Skip to content

6.1.0-M1

Pre-release
Pre-release
Compare
Choose a tag to compare
@github-actions github-actions released this 16 Jan 16:33
· 5190 commits to main since this release
6.1.0-M1
0ea80bf

⭐ New Features

  • Add EnableWebSecurity migration steps to 5.8 guide #12355
  • Add a RelyingPartyRegistrationRepository constructor to Saml2MetadataFilter #11815
  • Add an option to set the SameSite policy in the CookieCsrfTokenRepository #12086
  • Add Authority String AuthorizationManager #12231
  • Add configurable authorities split regex #12124
  • Add configurable authorities split regex #12073
  • add packages (dependencies) to playbook template in docs-build branch #12522
  • Add the ability to set the SameSite policy to the CRSF Cookie #12109
  • Allow authorization request resolver to be changed for the OAuth2 client configuration #12430
  • AuthorizeHttpRequestsConfigurer.AuthorizedUrl.hasRole should look up for a RoleHierarchy bean in the context #12505
  • Consider replacing SecurityExpressionRoot.AuthenticationSupplier with SingletonSupplier #12489
  • Document @EnableWebFluxSecurity requiring @Configuration in 6.0.0 #12445
  • Inaccurate javadoc text in setRequestHandler method from CsrfWebFilter class #12484
  • Inaccurate javadoc text in setRequestHandler method of CsrfFilter class #12515
  • Reenable R2dbcReactiveOAuth2AuthorizedClientServiceTests Tests #12441
  • Replace deprecated set-state set-output GitHub Action's commands #12300
  • SecuredAuthorizationManager should allow customizing underlying authorization manager #12233
  • SecuredAuthorizationManager should cache annotation's value #12232
  • Spring Security 6.0 Migration Guide Should Mention @Configuration Meta-Annotation Removal From Configuration Annotations #12499

🪲 Bug Fixes

  • AuthorizationManager method security documentation should use AnnotationMatchingPointcut #12518
  • DefaultLdapAuthoritiesPopulator throws NullPointerException #12410
  • Error in ACLS document #12406
  • Fix AuthorizationFilter diagram in docs #12287
  • Incorrect Javadoc for class ExpressionAuthorizationDecision #12436
  • Jackson serialization of DefaultSaml2AuthenticatedPrincipal: LinkedMultiValueMap is not in the allowlist #12460
  • JwtAuthenticationProvider should use provided authentication details #11822
  • NimbusJwtDecoder unknown KID scenario is not correctly tested #12496
  • ProxyFactoryBean on AuthenticationManager does not work in native mode #12372
  • Reactive migration documentation for @EnableReactiveMethodSecurity is wrong (or implementation is wrong) #12514
  • Security observations are not setting their parent osbervation #12525
  • Spring Security 6.0.1 ObservationFilterChainDecorator produce wrong instrument names #12493
  • SwitchUserFilter not working in Spring Security 6 #12512
  • Wrong name of the filter in the SecurityContextHolderFilter diagram #12528

🔨 Dependency Upgrades

  • Update org.gretty:gretty to 4.0.3 #12277

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

Assets 2
Loading