Spring Security v5.3.0.RELEASE Release Notes
Release Date: 2020-03-04 // about 4 years ago-
๐ฑ โญ๏ธ New Features
- โก๏ธ Update What's New Section #8062
- ๐ Document JdbcOAuth2AuthorizedClientService #8061
- โ Add oauth2login xml sample #8060
- โก๏ธ Update doc diagram palette to use sans-serif font #8057
- โ Add SecurityFilterChain Figure #8055
- ๐ oauth2Client Test Support should allow configuration of principal name #8054
- โ Add Kotlin Configuration section to docs #8051
- โ Add anchors to SAML 2.0 documentation #8049
- โก๏ธ Update UserDetailsService Docs #8048
- โ Add Figures to Basic Authentication Docs #8039
- โ Add Link to DispatcherServlet in Filter Review Doc #8036
- โ Add Figures to Form Log In Docs #8035
- โ Add Figure for AuthenticationEntryPoint Docs #8030
- โ Add ProviderManager to Docs #8029
- ๐ Custom ServerHttpHeadersWriter to HeaderSpec #8028
- โ Add hasRole(String) to authorizeRequests in Kotlin DSL #8023
- โ Add missing @FunctionalInterface in oauth2 modules #8020
- ๐ Provide configurable Clock in OidcIdTokenValidator #8019
- โ Add OAuth2AuthorizeRequest.Builder.principal(String) #8018
- ๐ Extract AuthenticationManager Docs #8006
- ๐ Extract SecurityContextHolder, SecurityContext, Authentication, and GrantedAuthority Docs #8005
- โ Add AbstractAuthenticationProcessingFilter Docs #8004
- ๐ Extract AuthenticationEntryPoint Docs #8003
- ๐ Extract ExceptionTranslationFilter Docs #8002
- ๐ Extract FilterSecurityInterceptor Docs #8001
- ๐ Use Color Palette that is Accessible for Color Blind #8000
- ๐ Create a palette.odg #7999
- โ Add Numbers Icons #7998
- ๐ Instantiate exceptions lazily #7996
- ๐ JwtIssuerReactiveAuthenticationManagerResolver eagerly creates Exceptions #7995
- ๐ OAuth2AuthorizationRequest.Builder should configure additional parameters with a consumer #7993
- โ Add OAuth2Authorization success/failure handlers #7986
- ๐จ Refactor Duplicate Security Filter Chain Doc #7979
- ๐ Fix Asciidoctor Warnings #7973
- ๐ Use Kotlin DSL Marker Annotations to prevent scope leaking #7971
- โ Add JwtClaimValidator #7962
- ๐ Support custom filter in Kotlin DSL #7951
- ๐ Option for default event in DefaultAuthenticationEventPublisher #7937
- ๐ DefaultAuthenticationEventPublisher is now configurable via a Map #7925
- โ Add oauth2Client WebTestClient Test Support #7910
- ๐ Nimbus OpaqueTokenIntrospectors should differentiate token and service errors #7902
- ๐ OAuth 2.0 Client supports application clustering #7889
- โ Add JwtIssuerReactiveAuthenticationManagerResolver #7887
- ๐ Consider adding JwtClaimValidator #7860
- โ Add ReactiveJwtIssuerAuthenticationManagerResolver and Reactive Multi Tentant Examples #7857
- โ Add JDBC implementation of OAuth2AuthorizedClientService #7855
- ๐ Set default redirect in OidcClientInitiatedServerLogoutSuccessHandler #7842
- ๐ Introduce OAuth2Authorization success/failure handlers #7840
- โ Add Opaque Token Reactive Test Support #7827
- ๐ DefaultAuthenticationEventPublisher should allow configuring a default event #7825
- ๐ DefaultAuthenticationEventPublisher should be configurable via Map #7824
- ๐ Oauth2login xmlconfig implementation #7821
- ๐ OAuth 2.0 Resource Server XML Support #7775
- ๐ SAML AuthNRequest Signatures - Step 2 #7759
- ๐ SAML AuthNRequest Signatures - Step 1 #7758
- ๐ Simplify customizing OAuth2AuthorizationRequest #7748
- ๐ SAML2 HTTP-Redirect: Missing Signature and SigAlg parameters in SAMLRequest Url (AuthNRequest) #7711
- ๐ Consider adding switch to enable or disable OIDC nonce #7696
- ๐ Getting OAuth2AuthenticationException when Bearer token is empty #7668
- ๐ Provide JDBC implementation of OAuth2AuthorizedClientService #7655
- โ Add custom ServerHttpHeadersWriter to HeadersSpec #7636
- ๐ RefreshTokenOAuth2AuthorizedClientProvider does not handle expired refresh token #7583
- ๐ Fix typo 'is' -> 'if' in javadoc #7559
- ๐ Saml2LoginConfigurer should expose AuthenticationManager setter #7374
- ๐ Provide XML namespace support for OAuth 2.0 Resource Server #5185
- ๐ Provide XML namespace support for OAuth 2.0 Client #5184
- ๐ Migrate Groovy to Java #4939
- ๐ Provide XML namespace support for OAuth2Login #4557
๐ฑ ๐ Bug Fixes
- ๐ Typo fix #8059
- ๐ Fix typo in AntPathRequestMatcher contructor comment #8042
- ๐ Docs Should Style Links that are Code as Link #8038
- ๐ An AuthenticationManager is required. Oauth2ResourceServer + anonymous disable #8031
- ๐ Tab switching does not work in documentation code samples #8025
- ๐ Build failure with NoClassDefFoundError on javax/mail/internet #7994
- โ Remove Duplicate Runtime Environment From Docs #7980
- ๐ OAuth2AuthorizationCodeGrantWebFilter should also match on query parameters #7966
- ๐ OAuth2AuthorizationCodeGrantFilter should also match on query parameters #7963
- ๐ fix #7952 Don't force downcasting of RequestAttributes to ServletRequestAttributes #7953
- ๐ ClassCastException for ServletRequestAttributes #7952
- ๐ Prevent double-escaping of authorize URL parameters #7881
- ๐ Resource Server clientCredentials take precedence over introspector in Kotlin DSL #7878
- ๐ Resource Server jwkSetUri takes precedence over jwtDecoder in Kotlin DSL #7877
- ๐ Error in WebSecurityConfigurer Javadoc #7876
- ๐ Query parameters in authorization-url are double-encoded #7871
- ๐ OAuth2 access token response parsing fails with nested JSON object #6463
โฌ๏ธ ๐จ Dependency Upgrades
- โก๏ธ Update to Gradle 6.2.2 #8065
- โก๏ธ Update Kotlin to 1.3.70 #8064
- โก๏ธ Update Spring Boot to 2.2.5 #8063
- ๐ Update to spring-build-conventions:0.0.31.RELEASE #8058
- โก๏ธ Update dependencies #8056
- ๐ Update to spring-build-conventions:0.0.29.RELEASE #7974
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!