Spring Security v5.3.1.RELEASE Release Notes

Release Date: 2020-03-31 // almost 4 years ago
  • ๐Ÿฑ โญ๏ธ New Features

    • ๐Ÿ”’ SpringTestContext returns ConfigurableWebApplicationContext #8237
    • ๐Ÿ”’ OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #8234
    • ๐Ÿ”’ SwitchUserFilter vulnerable to CSRF #8222
    • ๐Ÿ”’ Clarify use case for ServerBearerExchangeFilterFunction #8221
    • ๐Ÿ“š Update Encryptors documentation for standard and stronger #8211
    • ๐Ÿ”’ Document JwtGrantedAuthoritiesConverter #8183
    • ๐Ÿ’… userNameAttribute case style is different others #8179
    • ๐Ÿ”’ Document AuthNRequest POST binding support #8165
    • ๐Ÿ’… Polish SAML 2.0 Login Sample #8164
    • ๐Ÿ”’ OpenSamlImplementation should not use reflection #8161
    • ๐Ÿ”’ Document AuthorizedClientServiceOAuth2AuthorizedClientManager #8153
    • ๐Ÿ”’ Assign sensible default for OAuth2AuthorizedClientProvider #8151
    • ๐Ÿ”’ Document OAuth2Authorization success and failure handlers #8146
    • ๐Ÿ”’ Document Jackson serialization support for OAuth 2.0 Client #8145
    • ๐Ÿ”’ Document OAuth 2.0 Authorization Request improvements #8133
    • ๐Ÿ”’ Document OAuth 2.0 Login XML Support #8132
    • ๐Ÿ”’ Document OAuth 2.0 Client XML Support #8131
    • ๐Ÿ”’ Basic auth header without user results in exception #8122
    • ๐Ÿ”’ Document AuthenticationEventPublisher improvements #8103
    • ๐Ÿ“š Typo 'properites' -> 'properties' in documentation #8098
    • ๐Ÿ”’ Document OAuth 2.0 Resource Server XML Support #8094
    • ๐Ÿ”’ Provide spring-security-5*.xsd for https://www.springframework.org/schema/security/ #8091
    • ๐Ÿ”’ Document OIDC Logout Success Handler Improvements #8088
    • โž• Add OAuth 2.0 Test Support Docs #8087
    • โšก๏ธ Update test to have comment about secure salt length #8084
    • ๐Ÿ”’ Document JwtClaimValidator #8076

    ๐Ÿฑ ๐Ÿž Bug Fixes

    • ๐Ÿ”’ HttpServletRequest.logout() not functioning #8238
    • ๐Ÿ”’ OAuth2 ClientRegistrations NPE when UserInfo endpoint missing #8209
    • ๐Ÿ”’ oauth2Login WebFlux should not auto-redirect for XHR request #8201
    • ๐Ÿ›  Fix OAuth2AuthorizationRequest additionalParameters/attributes Consumer #8178
    • ๐Ÿ”’ RSocket test should throw AccessDeniedException #8160
    • ๐Ÿ”’ Make OAuth2ErrorHttpMessageConverter more resilient #8158
    • ๐Ÿ›  Fix typo in Javadoc of HttpSecurity#csrf() #8134
    • ๐Ÿ”’ NPE thrown when token response contains a null value #8121
    • ๐Ÿ”’ Google's top result for "Spring Security Reference" returns a 404 #8086
    • ๐Ÿ“š 5.3.0 Documentation What's New has some broken links #8069

    ๐Ÿฑ โค๏ธ Contributors

    ๐Ÿš€ We'd like to thank all the contributors who worked on this release!