6.1.0-M2
Pre-release
Pre-release
github-actions
released this
20 Mar 18:41
·
3968 commits
to main
since this release
⭐ New Features
- Add RelayState Customizer to SAML Logout #12582
- Add saml2Metadata to the DSL #11828
- Allow configuring SecurityContextRepository for BasicAuthenticationFilter #12031
- Allow Relying Party to be Deduced from LogoutRequest #12843
- Allow UserBuilder to easily build a user without any authorities #12533
- Cookie no support for field 'version' and 'comment' #12454
- Copies of RelyingPartyRegistration should preserve custom fields #12841
- CsrfTokenRequestAttributeHandler documentation should reflect that default is XorCsrfTokenRequestAttributeHandler #12684
- Extract placeholder resolution from DefaultRelyingPartyRegstrationResolver #12842
- Incomplete documentation regarding Hierarchical roles. #12784
- Move classpath checks to class member variable #12640
- move code comment to callout #12536
- NimbusReactiveJwtDecoder support mono chain #12521
- Polish DefaultLoginPageGeneratingFilter #12657
- Propagate match results in OrRequestMatcher and AndRequestMatcher #12847
- Re-add support for CAS #11674
- Relax final method implementations on AbstractRememberMeServices #12145
- RelyingPartyRegistrationRepository should support lookup by asserting party entity id #12848
- Remove deprecated
SecurityContextPersistenceFilter
from docs #12809 - Restore CAS module and update it for cas-client-core 4.0.0 #12362
- Revisit Session Management Documentation #12681
- Rewrite AbstractAuthenticationTargetUrlRequestHandler#determineTargetUrl logic for clarity #12468
- SAML 2.0 metadata endpoint should return all relying parties when none is given #12846
- Saml2MetadataResolver should accept multiple relying parties and create an EntitiesDescriptor #12844
- Support Device Authorization Response #12852
- Support LogoutRequest when already logged out #12845
- Update javadoc in EnableWebSecurity #12613
- Use a custom authentication type for CAS #12304
🪲 Bug Fixes
- 200 response is returned when ObservationMarkingRequestRejectedHandler is in use #12593
@EnableReactiveMethodSecurity
causes premature initialization of the ObservationRegistry and prevents it from being post-processed #12781- A typo in form login doc #12730
- Broken links in form login section of docs #12839
- Document XMLObject retreival for Asserting Party metadata #12800
- EntityId ignored in xml relying-party-registration #12778
- Fix CSRF protection provided by
@EnableWebSocketSecurity
/ Stomp #12594 - Fix image in servlet architecture docs section #12609
- Fix javadox typo #12643
- fix missing semi-colon java example in observability documentation #12761
- fix typo and update javadoc in AbstractAuthenticationFilterConfigurer #12634
- javax.json.bind.Jsonb to jakarta.json.bind.Jsonb #12621
- JdkSerializationRedisSerializer is not able to serialize Saml2LogoutRequest because of a lambda encoder #12768
- Missing spring-security-oauth2 xsds after release #12807
- No provider found for OAuth2AuthorizationCodeAuthenticationToken when running Spring Native Reactive app using OAuth2 #12625
- NoSuchElementException in org.springframework.security.web.server.ObservationWebFilterChainDecorator$AroundWebFilterObservation$SimpleAroundWebFilterObservation.start(ObservationWebFilterChainDecorator.java:274 #12831
- NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard #12688
- SessionManagementConfigurer ignores custom SecurityContextRepository for SessionManagementFilter #12641
- SwitchUserFilter should use HttpSessionSecurityContextRepository by default #12837
- Typo in Authentication Migrations page #12660
- WebTestUtilsTestRuntimeHints should only be invoked for Servlet #12626
🔨 Dependency Upgrades
- Update Gradle Enterprise plugin #12669
- Update hibernate-core to 6.1.7.Final #12898
- Update httpclient to 4.5.14 #12894
- Update io.projectreactor to 2022.0.5 #12890
- Update io.spring.javaformat to 0.0.38 #12891
- Update io.spring.nohttp to 0.0.11 #12892
- Update jackson-bom to 2.14.2 #12886
- Update jakarta.servlet.jsp-api to 3.1.1 #12893
- Update junit-bom to 5.9.2 #12900
- Update logback-classic to 1.4.6 #12885
- Update maven-resolver-provider to 3.8.8 #12895
- Update micrometer-observation to 1.10.5 #12888
- Update mockk to 1.13.4 #12889
- Update org.aspectj to 1.9.19 #12896
- Update org.eclipse.jetty to 11.0.14 #12897
- Update org.jetbrains.kotlin to 1.8.20-RC #12899
- Update org.springframework to 6.0.7 #12902
- Update org.springframework.data to 2022.0.3 #12903
- Update slf4j-api to 2.0.7 #12901
- Update spring-ldap-core to 3.0.1 #12904
- Update spring-ldap-core to 3.0.1 #12727
- Update to Kotlin 1.8.10 #12788
- Update unboundid-ldapsdk to 6.0.8 #12887
❤️ Contributors
We'd like to thank all the contributors who worked on this release!