Releases: spring-projects/spring-security
Releases · spring-projects/spring-security
5.7.2
⭐ New Features
- Consider updating testing examples to use JUnit Jupiter #11293
🪲 Bug Fixes
- Some Security Expressions cause NPE when used within
@Query#11289 - CsrfWebFilter null save content-type check #11341
- Docs example uses access(String) with authorizeHttpRequests() #11296
- Fix typo in BasicLookupStrategy Javadoc #11339
- KeyInfo missing in AuthnRequest when using OpenSaml4AuthenticationRequestResolver #11358
- OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #11384
- SAML request encoding: on redirect binding, base64 encoded message contains CRLF #11284
- SecurityContextRepository.loadContext(HttpServletRequest) cache result #11390
- Should SAML metadata EntityDescriptor tag have the md: prefix? #11311
- Update opaque-token.adoc #11303
🔨 Dependency Upgrades
- Update aspectj-plugin to 6.4.3.1 #11402
- Update hibernate-entitymanager to 5.6.9.Final #11405
- Update io.projectreactor to 2020.0.20 #11403
- Update jackson-bom to 2.13.3 #11399
- Update jackson-databind to 2.13.3 #11400
- Update jackson-datatype-jsr310 to 2.13.3 #11401
- Update org.jetbrains.kotlinx to 1.6.3 #11406
- Update org.opensaml:opensaml-core4 to 4.1.1 #11410
- Update org.springframework to 5.3.21 #11407
- Update org.springframework.data to 2021.2.1 #11408
- Update reactor-netty to 1.0.20 #11404
- Update spring-ldap-core to 2.4.1 #11409
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.6.6
⭐ New Features
- Consider updating testing examples to use JUnit Jupiter #11292
🪲 Bug Fixes
- CsrfWebFilter null save content-type check #11342
- Docs example uses access(String) with authorizeHttpRequests() #11297
- Fix typo in BasicLookupStrategy Javadoc #11340
- OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #11385
- SAML request encoding: on redirect binding, base64 encoded message contains CRLF #11285
- Should SAML metadata EntityDescriptor tag have the md: prefix? #11310
- Some Security Expressions cause NPE when used within
@Query#11290
🔨 Dependency Upgrades
- Update hibernate-entitymanager to 5.6.9.Final #11416
- Update io.projectreactor to 2020.0.20 #11414
- Update jackson-bom to 2.13.3 #11411
- Update jackson-databind to 2.13.3 #11412
- Update jackson-datatype-jsr310 to 2.13.3 #11413
- Update org.opensaml:opensaml-core4 to 4.1.1 #11420
- Update org.springframework to 5.3.21 #11417
- Update org.springframework.data to 2021.1.5 #11418
- Update reactor-netty to 1.0.20 #11415
- Update spring-ldap-core to 2.3.8.RELEASE #11419
6.0.0-M5
5.7.1
5.6.5
5.5.8
6.0.0-M4
⏪ Breaking Changes
- Authorization on Every Dispatch Type #11027
- Change the default of shouldFilterAllDispatchTypes to true #11107
- Default to SecurityContextHolderFilter instead of SecurityContextPersistenceFilter #11110
- Remove MessageSourceAware from ExceptionTranslationWebFilter #11057
- RequestRejectedException should be 400 by default #7568
⭐ New Features
- Fix tests in AntPathRequestMatcherTests #11090
- messages.properties cleanup #11172
- Optimize AntRegexRequestMatcher #11234
- Remove SAML Deprecations #11077
- Replace removed Reactor context-related operators #11194
🪲 Bug Fixes
🔨 Dependency Upgrades
- Update aspectj-plugin to 6.4.3 #11240
- Update com.nimbusds to 9.35 #11239
- Update Gradle Enterprise plugin to 3.9 #11104
- Update hibernate-core-jakarta to 5.6.9.Final #11249
- Update htmlunit to 2.61.0 #11246
- Update htmlunit-driver to 2.61.0 #11254
- Update io.projectreactor to 2020.0.19 #11242
- Update jackson-bom to 2.13.3 #11236
- Update jackson-databind to 2.13.3 #11237
- Update jackson-datatype-jsr310 to 2.13.3 #11238
- Update jakarta.annotation-api to 2.1.0 #11244
- Update jakarta.persistence-api to 3.1.0 #11245
- Update junit-bom to 5.9.0-M1 #11252
- Update mockk to 1.12.4 #11241
- Update org.aspectj to 1.9.9.1 #11247
- Update org.eclipse.jetty to 11.0.9 #11248
- Update org.jetbrains.kotlin to 1.6.21 #11250
- Update org.jetbrains.kotlinx to 1.6.1 #11251
- Update org.junit.jupiter to 5.9.0-M1 #11253
- Update reactor-netty to 1.1.0-M2 #11243
- Update Spring Framework to 6.0.0-M4 #11260
- Update spring-data-jpa to 3.0.0-M4 #11255
- Update spring-ldap-core to 2.4.0 #11256
- Update to Gradle 7.4.2 #11101
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
5.7.0
⭐ New Features
- Check Samples should run against the current artifacts #11199
- Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager#isAuthorized #11188
- Remember me should detect UserDetailsService bean #11170
- WebSessionServerSecurityContextRepository provides Mono.cache option #8422
- X509 should detect UserDetailsService bean #11174
🪲 Bug Fixes
@EnableMethodSecuritydoesn't resolve annotations on interfaces through a Proxy #11177- Add shouldFilterAllDispatcherTypes to Kotlin DSL #11153
- Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator #11165
- Multiple .requestMatchers().mvcMatchers() override previous one #11185
🔨 Dependency Upgrades
- Update aspectj-plugin to 6.4.3 #11218
- Update com.nimbusds to 9.35 #11217
- Update htmlunit to 2.61.0 #11222
- Update htmlunit-driver to 2.61.0 #11224
- Update io.projectreactor to 2020.0.19 #11220
- Update mockk to 1.12.4 #11219
- Update org.jetbrains.kotlin to 1.6.21 #11223
- Update org.springframework to 5.3.20 #11225
- Update org.springframework.data to 2021.2.0 #11228
- Update reactor-netty to 1.1.0-M2 #11221
- Update spring-data-jpa to 2.7.0-RC1 #11226
- Update spring-ldap-core to 2.4.0 #11227
❤️ Contributors
We'd like to thank all the contributors who worked on this release!