Spring Security v5.3.0.M1 Release Notes
Release Date: 2020-01-08 // about 4 years ago-
๐ฑ โญ๏ธ New Features
- ๐ Allow disabling dependency locking #7799
- ๐ Build task "snapshots" should not use locked dependencies #7798
- โ Add oauth2Login MockMvc Test Support #7789
- ๐ Manage Versions using Version Locking #7788
- ๐ Use Gradle Platform / Constraints #7787
- ๐ Idiomatic Kotlin DSL for configuring HTTP security in servlet based applications #7785
- ๐ Fix description of PasswordEncoder #7784
- ๐ Fix unchecked assignment and possible NPE #7773
- ๐ Resolve JavaType only once for whitelisted class #7755
- ๐ Set secure when cancelling remember-me cookie #7726
- โ Add JwtIssuerAuthenticationManagerResolver #7724
- โ Add opaque token test support #7712
- โ Remove redundant validation for redirect-uri #7706
- ๐ Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7702
- ๐ Enable AuthenticationManager configuration in saml2Login #7693
- ๐ Incomplete Documentation for Setting Up MockMvc and Spring Security #7688
- โ Add Oidc Login Reactive Test Support #7680
- โ Remove consecutive-word duplications in Javadocs #7673
- ๐ Fix InitializeAuthenticationProviderBeanManagerConfigurer Javadoc #7666
- ๐ Fix minor typo in HttpSecurity documentation #7663
- ๐ Check BCrypt hashed value of a byte array #7661
- ๐ Allow configuring authenticationManagerResolver for SAML2 #7654
- โ Add oidcLogin MockMvc Test Support #7618
- โ Add OidcUserInfo.Builder #7593
- โ Add OidcIdToken.Builder #7592
- ๐ Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7569
- ๐ Specify return type in InitializeUserDetailsBeanManagerConfigurer method Javadoc #7557
- ๐ In Test @AuthenticationPrincipal is null because ServerWebExchange is not wrapped #6598
- ๐ Make MethodSecurityEvaluationContext Delegates to MethodBasedEvaluationContext #6249
- ๐ Override the key to avoid CookieTheftException #5509
- โ Add resource server support for multiple trusted JWT access token issuers #5385
- ๐ RememberMeConfigurer does not use the key from RememberMeServices #4140
- ๐ Option in BasicAuthenticationFilter to log more exception info #3308
๐ฑ ๐ Bug Fixes
- ๐ OidcLoginRequestPostProcessor should respect configuration order #7794
- ๐ Fix var typo and code readability in resource server documentation #7772
- ๐ Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7737
- ๐ Use the custom ServerRequestCache for Oauth2LoginSpec #7734
- ๐ CompositeServerHttpHeadersWriter Should Execute Sequentially #7731
- ๐ DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7728
- ๐ DelegatingServerLogoutHandler Should Execute Sequentially #7723
- ๐ RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7721
- ๐ Disabling logout in WebFlux does nothing #7682
- ๐ Saml2Authentication isn't serializable #7681
- ๐ Correctly configure authorization requests repository for OAuth2 login #7675
- ๐ Error in javadoc for oauth2ResourceServer #7670
- ๐ DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7544
- ๐ WebFlux oauth2Login returns 500 when bad client credentials #5562
โฌ๏ธ ๐จ Dependency Upgrades
- ๐ Update to Spring Boot 2.2.2.RELEASE #7797
- ๐ Upgrade com.nimbusds:nimbus-jose-jwt dependency #7720
๐ฑ โช Non-passive
- ๐ UsernamePasswordAuthenticationTokenDeserializer doesn't deserialize details to correct type #7482
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!