Spring Security v5.5.0-M1 Release Notes

Release Date: 2020-11-04 // 12 months ago
  • ๐Ÿฑ โญ New Features

    • Add unsupported_token_type in OAuth2ErrorCodes #9184
    • Add token and token_type_hint to OAuth2ParameterNames #9183
    • ๐Ÿ”’ Introduce JwaAlgorithm #9182
    • ๐Ÿ”’ WithSecurityContextTestExecutionListener Should Support Nested Classes #9179
    • โž• Add WebFlux Documentation for Multiple Filter Chains #9178
    • ๐Ÿ“‡ SAML 2.0 Asserting Party Metadata resolution should read SigningMethod elements #9177
    • ๐Ÿ”’ Enable customization of BearerTokenResolver by adding a setter for JwtClaimIssuerConverter on JwtIssuerAuthenticationManagerResolver #9168
    • ๐Ÿ”’ Reactive doc points to unit tests #9157
    • ๐Ÿ”’ Invoke Kotlin MockMvc result matchers with parentheses #9155
    • ๐Ÿ”’ Change guard expressions order #9153
    • ๐Ÿ”’ It is not necessary to fetch all user sessions if unlimited sessions are set in the ConcurrentSessionControlAuthenticationStrategy. #9152
    • โž• Add refresh token expiration support #9146
    • ๐Ÿ”’ JwtIssuerValidator handles issuer (iss) claim values as Strings and URLs #9137
    • ๐Ÿ”’ OpenSamlAuthenticationProvider should decrypt attributes #9131
    • โšก๏ธ Update snapshot build dependencies #9124
    • ๐Ÿ”’ spring-security-test should include jackson-datatype-jsr310 as a test dependency #9123
    • โšก๏ธ Update to Gradle 6.6.1 #9122
    • ๐Ÿ”’ Use LobHandler in JdbcOAuth2AuthorizedClientService #9070
    • ๐Ÿ“‡ Changed metadata converter to accept files as well #9056
    • โž• Add HSM Support for Decrypting Assertions #9055
    • ๐Ÿ“‡ File-based Configuration for Asserting Party Metadata #9028
    • ๐Ÿ”’ Prevent PR builds from running on forks #8993
    • ๐Ÿ”’ Provide a R2dbc implementation of ReactiveOuath2AuthorizedClientService #8765
    • โž• Add support for dynamic JWS signature algorithm with JWKs (2) - Issue 7160 #8752
    • ๐Ÿ‘Œ Support customization of BearerTokenResolver in JwtIssuerAuthenticationManagerResolver #8535
    • ๐Ÿ”’ Provide reactive JDBC implementation of ReactiveOAuth2AuthorizedClientService #7890
    • ๐Ÿ”’ JwtDecoders and ReactiveJwtDecoders should determine algorithm from JWK Set Endpoint #7160
    • ๐Ÿ”’ OAuth2Token interface for AbstractOAuth2Token #5502

    ๐Ÿฑ ๐Ÿž Bug Fixes

    • ๐Ÿ”’ [docs]Add white space before strong notation. #9145
    • ๐Ÿ› Bug with JwtValidators.createDefaultWithIssuer(String)? #9136
    • ๐Ÿ”’ Tests should not combine Authentication and @AuthenticationPrincipal #9121
    • ๐Ÿ”’ Closes gh-8196 appendix indentation #9118
    • ๐Ÿ›  Fixes in documentation #9099

    โฌ†๏ธ ๐Ÿ”จ Dependency Upgrades

    • ๐Ÿ”’ Set rsocketVersion to 1.1.0 #9167
    • ๐Ÿ”’ Set reactorVersion to 2020.0.+ #9166
    • ๐Ÿ”’ Set springVersion to 5.3.+ #9165

    ๐Ÿฑ โค๏ธ Contributors

    ๐Ÿš€ We'd like to thank all the contributors who worked on this release!


Previous changes from v5.4.1

  • ๐Ÿฑ โญ New Features

    • ๐Ÿ”’ Replace expired msdn link with latest web archive copy #9050
    • โž• Add documentation for StrictHttpFirewall enhancements #9038
    • ๐Ÿ”’ Replace Tomcat6 URL for SSL Guide to Tomcat 10 #9034
    • ๐Ÿ”’ Use AssertJ for exception testing #9013

    ๐Ÿฑ ๐Ÿž Bug Fixes

    • โž• Add try-with-resources to close stream #9053
    • ๐Ÿ“‡ RelyingPartyRegistrations Fails to Read Keycloak Metadata #9051
    • ๐Ÿ›  fix miswritten comment of FormLoginDsl.kt #9042
    • ๐Ÿ”’ Adapt to WebClient's new exception wrapping #9031
    • ๐Ÿ”’ StandardInterceptUrlRegistry should not refer to ExpressionUrlAuthorizationConfigurer #9026
    • ๐Ÿ›  Fix broken Mono chain #9022
    • ๐Ÿ”’ Use Schedulers.boundedElastic for UUID.randomUUID #9021
    • ๐Ÿ”’ CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #9018
    • ๐Ÿ”’ WebSessionServerCsrfTokenRepository#generateToken() don't use Schedulers.boundedElastic() #9017
    • ๐Ÿ”’ NullPointerException SessionRegistryImpl.onApplicationEvent(SessionRegistryImpl.java:111) #9011
    • ๐Ÿ”’ Quick javadoc fix for DelegatingPasswordEncoder #8890

    ๐Ÿฑ โค๏ธ Contributors

    ๐Ÿš€ We'd like to thank all the contributors who worked on this release!