Spring Security v5.3.0.M1 Release Notes

Release Date: 2020-01-08 // about 4 years ago
  • ๐Ÿฑ โญ๏ธ New Features

    • ๐Ÿ‘ Allow disabling dependency locking #7799
    • ๐Ÿ”’ Build task "snapshots" should not use locked dependencies #7798
    • โž• Add oauth2Login MockMvc Test Support #7789
    • ๐Ÿ”’ Manage Versions using Version Locking #7788
    • ๐Ÿ”’ Use Gradle Platform / Constraints #7787
    • ๐Ÿ”’ Idiomatic Kotlin DSL for configuring HTTP security in servlet based applications #7785
    • ๐Ÿ›  Fix description of PasswordEncoder #7784
    • ๐Ÿ›  Fix unchecked assignment and possible NPE #7773
    • ๐Ÿ”’ Resolve JavaType only once for whitelisted class #7755
    • ๐Ÿ”’ Set secure when cancelling remember-me cookie #7726
    • โž• Add JwtIssuerAuthenticationManagerResolver #7724
    • โž• Add opaque token test support #7712
    • โœ‚ Remove redundant validation for redirect-uri #7706
    • ๐Ÿ”’ Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7702
    • ๐Ÿ”’ Enable AuthenticationManager configuration in saml2Login #7693
    • ๐Ÿ“š Incomplete Documentation for Setting Up MockMvc and Spring Security #7688
    • โž• Add Oidc Login Reactive Test Support #7680
    • โœ‚ Remove consecutive-word duplications in Javadocs #7673
    • ๐Ÿ›  Fix InitializeAuthenticationProviderBeanManagerConfigurer Javadoc #7666
    • ๐Ÿ›  Fix minor typo in HttpSecurity documentation #7663
    • ๐Ÿ”’ Check BCrypt hashed value of a byte array #7661
    • ๐Ÿ‘ Allow configuring authenticationManagerResolver for SAML2 #7654
    • โž• Add oidcLogin MockMvc Test Support #7618
    • โž• Add OidcUserInfo.Builder #7593
    • โž• Add OidcIdToken.Builder #7592
    • ๐Ÿ”’ Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7569
    • ๐Ÿ”’ Specify return type in InitializeUserDetailsBeanManagerConfigurer method Javadoc #7557
    • ๐Ÿ”’ In Test @AuthenticationPrincipal is null because ServerWebExchange is not wrapped #6598
    • ๐Ÿ”’ Make MethodSecurityEvaluationContext Delegates to MethodBasedEvaluationContext #6249
    • ๐Ÿ”’ Override the key to avoid CookieTheftException #5509
    • โž• Add resource server support for multiple trusted JWT access token issuers #5385
    • ๐Ÿ”’ RememberMeConfigurer does not use the key from RememberMeServices #4140
    • ๐Ÿ”’ Option in BasicAuthenticationFilter to log more exception info #3308

    ๐Ÿฑ ๐Ÿž Bug Fixes

    • ๐Ÿ”’ OidcLoginRequestPostProcessor should respect configuration order #7794
    • ๐Ÿ›  Fix var typo and code readability in resource server documentation #7772
    • ๐Ÿ“„ Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7737
    • ๐Ÿ”’ Use the custom ServerRequestCache for Oauth2LoginSpec #7734
    • ๐Ÿ”’ CompositeServerHttpHeadersWriter Should Execute Sequentially #7731
    • ๐Ÿ”’ DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7728
    • ๐Ÿ”’ DelegatingServerLogoutHandler Should Execute Sequentially #7723
    • ๐Ÿ”’ RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7721
    • ๐Ÿ”’ Disabling logout in WebFlux does nothing #7682
    • ๐Ÿ”’ Saml2Authentication isn't serializable #7681
    • ๐Ÿ”’ Correctly configure authorization requests repository for OAuth2 login #7675
    • ๐Ÿ”’ Error in javadoc for oauth2ResourceServer #7670
    • ๐Ÿ”’ DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7544
    • ๐Ÿ”’ WebFlux oauth2Login returns 500 when bad client credentials #5562

    โฌ†๏ธ ๐Ÿ”จ Dependency Upgrades

    • ๐Ÿš€ Update to Spring Boot 2.2.2.RELEASE #7797
    • ๐Ÿ”’ Upgrade com.nimbusds:nimbus-jose-jwt dependency #7720

    ๐Ÿฑ โช Non-passive

    • ๐Ÿ”’ UsernamePasswordAuthenticationTokenDeserializer doesn't deserialize details to correct type #7482

    ๐Ÿฑ โค๏ธ Contributors

    ๐Ÿš€ We'd like to thank all the contributors who worked on this release!