixationProtectionStrategy should migrate maxInactiveInterval #2693
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
- @ahrytsiuk
- @pgerhard
- @leonard84
- @20fps
- @antonin-arquey
- @wilkinsona
- @souphorn
- @alan-czajkowski
- @bberto
- @evgeniycheban
- @shazin
- @mengelbrecht
- @evpaassen
- @hotire
- @dadikovi
- @VonUniGE
- @martinnemec3
- @maxtacco
- @jzheaux
- @bigdaz
- @corneliouzbett
- @furti
- @eleftherias
- @zeeshanadnan
- @TJReinert
- @mustafau
- @komuro-hiraku
- @aj-jaswanth
- @stavshamir
- @adamu
- @HomoEfficio
-
v5.3.6.RELEASE Changes
December 03, 2020 -
v5.3.5.RELEASE Changes
October 07, 2020 -
v5.3.4.RELEASE Changes
August 05, 2020🍱 ⭐ New Features
- ➕ Add logging #8888
- 🔒 Document improvement for configure(WebSecurity web) and configure(HttpSecurity http) #8855
- 🔒 formLogin() does not work with REST Docs #8748
- 🔒 Use Github Actions PR pipeline and remove Travis for 5.3.x #8724
🍱 🐞 Bug Fixes
- 🔒 ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8896
- 🔒 OAuth2AuthenticationException should be in allowlist #8863
- 🔒 Resolved bearer token has no padding indicators #8837
- 🛠 Fix ProviderManager Javadoc typo #8811
- 🔒 LoginPageGeneratingWebFilter should honor context path #8808
- 🔒 OAuth2 Resource Server docs not in sync - authorityPrefix can't be set to "" #8803
- 🔒 RoleHierarchy is not used by AbstractAuthorizeTag #8678
- 🔒 OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException #8672
- 🔒 ReactorContext not available in PayloadSocketAcceptor delegate.accept #8655
⬆️ 🔨 Dependency Upgrades
- 🚀 Update to spring-build-conventions:0.0.34.RELEASE #8925
- 🚀 Update to nohttp 0.0.5.RELEASE #8924
- ⚡️ Update to GAE 1.9.81 #8923
- 🚀 Update to Spring Boot 2.2.9.RELEASE #8922
- 🚀 Update to spring-build-conventions:0.0.33.RELEASE #8760
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!