Spring Security v5.3.1.RELEASE Release Notes
Release Date: 2020-03-31 // almost 4 years ago-
๐ฑ โญ๏ธ New Features
- ๐ SpringTestContext returns ConfigurableWebApplicationContext #8237
- ๐ OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #8234
- ๐ SwitchUserFilter vulnerable to CSRF #8222
- ๐ Clarify use case for
ServerBearerExchangeFilterFunction
#8221 - ๐ Update Encryptors documentation for standard and stronger #8211
- ๐ Document JwtGrantedAuthoritiesConverter #8183
- ๐ userNameAttribute case style is different others #8179
- ๐ Document AuthNRequest POST binding support #8165
- ๐ Polish SAML 2.0 Login Sample #8164
- ๐ OpenSamlImplementation should not use reflection #8161
- ๐ Document AuthorizedClientServiceOAuth2AuthorizedClientManager #8153
- ๐ Assign sensible default for OAuth2AuthorizedClientProvider #8151
- ๐ Document OAuth2Authorization success and failure handlers #8146
- ๐ Document Jackson serialization support for OAuth 2.0 Client #8145
- ๐ Document OAuth 2.0 Authorization Request improvements #8133
- ๐ Document OAuth 2.0 Login XML Support #8132
- ๐ Document OAuth 2.0 Client XML Support #8131
- ๐ Basic auth header without user results in exception #8122
- ๐ Document AuthenticationEventPublisher improvements #8103
- ๐ Typo 'properites' -> 'properties' in documentation #8098
- ๐ Document OAuth 2.0 Resource Server XML Support #8094
- ๐ Provide spring-security-5*.xsd for https://www.springframework.org/schema/security/ #8091
- ๐ Document OIDC Logout Success Handler Improvements #8088
- โ Add OAuth 2.0 Test Support Docs #8087
- โก๏ธ Update test to have comment about secure salt length #8084
- ๐ Document JwtClaimValidator #8076
๐ฑ ๐ Bug Fixes
- ๐ HttpServletRequest.logout() not functioning #8238
- ๐ OAuth2 ClientRegistrations NPE when UserInfo endpoint missing #8209
- ๐ oauth2Login WebFlux should not auto-redirect for XHR request #8201
- ๐ Fix OAuth2AuthorizationRequest additionalParameters/attributes Consumer #8178
- ๐ RSocket test should throw AccessDeniedException #8160
- ๐ Make OAuth2ErrorHttpMessageConverter more resilient #8158
- ๐ Fix typo in Javadoc of HttpSecurity#csrf() #8134
- ๐ NPE thrown when token response contains a null value #8121
- ๐ Google's top result for "Spring Security Reference" returns a 404 #8086
- ๐ 5.3.0 Documentation What's New has some broken links #8069
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!