All Versions
57
Latest Version
Avg Release Cycle
47 days
Latest Release
1269 days ago
Changelog History
Page 2
Changelog History
Page 2
-
v5.3.3.RELEASE Changes
June 03, 2020๐ฑ โญ New Features
- ๐ Update BCryptPasswordEncoder documentation with default strength #8574
๐ฑ ๐ Bug Fixes
- ๐ Delay AuthenticationPrincipalArgumentResolver Lookup #8614
- ๐ Fix typos in BCryptPasswordEncoder documentation #8601
- ๐ Fixing typo in SAML 2.0 Sample README #8600
- ๐ Mock request with non-standard HTTP method in test #8597
- โ Remove unused field 'digester' in Md4PasswordEncoder #8575
- ๐ Polish JDBC Authentication documentation #8573
- ๐ ACL : AclImpl.hashCode leads to StackOverflowError #8569
- ๐ Fix Kotlin Sample Documentation #8565
- ๐ Object ID Identity conversion to long fails on old schema #8558
- ๐ Blocking in WebSessionServerCsrfTokenRepository #8544
- ๐ Fix AntPathRequestMatcher Javadoc #8526
- ๐ Document NoOpPasswordEncoder will not be removed #8521
- ๐ Fix non-standard HTTP method for CsrfWebFilter #8515
โฌ๏ธ ๐จ Dependency Upgrades
-
v5.3.2.RELEASE Changes
May 06, 2020๐ฑ โญ New Features
- ๐ SAML Authentication Provider assertions #8491
- ๐ BCryptPasswordEncoder.encode() throws NPE #8345
๐ฑ ๐ Bug Fixes
- ๐ Fix Javadoc punctuation #8490
- ๐ Fixed typos in documentation #8460
- โก๏ธ JdbcOAuth2AuthorizedClientService should support update when saving #8448
- โ Add ROLE_INFRASTRUCTURE to infrastructure beans #8437
- ๐ Fix Documentation to Refer to BasicAuthenticationFilter #8423
- ๐ Fix typo with correct capitalization #8408
- ๐ Global ServerSecurityContextRepository ignored by logout #8385
- ๐ Fix example in javadoc of FilterChainProxy #8351
- ๐ Java Doc of org.springframework.security.config.annotation.web.builders.HttpSecurity contains grammatical errors #8311
โฌ๏ธ ๐จ Dependency Upgrades
- โก๏ธ Update to aspectj-plugin:4.1.6 #8306
-
v5.3.1.RELEASE Changes
March 31, 2020๐ฑ โญ๏ธ New Features
- ๐ SpringTestContext returns ConfigurableWebApplicationContext #8237
- ๐ OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #8234
- ๐ SwitchUserFilter vulnerable to CSRF #8222
- ๐ Clarify use case for
ServerBearerExchangeFilterFunction#8221 - ๐ Update Encryptors documentation for standard and stronger #8211
- ๐ Document JwtGrantedAuthoritiesConverter #8183
- ๐ userNameAttribute case style is different others #8179
- ๐ Document AuthNRequest POST binding support #8165
- ๐ Polish SAML 2.0 Login Sample #8164
- ๐ OpenSamlImplementation should not use reflection #8161
- ๐ Document AuthorizedClientServiceOAuth2AuthorizedClientManager #8153
- ๐ Assign sensible default for OAuth2AuthorizedClientProvider #8151
- ๐ Document OAuth2Authorization success and failure handlers #8146
- ๐ Document Jackson serialization support for OAuth 2.0 Client #8145
- ๐ Document OAuth 2.0 Authorization Request improvements #8133
- ๐ Document OAuth 2.0 Login XML Support #8132
- ๐ Document OAuth 2.0 Client XML Support #8131
- ๐ Basic auth header without user results in exception #8122
- ๐ Document AuthenticationEventPublisher improvements #8103
- ๐ Typo 'properites' -> 'properties' in documentation #8098
- ๐ Document OAuth 2.0 Resource Server XML Support #8094
- ๐ Provide spring-security-5*.xsd for https://www.springframework.org/schema/security/ #8091
- ๐ Document OIDC Logout Success Handler Improvements #8088
- โ Add OAuth 2.0 Test Support Docs #8087
- โก๏ธ Update test to have comment about secure salt length #8084
- ๐ Document JwtClaimValidator #8076
๐ฑ ๐ Bug Fixes
- ๐ HttpServletRequest.logout() not functioning #8238
- ๐ OAuth2 ClientRegistrations NPE when UserInfo endpoint missing #8209
- ๐ oauth2Login WebFlux should not auto-redirect for XHR request #8201
- ๐ Fix OAuth2AuthorizationRequest additionalParameters/attributes Consumer #8178
- ๐ RSocket test should throw AccessDeniedException #8160
- ๐ Make OAuth2ErrorHttpMessageConverter more resilient #8158
- ๐ Fix typo in Javadoc of HttpSecurity#csrf() #8134
- ๐ NPE thrown when token response contains a null value #8121
- ๐ Google's top result for "Spring Security Reference" returns a 404 #8086
- ๐ 5.3.0 Documentation What's New has some broken links #8069
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!
-
v5.3.0.RELEASE Changes
March 04, 2020๐ฑ โญ๏ธ New Features
- โก๏ธ Update What's New Section #8062
- ๐ Document JdbcOAuth2AuthorizedClientService #8061
- โ Add oauth2login xml sample #8060
- โก๏ธ Update doc diagram palette to use sans-serif font #8057
- โ Add SecurityFilterChain Figure #8055
- ๐ oauth2Client Test Support should allow configuration of principal name #8054
- โ Add Kotlin Configuration section to docs #8051
- โ Add anchors to SAML 2.0 documentation #8049
- โก๏ธ Update UserDetailsService Docs #8048
- โ Add Figures to Basic Authentication Docs #8039
- โ Add Link to DispatcherServlet in Filter Review Doc #8036
- โ Add Figures to Form Log In Docs #8035
- โ Add Figure for AuthenticationEntryPoint Docs #8030
- โ Add ProviderManager to Docs #8029
- ๐ Custom ServerHttpHeadersWriter to HeaderSpec #8028
- โ Add hasRole(String) to authorizeRequests in Kotlin DSL #8023
- โ Add missing @FunctionalInterface in oauth2 modules #8020
- ๐ Provide configurable Clock in OidcIdTokenValidator #8019
- โ Add OAuth2AuthorizeRequest.Builder.principal(String) #8018
- ๐ Extract AuthenticationManager Docs #8006
- ๐ Extract SecurityContextHolder, SecurityContext, Authentication, and GrantedAuthority Docs #8005
- โ Add AbstractAuthenticationProcessingFilter Docs #8004
- ๐ Extract AuthenticationEntryPoint Docs #8003
- ๐ Extract ExceptionTranslationFilter Docs #8002
- ๐ Extract FilterSecurityInterceptor Docs #8001
- ๐ Use Color Palette that is Accessible for Color Blind #8000
- ๐ Create a palette.odg #7999
- โ Add Numbers Icons #7998
- ๐ Instantiate exceptions lazily #7996
- ๐ JwtIssuerReactiveAuthenticationManagerResolver eagerly creates Exceptions #7995
- ๐ OAuth2AuthorizationRequest.Builder should configure additional parameters with a consumer #7993
- โ Add OAuth2Authorization success/failure handlers #7986
- ๐จ Refactor Duplicate Security Filter Chain Doc #7979
- ๐ Fix Asciidoctor Warnings #7973
- ๐ Use Kotlin DSL Marker Annotations to prevent scope leaking #7971
- โ Add JwtClaimValidator #7962
- ๐ Support custom filter in Kotlin DSL #7951
- ๐ Option for default event in DefaultAuthenticationEventPublisher #7937
- ๐ DefaultAuthenticationEventPublisher is now configurable via a Map #7925
- โ Add oauth2Client WebTestClient Test Support #7910
- ๐ Nimbus OpaqueTokenIntrospectors should differentiate token and service errors #7902
- ๐ OAuth 2.0 Client supports application clustering #7889
- โ Add JwtIssuerReactiveAuthenticationManagerResolver #7887
- ๐ Consider adding JwtClaimValidator #7860
- โ Add ReactiveJwtIssuerAuthenticationManagerResolver and Reactive Multi Tentant Examples #7857
- โ Add JDBC implementation of OAuth2AuthorizedClientService #7855
- ๐ Set default redirect in OidcClientInitiatedServerLogoutSuccessHandler #7842
- ๐ Introduce OAuth2Authorization success/failure handlers #7840
- โ Add Opaque Token Reactive Test Support #7827
- ๐ DefaultAuthenticationEventPublisher should allow configuring a default event #7825
- ๐ DefaultAuthenticationEventPublisher should be configurable via Map #7824
- ๐ Oauth2login xmlconfig implementation #7821
- ๐ OAuth 2.0 Resource Server XML Support #7775
- ๐ SAML AuthNRequest Signatures - Step 2 #7759
- ๐ SAML AuthNRequest Signatures - Step 1 #7758
- ๐ Simplify customizing OAuth2AuthorizationRequest #7748
- ๐ SAML2 HTTP-Redirect: Missing Signature and SigAlg parameters in SAMLRequest Url (AuthNRequest) #7711
- ๐ Consider adding switch to enable or disable OIDC nonce #7696
- ๐ Getting OAuth2AuthenticationException when Bearer token is empty #7668
- ๐ Provide JDBC implementation of OAuth2AuthorizedClientService #7655
- โ Add custom ServerHttpHeadersWriter to HeadersSpec #7636
- ๐ RefreshTokenOAuth2AuthorizedClientProvider does not handle expired refresh token #7583
- ๐ Fix typo 'is' -> 'if' in javadoc #7559
- ๐ Saml2LoginConfigurer should expose AuthenticationManager setter #7374
- ๐ Provide XML namespace support for OAuth 2.0 Resource Server #5185
- ๐ Provide XML namespace support for OAuth 2.0 Client #5184
- ๐ Migrate Groovy to Java #4939
- ๐ Provide XML namespace support for OAuth2Login #4557
๐ฑ ๐ Bug Fixes
- ๐ Typo fix #8059
- ๐ Fix typo in AntPathRequestMatcher contructor comment #8042
- ๐ Docs Should Style Links that are Code as Link #8038
- ๐ An AuthenticationManager is required. Oauth2ResourceServer + anonymous disable #8031
- ๐ Tab switching does not work in documentation code samples #8025
- ๐ Build failure with NoClassDefFoundError on javax/mail/internet #7994
- โ Remove Duplicate Runtime Environment From Docs #7980
- ๐ OAuth2AuthorizationCodeGrantWebFilter should also match on query parameters #7966
- ๐ OAuth2AuthorizationCodeGrantFilter should also match on query parameters #7963
- ๐ fix #7952 Don't force downcasting of RequestAttributes to ServletRequestAttributes #7953
- ๐ ClassCastException for ServletRequestAttributes #7952
- ๐ Prevent double-escaping of authorize URL parameters #7881
- ๐ Resource Server clientCredentials take precedence over introspector in Kotlin DSL #7878
- ๐ Resource Server jwkSetUri takes precedence over jwtDecoder in Kotlin DSL #7877
- ๐ Error in WebSecurityConfigurer Javadoc #7876
- ๐ Query parameters in authorization-url are double-encoded #7871
- ๐ OAuth2 access token response parsing fails with nested JSON object #6463
โฌ๏ธ ๐จ Dependency Upgrades
- โก๏ธ Update to Gradle 6.2.2 #8065
- โก๏ธ Update Kotlin to 1.3.70 #8064
- โก๏ธ Update Spring Boot to 2.2.5 #8063
- ๐ Update to spring-build-conventions:0.0.31.RELEASE #8058
- โก๏ธ Update dependencies #8056
- ๐ Update to spring-build-conventions:0.0.29.RELEASE #7974
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!
-
v5.3.0.RC1 Changes
February 05, 2020๐ฑ โญ๏ธ New Features
- โ Add RSocket Authentication Extension Support #7935
- ๐ SecurityEvaluationContextExtension.getRootObject() Specific Type #7891
- โ Add oauth2Client MockMvc Test Support #7886
- ๐ Nimbus JwtDecoders should differentiate token and service errors #7885
- โ Remove redundant branches from SessionManagementConfigurer #7879
- ๐ AuthenticationWebFilter's ReactiveAuthenticationManagerResolver should take a ServerWebExchange #7872
- ๐ SAML2: Wrong IdP response URL throws NPE (for non-existing "RelyingParty") #7865
- ๐ Typo in doc #7830
- โ Add oauth2Login Reactive Test support #7828
- ๐ Improve Bearer Token Error Handling #7826
- โ Add BearerTokenErrors #7823
- โ Add InvalidBearerTokenException #7822
- ๐ Make OAuth2AccessToken converters public #7815
- ๐ AuthenticationEventPublisher Lookup #7802
- ๐ Modernize Documentation Styling #7801
- ๐ Invalid OAuth2 login attempts don't emit a corresponding ApplicationEvent #7793
- ๐ Set secure on cookie when logging out #7764
- ๐ Introduce Reactive OAuth2Authorization success/failure handlers #7756
- ๐ ProviderManager should have a varargs constructor #7713
- ๐ Introduce Reactive OAuth2Authorization success/failure handlers #7699
- ๐ Migrate LDAP integration tests groovy->java #7691
- ๐ WebSecurityConfigurerAdapter: Unable to use custom AuthenticationEventPublisher #7515
- โ Add Jackson support to OAuth2 session related classes #4886
๐ฑ ๐ Bug Fixes
- ๐ Build failing with NoSuchMethodError #7888
- ๐ cassample integration tests are failing #7874
- ๐ Form login requiresAuthenticationMatcher is not used in WebFlux #7863
- ๐ BasicAuthenticationFilter ignores credentials charset #7835
- ๐ Default LDIF file not picked up in LDAP "unboundid" mode #7833
- ๐ Incorrect LDIF file example in LDAP documentation #7832
- ๐ OpaqueTokenRequestPostProcessor should respect configuration order #7800
- ๐ Form Login authenticationFailureHandler is not used in ServerHttpSecurity #7782
โฌ๏ธ ๐จ Dependency Upgrades
- โก๏ธ Update to Gradle 6.1.1 #7936
- โก๏ธ Update to GAE 1.9.78 #7893
- ๐ Update to Spring Boot 2.2.4.RELEASE #7892
- โก๏ธ Update Gradle 6.1 #7838
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!
-
v5.3.0.M1 Changes
January 08, 2020๐ฑ โญ๏ธ New Features
- ๐ Allow disabling dependency locking #7799
- ๐ Build task "snapshots" should not use locked dependencies #7798
- โ Add oauth2Login MockMvc Test Support #7789
- ๐ Manage Versions using Version Locking #7788
- ๐ Use Gradle Platform / Constraints #7787
- ๐ Idiomatic Kotlin DSL for configuring HTTP security in servlet based applications #7785
- ๐ Fix description of PasswordEncoder #7784
- ๐ Fix unchecked assignment and possible NPE #7773
- ๐ Resolve JavaType only once for whitelisted class #7755
- ๐ Set secure when cancelling remember-me cookie #7726
- โ Add JwtIssuerAuthenticationManagerResolver #7724
- โ Add opaque token test support #7712
- โ Remove redundant validation for redirect-uri #7706
- ๐ Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7702
- ๐ Enable AuthenticationManager configuration in saml2Login #7693
- ๐ Incomplete Documentation for Setting Up MockMvc and Spring Security #7688
- โ Add Oidc Login Reactive Test Support #7680
- โ Remove consecutive-word duplications in Javadocs #7673
- ๐ Fix InitializeAuthenticationProviderBeanManagerConfigurer Javadoc #7666
- ๐ Fix minor typo in HttpSecurity documentation #7663
- ๐ Check BCrypt hashed value of a byte array #7661
- ๐ Allow configuring authenticationManagerResolver for SAML2 #7654
- โ Add oidcLogin MockMvc Test Support #7618
- โ Add OidcUserInfo.Builder #7593
- โ Add OidcIdToken.Builder #7592
- ๐ Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7569
- ๐ Specify return type in InitializeUserDetailsBeanManagerConfigurer method Javadoc #7557
- ๐ In Test @AuthenticationPrincipal is null because ServerWebExchange is not wrapped #6598
- ๐ Make MethodSecurityEvaluationContext Delegates to MethodBasedEvaluationContext #6249
- ๐ Override the key to avoid CookieTheftException #5509
- โ Add resource server support for multiple trusted JWT access token issuers #5385
- ๐ RememberMeConfigurer does not use the key from RememberMeServices #4140
- ๐ Option in BasicAuthenticationFilter to log more exception info #3308
๐ฑ ๐ Bug Fixes
- ๐ OidcLoginRequestPostProcessor should respect configuration order #7794
- ๐ Fix var typo and code readability in resource server documentation #7772
- ๐ Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7737
- ๐ Use the custom ServerRequestCache for Oauth2LoginSpec #7734
- ๐ CompositeServerHttpHeadersWriter Should Execute Sequentially #7731
- ๐ DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7728
- ๐ DelegatingServerLogoutHandler Should Execute Sequentially #7723
- ๐ RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7721
- ๐ Disabling logout in WebFlux does nothing #7682
- ๐ Saml2Authentication isn't serializable #7681
- ๐ Correctly configure authorization requests repository for OAuth2 login #7675
- ๐ Error in javadoc for oauth2ResourceServer #7670
- ๐ DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7544
- ๐ WebFlux oauth2Login returns 500 when bad client credentials #5562
โฌ๏ธ ๐จ Dependency Upgrades
- ๐ Update to Spring Boot 2.2.2.RELEASE #7797
- ๐ Upgrade com.nimbusds:nimbus-jose-jwt dependency #7720
๐ฑ โช Non-passive
- ๐ UsernamePasswordAuthenticationTokenDeserializer doesn't deserialize details to correct type #7482
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!
-
v5.2.8.RELEASE Changes
December 03, 2020๐ฑ ๐ Bug Fixes
- โ Remove empty Appendix Section from docs #9172
- ๐ Tests should not combine Authentication and @AuthenticationPrincipal #9126
โฌ๏ธ ๐จ Dependency Upgrades
- โก๏ธ Update to Spring LDAP Core 2.3.3 #9245
- โก๏ธ Update to Powermock 2.0.9 #9244
- โก๏ธ Update to HSQLDB 2.5.1 #9243
- โก๏ธ Update to Hibernate EntityManager 5.4.25 #9242
- โก๏ธ Update to Jetty 9.4.35 #9241
- โก๏ธ Update to HttpComponents HttpClient 4.5.13 #9240
- โก๏ธ Update to RSocket 1.0.3 #9239
- โก๏ธ Update to Reactor Dysprosium-SR14 #9238
- โก๏ธ Update to Google App Engine 1.9.83 #9237
- โก๏ธ Update to Jackson Databind 2.10.5.1 #9236
- โก๏ธ Update to Spring Data Moore-SR11 #9235
- โก๏ธ Update to Spring 5.2.11 #9234
- โก๏ธ Update to Spring Boot 2.2.11 #9233
-
v5.2.7.RELEASE Changes
October 07, 2020๐ฑ ๐ Bug Fixes
- ๐ SpringSecurityCoreVersion.java getSpringVersion() method does not close stream. #9058
- ๐ CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #9025
โฌ๏ธ ๐จ Dependency Upgrades
- โก๏ธ Update to Spring Data Moore-SR10 #9088
- โก๏ธ Update to Hibernate Entity manager 5.4.22 #9087
- โก๏ธ Update to Hibernate Validator 6.1.6 #9086
- ๐ Upgrade to embedded Apache Tomcat 9.0.38 #9085
- โก๏ธ Update to RSocket 1.0.2 #9084
- โก๏ธ Update to Spring Framework 5.2.9 #9083
- โก๏ธ Update to Reactor Dysprosium-SR12 #9082
- โก๏ธ Update to Spring Boot 2.2.10 #9081
- โก๏ธ Update to GAE 1.9.82 #9080
- โก๏ธ Update to org.aspectj 1.9.6 #9079
-
v5.2.6.RELEASE Changes
August 05, 2020๐ฑ โญ New Features
- โ Add logging #8889
- ๐ Document improvement for configure(WebSecurity web) and configure(HttpSecurity http) #8856
- ๐ Use Github Actions PR pipeline and remove Travis for 5.2.x #8723
๐ฑ ๐ Bug Fixes
- ๐ ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8897
- ๐ Resolved bearer token has no padding indicators #8838
- ๐ Fix ProviderManager Javadoc typo #8812
- ๐ LoginPageGeneratingWebFilter should honor context path #8809
- ๐ RoleHierarchy is not used by AbstractAuthorizeTag #8679
- ๐ OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException #8673
- ๐ ReactorContext not available in PayloadSocketAcceptor delegate.accept #8656
โฌ๏ธ ๐จ Dependency Upgrades
- ๐ Update to nohttp 0.0.5.RELEASE #8927
- ๐ Update to Spring Boot 2.2.9.RELEASE #8921
- โก๏ธ Update to Reactor Dysprosium-SR10 #8920
- ๐ Update to Spring Framework 5.2.8.RELEASE #8919
- โก๏ธ Update to Spring Data Moore-SR9 #8918
- โก๏ธ Update to PowerMock Mockito2 2.0.7 #8917
- ๐ Update blockhound to 1.0.4.RELEASE #8916
- โก๏ธ Update to groovy 2.4.20 #8915
- โก๏ธ Update to embedded Tomcat websocket 8.5.57 #8914
- ๐ Upgrade to embedded Apache Tomcat 9.0.37 #8913
- โก๏ธ Update to jaxb-impl 2.3.3 #8912
- โก๏ธ Update to GAE 1.9.81 #8911
- โก๏ธ Update to Jackson 2.10.5 #8910
- ๐ Update to spring-build-conventions:0.0.33.RELEASE #8761
- โก๏ธ Update to RSocket 1.0.1 #8664
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!
-
v5.2.5.RELEASE Changes
June 03, 2020๐ฑ ๐ Bug Fixes
- ๐ Delay AuthenticationPrincipalArgumentResolver Lookup #8615
- ๐ Mock request with non-standard HTTP method in test #8595
- โ Remove unused field 'digester' in Md4PasswordEncoder #8576
- ๐ ACL : AclImpl.hashCode leads to StackOverflowError #8570
- ๐ Object ID Identity conversion to long fails on old schema #8559
- ๐ Blocking in WebSessionServerCsrfTokenRepository #8545
- ๐ Fix AntPathRequestMatcher Javadoc #8527
- ๐ Document NoOpPasswordEncoder will not be removed #8522
- ๐ Fix non-standard HTTP method for CsrfWebFilter #8516
โฌ๏ธ ๐จ Dependency Upgrades