ยซ Changelog History


Spring Security v5.2.3.RELEASE Release Notes

Release Date: 2020-04-01 // about 4 years ago

  • ๐Ÿฑ โญ๏ธ New Features

    • ๐Ÿ”’ SpringTestContext returns ConfigurableWebApplicationContext #8240
    • ๐Ÿ”’ OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #8235
    • ๐Ÿ”’ SwitchUserFilter vulnerable to CSRF #8223
    • ๐Ÿ“š Update Encryptors documentation for standard and stronger #8212
    • ๐Ÿ”’ Getting OAuth2AuthenticationException when Bearer token is empty #8207
    • ๐Ÿ”’ Document AuthorizedClientServiceOAuth2AuthorizedClientManager #8159
    • ๐Ÿ”’ Basic auth header without user results in exception #8123
    • ๐Ÿ“š Typo 'properites' -> 'properties' in documentation #8099

    ๐Ÿฑ ๐Ÿž Bug Fixes

    • โšก๏ธ Update tests to use absolute paths #8260
    • ๐Ÿ”’ HttpServletRequest.logout() not functioning #8241
    • ๐Ÿ”’ OAuth2 ClientRegistrations NPE when UserInfo endpoint missing #8210
    • ๐Ÿ”’ oauth2Login WebFlux should not auto-redirect for XHR request #8202
    • ๐Ÿ”’ Make OAuth2ErrorHttpMessageConverter more resilient #8180
    • ๐Ÿ”’ RSocket test should throw AccessDeniedException #8155
    • ๐Ÿ›  Fix typo in Javadoc of HttpSecurity#csrf() #8137
    • ๐Ÿ”’ Empty RelayState causes errors with ADFS #8070
    • ๐Ÿ›  Fix typo in AntPathRequestMatcher contructor comment #8045
    • ๐Ÿ”’ An AuthenticationManager is required. Oauth2ResourceServer + anonymous disable #8040
    • ๐Ÿ”’ OAuth2 access token response parsing fails with nested JSON object #8021
    • ๐Ÿ›  Fix typo in snippet code 'jwtAuthenticationConveter' -> 'jwtAuthenticationConverter' #7969
    • ๐Ÿ”’ OAuth2AuthorizationCodeGrantWebFilter should also match on query parameters #7967
    • ๐Ÿ”’ OAuth2AuthorizationCodeGrantFilter should also match on query parameters #7964
    • ๐Ÿ”’ Query parameters in authorization-url are double-encoded #7960
    • ๐Ÿ”’ Don't force downcasting of RequestAttributes to ServletRequestAttributes #7959
    • ๐Ÿ”’ ClassCastException for ServletRequestAttributes #7958

    โฌ†๏ธ ๐Ÿ”จ Dependency Upgrades

    • โšก๏ธ Update RSocket to 1.0.0-RC6 #8280
    • โšก๏ธ Update to reactive-streams 1.0.3 #8279
    • โšก๏ธ Update to OpenSAML 3.4.5 #8278
    • โšก๏ธ Update to hibernate-entitymanager 5.4.13.Final #8277
    • โšก๏ธ Update to hibernate-core 5.2.18.Final #8276
    • ๐Ÿš€ Update blockhound to 1.0.3.RELEASE #8275
    • โšก๏ธ Update to unboundid-ldapsdk 4.0.14 #8274
    • โšก๏ธ Update to okhttp 3.14.7 #8259
    • โšก๏ธ Update to Jackson 2.10.3 #8258
    • โšก๏ธ Update to mockwebserver 3.14.7 #8257
    • โšก๏ธ Update to org.powermock 2.0.6 #8255
    • ๐Ÿ”’ Upgrade to embedded Apache Tomcat 9.0.33 #8254
    • โšก๏ธ Update to httpclient 4.5.12 #8253
    • ๐Ÿš€ Update to Spring Boot 2.2.6.RELEASE #8252
    • โšก๏ธ Update to GAE 1.9.79 #8251
    • โšก๏ธ Update to Reactor Dysprosium-SR6 #8250
    • โšก๏ธ Update to Spring Framework 5.2.5 #8249
    • โšก๏ธ Update to Spring Data Moore-SR6 #8248
    • โšก๏ธ Update to Jetty 9.4.22.v20191022 #7507