Spring Security v5.1.9.RELEASE Release Notes
Release Date: 2020-04-01 // about 4 years ago-
๐ฑ โญ๏ธ New Features
- ๐ OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #8236
- ๐ SwitchUserFilter vulnerable to CSRF #8224
- ๐ Update Encryptors documentation for standard and stronger #8215
- ๐ Typo 'properites' -> 'properties' in documentation #8100
- ๐ Typo 'hasPermision()' in GlobalMethodSecurityBeanDefinitionParser.java #8068
- โ Remove unwanted code #7949
๐ฑ ๐ Bug Fixes
- ๐ HttpServletRequest.logout() not functioning #8242
- ๐ oauth2Login WebFlux should not auto-redirect for XHR request #8203
- ๐ Make OAuth2ErrorHttpMessageConverter more resilient #8181
- ๐ Fix typo in Javadoc of HttpSecurity#csrf() #8135
- ๐ Fix typo in AntPathRequestMatcher contructor comment #8046
- ๐ An AuthenticationManager is required. Oauth2ResourceServer + anonymous disable #8043
- ๐ OAuth2 access token response parsing fails with nested JSON object #8022
- ๐ OAuth2AuthorizationCodeGrantWebFilter should also match on query parameters #7968
- ๐ OAuth2AuthorizationCodeGrantFilter should also match on query parameters #7965
โฌ๏ธ ๐จ Dependency Upgrades
- โก๏ธ Update to httpclient 4.5.12 #8294
- โก๏ธ Update to hibernate-validator 6.0.19.Final #8293
- โก๏ธ Update to reactive-streams 1.0.3 #8292
- โก๏ธ Update to hibernate-core 5.2.18.Final #8291
- โก๏ธ Update to groovy 2.4.19 #8290
- โก๏ธ Update to unboundid-ldapsdk 4.0.14 #8289
- โก๏ธ Update to okhttp 3.12.10 #8288
- โก๏ธ Update to mockwebserver 3.12.10 #8287
- โก๏ธ Update to org.powermock 2.0.6 #8286
- ๐ Update to Spring Boot 2.1.13.RELEASE #8285
- โก๏ธ Update to GAE 1.9.79 #8284
- โก๏ธ Update to Reactor Californium-SR17 #8283
- โก๏ธ Update to Spring Data Lovelace-SR16 #8282
- ๐ Update to Spring Framework 5.1.14.RELEASE #8281
- โก๏ธ Update to Jetty 9.4.22.v20191022 #8093
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!