All Versions
57
Latest Version
Avg Release Cycle
47 days
Latest Release
1241 days ago

Changelog History
Page 3

  • v5.2.4.RELEASE Changes

    May 06, 2020

    🍱 ⭐ New Features

    • πŸ”’ SAML Authentication Provider assertions #8495
    • πŸ”’ BCryptPasswordEncoder.encode() throws NPE #8346

    🍱 🐞 Bug Fixes

    • πŸ›  Fix Javadoc punctuation #8494
    • βž• Add ROLE_INFRASTRUCTURE to infrastructure beans #8438
    • πŸ”’ SEC-2664: ActiveDirectoryLdapAuthenticationProvider should wrap communication exceptions in InternalAuthenticationServiceException #8430
    • πŸ”’ OAuth2 Resource Server docs not in sync - authorityPrefix can't be set to "" #8426
    • πŸ›  Fix typo with correct capitalization #8409
    • πŸ”’ Global ServerSecurityContextRepository ignored by logout #8386
    • πŸ›  Fix example in javadoc of FilterChainProxy #8352
    • πŸ›  Fix typo in Javadoc of ServerHttpSecurity#hasAuthority #8338
    • πŸ”’ Java Doc of org.springframework.security.config.annotation.web.builders.HttpSecurity contains grammatical errors #8312

    ⬆️ πŸ”¨ Dependency Upgrades

    • ⚑️ Update to Byte Buddy 1.9.16 #8481
    • πŸ”’ Upgrade to embedded Apache Tomcat 9.0.34 #8469
    • ⚑️ Update RSocket to 1.0.0-RC7 #8468
    • ⚑️ Update to GAE 1.9.80 #8467
    • ⚑️ Update to Jackson 2.10.4 #8466
    • ⚑️ Update to org.powermock 2.0.7 #8465
    • ⚑️ Update to Reactor Dysprosium-SR7 #8464
    • πŸš€ Update to Spring Framework 5.2.6.RELEASE #8463
    • ⚑️ Update to Spring Data Moore-SR7 #8462
  • v5.2.3.RELEASE Changes

    April 01, 2020

    🍱 ⭐️ New Features

    • πŸ”’ SpringTestContext returns ConfigurableWebApplicationContext #8240
    • πŸ”’ OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #8235
    • πŸ”’ SwitchUserFilter vulnerable to CSRF #8223
    • πŸ“š Update Encryptors documentation for standard and stronger #8212
    • πŸ”’ Getting OAuth2AuthenticationException when Bearer token is empty #8207
    • πŸ”’ Document AuthorizedClientServiceOAuth2AuthorizedClientManager #8159
    • πŸ”’ Basic auth header without user results in exception #8123
    • πŸ“š Typo 'properites' -> 'properties' in documentation #8099

    🍱 🐞 Bug Fixes

    • ⚑️ Update tests to use absolute paths #8260
    • πŸ”’ HttpServletRequest.logout() not functioning #8241
    • πŸ”’ OAuth2 ClientRegistrations NPE when UserInfo endpoint missing #8210
    • πŸ”’ oauth2Login WebFlux should not auto-redirect for XHR request #8202
    • πŸ”’ Make OAuth2ErrorHttpMessageConverter more resilient #8180
    • πŸ”’ RSocket test should throw AccessDeniedException #8155
    • πŸ›  Fix typo in Javadoc of HttpSecurity#csrf() #8137
    • πŸ”’ Empty RelayState causes errors with ADFS #8070
    • πŸ›  Fix typo in AntPathRequestMatcher contructor comment #8045
    • πŸ”’ An AuthenticationManager is required. Oauth2ResourceServer + anonymous disable #8040
    • πŸ”’ OAuth2 access token response parsing fails with nested JSON object #8021
    • πŸ›  Fix typo in snippet code 'jwtAuthenticationConveter' -> 'jwtAuthenticationConverter' #7969
    • πŸ”’ OAuth2AuthorizationCodeGrantWebFilter should also match on query parameters #7967
    • πŸ”’ OAuth2AuthorizationCodeGrantFilter should also match on query parameters #7964
    • πŸ”’ Query parameters in authorization-url are double-encoded #7960
    • πŸ”’ Don't force downcasting of RequestAttributes to ServletRequestAttributes #7959
    • πŸ”’ ClassCastException for ServletRequestAttributes #7958

    ⬆️ πŸ”¨ Dependency Upgrades

    • ⚑️ Update RSocket to 1.0.0-RC6 #8280
    • ⚑️ Update to reactive-streams 1.0.3 #8279
    • ⚑️ Update to OpenSAML 3.4.5 #8278
    • ⚑️ Update to hibernate-entitymanager 5.4.13.Final #8277
    • ⚑️ Update to hibernate-core 5.2.18.Final #8276
    • πŸš€ Update blockhound to 1.0.3.RELEASE #8275
    • ⚑️ Update to unboundid-ldapsdk 4.0.14 #8274
    • ⚑️ Update to okhttp 3.14.7 #8259
    • ⚑️ Update to Jackson 2.10.3 #8258
    • ⚑️ Update to mockwebserver 3.14.7 #8257
    • ⚑️ Update to org.powermock 2.0.6 #8255
    • πŸ”’ Upgrade to embedded Apache Tomcat 9.0.33 #8254
    • ⚑️ Update to httpclient 4.5.12 #8253
    • πŸš€ Update to Spring Boot 2.2.6.RELEASE #8252
    • ⚑️ Update to GAE 1.9.79 #8251
    • ⚑️ Update to Reactor Dysprosium-SR6 #8250
    • ⚑️ Update to Spring Framework 5.2.5 #8249
    • ⚑️ Update to Spring Data Moore-SR6 #8248
    • ⚑️ Update to Jetty 9.4.22.v20191022 #7507
  • v5.2.2.RELEASE Changes

    February 05, 2020

    🍱 ⭐️ New Features

    • πŸ”’ Don't cache requests with Accept: text/event-stream by default. #7744
    • πŸ”’ Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7717
    • βœ‚ Remove redundant validation for redirect-uri #7707
    • πŸ’… Polish oauth2-client Error-handling Tests #7647
    • βœ‚ Remove unnecessary code in SecurityExpressionRoot #7635
    • πŸ“š Extract HTTPS Documentation #7626
    • βœ‚ Remove unnecessary code in SecurityExpressionRoot #7601
    • πŸ”’ Make jwks_uri optional for RFC 8414 and required for OpenID Connect #7573

    🍱 🐞 Bug Fixes

    • πŸ”’ Form login requiresAuthenticationMatcher is not used in WebFlux #7867
    • πŸ”’ Form Login authenticationFailureHandler is not used in ServerHttpSecurity #7866
    • πŸ”’ BasicAuthenticationFilter ignores credentials charset #7859
    • πŸ”’ Default LDIF file not picked up in LDAP "unboundid" mode #7852
    • πŸ“š Incorrect LDIF file example in LDAP documentation #7849
    • πŸ”’ Use the custom ServerRequestCache that the user configures #7753
    • πŸ”’ RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7751
    • πŸ”’ Disabling logout in WebFlux does nothing #7742
    • πŸ”’ Saml2Authentication isn't serializable #7739
    • πŸ“„ Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7738
    • πŸ”’ CompositeServerHttpHeadersWriter Should Execute Sequentially #7732
    • πŸ”’ DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7729
    • πŸ”’ DelegatingServerLogoutHandler Should Execute Sequentially #7725
    • πŸ”’ WebFlux oauth2Login returns 500 when bad client credentials #7703
    • πŸ”’ Correctly configure authorization requests repository for OAuth2 login #7690
    • πŸ”’ Correctly configure authorization requests repository for OAuth2 login #7689
    • πŸ”’ DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7684
    • ⚑️ Update @MessageMapping to match input/output cardinality #7669
    • βž• Add http and https spring.schema mappings #7623
    • πŸ”’ Avoid toString in favor of getName in order to extract sid #6354

    ⬆️ πŸ”¨ Dependency Upgrades

    • ⚑️ Update to Spring Boot 2.2.4 #7909
    • ⚑️ Update to org.slf4j 1.7.30 #7908
    • ⚑️ Update to org.powermock 2.0.5 #7907
    • ⚑️ Update to hibernate-validator 6.1.2.Final #7906
    • ⚑️ Update to hibernate-entitymanager 5.4.10.Final #7905
    • ⚑️ Update to org.aspectj 1.9.5 #7904
    • ⚑️ Update to httpclient 4.5.11 #7903
    • ⚑️ Update to commons-codec 1.14 #7899
    • ⚑️ Update to com.squareup.okhttp3 3.14.6 #7898
    • ⚑️ Update to Jackson 2.10.2 #7897
    • ⚑️ Update to Reactor Dysprosium SR4 #7896
    • ⚑️ Update to Spring Data Moore SR3 #7895
    • ⚑️ Update to Spring Framework 5.2.3 #7894
    • ⚑️ Update nimbus-jose-jwt because of CVE-2019-17195 #7570

    🍱 ❀️ Contributors

    πŸš€ We'd like to thank all the contributors who worked on this release!

  • v5.2.1.RELEASE Changes

    November 04, 2019

    🍱 ⭐️ New Features

    • πŸ›  Fix variable reference in sample code #7571
    • πŸ”’ spring-security-saml2-service-provider impossible to use different format of assertionConsumerServiceUrlTemplate #7565
    • βž• Add Resource Server Multi-tenancy Documentation #7532
    • ⚑️ Update SAML sample to use boot auto config #7521
    • βž• Add Reactive CSRF Documentation #6487

    🍱 🐞 Bug Fixes

    • πŸ”’ Restore Removed Throws Clauses #7580
    • πŸ”’ CsrfWebFilter should handle multipart/form-data #7576
    • πŸ”’ Make saveAuthorizedClient save the authorized client #7551
    • πŸ”’ DefaultReactiveOAuth2AuthorizedClientManager.saveAuthorizedClient does not save authorized client #7546
    • πŸ”’ throws Exception was removed from WebSecurityConfigurerAdapter#configure(WebSecurity) #7541
    • πŸ”’ SAML2 Provider SubjectConfirmation validation failure #7514
    • πŸ”’ SAML2 Provider AuthNRequest Hardcoded Protocol Binding #7513
    • πŸ”’ Clock skew to check access token expiration has wrong sign #7511

    ⬆️ πŸ”¨ Dependency Upgrades

    • πŸš€ Upgrade to Spring Boot 2.2.0.RELEASE #7566

    🍱 ❀️ Contributors

    πŸš€ We'd like to thank all the contributors who worked on this release!

  • v5.2.0.RELEASE

    September 30, 2019
  • v5.2.0.RC1 Changes

    September 06, 2019

    🍱 ⭐️ New Features

    • βž• Add attributes Consumer to OAuth2AuthorizationContext #7385
    • πŸ‘Œ Improve DefaultReactiveOAuth2UserService handling IOException #7370
    • βž• Add RSocket Support #7360
    • πŸ’… Polish Server|ServletBearerExchangeFilterFunction #7355
    • πŸ”¨ Refactor Servlet/Server BearerExchangeFilterFunction #7353
    • πŸ”’ OAuth2AuthorizeRequest supports attributes #7352
    • πŸ”’ Grant Individual Authorities From Claims #7351
    • πŸ”’ DefaultOAuth2AuthorizedClientManager and DefaultServerOAuth2AuthorizedClientManager Alignment #7350
    • πŸ”’ Align Servlet ClearSiteData expression of directives #7347
    • βž• Add Adapter to Translate Jwt to BearerTokenAuthentication #7346
    • πŸ”’ Opaque Token Introspector should return an Authenticated Principal #7345
    • πŸ”’ Opaque Token Introspection Strategy Flexibility #7344
    • βž• Add BearerTokenAuthentication #7343
    • βž• Add OAuth2AuthenticatedPrincipal #7342
    • πŸ”’ OAuth2AuthorizeRequest supports attributes #7341
    • πŸ”’ DefaultOAuth2UserService should extract authorities #7339
    • πŸ”’ InMemoryReactiveClientRegistrationRepository should check for duplicates #7338
    • βž• Add Servlet and ServerBearerExchangeFilterFunction #7330
    • ⚑️ Update to Gradle 5.6.1 #7323
    • πŸ”’ Simplify and improve the buildSrc gradle plugin #7302
    • ⚑️ Update to Gradle 5.6 #7300
    • βž• Add Catalan localization messages #7288
    • βž• Add Catalan localization messages #7287
    • πŸ”’ Resource Server should support WebClient Bearer Token propagation #7284
    • πŸ”’ Sample should use UserDetailsService bean instead of configureGlobal method #7283
    • πŸ”’ Mock Jwt Test Samples #7278
    • πŸ‘ Allow to set default securityContextRepository for each authenticatio… #7275
    • πŸ”’ Resource Server Multi-tenancy Sample Should Manage Its Own Jwt Decoder #7272
    • βž• Add setter for authorities claim name in JwtGrantedAuthoritiesConverter #7271
    • πŸ”’ Jwk Set Uri Nimbus Jwt Decoder builders should take SignatureAlgorithm #7270
    • βž• Add setContentLengthLong detection to OnCommittedResponseWrapper. #7264
    • πŸ”’ Consolidate shared code between JwtDecoders and ReactiveJwtDecoders #7263
    • βœ‚ Remove MultiTenantAuthenticationManagerResolver #7259
    • βž• Add setter for authority prefix in JwtGrantedAuthoritiesConverter #7256
    • πŸ”’ Prevent IntelliJ IDEA from generating spaces for indentation #7253
    • πŸ”’ TokenBasedRememberMeServices.processAutoLoginCookie (TokenBasedRememberMeServices.java:134) java.lang.NullPointerException #7251
    • πŸ”’ Authentication Mechanisms Should Default their ServerSecurityContextRepository #7249
    • πŸ”’ Rename OAuth2TokenIntrospectionClient #7246
    • πŸ”’ Consider renaming OAuth2TokenIntrospectionClient #7245
    • βž• Add OAuth2LoginSpec#securityContextRepository #7244
    • πŸ’… Cleanup Code Style Issues #7238
    • βž• Add Checkstyle configuration for IntelliJ IDEA #7237
    • πŸ”’ Expose getPort in ApacheDsContainer #7236
    • πŸ”’ OAuth2LoginConfigurer should discover OAuth2UserService beans #7232
    • πŸ”’ Make ldap integration tests independent #7231
    • βœ‚ Remove unused imports #7229
    • πŸ”’ ServerHttpSecurity: oauth2Login() ignores securityContextRepository() #7222
    • πŸ”’ Use the 'io.freefair.aspectj' gradle plugin #7183
    • βž• Add RequestMatcher.matcher(HttpServletRequest) #7172
    • πŸ”’ ignore Multipart requests in HttpSessionRequestCache.requestMatcher #7167
    • βž• Add test examples for Oauth2 Resource Server sample #7159
    • βž• Add unbounid support in xml #7149
    • πŸ”’ OAuth2AuthorizedClientManager implementation works outside of request #7122
    • πŸ‘Œ Improve OAuth2 Resource Server tests #7118
    • πŸ”’ Introduce Reactive OAuth2AuthorizedClient Manager/Provider #7116
    • πŸ‘ Allow configurable Clock in OAuth2AuthorizedClientProvider impls #7114
    • πŸ”’ JwtGrantedAuthoritiesConverter should allow configuring the authority prefix #7101
    • πŸ”’ JwtGrantedAuthoritiesConverter should allow configuring the authorities claim name #7100
    • βž• Add authenticationFailureHandler method in OAuth2LoginSpec #7071
    • πŸ”’ v5.2.0.M3 docs contain Deprecated example code #7062
    • πŸ”’ Multipartfile request with no authentication is still consumed even after an AccessDeniedException is thrown #7060
    • βž• Add OAuth2LoginSpec.authenticationFailureHandler #7051
    • βž• Add Argon2PasswordEncoder #7045
    • πŸ›  Fix docs typo WebSecurityConfigurationAdapter->WebSecurityConfigurerAdapter #7026
    • βž• Add support for Resource Owner Password Credentials grant #7013
    • πŸ”’ Jwt decoding should support multiple algorithms #6883
    • πŸ’… Polish Resource Server DSL Error Messaging #6876
    • βœ‚ Remove Invalid WebMvcConfigurer from Sample Documentation #6822
    • πŸ”’ Align code in oauth2-client extensions for WebClient #6811
    • πŸ”’ OAuth2 Client Credentials Flow: Getting access tokens in the service/data tier #6780
    • πŸ”’ Provide Servlet equivalent of UnAuthenticatedServerOAuth2AuthorizedClientRepository #6683
    • πŸ”’ Spring Boot + spring-security-oauth2-resource-server should not throw a ClassNotFoundException once it supports more than one token format #6209
    • πŸ‘Œ Support Resource Owner Password Credentials grant #6003
    • βž• Add Argon2PasswordEncoder #5354
    • βž• Add BearerExchangeFilterFunction #5334

    🍱 🐞 Bug Fixes

    • βœ‚ Remove package tangle in headers #7380
    • βœ‚ Remove OAuth2AuthorizationRequest when a distributed session is used #7334
    • πŸ”’ OAuth2AuthorizationRequest not removed from session #7327
    • πŸ”’ Use ConcurrentHashMap in InMemoryReactiveClientRegistrationRepository #7308
    • πŸ›  fix footnotes markup #7305
    • βž• add media type jwk-set+json to accept header #7304
    • πŸ”’ InMemoryReactiveClientRegistrationRepository should not use ConcurrentReferenceHashMap #7299
    • πŸ›  Fix WebClient Memory Leaks #7293
    • πŸ”’ NimbusJwtDecoderJwkSupport only sets 'application/json' Accept header #7290
    • πŸ›  Fix typo in docs #7277
    • πŸ›  Fix UserDetailsPasswordService JavaDoc #7266
    • πŸ”’ Ensure filter order is maintained when using springSecurity() along with other filters #7265
    • πŸ”’ OnCommittedResponseWrapper fails on static resources served by Tomcat 8.5 #7261
    • πŸ”’ Expire as many sessions as exceed maximum allowed #7258
    • πŸ”’ Use UTF-8 for compilation #7254
    • πŸ›  Fix NPE in RequestContextSubscriber #7235
    • πŸ”’ RequestContextSubscriber could put null value in Reactor Context #7228
    • πŸ›  Fix docs typo WebSecurityConfigurationAdapter->WebSecurityConfigurerAdapter #7181
    • πŸ”’ SessionRegistryImpl uses Map.compute #7178
    • πŸ”’ SessionAuthenticationStrategy make HttpSecurity.sessionManagement().maximumSessions(1) unavailability #7166
    • πŸ“š Misleading documentation for websocket security #4845
    • πŸ”’ SEC-2980: Possible race condition in SessionRegistryImpl #3189
    • πŸ”’ SEC-2971: Footnotes are messed up in online docs #3180

    ⬆️ πŸ”¨ Dependency Upgrades

    • ⚑️ Update to Gretty 2.3.1 #7389
    • ⚑️ Update to OpenSaml 3.3.1 #7388
    • ⚑️ Update to cglib 3.3.0 #7387
    • ⚑️ Update to Spring Data Moore RC3 #7386
    • ⚑️ Update to Spring Framework 5.2.0.RC2 #7371
    • ⚑️ Update to Spring Boot 2.2.0.M5 #7320
    • ⚑️ Update to org.seleniumhq.selenium:htmlunit-driver 2.36.0 #7319
    • ⚑️ Update to hibernate-entitymanager 5.4.4.Final #7318
    • ⚑️ Update to net.sourceforge.htmlunit:htmlunit 2.36.0 #7317
    • ⚑️ Update to commons-codec 1.13 #7316
    • ⚑️ Update to nimbus-jose-jwt 7.8 #7315
    • ⚑️ Update to GAE 1.9.76 #7314

    🍱 ❀️ Contributors

    πŸš€ We'd like to thank all the contributors who worked on this release!

  • v5.2.0.M4

    August 05, 2019
  • v5.2.0.M3

    June 14, 2019
  • v5.2.0.M2

    April 15, 2019
  • v5.2.0.M1

    January 16, 2019