Spring Security v5.5.0-M1 Release Notes
Release Date: 2020-11-04 // about 4 years ago-
๐ฑ โญ New Features
- Add unsupported_token_type in OAuth2ErrorCodes #9184
- Add token and token_type_hint to OAuth2ParameterNames #9183
- ๐ Introduce JwaAlgorithm #9182
- ๐ WithSecurityContextTestExecutionListener Should Support Nested Classes #9179
- โ Add WebFlux Documentation for Multiple Filter Chains #9178
- ๐ SAML 2.0 Asserting Party Metadata resolution should read SigningMethod elements #9177
- ๐ Enable customization of BearerTokenResolver by adding a setter for JwtClaimIssuerConverter on JwtIssuerAuthenticationManagerResolver #9168
- ๐ Reactive doc points to unit tests #9157
- ๐ Invoke Kotlin MockMvc result matchers with parentheses #9155
- ๐ Change guard expressions order #9153
- ๐ It is not necessary to fetch all user sessions if unlimited sessions are set in the ConcurrentSessionControlAuthenticationStrategy. #9152
- โ Add refresh token expiration support #9146
- ๐ JwtIssuerValidator handles issuer (iss) claim values as Strings and URLs #9137
- ๐ OpenSamlAuthenticationProvider should decrypt attributes #9131
- โก๏ธ Update snapshot build dependencies #9124
- ๐ spring-security-test should include jackson-datatype-jsr310 as a test dependency #9123
- โก๏ธ Update to Gradle 6.6.1 #9122
- ๐ Use LobHandler in JdbcOAuth2AuthorizedClientService #9070
- ๐ Changed metadata converter to accept files as well #9056
- โ Add HSM Support for Decrypting Assertions #9055
- ๐ File-based Configuration for Asserting Party Metadata #9028
- ๐ Prevent PR builds from running on forks #8993
- ๐ Provide a R2dbc implementation of ReactiveOuath2AuthorizedClientService #8765
- โ Add support for dynamic JWS signature algorithm with JWKs (2) - Issue 7160 #8752
- ๐ Support customization of BearerTokenResolver in JwtIssuerAuthenticationManagerResolver #8535
- ๐ Provide reactive JDBC implementation of ReactiveOAuth2AuthorizedClientService #7890
- ๐ JwtDecoders and ReactiveJwtDecoders should determine algorithm from JWK Set Endpoint #7160
- ๐ OAuth2Token interface for AbstractOAuth2Token #5502
๐ฑ ๐ Bug Fixes
- ๐ [docs]Add white space before strong notation. #9145
- ๐ Bug with JwtValidators.createDefaultWithIssuer(String)? #9136
- ๐ Tests should not combine Authentication and @AuthenticationPrincipal #9121
- ๐ Closes gh-8196 appendix indentation #9118
- ๐ Fixes in documentation #9099
โฌ๏ธ ๐จ Dependency Upgrades
- ๐ Set rsocketVersion to 1.1.0 #9167
- ๐ Set reactorVersion to 2020.0.+ #9166
- ๐ Set springVersion to 5.3.+ #9165
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!
Previous changes from v5.4.1
-
๐ฑ โญ New Features
- ๐ Replace expired msdn link with latest web archive copy #9050
- โ Add documentation for StrictHttpFirewall enhancements #9038
- ๐ Replace Tomcat6 URL for SSL Guide to Tomcat 10 #9034
- ๐ Use AssertJ for exception testing #9013
๐ฑ ๐ Bug Fixes
- โ Add try-with-resources to close stream #9053
- ๐ RelyingPartyRegistrations Fails to Read Keycloak Metadata #9051
- ๐ fix miswritten comment of FormLoginDsl.kt #9042
- ๐ Adapt to WebClient's new exception wrapping #9031
- ๐ StandardInterceptUrlRegistry should not refer to ExpressionUrlAuthorizationConfigurer #9026
- ๐ Fix broken Mono chain #9022
- ๐ Use Schedulers.boundedElastic for UUID.randomUUID #9021
- ๐ CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #9018
- ๐ WebSessionServerCsrfTokenRepository#generateToken() don't use Schedulers.boundedElastic() #9017
- ๐ NullPointerException SessionRegistryImpl.onApplicationEvent(SessionRegistryImpl.java:111) #9011
- ๐ Quick javadoc fix for DelegatingPasswordEncoder #8890
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!