Releases: spring-projects/spring-security
Releases Β· spring-projects/spring-security
6.0.0-M5
5.7.1
5.6.5
5.5.8
6.0.0-M4
βͺ Breaking Changes
- Authorization on Every Dispatch Type #11027
- Change the default of shouldFilterAllDispatchTypes to true #11107
- Default to SecurityContextHolderFilter instead of SecurityContextPersistenceFilter #11110
- Remove MessageSourceAware from ExceptionTranslationWebFilter #11057
- RequestRejectedException should be 400 by default #7568
β New Features
- Fix tests in AntPathRequestMatcherTests #11090
- messages.properties cleanup #11172
- Optimize AntRegexRequestMatcher #11234
- Remove SAML Deprecations #11077
- Replace removed Reactor context-related operators #11194
πͺ² Bug Fixes
π¨ Dependency Upgrades
- Update aspectj-plugin to 6.4.3 #11240
- Update com.nimbusds to 9.35 #11239
- Update Gradle Enterprise plugin to 3.9 #11104
- Update hibernate-core-jakarta to 5.6.9.Final #11249
- Update htmlunit to 2.61.0 #11246
- Update htmlunit-driver to 2.61.0 #11254
- Update io.projectreactor to 2020.0.19 #11242
- Update jackson-bom to 2.13.3 #11236
- Update jackson-databind to 2.13.3 #11237
- Update jackson-datatype-jsr310 to 2.13.3 #11238
- Update jakarta.annotation-api to 2.1.0 #11244
- Update jakarta.persistence-api to 3.1.0 #11245
- Update junit-bom to 5.9.0-M1 #11252
- Update mockk to 1.12.4 #11241
- Update org.aspectj to 1.9.9.1 #11247
- Update org.eclipse.jetty to 11.0.9 #11248
- Update org.jetbrains.kotlin to 1.6.21 #11250
- Update org.jetbrains.kotlinx to 1.6.1 #11251
- Update org.junit.jupiter to 5.9.0-M1 #11253
- Update reactor-netty to 1.1.0-M2 #11243
- Update Spring Framework to 6.0.0-M4 #11260
- Update spring-data-jpa to 3.0.0-M4 #11255
- Update spring-ldap-core to 2.4.0 #11256
- Update to Gradle 7.4.2 #11101
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
5.7.0
β New Features
- Check Samples should run against the current artifacts #11199
- Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager#isAuthorized #11188
- Remember me should detect UserDetailsService bean #11170
- WebSessionServerSecurityContextRepository provides Mono.cache option #8422
- X509 should detect UserDetailsService bean #11174
πͺ² Bug Fixes
@EnableMethodSecuritydoesn't resolve annotations on interfaces through a Proxy #11177- Add shouldFilterAllDispatcherTypes to Kotlin DSL #11153
- Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator #11165
- Multiple .requestMatchers().mvcMatchers() override previous one #11185
π¨ Dependency Upgrades
- Update aspectj-plugin to 6.4.3 #11218
- Update com.nimbusds to 9.35 #11217
- Update htmlunit to 2.61.0 #11222
- Update htmlunit-driver to 2.61.0 #11224
- Update io.projectreactor to 2020.0.19 #11220
- Update mockk to 1.12.4 #11219
- Update org.jetbrains.kotlin to 1.6.21 #11223
- Update org.springframework to 5.3.20 #11225
- Update org.springframework.data to 2021.2.0 #11228
- Update reactor-netty to 1.1.0-M2 #11221
- Update spring-data-jpa to 2.7.0-RC1 #11226
- Update spring-ldap-core to 2.4.0 #11227
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
5.6.4
5.5.7
π¨ Dependency Upgrades
5.7.0-RC1
β New Features
- Add authorizeHttpRequests to Kotlin DSL #10895
- Add authorizeHttpRequests to Kotlin DSL #10481
- Add DisableEncodeUrlFilter #11084
- Add Option to Filter All Dispatcher Types #11094
- Add Option to Filter All Dispatcher Types #11092
- Add support for authorization events in DelegatingAuthorizationManager #9527
- Add Support for Explicitly Saving SecurityContext #10949
- Create ForceEagerSessionCreationFilter #11109
- DelegatingAuthorizationManager Should Fire Events #9288
- Deprecate loadContext(RequestResponseHolder) in 5.x #11032
- Deprecate Saml2AuthenticationRequestFactory #11080
- Fix saml2 authentication-requests documentation #11034
- HttpSessionSecurityContextRepository.loadContext support null HttpServletResponse #11029
- RequestMatcherDelegatingAuthorizationManager should use RequestMatcherEntry #11046
πͺ² Bug Fixes
- AuthorizationManagerWebInvocationPrivilegeEvaluator does not provide access to ServletContext #10908
- ExceptionTranslationWebFilter causes a blocking call in case of missing/wrong authentication #10864
- Fix typo in reference documentation #11058
- Make the
DelegatingPasswordEncoderwork correctly, even if the prefix and suffix are the same #10933 - Update saganCreateRelease property referenceDocUrl #11031
- Update saganCreateRelease task property referenceDocUrl #11016
π¨ Dependency Upgrades
- Update aspectj-plugin to 6.4.2 #11143
- Update com.nimbusds to 9.34 #11142
- Update hibernate-entitymanager to 5.6.8.Final #11149
- Update io.projectreactor to 2020.0.18 #11144
- Update io.rsocket to 1.1.2 #11146
- Update org.aspectj to 1.9.9.1 #11147
- Update org.eclipse.jetty to 9.4.46.v20220331 #11148
- Update org.jetbrains.kotlin to 1.6.20 #11150
- Update org.jetbrains.kotlinx to 1.6.1 #11151
- Update org.springframework to 5.3.19 #11152
- Update reactor-netty to 1.1.0-M1 #11145
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
5.6.3
πͺ² Bug Fixes
- AuthorizationManagerWebInvocationPrivilegeEvaluator should grant access when AuthorizationManager abstains #10951
- Change HashSet to LinkedHashSet for RelyingPartyRegistration credentials #10916
- Fix saml2 authentication-requests documentation #11047
- Remove "Hi servlet/authentication/architecture there" from docs #10963
π¨ Dependency Upgrades
- Update hibernate-entitymanager to 5.6.8.Final #11124
- Update io.projectreactor to 2020.0.18 #11119
- Update io.rsocket to 1.1.2 #11121
- Update jackson-bom to 2.13.2.20220328 #11115
- Update jackson-databind to 2.13.2.2 #11116
- Update jackson-datatype-jsr310 to 2.13.2 #11117
- Update logback-classic to 1.2.11 #11114
- Update mockk to 1.12.3 #11118
- Update org.aspectj to 1.9.9.1 #11122
- Update org.eclipse.jetty to 9.4.46.v20220331 #11123
- Update org.springframework to 5.3.19 #11125
- Update org.springframework.data to 2021.1.3 #11126
- Update reactor-netty to 1.0.18 #11120
- Update spring-ldap-core to 2.3.7.RELEASE #11127