All Versions
79
Latest Version
Avg Release Cycle
40 days
Latest Release
9 days ago
Changelog History
Page 4
Changelog History
Page 4
-
v5.3.5.RELEASE Changes
October 07, 2020 -
v5.3.4.RELEASE Changes
August 05, 2020🍱 ⭐ New Features
- ➕ Add logging #8888
- 🔒 Document improvement for configure(WebSecurity web) and configure(HttpSecurity http) #8855
- 🔒 formLogin() does not work with REST Docs #8748
- 🔒 Use Github Actions PR pipeline and remove Travis for 5.3.x #8724
🍱 🐞 Bug Fixes
- 🔒 ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8896
- 🔒 OAuth2AuthenticationException should be in allowlist #8863
- 🔒 Resolved bearer token has no padding indicators #8837
- 🛠 Fix ProviderManager Javadoc typo #8811
- 🔒 LoginPageGeneratingWebFilter should honor context path #8808
- 🔒 OAuth2 Resource Server docs not in sync - authorityPrefix can't be set to "" #8803
- 🔒 RoleHierarchy is not used by AbstractAuthorizeTag #8678
- 🔒 OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException #8672
- 🔒 ReactorContext not available in PayloadSocketAcceptor delegate.accept #8655
⬆️ 🔨 Dependency Upgrades
- 🚀 Update to spring-build-conventions:0.0.34.RELEASE #8925
- 🚀 Update to nohttp 0.0.5.RELEASE #8924
- ⚡️ Update to GAE 1.9.81 #8923
- 🚀 Update to Spring Boot 2.2.9.RELEASE #8922
- 🚀 Update to spring-build-conventions:0.0.33.RELEASE #8760
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
-
v5.3.3.RELEASE Changes
June 03, 2020🍱 ⭐ New Features
- 📚 Update BCryptPasswordEncoder documentation with default strength #8574
🍱 🐞 Bug Fixes
- 🔒 Delay AuthenticationPrincipalArgumentResolver Lookup #8614
- 🛠 Fix typos in BCryptPasswordEncoder documentation #8601
- 🛠 Fixing typo in SAML 2.0 Sample README #8600
- 🔒 Mock request with non-standard HTTP method in test #8597
- ✂ Remove unused field 'digester' in Md4PasswordEncoder #8575
- 📚 Polish JDBC Authentication documentation #8573
- 🔒 ACL : AclImpl.hashCode leads to StackOverflowError #8569
- 🛠 Fix Kotlin Sample Documentation #8565
- 🔒 Object ID Identity conversion to long fails on old schema #8558
- 🔒 Blocking in WebSessionServerCsrfTokenRepository #8544
- 🛠 Fix AntPathRequestMatcher Javadoc #8526
- 🔒 Document NoOpPasswordEncoder will not be removed #8521
- 🛠 Fix non-standard HTTP method for CsrfWebFilter #8515
⬆️ 🔨 Dependency Upgrades
-
v5.3.2.RELEASE Changes
May 06, 2020🍱 ⭐ New Features
🍱 🐞 Bug Fixes
- 🛠 Fix Javadoc punctuation #8490
- 🛠 Fixed typos in documentation #8460
- ⚡️ JdbcOAuth2AuthorizedClientService should support update when saving #8448
- ➕ Add ROLE_INFRASTRUCTURE to infrastructure beans #8437
- 🛠 Fix Documentation to Refer to BasicAuthenticationFilter #8423
- 🛠 Fix typo with correct capitalization #8408
- 🔒 Global ServerSecurityContextRepository ignored by logout #8385
- 🛠 Fix example in javadoc of FilterChainProxy #8351
- 🔒 Java Doc of org.springframework.security.config.annotation.web.builders.HttpSecurity contains grammatical errors #8311
⬆️ 🔨 Dependency Upgrades
- ⚡️ Update to aspectj-plugin:4.1.6 #8306
-
v5.3.1.RELEASE Changes
March 31, 2020🍱 ⭐️ New Features
- 🔒 SpringTestContext returns ConfigurableWebApplicationContext #8237
- 🔒 OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #8234
- 🔒 SwitchUserFilter vulnerable to CSRF #8222
- 🔒 Clarify use case for
ServerBearerExchangeFilterFunction#8221 - 📚 Update Encryptors documentation for standard and stronger #8211
- 🔒 Document JwtGrantedAuthoritiesConverter #8183
- 💅 userNameAttribute case style is different others #8179
- 🔒 Document AuthNRequest POST binding support #8165
- 💅 Polish SAML 2.0 Login Sample #8164
- 🔒 OpenSamlImplementation should not use reflection #8161
- 🔒 Document AuthorizedClientServiceOAuth2AuthorizedClientManager #8153
- 🔒 Assign sensible default for OAuth2AuthorizedClientProvider #8151
- 🔒 Document OAuth2Authorization success and failure handlers #8146
- 🔒 Document Jackson serialization support for OAuth 2.0 Client #8145
- 🔒 Document OAuth 2.0 Authorization Request improvements #8133
- 🔒 Document OAuth 2.0 Login XML Support #8132
- 🔒 Document OAuth 2.0 Client XML Support #8131
- 🔒 Basic auth header without user results in exception #8122
- 🔒 Document AuthenticationEventPublisher improvements #8103
- 📚 Typo 'properites' -> 'properties' in documentation #8098
- 🔒 Document OAuth 2.0 Resource Server XML Support #8094
- 🔒 Provide spring-security-5*.xsd for https://www.springframework.org/schema/security/ #8091
- 🔒 Document OIDC Logout Success Handler Improvements #8088
- ➕ Add OAuth 2.0 Test Support Docs #8087
- ⚡️ Update test to have comment about secure salt length #8084
- 🔒 Document JwtClaimValidator #8076
🍱 🐞 Bug Fixes
- 🔒 HttpServletRequest.logout() not functioning #8238
- 🔒 OAuth2 ClientRegistrations NPE when UserInfo endpoint missing #8209
- 🔒 oauth2Login WebFlux should not auto-redirect for XHR request #8201
- 🛠 Fix OAuth2AuthorizationRequest additionalParameters/attributes Consumer #8178
- 🔒 RSocket test should throw AccessDeniedException #8160
- 🔒 Make OAuth2ErrorHttpMessageConverter more resilient #8158
- 🛠 Fix typo in Javadoc of HttpSecurity#csrf() #8134
- 🔒 NPE thrown when token response contains a null value #8121
- 🔒 Google's top result for "Spring Security Reference" returns a 404 #8086
- 📚 5.3.0 Documentation What's New has some broken links #8069
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
-
v5.3.0.RELEASE Changes
March 04, 2020🍱 ⭐️ New Features
- ⚡️ Update What's New Section #8062
- 🔒 Document JdbcOAuth2AuthorizedClientService #8061
- ➕ Add oauth2login xml sample #8060
- ⚡️ Update doc diagram palette to use sans-serif font #8057
- ➕ Add SecurityFilterChain Figure #8055
- 🔒 oauth2Client Test Support should allow configuration of principal name #8054
- ➕ Add Kotlin Configuration section to docs #8051
- ➕ Add anchors to SAML 2.0 documentation #8049
- ⚡️ Update UserDetailsService Docs #8048
- ➕ Add Figures to Basic Authentication Docs #8039
- ➕ Add Link to DispatcherServlet in Filter Review Doc #8036
- ➕ Add Figures to Form Log In Docs #8035
- ➕ Add Figure for AuthenticationEntryPoint Docs #8030
- ➕ Add ProviderManager to Docs #8029
- 🔒 Custom ServerHttpHeadersWriter to HeaderSpec #8028
- ➕ Add hasRole(String) to authorizeRequests in Kotlin DSL #8023
- ➕ Add missing @FunctionalInterface in oauth2 modules #8020
- 🔒 Provide configurable Clock in OidcIdTokenValidator #8019
- ➕ Add OAuth2AuthorizeRequest.Builder.principal(String) #8018
- 🔒 Extract AuthenticationManager Docs #8006
- 🔒 Extract SecurityContextHolder, SecurityContext, Authentication, and GrantedAuthority Docs #8005
- ➕ Add AbstractAuthenticationProcessingFilter Docs #8004
- 🔒 Extract AuthenticationEntryPoint Docs #8003
- 🔒 Extract ExceptionTranslationFilter Docs #8002
- 🔒 Extract FilterSecurityInterceptor Docs #8001
- 🔒 Use Color Palette that is Accessible for Color Blind #8000
- 🔒 Create a palette.odg #7999
- ➕ Add Numbers Icons #7998
- 🔒 Instantiate exceptions lazily #7996
- 🔒 JwtIssuerReactiveAuthenticationManagerResolver eagerly creates Exceptions #7995
- 🔒 OAuth2AuthorizationRequest.Builder should configure additional parameters with a consumer #7993
- ➕ Add OAuth2Authorization success/failure handlers #7986
- 🔨 Refactor Duplicate Security Filter Chain Doc #7979
- 🛠 Fix Asciidoctor Warnings #7973
- 🔒 Use Kotlin DSL Marker Annotations to prevent scope leaking #7971
- ➕ Add JwtClaimValidator #7962
- 👌 Support custom filter in Kotlin DSL #7951
- 🔒 Option for default event in DefaultAuthenticationEventPublisher #7937
- 🔒 DefaultAuthenticationEventPublisher is now configurable via a Map #7925
- ➕ Add oauth2Client WebTestClient Test Support #7910
- 🔒 Nimbus OpaqueTokenIntrospectors should differentiate token and service errors #7902
- 🔒 OAuth 2.0 Client supports application clustering #7889
- ➕ Add JwtIssuerReactiveAuthenticationManagerResolver #7887
- 🔒 Consider adding JwtClaimValidator #7860
- ➕ Add ReactiveJwtIssuerAuthenticationManagerResolver and Reactive Multi Tentant Examples #7857
- ➕ Add JDBC implementation of OAuth2AuthorizedClientService #7855
- 🔒 Set default redirect in OidcClientInitiatedServerLogoutSuccessHandler #7842
- 🔒 Introduce OAuth2Authorization success/failure handlers #7840
- ➕ Add Opaque Token Reactive Test Support #7827
- 🔒 DefaultAuthenticationEventPublisher should allow configuring a default event #7825
- 🔒 DefaultAuthenticationEventPublisher should be configurable via Map #7824
- 🔒 Oauth2login xmlconfig implementation #7821
- 🔒 OAuth 2.0 Resource Server XML Support #7775
- 🔒 SAML AuthNRequest Signatures - Step 2 #7759
- 🔒 SAML AuthNRequest Signatures - Step 1 #7758
- 🔒 Simplify customizing OAuth2AuthorizationRequest #7748
- 🔒 SAML2 HTTP-Redirect: Missing Signature and SigAlg parameters in SAMLRequest Url (AuthNRequest) #7711
- 🔒 Consider adding switch to enable or disable OIDC nonce #7696
- 🔒 Getting OAuth2AuthenticationException when Bearer token is empty #7668
- 🔒 Provide JDBC implementation of OAuth2AuthorizedClientService #7655
- ➕ Add custom ServerHttpHeadersWriter to HeadersSpec #7636
- 🔒 RefreshTokenOAuth2AuthorizedClientProvider does not handle expired refresh token #7583
- 🛠 Fix typo 'is' -> 'if' in javadoc #7559
- 🔒 Saml2LoginConfigurer should expose AuthenticationManager setter #7374
- 🔒 Provide XML namespace support for OAuth 2.0 Resource Server #5185
- 🔒 Provide XML namespace support for OAuth 2.0 Client #5184
- 🔒 Migrate Groovy to Java #4939
- 🔒 Provide XML namespace support for OAuth2Login #4557
🍱 🐞 Bug Fixes
- 🔒 Typo fix #8059
- 🛠 Fix typo in AntPathRequestMatcher contructor comment #8042
- 📄 Docs Should Style Links that are Code as Link #8038
- 🔒 An AuthenticationManager is required. Oauth2ResourceServer + anonymous disable #8031
- 📚 Tab switching does not work in documentation code samples #8025
- 🔒 Build failure with NoClassDefFoundError on javax/mail/internet #7994
- ✂ Remove Duplicate Runtime Environment From Docs #7980
- 🔒 OAuth2AuthorizationCodeGrantWebFilter should also match on query parameters #7966
- 🔒 OAuth2AuthorizationCodeGrantFilter should also match on query parameters #7963
- 🛠 fix #7952 Don't force downcasting of RequestAttributes to ServletRequestAttributes #7953
- 🔒 ClassCastException for ServletRequestAttributes #7952
- 🔒 Prevent double-escaping of authorize URL parameters #7881
- 🔒 Resource Server clientCredentials take precedence over introspector in Kotlin DSL #7878
- 🔒 Resource Server jwkSetUri takes precedence over jwtDecoder in Kotlin DSL #7877
- 🔒 Error in WebSecurityConfigurer Javadoc #7876
- 🔒 Query parameters in authorization-url are double-encoded #7871
- 🔒 OAuth2 access token response parsing fails with nested JSON object #6463
⬆️ 🔨 Dependency Upgrades
- ⚡️ Update to Gradle 6.2.2 #8065
- ⚡️ Update Kotlin to 1.3.70 #8064
- ⚡️ Update Spring Boot to 2.2.5 #8063
- 🚀 Update to spring-build-conventions:0.0.31.RELEASE #8058
- ⚡️ Update dependencies #8056
- 🚀 Update to spring-build-conventions:0.0.29.RELEASE #7974
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
-
v5.3.0.RC1 Changes
February 05, 2020🍱 ⭐️ New Features
- ➕ Add RSocket Authentication Extension Support #7935
- 🔒 SecurityEvaluationContextExtension.getRootObject() Specific Type #7891
- ➕ Add oauth2Client MockMvc Test Support #7886
- 🔒 Nimbus JwtDecoders should differentiate token and service errors #7885
- ✂ Remove redundant branches from SessionManagementConfigurer #7879
- 🔒 AuthenticationWebFilter's ReactiveAuthenticationManagerResolver should take a ServerWebExchange #7872
- 🔒 SAML2: Wrong IdP response URL throws NPE (for non-existing "RelyingParty") #7865
- 🔒 Typo in doc #7830
- ➕ Add oauth2Login Reactive Test support #7828
- 👌 Improve Bearer Token Error Handling #7826
- ➕ Add BearerTokenErrors #7823
- ➕ Add InvalidBearerTokenException #7822
- 🔒 Make OAuth2AccessToken converters public #7815
- 🔒 AuthenticationEventPublisher Lookup #7802
- 📚 Modernize Documentation Styling #7801
- 🔒 Invalid OAuth2 login attempts don't emit a corresponding ApplicationEvent #7793
- 🔒 Set secure on cookie when logging out #7764
- 🔒 Introduce Reactive OAuth2Authorization success/failure handlers #7756
- 🔒 ProviderManager should have a varargs constructor #7713
- 🔒 Introduce Reactive OAuth2Authorization success/failure handlers #7699
- 🔒 Migrate LDAP integration tests groovy->java #7691
- 🔒 WebSecurityConfigurerAdapter: Unable to use custom AuthenticationEventPublisher #7515
- ➕ Add Jackson support to OAuth2 session related classes #4886
🍱 🐞 Bug Fixes
- 🔒 Build failing with NoSuchMethodError #7888
- 🔒 cassample integration tests are failing #7874
- 🔒 Form login requiresAuthenticationMatcher is not used in WebFlux #7863
- 🔒 BasicAuthenticationFilter ignores credentials charset #7835
- 🔒 Default LDIF file not picked up in LDAP "unboundid" mode #7833
- 📚 Incorrect LDIF file example in LDAP documentation #7832
- 🔒 OpaqueTokenRequestPostProcessor should respect configuration order #7800
- 🔒 Form Login authenticationFailureHandler is not used in ServerHttpSecurity #7782
⬆️ 🔨 Dependency Upgrades
- ⚡️ Update to Gradle 6.1.1 #7936
- ⚡️ Update to GAE 1.9.78 #7893
- 🚀 Update to Spring Boot 2.2.4.RELEASE #7892
- ⚡️ Update Gradle 6.1 #7838
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
-
v5.3.0.M1 Changes
January 08, 2020🍱 ⭐️ New Features
- 👍 Allow disabling dependency locking #7799
- 🔒 Build task "snapshots" should not use locked dependencies #7798
- ➕ Add oauth2Login MockMvc Test Support #7789
- 🔒 Manage Versions using Version Locking #7788
- 🔒 Use Gradle Platform / Constraints #7787
- 🔒 Idiomatic Kotlin DSL for configuring HTTP security in servlet based applications #7785
- 🛠 Fix description of PasswordEncoder #7784
- 🛠 Fix unchecked assignment and possible NPE #7773
- 🔒 Resolve JavaType only once for whitelisted class #7755
- 🔒 Set secure when cancelling remember-me cookie #7726
- ➕ Add JwtIssuerAuthenticationManagerResolver #7724
- ➕ Add opaque token test support #7712
- ✂ Remove redundant validation for redirect-uri #7706
- 🔒 Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7702
- 🔒 Enable AuthenticationManager configuration in saml2Login #7693
- 📚 Incomplete Documentation for Setting Up MockMvc and Spring Security #7688
- ➕ Add Oidc Login Reactive Test Support #7680
- ✂ Remove consecutive-word duplications in Javadocs #7673
- 🛠 Fix InitializeAuthenticationProviderBeanManagerConfigurer Javadoc #7666
- 🛠 Fix minor typo in HttpSecurity documentation #7663
- 🔒 Check BCrypt hashed value of a byte array #7661
- 👍 Allow configuring authenticationManagerResolver for SAML2 #7654
- ➕ Add oidcLogin MockMvc Test Support #7618
- ➕ Add OidcUserInfo.Builder #7593
- ➕ Add OidcIdToken.Builder #7592
- 🔒 Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7569
- 🔒 Specify return type in InitializeUserDetailsBeanManagerConfigurer method Javadoc #7557
- 🔒 In Test @AuthenticationPrincipal is null because ServerWebExchange is not wrapped #6598
- 🔒 Make MethodSecurityEvaluationContext Delegates to MethodBasedEvaluationContext #6249
- 🔒 Override the key to avoid CookieTheftException #5509
- ➕ Add resource server support for multiple trusted JWT access token issuers #5385
- 🔒 RememberMeConfigurer does not use the key from RememberMeServices #4140
- 🔒 Option in BasicAuthenticationFilter to log more exception info #3308
🍱 🐞 Bug Fixes
- 🔒 OidcLoginRequestPostProcessor should respect configuration order #7794
- 🛠 Fix var typo and code readability in resource server documentation #7772
- 📄 Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7737
- 🔒 Use the custom ServerRequestCache for Oauth2LoginSpec #7734
- 🔒 CompositeServerHttpHeadersWriter Should Execute Sequentially #7731
- 🔒 DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7728
- 🔒 DelegatingServerLogoutHandler Should Execute Sequentially #7723
- 🔒 RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7721
- 🔒 Disabling logout in WebFlux does nothing #7682
- 🔒 Saml2Authentication isn't serializable #7681
- 🔒 Correctly configure authorization requests repository for OAuth2 login #7675
- 🔒 Error in javadoc for oauth2ResourceServer #7670
- 🔒 DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7544
- 🔒 WebFlux oauth2Login returns 500 when bad client credentials #5562
⬆️ 🔨 Dependency Upgrades
🍱 ⏪ Non-passive
- 🔒 UsernamePasswordAuthenticationTokenDeserializer doesn't deserialize details to correct type #7482
🍱 ❤️ Contributors
🚀 We'd like to thank all the contributors who worked on this release!
-
v5.2.8.RELEASE Changes
December 03, 2020🍱 🐞 Bug Fixes
- ✂ Remove empty Appendix Section from docs #9172
- 🔒 Tests should not combine Authentication and @AuthenticationPrincipal #9126
⬆️ 🔨 Dependency Upgrades
- ⚡️ Update to Spring LDAP Core 2.3.3 #9245
- ⚡️ Update to Powermock 2.0.9 #9244
- ⚡️ Update to HSQLDB 2.5.1 #9243
- ⚡️ Update to Hibernate EntityManager 5.4.25 #9242
- ⚡️ Update to Jetty 9.4.35 #9241
- ⚡️ Update to HttpComponents HttpClient 4.5.13 #9240
- ⚡️ Update to RSocket 1.0.3 #9239
- ⚡️ Update to Reactor Dysprosium-SR14 #9238
- ⚡️ Update to Google App Engine 1.9.83 #9237
- ⚡️ Update to Jackson Databind 2.10.5.1 #9236
- ⚡️ Update to Spring Data Moore-SR11 #9235
- ⚡️ Update to Spring 5.2.11 #9234
- ⚡️ Update to Spring Boot 2.2.11 #9233
-
v5.2.7.RELEASE Changes
October 07, 2020🍱 🐞 Bug Fixes
- 🔒 SpringSecurityCoreVersion.java getSpringVersion() method does not close stream. #9058
- 🔒 CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #9025
⬆️ 🔨 Dependency Upgrades
- ⚡️ Update to Spring Data Moore-SR10 #9088
- ⚡️ Update to Hibernate Entity manager 5.4.22 #9087
- ⚡️ Update to Hibernate Validator 6.1.6 #9086
- 🔒 Upgrade to embedded Apache Tomcat 9.0.38 #9085
- ⚡️ Update to RSocket 1.0.2 #9084
- ⚡️ Update to Spring Framework 5.2.9 #9083
- ⚡️ Update to Reactor Dysprosium-SR12 #9082
- ⚡️ Update to Spring Boot 2.2.10 #9081
- ⚡️ Update to GAE 1.9.82 #9080
- ⚡️ Update to org.aspectj 1.9.6 #9079