ยซ Changelog History


Spring Security v5.2.2.RELEASE Release Notes

Release Date: 2020-02-05 // about 4 years ago

  • ๐Ÿฑ โญ๏ธ New Features

    • ๐Ÿ”’ Don't cache requests with Accept: text/event-stream by default. #7744
    • ๐Ÿ”’ Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7717
    • โœ‚ Remove redundant validation for redirect-uri #7707
    • ๐Ÿ’… Polish oauth2-client Error-handling Tests #7647
    • โœ‚ Remove unnecessary code in SecurityExpressionRoot #7635
    • ๐Ÿ“š Extract HTTPS Documentation #7626
    • โœ‚ Remove unnecessary code in SecurityExpressionRoot #7601
    • ๐Ÿ”’ Make jwks_uri optional for RFC 8414 and required for OpenID Connect #7573

    ๐Ÿฑ ๐Ÿž Bug Fixes

    • ๐Ÿ”’ Form login requiresAuthenticationMatcher is not used in WebFlux #7867
    • ๐Ÿ”’ Form Login authenticationFailureHandler is not used in ServerHttpSecurity #7866
    • ๐Ÿ”’ BasicAuthenticationFilter ignores credentials charset #7859
    • ๐Ÿ”’ Default LDIF file not picked up in LDAP "unboundid" mode #7852
    • ๐Ÿ“š Incorrect LDIF file example in LDAP documentation #7849
    • ๐Ÿ”’ Use the custom ServerRequestCache that the user configures #7753
    • ๐Ÿ”’ RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7751
    • ๐Ÿ”’ Disabling logout in WebFlux does nothing #7742
    • ๐Ÿ”’ Saml2Authentication isn't serializable #7739
    • ๐Ÿ“„ Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7738
    • ๐Ÿ”’ CompositeServerHttpHeadersWriter Should Execute Sequentially #7732
    • ๐Ÿ”’ DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7729
    • ๐Ÿ”’ DelegatingServerLogoutHandler Should Execute Sequentially #7725
    • ๐Ÿ”’ WebFlux oauth2Login returns 500 when bad client credentials #7703
    • ๐Ÿ”’ Correctly configure authorization requests repository for OAuth2 login #7690
    • ๐Ÿ”’ Correctly configure authorization requests repository for OAuth2 login #7689
    • ๐Ÿ”’ DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7684
    • โšก๏ธ Update @MessageMapping to match input/output cardinality #7669
    • โž• Add http and https spring.schema mappings #7623
    • ๐Ÿ”’ Avoid toString in favor of getName in order to extract sid #6354

    โฌ†๏ธ ๐Ÿ”จ Dependency Upgrades

    • โšก๏ธ Update to Spring Boot 2.2.4 #7909
    • โšก๏ธ Update to org.slf4j 1.7.30 #7908
    • โšก๏ธ Update to org.powermock 2.0.5 #7907
    • โšก๏ธ Update to hibernate-validator 6.1.2.Final #7906
    • โšก๏ธ Update to hibernate-entitymanager 5.4.10.Final #7905
    • โšก๏ธ Update to org.aspectj 1.9.5 #7904
    • โšก๏ธ Update to httpclient 4.5.11 #7903
    • โšก๏ธ Update to commons-codec 1.14 #7899
    • โšก๏ธ Update to com.squareup.okhttp3 3.14.6 #7898
    • โšก๏ธ Update to Jackson 2.10.2 #7897
    • โšก๏ธ Update to Reactor Dysprosium SR4 #7896
    • โšก๏ธ Update to Spring Data Moore SR3 #7895
    • โšก๏ธ Update to Spring Framework 5.2.3 #7894
    • โšก๏ธ Update nimbus-jose-jwt because of CVE-2019-17195 #7570

    ๐Ÿฑ โค๏ธ Contributors

    ๐Ÿš€ We'd like to thank all the contributors who worked on this release!