Spring Security v5.3.0.RELEASE Release Notes

Release Date: 2020-03-04 // about 4 years ago
  • ๐Ÿฑ โญ๏ธ New Features

    • โšก๏ธ Update What's New Section #8062
    • ๐Ÿ”’ Document JdbcOAuth2AuthorizedClientService #8061
    • โž• Add oauth2login xml sample #8060
    • โšก๏ธ Update doc diagram palette to use sans-serif font #8057
    • โž• Add SecurityFilterChain Figure #8055
    • ๐Ÿ”’ oauth2Client Test Support should allow configuration of principal name #8054
    • โž• Add Kotlin Configuration section to docs #8051
    • โž• Add anchors to SAML 2.0 documentation #8049
    • โšก๏ธ Update UserDetailsService Docs #8048
    • โž• Add Figures to Basic Authentication Docs #8039
    • โž• Add Link to DispatcherServlet in Filter Review Doc #8036
    • โž• Add Figures to Form Log In Docs #8035
    • โž• Add Figure for AuthenticationEntryPoint Docs #8030
    • โž• Add ProviderManager to Docs #8029
    • ๐Ÿ”’ Custom ServerHttpHeadersWriter to HeaderSpec #8028
    • โž• Add hasRole(String) to authorizeRequests in Kotlin DSL #8023
    • โž• Add missing @FunctionalInterface in oauth2 modules #8020
    • ๐Ÿ”’ Provide configurable Clock in OidcIdTokenValidator #8019
    • โž• Add OAuth2AuthorizeRequest.Builder.principal(String) #8018
    • ๐Ÿ”’ Extract AuthenticationManager Docs #8006
    • ๐Ÿ”’ Extract SecurityContextHolder, SecurityContext, Authentication, and GrantedAuthority Docs #8005
    • โž• Add AbstractAuthenticationProcessingFilter Docs #8004
    • ๐Ÿ”’ Extract AuthenticationEntryPoint Docs #8003
    • ๐Ÿ”’ Extract ExceptionTranslationFilter Docs #8002
    • ๐Ÿ”’ Extract FilterSecurityInterceptor Docs #8001
    • ๐Ÿ”’ Use Color Palette that is Accessible for Color Blind #8000
    • ๐Ÿ”’ Create a palette.odg #7999
    • โž• Add Numbers Icons #7998
    • ๐Ÿ”’ Instantiate exceptions lazily #7996
    • ๐Ÿ”’ JwtIssuerReactiveAuthenticationManagerResolver eagerly creates Exceptions #7995
    • ๐Ÿ”’ OAuth2AuthorizationRequest.Builder should configure additional parameters with a consumer #7993
    • โž• Add OAuth2Authorization success/failure handlers #7986
    • ๐Ÿ”จ Refactor Duplicate Security Filter Chain Doc #7979
    • ๐Ÿ›  Fix Asciidoctor Warnings #7973
    • ๐Ÿ”’ Use Kotlin DSL Marker Annotations to prevent scope leaking #7971
    • โž• Add JwtClaimValidator #7962
    • ๐Ÿ‘Œ Support custom filter in Kotlin DSL #7951
    • ๐Ÿ”’ Option for default event in DefaultAuthenticationEventPublisher #7937
    • ๐Ÿ”’ DefaultAuthenticationEventPublisher is now configurable via a Map #7925
    • โž• Add oauth2Client WebTestClient Test Support #7910
    • ๐Ÿ”’ Nimbus OpaqueTokenIntrospectors should differentiate token and service errors #7902
    • ๐Ÿ”’ OAuth 2.0 Client supports application clustering #7889
    • โž• Add JwtIssuerReactiveAuthenticationManagerResolver #7887
    • ๐Ÿ”’ Consider adding JwtClaimValidator #7860
    • โž• Add ReactiveJwtIssuerAuthenticationManagerResolver and Reactive Multi Tentant Examples #7857
    • โž• Add JDBC implementation of OAuth2AuthorizedClientService #7855
    • ๐Ÿ”’ Set default redirect in OidcClientInitiatedServerLogoutSuccessHandler #7842
    • ๐Ÿ”’ Introduce OAuth2Authorization success/failure handlers #7840
    • โž• Add Opaque Token Reactive Test Support #7827
    • ๐Ÿ”’ DefaultAuthenticationEventPublisher should allow configuring a default event #7825
    • ๐Ÿ”’ DefaultAuthenticationEventPublisher should be configurable via Map #7824
    • ๐Ÿ”’ Oauth2login xmlconfig implementation #7821
    • ๐Ÿ”’ OAuth 2.0 Resource Server XML Support #7775
    • ๐Ÿ”’ SAML AuthNRequest Signatures - Step 2 #7759
    • ๐Ÿ”’ SAML AuthNRequest Signatures - Step 1 #7758
    • ๐Ÿ”’ Simplify customizing OAuth2AuthorizationRequest #7748
    • ๐Ÿ”’ SAML2 HTTP-Redirect: Missing Signature and SigAlg parameters in SAMLRequest Url (AuthNRequest) #7711
    • ๐Ÿ”’ Consider adding switch to enable or disable OIDC nonce #7696
    • ๐Ÿ”’ Getting OAuth2AuthenticationException when Bearer token is empty #7668
    • ๐Ÿ”’ Provide JDBC implementation of OAuth2AuthorizedClientService #7655
    • โž• Add custom ServerHttpHeadersWriter to HeadersSpec #7636
    • ๐Ÿ”’ RefreshTokenOAuth2AuthorizedClientProvider does not handle expired refresh token #7583
    • ๐Ÿ›  Fix typo 'is' -> 'if' in javadoc #7559
    • ๐Ÿ”’ Saml2LoginConfigurer should expose AuthenticationManager setter #7374
    • ๐Ÿ”’ Provide XML namespace support for OAuth 2.0 Resource Server #5185
    • ๐Ÿ”’ Provide XML namespace support for OAuth 2.0 Client #5184
    • ๐Ÿ”’ Migrate Groovy to Java #4939
    • ๐Ÿ”’ Provide XML namespace support for OAuth2Login #4557

    ๐Ÿฑ ๐Ÿž Bug Fixes

    • ๐Ÿ”’ Typo fix #8059
    • ๐Ÿ›  Fix typo in AntPathRequestMatcher contructor comment #8042
    • ๐Ÿ“„ Docs Should Style Links that are Code as Link #8038
    • ๐Ÿ”’ An AuthenticationManager is required. Oauth2ResourceServer + anonymous disable #8031
    • ๐Ÿ“š Tab switching does not work in documentation code samples #8025
    • ๐Ÿ”’ Build failure with NoClassDefFoundError on javax/mail/internet #7994
    • โœ‚ Remove Duplicate Runtime Environment From Docs #7980
    • ๐Ÿ”’ OAuth2AuthorizationCodeGrantWebFilter should also match on query parameters #7966
    • ๐Ÿ”’ OAuth2AuthorizationCodeGrantFilter should also match on query parameters #7963
    • ๐Ÿ›  fix #7952 Don't force downcasting of RequestAttributes to ServletRequestAttributes #7953
    • ๐Ÿ”’ ClassCastException for ServletRequestAttributes #7952
    • ๐Ÿ”’ Prevent double-escaping of authorize URL parameters #7881
    • ๐Ÿ”’ Resource Server clientCredentials take precedence over introspector in Kotlin DSL #7878
    • ๐Ÿ”’ Resource Server jwkSetUri takes precedence over jwtDecoder in Kotlin DSL #7877
    • ๐Ÿ”’ Error in WebSecurityConfigurer Javadoc #7876
    • ๐Ÿ”’ Query parameters in authorization-url are double-encoded #7871
    • ๐Ÿ”’ OAuth2 access token response parsing fails with nested JSON object #6463

    โฌ†๏ธ ๐Ÿ”จ Dependency Upgrades

    • โšก๏ธ Update to Gradle 6.2.2 #8065
    • โšก๏ธ Update Kotlin to 1.3.70 #8064
    • โšก๏ธ Update Spring Boot to 2.2.5 #8063
    • ๐Ÿš€ Update to spring-build-conventions:0.0.31.RELEASE #8058
    • โšก๏ธ Update dependencies #8056
    • ๐Ÿš€ Update to spring-build-conventions:0.0.29.RELEASE #7974

    ๐Ÿฑ โค๏ธ Contributors

    ๐Ÿš€ We'd like to thank all the contributors who worked on this release!