5.7.12

🪲 Bug Fixes

• Check for null Authentication #14715

6.3.0-M2

⭐ New Features

• Add usernameParameter and passwordParameter to FormLoginDsl #14488
• Add argument resolver for SecurityContext #14449
• Add functionality to set custom web client in ReactiveOidcIdTokenDecoderFactory #13301
• Cleanup Saml2MetadataFilter #14476
• Customize when UserInfo is called #13259
• Implement providing a custom AuthoritiesPopulator in ADLdapAuthProvider #14539
• Migrate spring-security-rsa into spring-security-crypto #14202
• Nested username attribute in DefaultOAuth2User #14265
• Revise AuthorizationAnnotationUtils #14407
• Spring Security annotations on subclasses support intercepting parent class methods. #14516

🪲 Bug Fixes

• WebTestUtilsTestRuntimeHints should implement RuntimeHintsRegistrar #14469
• Cannot configure SecurityContextRepository in CasAuthenticationFilter #14537
• Fix wrong class name in JavaDoc #14466
• Fixed Interceptor name in Method Security reference document #14475
• Missing native-image reflection hint for CsrfTokenRequestAttributeHandler$SupplierCsrfToken #14471
• Typo: Update anonymous.adoc #14541
• Typo: Update rememberme.adoc #14542

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.15.3 to 2.15.4 #14619
• Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 #14578
• Bump gradle/gradle-build-action from 2 to 3 #14502
• Bump io.micrometer:micrometer-observation from 1.12.2 to 1.12.3 #14588
• Bump io.projectreactor:reactor-bom from 2023.0.2 to 2023.0.3 #14613
• Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 #14462
• Bump org-aspectj from 1.9.21 to 1.9.21.1 #14604
• Bump org-eclipse-jetty from 11.0.19 to 11.0.20 #14517
• Bump org.junit:junit-bom from 5.10.1 to 5.10.2 #14544
• Bump org.slf4j:slf4j-api from 2.0.11 to 2.0.12 #14556
• Bump org.springframework.data:spring-data-bom from 2023.1.2 to 2023.1.3 #14625
• Bump org.springframework.ldap:spring-ldap-core from 3.2.1 to 3.2.2 #14620
• Bump org.springframework:spring-framework-bom from 6.1.3 to 6.1.4 #14618
• Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 #14501
• Bump spring-io/spring-github-workflows from eaf17a1890b1ef1b337f015d6eb263baaf8c6dab to 1e8b0587a1f4f01697f9753fa3339c3e0d30f396 #14579

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Haarolean, @NerminKarapandzic, @ahmd-nabil, @boulce, @dependabot[bot], @irerin07, @kse-music, @leshalv, @sbrannen, @sonallux, @ty-v1, and @ubaid4j

6.2.2

⭐ New Features

• Configuration examples in docs are out of date #14392

🪲 Bug Fixes

• "Span wasn't started - an observation must be started (not only created)" (Micrometer) due to observation handling in Spring Security Web? #14568
• HandlerMappingIntrospectorRequestTransformer is registered twice in AOT #14367
• OAuth2AuthorizationExchange is not serializable #14405
• WebTestUtilsTestRuntimeHints should implement RuntimeHintsRegistrar #14468
• Application context fails to load: Couldn't find FilterChainProxy #14380
• Back-Channel Logout should use localhost for internal logout request #14553
• Cannot configure SecurityContextRepository in CasAuthenticationFilter #14536
• Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #14348
• fix typo in anonymous.adoc #14424
• fix: typo in Authentication Architecture ProviderManager #14448
• Missing native-image reflection hint for HandlerMappingIntrospectorCachFilterFactoryBean #14377
• Missing native-image reflection hint for CsrfTokenRequestAttributeHandler$SupplierCsrfToken #14470
• ReactiveMethodSecurityConfiguration is initialized prematurely when the context contains a BeanPostProcessor #14350
• SAML relying party logout filter is always ordered last #14551
• Spring Security 6.2 defaults to InMemoryOidcSessionRegistry causing memory leaks in distributed systems with external session storage #14558
• Test using @WithMockUser fails with 401 UNAUTHORIZED with 3.2 #14207
• Typo: Update authorize-http-requests.adoc #14563
• Unexpected Exception Handling in NimbusReactiveJwtDecoder decode Method #14496
• X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #14346

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.15.3 to 2.15.4 #14617
• Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 #14582
• Bump Gradle Wrapper from 8.5 to 8.6 #14547
• Bump gradle/gradle-build-action from 2 to 3 #14503
• Bump io-spring-javaformat from 0.0.40 to 0.0.41 #14439
• Bump io.micrometer:micrometer-observation from 1.12.1 to 1.12.2 #14429
• Bump io.micrometer:micrometer-observation from 1.12.2 to 1.12.3 #14589
• Bump io.mockk:mockk from 1.13.8 to 1.13.9 #14412
• Bump io.projectreactor:reactor-bom from 2023.0.1 to 2023.0.2 #14430
• Bump io.projectreactor:reactor-bom from 2023.0.2 to 2023.0.3 #14612
• Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 #14463
• Bump org-aspectj from 1.9.21 to 1.9.21.1 #14605
• Bump org-eclipse-jetty from 11.0.18 to 11.0.19 #14354
• Bump org-eclipse-jetty from 11.0.19 to 11.0.20 #14518
• Bump org.apereo.cas.client:cas-client-core from 4.0.3 to 4.0.4 #14440
• Bump org.jetbrains.kotlin:kotlin-bom from 1.9.21 to 1.9.22 #14364
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.21 to 1.9.22 #14363
• Bump org.junit:junit-bom from 5.10.1 to 5.10.2 #14543
• Bump org.slf4j:slf4j-api from 2.0.10 to 2.0.11 #14422
• Bump org.slf4j:slf4j-api from 2.0.11 to 2.0.12 #14554
• Bump org.slf4j:slf4j-api from 2.0.9 to 2.0.10 #14387
• Bump org.springframework.data:spring-data-bom from 2023.1.1 to 2023.1.2 #14455
• Bump org.springframework.data:spring-data-bom from 2023.1.2 to 2023.1.3 #14624
• Bump org.springframework.ldap:spring-ldap-core from 3.2.1 to 3.2.2 #14616
• Bump org.springframework:spring-framework-bom from 6.1.2 to 6.1.3 #14454
• Bump org.springframework:spring-framework-bom from 6.1.3 to 6.1.4 #14615
• Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 #14504
• Bump spring-io/spring-github-workflows from eaf17a1890b1ef1b337f015d6eb263baaf8c6dab to 1e8b0587a1f4f01697f9753fa3339c3e0d30f396 #14583

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Amitmahato, @andreasbuechel, @boulce, and @dependabot[bot]

6.1.7

⭐ New Features

• Fix Spring initializr link in 'Getting Spring Security' #14375
• Refactor: Remove Irrelevant Documentation Lines #14374
• Typo fix in configuration.adoc #14372
• Updated the Configuration examples in docs #14391

🪲 Bug Fixes

• "Span wasn't started - an observation must be started (not only created)" (Micrometer) due to observation handling in Spring Security Web? #14445
• HandlerMappingIntrospectorRequestTransformer is registered twice in AOT #14362
• OAuth2AuthorizationExchange is not serializable #14402
• WebTestUtilsTestRuntimeHints should implement RuntimeHintsRegistrar #14399
• Application context fails to load: Couldn't find FilterChainProxy #14370
• Cannot configure SecurityContextRepository in CasAuthenticationFilter #14529
• Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #14347
• Fix broken sample code in Authorize HttpServletRequests #14386
• Fix command in CONTRIBUTING.adoc #14489
• Missing native-image reflection hint for HandlerMappingIntrospectorCachFilterFactoryBean #14359
• Missing native-image reflection hint for CsrfTokenRequestAttributeHandler$SupplierCsrfToken #14397
• ReactiveMethodSecurityConfiguration is initialized prematurely when the context contains a BeanPostProcessor #14349
• SAML relying party logout filter is always ordered last #14550
• Typo: Update ldap.adoc #14509
• Typo: Update session-management.adoc #14515
• Unexpected Exception Handling in NimbusReactiveJwtDecoder decode Method #14495
• X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #14345

🔨 Dependency Upgrades

• Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 #14581
• Bump Gradle Wrapper from 8.5 to 8.6 #14540
• Bump gradle/gradle-build-action from 2 to 3 #14500
• Bump io-spring-javaformat from 0.0.40 to 0.0.41 #14436
• Bump io.mockk:mockk from 1.13.8 to 1.13.9 #14413
• Bump io.projectreactor:reactor-bom from 2022.0.14 to 2022.0.15 #14428
• Bump io.projectreactor:reactor-bom from 2022.0.15 to 2022.0.16 #14611
• Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 #14465
• Bump org-aspectj from 1.9.21 to 1.9.21.1 #14606
• Bump org-eclipse-jetty from 11.0.18 to 11.0.19 #14355
• Bump org-eclipse-jetty from 11.0.19 to 11.0.20 #14519
• Bump org.apereo.cas.client:cas-client-core from 4.0.3 to 4.0.4 #14437
• Bump org.slf4j:slf4j-api from 2.0.10 to 2.0.11 #14421
• Bump org.slf4j:slf4j-api from 2.0.11 to 2.0.12 #14555
• Bump org.slf4j:slf4j-api from 2.0.9 to 2.0.10 #14389
• Bump org.springframework:spring-framework-bom from 6.0.15 to 6.0.16 #14443
• Bump org.springframework:spring-framework-bom from 6.0.16 to 6.0.17 #14621
• Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 #14499
• Bump spring-io/spring-github-workflows from eaf17a1890b1ef1b337f015d6eb263baaf8c6dab to 1e8b0587a1f4f01697f9753fa3339c3e0d30f396 #14580

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Siddharth1605, @acktsap, @boulce, @dependabot[bot], @github-actions[bot], @kcsurapaneni, @nkilchenmann, and @ty-v1

5.8.10

⭐ New Features

• Updated broken documentation link in javadocs #14329

🪲 Bug Fixes

• Fix security filter sort in javadoc #14552
• ReactiveMethodSecurityConfiguration is initialized prematurely when the context contains a BeanPostProcessor #11596
• Saml2 LogoutFilter Should Come Before Common LogoutFilter #14549

🔨 Dependency Upgrades

• Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 #14584
• Bump gradle/gradle-build-action from 2 to 3 #14505
• Bump io-spring-javaformat from 0.0.40 to 0.0.41 #14438
• Bump io.projectreactor.netty:reactor-netty from 1.0.40 to 1.0.41 #14432
• Bump io.projectreactor:reactor-bom from 2020.0.39 to 2020.0.40 #14431
• Bump io.projectreactor:reactor-bom from 2020.0.40 to 2020.0.41 #14614
• Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 #14464
• Bump org-aspectj from 1.9.20.1 to 1.9.21.1 #14607
• Bump org-eclipse-jetty from 9.4.53.v20231009 to 9.4.54.v20240208 #14608
• Bump org.springframework:spring-framework-bom from 5.3.31 to 5.3.32 #14622
• Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 #14506
• Bump spring-io/spring-github-workflows from eaf17a1890b1ef1b337f015d6eb263baaf8c6dab to 1e8b0587a1f4f01697f9753fa3339c3e0d30f396 #14585

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @kse-music
• @geirhe
• @aspan
• @dependabot[bot]

6.3.0-M1

⭐ New Features

• Add a factory method for RoleHierarchyImpl #13788
• Add documentation for CachingUserDetailsService #14263
• Add Max Session to WebFlux #6192
• Add Not Support #14236
• Add order offset to @EnableMethodSecurity #14052
• Add RoleHierarchyBuilder #14196
• Added support for the CAS gateway feature #14193
• Configuration examples in docs are out of date #14393
• Document that Shibboleth Repository is Required for SAML Support #14296
• Integrate HandlerMappingIntrospector Caching #14333
• Max Sessions on WebFlux #13752
• Serializable objects should be deserializable between minor versions #3737
• Update messages_ca.properties #14241
• Update messages_es_ES.properties #14293

🪲 Bug Fixes

• HandlerMappingIntrospectorRequestTransformer is registered twice in AOT #14368
• OAuth2AuthorizationExchange is not serializable #14406
• Add missing method call in docs #14262
• Application context fails to load: Couldn't find FilterChainProxy #14381
• Fix typo in Authorize HTTP Requests' Doc Page #14334
• Missing native-image reflection hint for HandlerMappingIntrospectorCachFilterFactoryBean #14378
• There is a typo in the JavaDoc for the hasPermission method in the SecurityExpressionOperations class #14268

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #14300
• Bump actions/setup-java from 3 to 4 #14314
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14326
• Bump io-spring-javaformat from 0.0.40 to 0.0.41 #14442
• Bump io.micrometer:micrometer-observation from 1.12.0 to 1.12.1 #14283
• Bump io.micrometer:micrometer-observation from 1.12.1 to 1.12.2 #14427
• Bump io.mockk:mockk from 1.13.8 to 1.13.9 #14414
• Bump io.projectreactor:reactor-bom from 2023.0.0 to 2023.0.1 #14292
• Bump io.projectreactor:reactor-bom from 2023.0.1 to 2023.0.2 #14426
• Bump org-aspectj from 1.9.20.1 to 1.9.21 #14273
• Bump org-eclipse-jetty from 11.0.18 to 11.0.19 #14353
• Bump org.apereo.cas.client:cas-client-core from 4.0.3 to 4.0.4 #14441
• Bump org.jetbrains.kotlin:kotlin-bom from 1.9.21 to 1.9.22 #14365
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.21 to 1.9.22 #14366
• Bump org.slf4j:slf4j-api from 2.0.10 to 2.0.11 #14420
• Bump org.slf4j:slf4j-api from 2.0.9 to 2.0.10 #14388
• Bump org.springframework.data:spring-data-bom from 2023.1.0 to 2023.1.1 #14342
• Bump org.springframework.data:spring-data-bom from 2023.1.1 to 2023.1.2 #14456
• Bump org.springframework.ldap:spring-ldap-core from 3.2.0 to 3.2.1 #14336
• Bump org.springframework:spring-framework-bom from 6.1.1 to 6.1.2 #14311
• Bump org.springframework:spring-framework-bom from 6.1.2 to 6.1.3 #14457
• Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0 #14304
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14309
• Bump spring-io/spring-gradle-build-action from 1 to 2 #14306

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @aaguilera
• @ykardziyaka
• @leleuj
• @Junhyunny
• @jzheaux
• @making
• @FdHerrera
• @marcusdacoregio

6.2.1

⭐ New Features

• docs: make XML and Java/Kotlin consistent with AspectJExpressionPointcut #14219
• Document that Shibboleth Repository is Required for SAML Support #14295
• Integrate HandlerMappingIntrospector Caching #14332
• OAuth2 Resource Server is exposing server information. #14278

🪲 Bug Fixes

• Update Java Config Spring MVC documentation #14234
• add missing [tabs] fix typo in docs #14208
• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #14267
• Correct What's New in 6.2 reference to forServletPattern #14200
• Fix typo in getClaimAsMap docstring #14183
• Fix typo in the 'Authorizing Requests' example #14169
• fix wrong document about "jws-algorithms" #14280
• Improve error message when ServletRegistration API is unavailable #14232
• Update Javadoc Comments in AuthorizationEvent Class #14175
• Fix typo in architecture.adoc #14254
• Fixing link in authentication/architecture.adoc #13593

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #14323
• Bump actions/setup-java from 3 to 4 #14320
• Bump ch.qos.logback:logback-classic from 1.4.11 to 1.4.13 #14213
• Bump ch.qos.logback:logback-classic from 1.4.13 to 1.4.14 #14239
• Bump com.unboundid:unboundid-ldapsdk from 6.0.10 to 6.0.11 #14223
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14328
• Bump Gradle Wrapper from 8.4 to 8.5 #14222
• Bump io.micrometer:micrometer-observation from 1.12.0 to 1.12.1 #14284
• Bump io.projectreactor:reactor-bom from 2023.0.0 to 2023.0.1 #14289
• Bump org-apache-maven-resolver from 1.9.16 to 1.9.17 #14184
• Bump org-apache-maven-resolver from 1.9.17 to 1.9.18 #14197
• Bump org-aspectj from 1.9.20.1 to 1.9.21 #14271
• Bump org.apache.maven:maven-resolver-provider from 3.9.5 to 3.9.6 #14228
• Bump org.hibernate.orm:hibernate-core from 6.3.1.Final to 6.3.2.Final #14190
• Bump org.jetbrains.kotlin:kotlin-bom from 1.9.20 to 1.9.21 #14192
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.20 to 1.9.21 #14191
• Bump org.springframework.data:spring-data-bom from 2023.1.0 to 2023.1.1 #14341
• Bump org.springframework.ldap:spring-ldap-core from 3.2.0 to 3.2.1 #14335
• Bump org.springframework:spring-framework-bom from 6.1.0 to 6.1.1 #14189
• Bump org.springframework:spring-framework-bom from 6.1.1 to 6.1.2 #14319
• Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0 #14318
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14322
• Bump spring-io/spring-gradle-build-action from 1 to 2 #14321

❤️ Contributors

Thank you to all the contributors who worked on this release:

@ParkerM, @YangSiJun528, @aaron-to-go, @ahmd-nabil, @andreilisa, @dependabot[bot], @limvik, and @prufrock

6.1.6

⭐ New Features

• Document that Shibboleth Repository is Required for SAML Support #14294
• Integrate HandlerMappingIntrospector Caching #14128
• OAuth2 Resource Server is exposing server information. #14277
• Resolve RequestMatcher at request-time #14085

🪲 Bug Fixes

• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #14266
• Authentication not propagated correctly after migrating to SB3 #14111
• Authorization does not show up on Features section #14104
• DefaultLoginPageGeneratingFilter should be able to handle AuthenticationExceptions without message #14117
• Fix broken link for servlet getting started page #14119
• Fix typo in method-security.adoc #14059
• fix wrong document about "jws-algorithms" #14279
• Improve error message when ServletRegistration API is unavailable #14231
• improve render in headers.adoc #14101
• On Cancel, ObservationWebFilterDecorator Starts After-Filter Span without Stopping It #14063
• ReactiveRemoteJWKSource caches invalid response status into jwkSetURL #14041
• References to WebFlux docs do not link to them #14107
• relay_state should not be included in signing calculation when it is null #14038
• samesite set by Tomcat CookieProcessor ignored when creating XSRF-TOKEN cookie in CsrfTokenRepository #14131
• Security configuration is failed to be initialized in a Servlet 6.0 container #14165
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #14114
• Spring Security metric names should not contain dashes #14066
• spring.security counters inaccurate due onComplete and cancel() #14146
• Update Java Config Spring MVC documentation #14233
• Update logout.adoc: Replace Directives with Directive #14062

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #14310
• Bump actions/setup-java from 3 to 4 #14327
• Bump ch.qos.logback:logback-classic from 1.4.11 to 1.4.13 #14214
• Bump ch.qos.logback:logback-classic from 1.4.13 to 1.4.14 #14238
• Bump com.unboundid:unboundid-ldapsdk from 6.0.10 to 6.0.11 #14224
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14317
• Bump Gradle Wrapper from 8.4 to 8.5 #14218
• Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14158
• Bump io.micrometer:micrometer-observation from 1.10.12 to 1.10.13 #14134
• Bump io.projectreactor:reactor-bom from 2022.0.12 to 2022.0.13 #14144
• Bump io.projectreactor:reactor-bom from 2022.0.13 to 2022.0.14 #14288
• Bump org-aspectj from 1.9.20.1 to 1.9.21 #14272
• Bump org-eclipse-jetty from 11.0.17 to 11.0.18 #14081
• Bump org.springframework.data:spring-data-bom from 2022.0.11 to 2022.0.12 #14173
• Bump org.springframework:spring-framework-bom from 6.0.13 to 6.0.14 #14159
• Bump org.springframework:spring-framework-bom from 6.0.14 to 6.0.15 #14312
• Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0 #14315
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14316
• Bump spring-io/spring-gradle-build-action from 1 to 2 #14305

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Ruffeng, @dependabot[bot], @github-actions[bot], @marbon87, and @sadidshaikh

5.8.9

⭐ New Features

• Document that Shibboleth Repository is Required for SAML Support #14286
• OAuth2 Resource Server is exposing server information. #13730
• Resolve RequestMatcher at request-time #14078
• Update Java Config Spring MVC documentation #14220

🪲 Bug Fixes

• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #13625
• Authentication not propagated correctly after migrating to SB3 #12877
• Authorization does not show up on Features section #14099
• Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #13718
• Fix caching error state in ReactiveRemoteJWKSource #13976
• fix wrong document about "jws-algorithms" #14252
• Improve error message when ServletRegistration API is unavailable #14221
• References to WebFlux docs do not link to them #14100
• relay_state should not be included in signing calculation when it is null #13913
• Security configuration is failed to be initialized in a Servlet 6.0 container #13794
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #13644
• X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #11948
• XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #12483

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #14313
• Bump actions/setup-java from 3 to 4 #14307
• Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 #14240
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14301
• Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14153
• Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 #14143
• Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 #14290
• Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 #14142
• Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 #14291
• Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 #14170
• Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 #14154
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14303
• Bump spring-io/spring-gradle-build-action from 1 to 2 #14308

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @dongelci
• @dependabot[bot]

6.2.0

⭐ New Features

• AuthorizationManager[Before/After]ReactiveMethodInterceptor doesn't support Kotlin coroutines #12080
• Simplify configuration of OAuth2 Client component model #11783

🪲 Bug Fixes

• On Cancel, ObservationWebFilterDecorator Starts After-Filter Span without Stopping It #14064
• Authentication not propagated correctly after migrating to SB3 #14112
• Authorization does not show up on Features section #14105
• Fix obsolete comment and typos #14060
• Fix typo in documentation #14130
• improve render in headers.adoc #14102
• ReactiveRemoteJWKSource caches invalid response status into jwkSetURL #14042
• References to WebFlux docs do not link to them #14108
• relay_state should not be included in signing calculation when it is null #14039
• samesite set by Tomcat CookieProcessor ignored when creating XSRF-TOKEN cookie in CsrfTokenRepository #14138
• Security configuration is failed to be initialized in a Servlet 6.0 container #14166
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #14115
• Spring Security metric names should not contain dashes #14067
• spring.security counters inaccurate due onComplete and cancel() #14147
• The latest "OAuth2AuthorizedClientManager" class is not AOT ready #14094
• UnboundIdContainer should be marked as not running at shutdown #14095

🔨 Dependency Upgrades

• Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14156
• Bump io.micrometer:micrometer-observation from 1.12.0-RC1 to 1.12.0 #14135
• Bump io.projectreactor:reactor-bom from 2023.0.0-RC1 to 2023.0.0 #14145
• Bump org.junit:junit-bom from 5.10.0 to 5.10.1 #14097
• Bump org.springframework.data:spring-data-bom from 2023.1.0-RC1 to 2023.1.0 #14172
• Bump org.springframework.ldap:spring-ldap-core from 3.2.0-RC1 to 3.2.0 #14155
• Bump org.springframework:spring-framework-bom from 6.1.0-RC1 to 6.1.0-RC2 #14055
• Bump org.springframework:spring-framework-bom from 6.1.0-RC2 to 6.1.0 #14157

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @nico-ortiz
• @dependabot[bot]
• @martin-lukas