ยซ Changelog History


Spring Security v5.4.0-RC1 Release Notes

Release Date: 2020-08-05 // over 3 years ago

  • ๐Ÿฑ โญ New Features

    • ๐Ÿ”’ Deprecate CustomUserTypesOAuth2UserService #8908
    • ๐Ÿ”’ Deprecate ClientRegistration.redirectUriTemplate #8906
    • ๐Ÿ‘ Allow for custom ClientRegistration.clientAuthenticationMethod #8903
    • ๐Ÿ”’ Deprecate ImplicitGrantConfigurer #8902
    • โœ‚ Remove use of Mono.deferWithContext() #8901
    • ๐Ÿ”’ Consider adding RelyingPartyRegistrationResolver #8887
    • โž• Add HttpMessageConverter that constructs a RelyingPartyRegistration #8877
    • ๐Ÿ”’ RelyingPartyRegistration should default the ACS Location #8876
    • โšก๏ธ Update SimpleSaml2AuthenticatedPrincipal class name #8861
    • ๐Ÿ”’ Introduce AuthenticationConverterServerWebExchangeMatcher #8854
    • ๐Ÿ”’ Make class SimpleSaml2AuthenticatedPrincipal public #8852
    • ๐Ÿ‘Œ Support custom filter in Server Kotlin DSL #8850
    • ๐Ÿ”’ Saml2AuthenticationToken should take a RelyingPartyRegistration #8845
    • ๐Ÿ”’ Wording changes #8832
    • ๐Ÿ”’ -gh 8784 Document improvement for WebSecurityConfigure #8825
    • ๐Ÿ”’ Consider making BearerTokenServerWebExchangeMatcher public and more generic #8824
    • โž• Add custom HeaderWriter in Kotlin DSL #8823
    • โž• Add Static Factories to Saml2X509Credential #8822
    • ๐Ÿ‘ Allow disabling headers in Kotlin DSL #8816
    • โœ‚ Remove need for WebSecurityConfigurerAdapter #8805
    • ๐Ÿ”’ Configure HTTP Security without extending WebSecurityConfigurerAdapter #8804
    • ๐Ÿ›  Fix #8693 Support SAML 2.0 SP Metadata Endpoints #8795
    • โž• Add Static Factories to Saml2X509Credential #8789
    • ๐Ÿ”’ RelyingPartyRegistration Credentials Should Be Split by Party #8788
    • ๐Ÿ‘Œ Support custom filter in Server Kotlin DSL #8783
    • ๐Ÿ”’ mongolian translation for messages.properties #8780
    • ๐Ÿ”’ Mongolian translation required for messages.propeperties #8778
    • ๐Ÿ“‡ RelyingPartyRegistration should use metadata spec language #8777
    • ๐Ÿ”’ ACS Binding should be in RelyingPartyRegistration #8776
    • โœ‚ Remove OpenSamlImplementation #8775
    • ๐Ÿ”’ OpenSamlAuthenticationRequestFactory should use OpenSAML directly #8774
    • ๐Ÿ”’ OpenSamlAuthenticationProvider should use OpenSAML directly #8773
    • ๐Ÿ”’ OpenSAML should get initialized as part of container lifecycle #8772
    • ๐Ÿ”’ SAML Assertion validation fails when OneTimeUse condition is sent from the IdP #8769
    • ๐Ÿ‘Œ Improve error message when invalid content-type for UserInfo response #8764
    • ๐Ÿ”’ Simplify retrieving Introspection-specific attributes #8740
    • ๐Ÿ”’ Reactive SwitchUserWebFilter for user impersonation #8687
    • ๐Ÿ”’ Change getMethod() to return configured value in SimpleSavedRequest #8675
    • ๐Ÿ”’ gh-8589 Additional Jwt validation debug messages #8665
    • โž• Adds cookie based RequestCache #8653
    • ๐Ÿ”’ Missing Reactive SwitchUserWebFilter for user impersonation #8599
    • ๐Ÿ”’ Use String to specify custom HTTP method in mock request #8592
    • โž• Add logging #8589
    • ๐Ÿ‘Œ Support for dynamic configuration using IDP metadata URL for SAML SSO integration #8484
    • ๐Ÿ”’ SAML Authentication Provider assertions #8471
    • ๐Ÿ”’ Throw exception when specified ldif file does not exist #8434
    • ๐Ÿ”’ SAML: Add RequestedAuthnContext to AuthnRequest in OpenSamlAuthenticationRequestFactory #8141
    • โž• Add request cache that uses cookie #8034
    • ๐Ÿ”’ No log message or exception if expected ldif file does not exist #7791

    ๐Ÿฑ ๐Ÿž Bug Fixes

    • ๐Ÿ”’ Move RSocket Integration Tests to integration tests #8944
    • ๐Ÿ›  Fix snapshot build failure related to reactor-netty #8909
    • ๐Ÿ”’ Resolve Bearer token after subscribing to publisher #8894
    • ๐Ÿ”’ ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8865
    • โšก๏ธ Update README.adoc #8851
    • ๐Ÿ”’ Saml2Error should be in a core package #8835
    • ๐Ÿ›  Fix #8797: Add OAuth2AuthenticationException to allowlist #8827
    • ๐Ÿ”’ CookieRequestCache "REDIRECT_URI" removed by any request #8820
    • ๐Ÿ”’ use CookieRequestCache something went wrong #8817
    • ๐Ÿ”’ LoginPageGeneratingWebFilter should honor context path #8807
    • ๐Ÿ›  Fix ProviderManager Javadoc typo #8800
    • ๐Ÿ”’ OAuth2AuthenticationException should be in allowlist #8797
    • ๐Ÿ”’ tutorial uses hasRole but should use hasAuthority #8796
    • ๐Ÿ”’ Saml2WebSsoAuthenticationFilter does not follow standard patterns for request matching. #8768
    • ๐Ÿ”’ Bearer Token Padding #8511
    • ๐Ÿ”’ Resolved bearer token has no padding indicators #8502

    ๐Ÿฑ โค๏ธ Contributors

    ๐Ÿš€ We'd like to thank all the contributors who worked on this release!