Releases: spring-projects/spring-security
Releases · spring-projects/spring-security
5.3.3.RELEASE
⭐ New Features
- Update BCryptPasswordEncoder documentation with default strength #8574
🪲 Bug Fixes
- Delay AuthenticationPrincipalArgumentResolver Lookup #8614
- Fix typos in BCryptPasswordEncoder documentation #8601
- Fixing typo in SAML 2.0 Sample README #8600
- Mock request with non-standard HTTP method in test #8597
- Remove unused field 'digester' in Md4PasswordEncoder #8575
- Polish JDBC Authentication documentation #8573
- ACL : AclImpl.hashCode leads to StackOverflowError #8569
- Fix Kotlin Sample Documentation #8565
- Object ID Identity conversion to long fails on old schema #8558
- Blocking in WebSessionServerCsrfTokenRepository #8544
- Fix AntPathRequestMatcher Javadoc #8526
- Document NoOpPasswordEncoder will not be removed #8521
- Fix non-standard HTTP method for CsrfWebFilter #8515
🔨 Dependency Upgrades
5.2.5.RELEASE
🪲 Bug Fixes
- Delay AuthenticationPrincipalArgumentResolver Lookup #8615
- Mock request with non-standard HTTP method in test #8595
- Remove unused field 'digester' in Md4PasswordEncoder #8576
- ACL : AclImpl.hashCode leads to StackOverflowError #8570
- Object ID Identity conversion to long fails on old schema #8559
- Blocking in WebSessionServerCsrfTokenRepository #8545
- Fix AntPathRequestMatcher Javadoc #8527
- Document NoOpPasswordEncoder will not be removed #8522
- Fix non-standard HTTP method for CsrfWebFilter #8516
🔨 Dependency Upgrades
5.1.11.RELEASE
⭐ New Features
- HTTP Host header attack #8641
🪲 Bug Fixes
- Remove unused field 'digester' in Md4PasswordEncoder #8577
- ACL : AclImpl.hashCode leads to StackOverflowError #8571
- Blocking in WebSessionServerCsrfTokenRepository #8546
- Fix AntPathRequestMatcher Javadoc #8528
- Document NoOpPasswordEncoder will not be removed #8523
- Fix non-standard HTTP method for CsrfWebFilter #8517
🔨 Dependency Upgrades
5.0.17.RELEASE
⭐ New Features
- HTTP Host header attack #8640
🪲 Bug Fixes
- Remove unused field 'digester' in Md4PasswordEncoder #8578
- ACL : AclImpl.hashCode leads to StackOverflowError #8572
- Blocking in WebSessionServerCsrfTokenRepository #8547
- Fix AntPathRequestMatcher Javadoc #8529
- Document NoOpPasswordEncoder will not be removed #8524
- Fix non-standard HTTP method for CsrfWebFilter #8518
🔨 Dependency Upgrades
4.2.17.RELEASE
5.4.0-M1
⭐ New Features
- Jenkins does not need to build on JDK 9 and 10 #8482
- Upgrade Freefair AspectJ plugin to v5.0.1 #8456
- AesBytesEncryptor constructor that uses secret key #8443
- Rename Preface to Introduction #8411
- TestSaml2X509Credentials should only return Saml2X509Credential instances #8404
- Saml2CryptoTestSupport and TestSaml2AuthenticationObjects should be one class #8403
- Allow creating AesBytesEncryptor with key #8402
- Add Flag to enable searching of LDAP groups on subtrees #8400
- Documented dependencies for opaque Resource Server #8394
- Allow expose JwtAuthenticationConverter as a bean for Resource Server #8379
- Use Kotlin DSL Marker Annotations to prevent scope leaking in WebFlux DSL #8366
- Saml2AuthenticationRequestContext should be extendible #8356 #8364
- Add constructors receiving AuthenticationManager #8362
- Allow the ability to configure AuthoritiesMapper in Reactive OAuth2Login #8361
- Saml2WebSsoAuthenticationRequestFilter should not use OpenSamlAuthenticationRequestFactory by default #8359
- Validate ID Token Issuer #8357
- Saml2AuthenticationRequestContext should be extendible #8356
- Add authorize() DSL method that accepts HttpMethod #8350
- Allow custom header during bearer token extraction #8341
- Allow specify header in ServerBearerTokenAuthenticationConverter #8337
- Provide possibility to use custom cache to store JWK Set #8332
- Adding Map support to DefaultMethodSecurityExpressionHandler #8331
- BCryptPasswordEncoder rawPassword cannot be null #8330
- Allow the ability to configure AuthoritiesMapper in Reactive OAuth2Login #8324
- Open ID Connect ID Token Issuer not validated #8321
- Add addFilterAfter and addFilterBefore to Kotlin DSL #8319
- Added setPrincipalClaimName to JwtAuthenticationConverter #8318
- BCryptPasswordEncoder.encode() throws NPE #8317
- HttpSecurityDsl does not support addFilterBefore and addFilterAfter #8316
- AuthorizeRequestsDsl doesn't allow HTTP Method to be specified #8307
- SpringTestContext returns ConfigurableWebApplicationContext #8233
- Clarify use case for
ServerBearerExchangeFilterFunction#8220 - Update Encryptors documentation for standard and stronger #8208
- Upgrade to Gradle Enterprise Plugin 3.2 #8205
- Add Figures to Resource Server Docs #8184
- Add Figures to Resource Server Docs #8182
- Document JwtGrantedAuthoritiesConverter #8176
- Fix userNameAttribute property case style #8171
- userNameAttribute case style is different others #8169
- Polish SAML 2.0 Login Sample #8163
- Document AuthorizedClientServiceOAuth2AuthorizedClientManager #8152
- Assign sensible default for OAuth2AuthorizedClientProvider #8150
- OpenSamlImplementation should not use reflection #8147
- Allow port=0 for LDAP Servers #8139
- LDAP server configuration should support port=0 #8138
- Use io.spring.gradle-enterprise-conventions #8115
- Replace VersionsResourceTasks with WriteProperties #8114
- Improve Build Performance #8113
- Document OAuth 2.0 Login XML Support #8110
- Fix exception from empty basic auth header token #8109
- Fix typo 'properites' -> 'properties' in documentation #8096
- Document AuthenticationEventPublisher improvements #8081
- Document AuthNRequest POST binding support #8079
- Document AuthNRequest signature support #8078
- Document OAuth 2.0 Resource Server XML Support #8077
- Document Jackson serialization support for OAuth 2.0 Client #8075
- Document OAuth 2.0 Client XML Support #8074
- Document OAuth2Authorization success and failure handlers #8073
- Document OIDC Logout Success Handler Improvements #8072
- Document OAuth 2.0 Authorization Request improvements #8071
- Add OAuth 2.0 Test Support Docs #8050
- Add server request cache that uses cookie #8033
- Basic auth header without user results in exception #7976
- Add RequestRejectedHandler #7052
- OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #5633
- Idiomatic Kotlin DSL for configuring HTTP security #5558
- SessionRegistryImpl is now aware of SessionIdChangedEvent #5439
- SessionRegistryImpl is not aware of SessionIdChange events. #5438
- SwitchUserFilter vulnerable to CSRF #4183
🪲 Bug Fixes
- Fix Javadoc punctuation #8480
- Fixed typos in documentation #8454
- Support update when saving with JdbcOAuth2AuthorizedClientService #8435
- JdbcOAuth2AuthorizedClientService should support update when saving #8425
- OAuth2 Resource Server docs not in sync - authorityPrefix can't be set to "" #8421
- ActiveDirectoryLdapAuthenticationProvider uses InternalAuthenticationServiceException #8418
- Fix mismatch between CONTRIBUTING.adoc and .editorconfig #8417
- Fix Documentation to Refer to BasicAuthenticationFilter #8414
- Add ROLE_INFRASTRUCTURE to infrastructure beans #8407
- Fix typo with correct capitalization [#8406](https://github.com/spring-projects/s...
5.3.2.RELEASE
⭐ New Features
🪲 Bug Fixes
- Fix Javadoc punctuation #8490
- Fixed typos in documentation #8460
- JdbcOAuth2AuthorizedClientService should support update when saving #8448
- Add ROLE_INFRASTRUCTURE to infrastructure beans #8437
- Fix Documentation to Refer to BasicAuthenticationFilter #8423
- Fix typo with correct capitalization #8408
- Global ServerSecurityContextRepository ignored by logout #8385
- Fix example in javadoc of FilterChainProxy #8351
- Java Doc of org.springframework.security.config.annotation.web.builders.HttpSecurity contains grammatical errors #8311
🔨 Dependency Upgrades
- Update to aspectj-plugin:4.1.6 #8306
5.2.4.RELEASE
⭐ New Features
🪲 Bug Fixes
- Fix Javadoc punctuation #8494
- Add ROLE_INFRASTRUCTURE to infrastructure beans #8438
- SEC-2664: ActiveDirectoryLdapAuthenticationProvider should wrap communication exceptions in InternalAuthenticationServiceException #8430
- OAuth2 Resource Server docs not in sync - authorityPrefix can't be set to "" #8426
- Fix typo with correct capitalization #8409
- Global ServerSecurityContextRepository ignored by logout #8386
- Fix example in javadoc of FilterChainProxy #8352
- Fix typo in Javadoc of ServerHttpSecurity#hasAuthority #8338
- Java Doc of org.springframework.security.config.annotation.web.builders.HttpSecurity contains grammatical errors #8312
🔨 Dependency Upgrades
- Update to Byte Buddy 1.9.16 #8481
- Upgrade to embedded Apache Tomcat 9.0.34 #8469
- Update RSocket to 1.0.0-RC7 #8468
- Update to GAE 1.9.80 #8467
- Update to Jackson 2.10.4 #8466
- Update to org.powermock 2.0.7 #8465
- Update to Reactor Dysprosium-SR7 #8464
- Update to Spring Framework 5.2.6.RELEASE #8463
- Update to Spring Data Moore-SR7 #8462
5.1.10.RELEASE
⭐ New Features
- BCryptPasswordEncoder.encode() throws NPE #8347
🪲 Bug Fixes
- Fix Javadoc punctuation #8496
- Add ROLE_INFRASTRUCTURE to infrastructure beans #8440
- SEC-2664: ActiveDirectoryLdapAuthenticationProvider should wrap communication exceptions in InternalAuthenticationServiceException #8431
- Fix typo with correct capitalization #8410
- Global ServerSecurityContextRepository ignored by logout #8388
- Fix example in javadoc of FilterChainProxy #8353
- Fix typo in Javadoc of ServerHttpSecurity#hasAuthority #8339
- Java Doc of org.springframework.security.config.annotation.web.builders.HttpSecurity contains grammatical errors #8313
🔨 Dependency Upgrades
5.0.16.RELEASE
⭐ New Features
- BCryptPasswordEncoder.encode() throws NPE #8348
🪲 Bug Fixes
- Fix Javadoc punctuation #8497
- Add ROLE_INFRASTRUCTURE to infrastructure beans #8441
- SEC-2664: ActiveDirectoryLdapAuthenticationProvider should wrap communication exceptions in InternalAuthenticationServiceException #8432
- Fix example in javadoc of FilterChainProxy #8354
- Fix typo in Javadoc of ServerHttpSecurity#hasAuthority #8340
- Java Doc of org.springframework.security.config.annotation.web.builders.HttpSecurity contains grammatical errors #8314