Spring Security v5.2.2.RELEASE Release Notes
Release Date: 2020-02-05 // about 4 years ago-
๐ฑ โญ๏ธ New Features
- ๐ Don't cache requests with
Accept: text/event-stream
by default. #7744 - ๐ Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7717
- โ Remove redundant validation for redirect-uri #7707
- ๐ Polish oauth2-client Error-handling Tests #7647
- โ Remove unnecessary code in SecurityExpressionRoot #7635
- ๐ Extract HTTPS Documentation #7626
- โ Remove unnecessary code in SecurityExpressionRoot #7601
- ๐ Make jwks_uri optional for RFC 8414 and required for OpenID Connect #7573
๐ฑ ๐ Bug Fixes
- ๐ Form login requiresAuthenticationMatcher is not used in WebFlux #7867
- ๐ Form Login authenticationFailureHandler is not used in ServerHttpSecurity #7866
- ๐ BasicAuthenticationFilter ignores credentials charset #7859
- ๐ Default LDIF file not picked up in LDAP "unboundid" mode #7852
- ๐ Incorrect LDIF file example in LDAP documentation #7849
- ๐ Use the custom ServerRequestCache that the user configures #7753
- ๐ RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7751
- ๐ Disabling logout in WebFlux does nothing #7742
- ๐ Saml2Authentication isn't serializable #7739
- ๐ Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7738
- ๐ CompositeServerHttpHeadersWriter Should Execute Sequentially #7732
- ๐ DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7729
- ๐ DelegatingServerLogoutHandler Should Execute Sequentially #7725
- ๐ WebFlux oauth2Login returns 500 when bad client credentials #7703
- ๐ Correctly configure authorization requests repository for OAuth2 login #7690
- ๐ Correctly configure authorization requests repository for OAuth2 login #7689
- ๐ DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7684
- โก๏ธ Update @MessageMapping to match input/output cardinality #7669
- โ Add http and https spring.schema mappings #7623
- ๐ Avoid toString in favor of getName in order to extract sid #6354
โฌ๏ธ ๐จ Dependency Upgrades
- โก๏ธ Update to Spring Boot 2.2.4 #7909
- โก๏ธ Update to org.slf4j 1.7.30 #7908
- โก๏ธ Update to org.powermock 2.0.5 #7907
- โก๏ธ Update to hibernate-validator 6.1.2.Final #7906
- โก๏ธ Update to hibernate-entitymanager 5.4.10.Final #7905
- โก๏ธ Update to org.aspectj 1.9.5 #7904
- โก๏ธ Update to httpclient 4.5.11 #7903
- โก๏ธ Update to commons-codec 1.14 #7899
- โก๏ธ Update to com.squareup.okhttp3 3.14.6 #7898
- โก๏ธ Update to Jackson 2.10.2 #7897
- โก๏ธ Update to Reactor Dysprosium SR4 #7896
- โก๏ธ Update to Spring Data Moore SR3 #7895
- โก๏ธ Update to Spring Framework 5.2.3 #7894
- โก๏ธ Update nimbus-jose-jwt because of CVE-2019-17195 #7570
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!
- ๐ Don't cache requests with