Releases: spring-projects/spring-security
Releases Β· spring-projects/spring-security
6.5.0-M2
β New Features
- Add
FormPostRedirectStrategyto enable POST OIDC Logout #16214 - Add
HttpStatusAccessDeniedHandler#16502 - Add support for OAuth 2.0 Demonstrating Proof of Possession (DPoP) #16574
- Add Support GenerateOneTimeTokenRequestResolver #16297
- Add Support ServerGenerateOneTimeTokenRequestResolver #16489
- Consistently NonNull annotation #16587
- Consistently Spring Security javadocs #16586
- Display default login page with only one-time token login #16414
- Generic error message in Log In page and debug messages #16575
- Lazily compose debug message in AbstractUserDetailsAuthenticationProv⦠#16513
- Make PublicKeyCredentialRequestOptions Serializable #16438
- One time token authentication filter should be its own class #16539
- One Time Token login registers the default login page #16480
- Polish OneTimeTokenLoginConfigurer #16468
- Refactor authorization manager variable naming #16559
- Remove Deprecated Usages of RemoteJWKSet #16537
- Support JWK Selection Strategy in NimbusJwtEncoder #16570
- Update DelegatingPasswordEncoder.java #16479
- Update reference Spring Framwork links #16564
- Update settings.gradle to correct the behavior if creating a new subproject with default buildFile name #16387
- Update UsernameNotFoundException message #16508
πͺ² Bug Fixes
- Fix javadoc typo onResponseCommmitted-> onResponseCommitted #16535
- Fix loader has changed while resolving nodes in WebAuthnWebDriverTests #16464
- Fix RestClient Documentation Header #16562
- Fix serializeCurrentVersionClasses #16443
- Fixed assertion in DefaultGenerateOneTimeTokenRequestResolver #16507
- GenerateOneTimeTokenWebFilter triggers double execution of the downstream WebFilterChain #16465
- Implement
Serializablefor WebAuthnAuthentication #16474 - Misconfigured OAuth2LoginAuthenticationFilter when combining OAuth2 login and OAuth2 client configuration #16467
- OTT Should Use non-static member to capture the last OneTimeToken #16472
- OTT Tests should use mocks instead of comparing expires #16515
π¨ Dependency Upgrades
- Bump com.github.ben-manes:gradle-versions-plugin from 0.51.0 to 0.52.0 #16475
- Bump com.google.code.gson:gson from 2.12.0 to 2.12.1 #16511
- Bump com.nimbusds:oauth2-oidc-sdk from 9.43.5 to 9.43.6 #16593
- Bump com.webauthn4j:webauthn4j-core from 0.28.4.RELEASE to 0.28.5.RELEASE #16522
- Bump esbuild from 0.23.0 to 0.25.0 in /javascript #16580
- Bump io.freefair.gradle:aspectj-plugin from 8.12 to 8.12.1 #16531
- Bump io.micrometer:micrometer-observation from 1.14.3 to 1.14.4 #16568
- Bump io.projectreactor:reactor-bom from 2023.0.14 to 2023.0.15 #16578
- Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 #16532
- Bump org.hibernate.orm:hibernate-core from 6.6.7.Final to 6.6.8.Final #16609
- Bump org.htmlunit:htmlunit from 4.8.0 to 4.9.0 #16469
- Bump org.seleniumhq.selenium:htmlunit3-driver from 4.27.0 to 4.28.0 #16476
- Bump org.seleniumhq.selenium:selenium-java from 4.28.0 to 4.28.1 #16477
- Bump org.springframework.data:spring-data-bom from 2024.1.2 to 2024.1.3 #16608
- Bump org.springframework.ldap:spring-ldap-core from 3.2.10 to 3.2.11 #16592
- Bump org.springframework:spring-framework-bom from 6.2.2 to 6.2.3 #16591
- Bump serialize-javascript and mocha in /javascript #16581
π© Build Updates
- Add GenerateOneTimeTokenFilterTests #16327
- Add TestBytes #16462
- Bump
@springio/asciidoctor-extensions from 1.0.0-alpha.14 to 1.0.0-alpha.16 in /docs #16518
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@ChristianHoesel, @Kehrlann, @LiYing2010, @Tejas-Teju, @big-cir, @candrews, @dependabot[bot], @douxiaofeng99, @earlgrey02, @franticticktick, @guesshe, @jgrandja, @kse-music, @kwondh5217, @ngocnhan-tran1996, @patpatpat123, and @plll0123
Contributors
candrews, ChristianHoesel, and 15 other contributors
Assets 2
6.4.3
β New Features
- Add Support disableDefaultRegistrationPage to WebAuthnDsl #16395
πͺ² Bug Fixes
withValueused incorrectly #16527- Fix for JdbcOneTimeTokenService cleanupExpiredTokens failing with PostgreSQL #16344
- Fix GenerateOneTimeTokenWebFilter double publish of chain.filter(...) #16459
- Fix Kotlin DSL webAuthn { } #16338
- Fix loader has changed while resolving nodes in WebAuthnWebDriverTests #16463
- Fix logoutRequestRepository not set on Saml2RelyingPartyInitiatedLogoutSuccessHandler #16310
- Implement
Serializablefor WebAuthnAuthentication #16285 - Make AuthorizationDecision Serializable #16544
- Make PublicKeyCredentialRequestOptions Serializable Backport #16584
- Make Saml2AuthenticationToken Serializable #16287
- Make WebAuthnAuthentication Serializable #16273
- Make WebAuthnAuthenticationRequestToken Serializable #16602
- Make WebAuthnAuthenticationTokenRequest Serializable #16481
- Misconfigured OAuth2LoginAuthenticationFilter when combining OAuth2 login and OAuth2 client configuration #16466
- OTT Should Use non-static member to capture the last OneTimeToken #16471
- webauthn js should ensure allowCredentials[].id is an ArrayBuffer #16440
π¨ Dependency Upgrades
- Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16 #16364
- Bump com.nimbusds:oauth2-oidc-sdk from 9.43.5 to 9.43.6 #16598
- Bump com.webauthn4j:webauthn4j-core from 0.28.4.RELEASE to 0.28.5.RELEASE #16523
- Bump io.micrometer:micrometer-observation from 1.14.3 to 1.14.4 #16565
- Bump io.mockk:mockk from 1.13.14 to 1.13.16 #16399
- Bump io.projectreactor:reactor-bom from 2023.0.14 to 2023.0.15 #16576
- Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 #16534
- Bump org.hibernate.orm:hibernate-core from 6.6.7.Final to 6.6.8.Final #16610
- Bump org.junit:junit-bom from 5.11.3 to 5.11.4 #16292
- Bump org.springframework.data:spring-data-bom from 2024.1.2 to 2024.1.3 #16611
- Bump org.springframework.ldap:spring-ldap-core from 3.2.10 to 3.2.11 #16597
- Bump org.springframework:spring-framework-bom from 6.2.2 to 6.2.3 #16599
- Update to oauth2-oidc-sdk 9.43.5 #16583
π© Build Updates
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@Kehrlann, @NeoTraveler, @dependabot[bot], @franticticktick, @making, and @ngocnhan-tran1996
Contributors
making, Kehrlann, and 4 other contributors
Assets 2
6.3.7
β New Features
- Improve Stability of S101 CI Task #16482
πͺ² Bug Fixes
- Fix logoutRequestRepository not set on Saml2RelyingPartyInitiatedLogoutSuccessHandler #16093
- Misconfigured OAuth2LoginAuthenticationFilter when combining OAuth2 login and OAuth2 client configuration #16105
π¨ Dependency Upgrades
- Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16 #16363
- Bump com.nimbusds:oauth2-oidc-sdk from 9.43.5 to 9.43.6 #16594
- Bump io.mockk:mockk from 1.13.14 to 1.13.16 #16400
- Bump io.projectreactor:reactor-bom from 2023.0.14 to 2023.0.15 #16577
- Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 #16533
- Bump org.springframework.data:spring-data-bom from 2024.0.8 to 2024.0.9 #16607
- Bump org.springframework.ldap:spring-ldap-core from 3.2.10 to 3.2.11 #16595
- Bump org.springframework:spring-framework-bom from 6.1.16 to 6.1.17 #16596
- Update to oauth2-oidc-sdk 9.43.5 #16582
π© Build Updates
- Bump
@springio/asciidoctor-extensions from 1.0.0-alpha.14 to 1.0.0-alpha.16 in /docs #16519 - Troubleshoot missing GChat notifications #16423
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@dependabot[bot] and @sawprogramming
Contributors
sawprogramming and dependabot
Assets 2
6.5.0-M1
β New Features
- Add
@AuthenticationPrincipal/@CurrentSecurityContextInterface Support for Expression Templates #16201 - Add ClientRegistration.clientSettings.requireProofKey to Enable PKCE #16386
- Add support checking same security matchers #16186
- Add Support disableDefaultRegistrationPage to WebAuthnDsl #16404
- Add support fullyAuthenticated to Kotlin DSL #16190
- Add Support JDBC Repositories For WebAuthn #16282
- Add Support OAuth2AuthorizationRequestResolver As Bean #16381
- Add UserDetailsService Constructor #15984
- Add WebAuthnConfigurer HttpMessageConverter Support #16397
- Added a constant for DPOP in OAuth2AccessToken.TokenType #16087
- Allow configuring custom ServerHttpHeadersWriter for Kotlin DSL #16136
- Avoid unnecessary instantiation of HttpSecurity #16370
- Consider making the constructor of
OAuth2AccessToken.TokenTypepublic#16086 - Customize Redirect URI in OidcClientInitiatedServerLogoutSuccessHandler #14808
- Documentation code snippets should consistently use joint tabs for java, kotlin, & XML #16228
- Fix OAuth reference documentation typo #16350
- Redirect using a relative URL #7273
- Set PublicKeyCredentialCreationOptionsRepository by DSL or Bean #16396
- Suggest replacing size() == 0 with isEmpty() for collection check #16428
- Support Determining Max Sessions by Authentication #16218
- Use relative URLs in /login redirects #14714
πͺ² Bug Fixes
- Encode clientId and clientSecret for
OpaqueTokenIntrospectorandReactiveOpaqueTokenIntrospector#16008 - Fix broken link #16416
- Fix broken link to MockMvc documentation #16415
- Fix for JdbcOneTimeTokenService cleanupExpiredTokens failing with PostgreSQL #16409
- Fix incorrect rendering of SpEL expression example tabs #16343
- Fix Kotlin DSL webAuthn { } #16403
- Fix logout code snippet for Kotlin #16341
- Fix missing space in documentation #16353
- Fix WebAuthnWebdriverTests #16283
- Fixed grammatical mistakes/errors in the docs. #16232
- Fixed typo in WebAuthnDsl #16413
- Kotlin MVC Integration Docs should use servlet path parameter #16426
- method-security: fix invalid Kotlin syntax #16375
- Update docs to link to AuthorizationFilter instead of deprecated FilterSecurityInterceptor #16352
- Use spring.security prefix instead of security.security #16427
- WebAuthn login fails when CredentialsRequestOptions.publicKey.allowCredentials is not empty #16441
π¨ Dependency Upgrades
- Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16 #16366
- Bump com.webauthn4j:webauthn4j-core from 0.28.3.RELEASE to 0.28.4.RELEASE #16356
- Bump io.micrometer:micrometer-observation from 1.14.2 to 1.14.3 #16411
- Bump io.mockk:mockk from 1.13.14 to 1.13.16 #16402
- Bump io.projectreactor:reactor-bom from 2023.0.13 to 2023.0.14 #16419
- Bump org-bouncycastle from 1.79 to 1.80 #16418
- Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 #16447
- Bump org.hibernate.orm:hibernate-core from 6.6.4.Final to 6.6.5.Final #16448
- Bump org.htmlunit:htmlunit from 4.7.0 to 4.8.0 #16401
- Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.10.0 to 1.10.1 #16333
- Bump org.junit:junit-bom from 5.11.3 to 5.11.4 #16293
- Bump org.mockito:mockito-bom from 5.14.2 to 5.15.2 #16360
- Bump org.springframework.data:spring-data-bom from 2024.1.1 to 2024.1.2 #16449
- Bump org.springframework:spring-framework-bom from 6.2.1 to 6.2.2 #16435
π© Build Updates
- Polish AbstractHttpConfigurer #16362
- Remove unused code from WebSecurityConfiguration #16348
- Remove Unused Loggers from Request Matchers #16319
- Troubleshoot missing GChat notifications #16425
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@2-say, @ClaudenirFreitas, @Meehdi, @MuhammadNFadhil, @Pistolnik, @ThomasKasene, @dependabot[bot], @evgeniycheban, @franticticktick, @harcomaase, @intotherealworld, @jzheaux, @kse-music, @mehdirahimi, @ngocnhan-tran1996, @simaotwx, and @wndyd0131
Contributors
jzheaux, ThomasKasene, and 15 other contributors
Assets 2
6.4.2
β New Features
- Add 6.4 Sample Serializations for Serializable classes #16274
- Add
@inheritDocto sessionIdChanged method #16216 - Fix typo in oauth2 resource server documentation #16053
- Fixed confusing phrasing in the docs for a better clarity. #16169
- Improve AuthorizationManager configuration error messages #16194
- Polish #16148
- Use Documentation Tags for Maven and Gradle in Getting Started #16234
- Add WebDriver WebAuthn test #15969
πͺ² Bug Fixes
- Add Deprecated ObjectPostProcessor constructor #16212
- Add RuntimeHints for webauthn Javascript resource #16159
- Always return current ClientRegistration in
loadAuthorizedClient#16139 - Avoid requesting an unnecessary attestation statement when creating a webauthn credential #16252
- CI is not using the correct secret for Develocity #16263
- Dark mode rendering issue with images on CSRF and Method Security pages #16176
- DefaultSaml2AuthenticatedPrincipal should define a serialVersionUID #16163
- Delay initialization of AuthenticationProvider in Global Authentication #16147
- Fix Documentation Typos #16054
- Correct OAuth2ClientHttpRequestInterceptor Usage Documentation #16172
- Fix Typo in 'What's New' Documentation #16183
- Fix WebAuthnWebdriverTests #16279
- Correct OpenSAML 5.x Documentation #16195
- Issue when using
@AuthenticationPrincipalon interfaces #16177 - Mutate breaks functionality of StrictFirewallHttpHeaders with recently modified HttpHeaders#writabeHttpHeaders #16261
- Remove duplicate cache in AuthenticationPrincipalArgumentResolverand CurrentSecurityContextArgumentResolver #16202
- Resolve ObjectPostProcessor collisions between RSocket and WebFlux security configuration #16161
- Restore
@AuthenticationPrincipal/@CurrentSecurityContextInterface Support #16245 - Restore Servlet 5 Compatiblity for CookieCsrfTokenRepository #16220
- Spelling error in opensaml.adoc #16146
- Update document regarding PublicKeyCredentialCreationOptions.attestation value #16264
- Verification Options Should Return Saved Transports for Credentials #16084
π¨ Dependency Upgrades
- Bump com.fasterxml.jackson:jackson-bom from 2.18.1 to 2.18.2 #16184
- Bump com.webauthn4j:webauthn4j-core from 0.28.2.RELEASE to 0.28.3.RELEASE #16203
- Bump io.micrometer:micrometer-observation from 1.14.1 to 1.14.2 #16255
- Bump io.projectreactor:reactor-bom from 2023.0.12 to 2023.0.13 #16256
- Bump org.gradle.wrapper-upgrade from 0.11.4 to 0.12 #16209
- Bump org.gretty:gretty from 4.1.5 to 4.1.6 #16247
- Bump org.hibernate.orm:hibernate-core from 6.6.2.Final to 6.6.3.Final #16145
- Bump org.htmlunit:htmlunit from 4.6.0 to 4.7.0 #16205
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.22 to 4.33.23 #16180
- Bump org.seleniumhq.selenium:htmlunit3-driver from 4.26.0 to 4.27.0 #16204
- Bump org.seleniumhq.selenium:selenium-java from 4.26.0 to 4.27.0 #16167
- Bump org.springframework.data:spring-data-bom from 2024.1.0 to 2024.1.1 #16290
- Bump org.springframework.ldap:spring-ldap-core from 3.2.8 to 3.2.10 #16270
- Bump org.springframework:spring-framework-bom from 6.2.0 to 6.2.1 #16271
π© Build Updates
- Bump
@antora/collector-extension from 1.0.0 to 1.0.1 in /docs #16239 - Bump antora from 3.2.0-alpha.6 to 3.2.0-alpha.8 in /docs #16237
- Bump gradle/gradle-build-action from 2 to 3 #16278
- Remove 5.8.x and 6.2.x dependabot configuration #16268
- Remove 5.8.x from Auto Merge Forward Dependabot PRs #15770
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@12OneTwo12, @Kehrlann, @MuhammadNFadhil, @OrangeDog, @Spikhalskiy, @dependabot[bot], @harpreets789, @kse-music, @martin-tarjanyi, @ngocnhan-tran1996, and @ynojima
Contributors
Spikhalskiy, OrangeDog, and 9 other contributors
Assets 2
6.3.6
πͺ² Bug Fixes
- Always return current ClientRegistration in
loadAuthorizedClient#16138 - CI is not using the correct secret for Develocity #16262
- Dark mode rendering issue with images on CSRF and Method Security pages #16175
- Delay initialization AuthenticationProvider in Global Authentication #16050
- Do not eagerly construct UserDetailsService bean in Global Authentication #16144
- Documentation images should render clearly in both light and dark mode #16131
- Mutate breaks functionality of StrictFirewallHttpHeaders with recently modified HttpHeaders#writabeHttpHeaders #16069
- OidcBackChannelLogoutWebFilter error response is not a correct JSON #16229
- Restore Servlet 5 Compatiblity for CookieCsrfTokenRepository #16219
π¨ Dependency Upgrades
- Bump io.projectreactor:reactor-bom from 2023.0.12 to 2023.0.13 #16257
- Bump org.gretty:gretty from 4.1.5 to 4.1.6 #16246
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.22 to 4.33.23 #16179
- Bump org.springframework.data:spring-data-bom from 2024.0.6 to 2024.0.7 #16289
- Bump org.springframework.ldap:spring-ldap-core from 3.2.8 to 3.2.10 #16269
- Bump org.springframework:spring-framework-bom from 6.1.15 to 6.1.16 #16272
π© Build Updates
- Bump antora from 3.2.0-alpha.6 to 3.2.0-alpha.8 in /docs #16244
- Update Antora UI Spring to v0.4.18 #16110
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@dependabot[bot], @github-actions[bot], and @kse-music
Contributors
dependabot and kse-music
Assets 2
6.4.1
πͺ² Bug Fixes
- Documentation images should render clearly in both light and dark mode #16132
- Fix conflicting bean names between
@EnableWebSecurityand@EnableWebSocketSecurity#16113
π© Build Updates
- Update Antora UI Spring to v0.4.18 #16112
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@github-actions[bot] and @ngocnhan-tran1996
Contributors
ngocnhan-tran1996
Assets 2
6.4.0
β New Features
- Add
@FunctionalInterfaceto AuthorizationEventPublisher #15934 - Add DefaultResourcesFilter.webauthn() #15970
- Add deprecation notice for missing leading slashes #16020
- Code Cleanup #15996
- Document passkeys dependencies #16107
- Factor out some common object mocking in tests #15396
- Fix saml2 authentication guide docs #16017
- Improve documentation about CredentialsContainer #15554
- Improve Documentation on Adding a Custom Security Filter #15893
- Improve Error Message for Conflicting Filter Chains #15992
- Make it easier to determine where a filter chain has been defined #15874
- OIDC logout not working for JPA/JDBC OAuth2AuthorizationService because DefaultSaml2AuthenticatedPrincipal does not implement equality #15346
- Polish JdbcOneTimeTokenService #15997
- relying-party-registration doesn't allow placeholders in xml #14645
- Remove unnecessary parentheses and add static final field MockPortResolver#getServerPort #15875
- Support ServerExchangeRejectedHandler
@Bean#16063
πͺ² Bug Fixes
- An empty-string bearer token should result in an appropriate HTTP status code #16037
- AuthorizeReturnObject AOT support should register proxied class as well #16106
- Correct class name reference in WebFilterChainProxy JavaDoc #16004
- Fix typo javadoc some classes #16022
- Initialize OpenSAML in OpenSamlAssertingPartyMetadataRepository #16055
- IpAddressMatcher null pointer exception #16104
- OpenSamlAssertingPartyMetadataRepository should initialize OpenSAML #16042
- Support ServerWebExchangeFirewall
@Bean#15999 - UniqueSecurityAnnotationScanner throws ConcurrentModificationException #15906
π¨ Dependency Upgrades
- Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 #16005
- Bump com.fasterxml.jackson:jackson-bom from 2.18.0 to 2.18.1 #16007
- Bump com.webauthn4j:webauthn4j-core from 0.28.1.RELEASE to 0.28.2.RELEASE #16122
- Bump io.freefair.gradle:aspectj-plugin from 8.10.2 to 8.11 #16123
- Bump io.micrometer:micrometer-observation from 1.14.0 to 1.14.1 #16121
- Bump io.projectreactor:reactor-bom from 2023.0.11 to 2023.0.12 #16079
- Bump org-bouncycastle from 1.78.1 to 1.79 #16010
- Bump org.hibernate.orm:hibernate-core from 6.6.1.Final to 6.6.2.Final #16048
- Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #16028
- Bump org.htmlunit:htmlunit from 4.5.0 to 4.6.0 #16044
- Bump org.junit:junit-bom from 5.11.2 to 5.11.3 #15968
- Bump org.seleniumhq.selenium:htmlunit3-driver from 4.25.0 to 4.26.0 #16043
- Bump org.seleniumhq.selenium:selenium-java from 4.25.0 to 4.26.0 #16018
- Bump org.springframework.data:spring-data-bom from 2024.0.5 to 2024.1.0 #16124
- Bump org.springframework.ldap:spring-ldap-core from 3.2.7 to 3.2.8 #16097
- Bump org.springframework:spring-framework-bom from 6.2.0-RC3 to 6.2.0 #16096
π© Build Updates
- Bump
@antora/collector-extension from 1.0.0-beta.4 to 1.0.0-beta.5 in /docs #16115 - Update Antora UI Spring to v0.4.17 #15929
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@Chu3laMan, @Kehrlann, @Limm-jk, @dcolazin, @dependabot[bot], @franticticktick, @github-actions[bot], @gzhao9, @ig-jinwoo, @jzheaux, @kse-music, @ngocnhan-tran1996, and @nomoreFt
Contributors
jzheaux, Kehrlann, and 10 other contributors
Assets 2
6.3.5
β New Features
- Support ServerExchangeRejectedHandler
@Bean#16062 - Supporting logout+jwt for back-channel logout with spring-webflux #15702
πͺ² Bug Fixes
- Align DelegatingAuthenticationConverter Constructors #15949
- An empty-string bearer token should result in an appropriate HTTP status code #16036
- IpAddressMatcher null pointer exception #15527
- RequestMatcherDelegatingAuthorizationManager should be post-processable #15981
- Support ServerWebExchangeFirewall
@Bean#15991 - Unhandled exception in CookieRequestCache results in 500 Internal Server Error #15986
- Update logout.adoc: Fix Customizing Logout Success Example #15956
π¨ Dependency Upgrades
- Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 #16006
- Bump com.fasterxml.jackson:jackson-bom from 2.17.2 to 2.17.3 #16032
- Bump io.micrometer:micrometer-observation from 1.12.12 to 1.12.13 #16126
- Bump io.projectreactor:reactor-bom from 2023.0.11 to 2023.0.12 #16082
- Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #16033
- Bump org.springframework.data:spring-data-bom from 2024.0.5 to 2024.0.6 #16125
- Bump org.springframework.ldap:spring-ldap-core from 3.2.7 to 3.2.8 #16102
- Bump org.springframework:spring-framework-bom from 6.1.14 to 6.1.15 #16101
π© Build Updates
- Bump
@antora/collector-extension from 1.0.0-beta.4 to 1.0.0-beta.5 in /docs #16117 - Update Antora UI Spring to v0.4.17 #15930
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@asimuleo, @dependabot[bot], @github-actions[bot], and @kse-music
Contributors
dependabot, kse-music, and asimuleo
Assets 2
6.2.8
β New Features
πͺ² Bug Fixes
- Fix error when Bearer token is requested with empty string #15940
- Make RequestMatcherDelegatingAuthorizationManager post-processable #15978
- RequestMatcherDelegatingAuthorizationManager should be post-processable #15948
- Unhandled exception in CookieRequestCache results in 500 Internal Server Error #15985
π¨ Dependency Upgrades
- Bump io.micrometer:micrometer-observation from 1.12.12 to 1.12.13 #16128
- Bump io.projectreactor:reactor-bom from 2023.0.11 to 2023.0.12 #16081
- Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #16031
- Bump org.springframework.data:spring-data-bom from 2023.1.11 to 2023.1.12 #16127
- Bump org.springframework.ldap:spring-ldap-core from 3.2.7 to 3.2.8 #16100
- Bump org.springframework:spring-framework-bom from 6.1.14 to 6.1.15 #16099
π© Build Updates
- Bump
@antora/collector-extension from 1.0.0-beta.4 to 1.0.0-beta.5 in /docs #16120 - Update Antora UI Spring to v0.4.17 #15931
β€οΈ Contributors
Thank you to all the contributors who worked on this release:
@codeconsole, @dependabot[bot], @github-actions[bot], and @jacknie84
Contributors
codeconsole, jacknie84, and dependabot