5.2.6.RELEASE

⭐ New Features

• Add logging #8889
• Document improvement for configure(WebSecurity web) and configure(HttpSecurity http) #8856
• Use Github Actions PR pipeline and remove Travis for 5.2.x #8723

🪲 Bug Fixes

• ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8897
• Resolved bearer token has no padding indicators #8838
• Fix ProviderManager Javadoc typo #8812
• LoginPageGeneratingWebFilter should honor context path #8809
• RoleHierarchy is not used by AbstractAuthorizeTag #8679
• OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException #8673
• ReactorContext not available in PayloadSocketAcceptor delegate.accept #8656

🔨 Dependency Upgrades

• Update to nohttp 0.0.5.RELEASE #8927
• Update to Spring Boot 2.2.9.RELEASE #8921
• Update to Reactor Dysprosium-SR10 #8920
• Update to Spring Framework 5.2.8.RELEASE #8919
• Update to Spring Data Moore-SR9 #8918
• Update to PowerMock Mockito2 2.0.7 #8917
• Update blockhound to 1.0.4.RELEASE #8916
• Update to groovy 2.4.20 #8915
• Update to embedded Tomcat websocket 8.5.57 #8914
• Upgrade to embedded Apache Tomcat 9.0.37 #8913
• Update to jaxb-impl 2.3.3 #8912
• Update to GAE 1.9.81 #8911
• Update to Jackson 2.10.5 #8910
• Update to spring-build-conventions:0.0.33.RELEASE #8761
• Update to RSocket 1.0.1 #8664

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @elliedori

5.1.12.RELEASE

⭐ New Features

• Add logging #8891
• Document improvement for configure(WebSecurity web) and configure(HttpSecurity http) #8857
• Use Github Actions PR pipeline and remove Travis for 5.1.x #8722
• Use Github Actions PR pipeline in 5.1.x #8717

🪲 Bug Fixes

• ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8898
• Resolved bearer token has no padding indicators #8839
• Fix ProviderManager Javadoc typo #8813
• LoginPageGeneratingWebFilter should honor context path #8810
• RoleHierarchy is not used by AbstractAuthorizeTag #8681
• OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException #8674

🔨 Dependency Upgrades

• Update to Spring Ldap 2.3.3 #8943
• Update to Hibernate Validator 6.0.20 #8942
• Update to Hibernate Entitymanager 5.3.17 #8941
• Update to Groovy 2.4.20 #8940
• Update to Spring Boot 2.1.16.RELEASE #8939
• Update to Google App Engine 1.9.81 #8938
• Update to Jackson Databind 2.9.10.5 #8937
• Update to Project Reactor Californium-SR20 #8936
• Update to Spring Framework 5.1.17 #8935
• Update to Spring Data Lovelace-SR19 #8934

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @elliedori

5.0.18.RELEASE

⭐ New Features

• Document improvement for configure(WebSecurity web) and configure(HttpSecurity http) #8858
• Use Github Actions PR pipeline and remove Travis for 5.0.x #8721
• Use Github Actions PR pipeline in 5.0.x #8716

🪲 Bug Fixes

• Fix ProviderManager Javadoc typo #8814
• RoleHierarchy is not used by AbstractAuthorizeTag #8683

🔨 Dependency Upgrades

• Update to Spring Ldap 2.3.3 #8933
• Update to Hibernate Validator 6.0.20 #8932
• Update to Groovy 2.4.20 #8931
• Update to Google App Engine 1.9.81 #8930
• Update to Jackson Databind 2.9.10.5 #8929
• Update to Spring Framework 5.0.18 #8928

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @elliedori

4.2.18.RELEASE

⭐ New Features

• Document improvement for configure(WebSecurity web) and configure(HttpSecurity http) #8859
• Use Github Actions PR pipeline and remove Travis for 4.2.x #8720
• Use Github Actions PR pipeline in 4.2.x #8715

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @elliedori

5.4.0-M2

⭐ New Features

• Add reified function variants to security DSL #8771
• OAuth2AccessTokenResponse.Builder.expiresIn works after withResponse #8766
• LDAP Integration Tests Should Use Random Port #8762
• Use memory-saving Collections.singletonList in JdbcAclService.readAclById() #8756
• Merge Spring security with dependencies #8755
• Add Configurable secure flag in CookieCsrfTokenRepository #8749
• Fix typo in OAuth2AccessTokenResponse #8746
• Allow customizing JWTProcessor passed to NimbusJwtDecoder #8745
• Use Spring Snapshots in Snapshot Build Again #8712
• Update pipeline to run for PRs to all branches #8711
• Remove Travis pipeline and README badge #8710
• Reject the NULL character in paths in StrictHttpFirewall #8703
• OAuth2AccessTokenResponse.expiresIn() is ignored when initialized from another response #8702
• OAuth2AuthorizedClientArgumentResolver could use OAuth2AuthorizedClientManager registered in context #8700
• Kotlin Configuration DSL: Use reified types wherever a class is used as a parameter #8697
• ProviderManager Should Use CollectionUtils#contains #8695
• ProviderManager#checkState() throws NullPointerException #8689
• Set up Github Actions pipeline for PRs #8680
• Deprecate X-Frame-Options ALLOW-FROM #8677
• Replace whitelist/blacklist with allowlist/blocklist #8676
• Register OAuth2AuthorizedClientArgumentResolver for XML Config #8669
• Getting response attributes from Saml2AuthenticatedPrincipal #8667
• Ability to easily read attribute values from SAML response #8661
• DefaultOAuth2AuthorizationRequestResolver Should Not Consume Request Body #8651
• StrictHttpFirewall: Validate headers and parameters #8644
• JwtDecoder should use Nimbus multiple-algorithm support #8623
• Remove ClientRegistrationRepository Mock Beans from Samples #8606
• oauth2Client Test Support should not require an HttpSessionOAuth2AuthorizedClientRepository #8603
• Add tokenFromMultipartDataEnabled to server CSRF Kotlin DSL #8602
• Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter #8587
• FilterInvocation Support Default Methods on HttpServletRequest #8566
• Update to JQuery 3.5.1 #8557
• Saml2WebSsoAuthenticationRequesFilter should be post-processed #8552
• Move TestRelyingPartyRegistrations #8551
• Configuration defaults to SessionRegistry bean #8548
• Update BCryptPasswordEncoder documentation with default strength #8542
• authorization_code grant should use same ServerRequestCache #8536
• Avoid using "/path/**/other" patterns in WebFlux PathPatternParser #8513
• Add debug logging to Reactive Web #8504
• Add issuerUri to ClientRegistration.providerDetails #8501
• Use Opaquetoken properties to configure timeouts #8488
• Update Traditional Chinese translation. #8483
• Allow port=0 for ApacheDSContainer #8416
• Throw exception if URL does not include context path when context relative #8399
• Added setter to make RequestCache injectable #8392
• Consider adding ClientRegistration.providerDetails.issuerUri #8326
• Merge Project Modules and Dependencies Section of the docs #8199
• Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter #8120
• formLogin() does not work with REST Docs #7572

🪲 Bug Fixes

• SwitchUserFilter.setExitUserMatcher Javadoc is incorrect #8744
• SwitchUserFilter.setUserDetailsChecker is missing Javadoc #8743
• Fix SecurityContext creation for TEST_EXECUTION #8738
• ReactorContext not available in PayloadSocketAcceptor delegate.accept #8654
• DefaultWebSecurityExpressionHandler uses RoleHierarchy bean #8652
• DefaultOAuth2AuthorizationRequestResolver erroneously consumes POST request body #8650
• Fix broken link in spring security reference document #8618
• Delay AuthenticationPrincipalArgumentResolver Lookup #8613
• OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException #8609
• spring-security-oauth2-client:5.3.2 and spring-boot-starter-test:2.3.0 clash over version of transitive dependency json-smart #8608
• Fix typos in BCryptPasswordEncoder documentation #8586
• Fixing typo in SAML 2.0 Sample README #8581
• Message Compose in JavaConfig hellojs Sample Fails #8556
• Java Config hellojs Sample Login Fails #8555
• XML OpenID sample should POST to logout #8554
• Remove unused field 'digester' in Md4PasswordEncoder #8553
• Polish JDBC Authentication documentation #8550
• Fix Kotlin Sample Documentation #8540
• Object ID Identicy conversion to long fails on old schema #8538
• Create the CSRF token on the bounded elactic scheduler #8534
• Fix AntPathRequestMatcher Javadoc #8512
• Document NoOpPasswordEncoder will not be removed #8508
• Document NoOpPasswordEncoder will not be removed #8506
• Fix code snippets to configure timeouts #8487
• Fix non-standard HTTP method for CsrfWebFilter #8452
• Blocking in WebSessionServerCsrfTokenRepository #8128
• Object ID Identity conversion to long fails on old schema #7621
• RoleHierarchy is not used by AbstractAuthorizeTag [#7059](https://github.com/spring-proje...

5.3.3.RELEASE

⭐ New Features

• Update BCryptPasswordEncoder documentation with default strength #8574

🪲 Bug Fixes

• Delay AuthenticationPrincipalArgumentResolver Lookup #8614
• Fix typos in BCryptPasswordEncoder documentation #8601
• Fixing typo in SAML 2.0 Sample README #8600
• Mock request with non-standard HTTP method in test #8597
• Remove unused field 'digester' in Md4PasswordEncoder #8575
• Polish JDBC Authentication documentation #8573
• ACL : AclImpl.hashCode leads to StackOverflowError #8569
• Fix Kotlin Sample Documentation #8565
• Object ID Identity conversion to long fails on old schema #8558
• Blocking in WebSessionServerCsrfTokenRepository #8544
• Fix AntPathRequestMatcher Javadoc #8526
• Document NoOpPasswordEncoder will not be removed #8521
• Fix non-standard HTTP method for CsrfWebFilter #8515

🔨 Dependency Upgrades

• Update to AppEngine 1.9.80 #8647
• Update to Spring Boot 2.2.7.RELEASE #8646
• Update to Kotlin 1.3.72 #8645

5.2.5.RELEASE

🪲 Bug Fixes

• Delay AuthenticationPrincipalArgumentResolver Lookup #8615
• Mock request with non-standard HTTP method in test #8595
• Remove unused field 'digester' in Md4PasswordEncoder #8576
• ACL : AclImpl.hashCode leads to StackOverflowError #8570
• Object ID Identity conversion to long fails on old schema #8559
• Blocking in WebSessionServerCsrfTokenRepository #8545
• Fix AntPathRequestMatcher Javadoc #8527
• Document NoOpPasswordEncoder will not be removed #8522
• Fix non-standard HTTP method for CsrfWebFilter #8516

🔨 Dependency Upgrades

• Update to Spring Boot 2.2.7 #8630
• Update to okhttp 3.14.9 #8629
• Update to Jython 2.5.3 #8628
• Update to mockwebserver 3.14.9 #8627
• Update to RSocket 1.0.0 #8626
• Update to groovy 2.4.19 #8625

5.1.11.RELEASE

⭐ New Features

• HTTP Host header attack #8641

🪲 Bug Fixes

• Remove unused field 'digester' in Md4PasswordEncoder #8577
• ACL : AclImpl.hashCode leads to StackOverflowError #8571
• Blocking in WebSessionServerCsrfTokenRepository #8546
• Fix AntPathRequestMatcher Javadoc #8528
• Document NoOpPasswordEncoder will not be removed #8523
• Fix non-standard HTTP method for CsrfWebFilter #8517

🔨 Dependency Upgrades

• Update to okhttp 3.12.12 #8635
• Update to jaxb-impl 2.3.3 #8634
• Update to mockwebserver 3.12.12 #8633
• Update to Spring Boot 2.1.14.RELEASE #8632

5.0.17.RELEASE

⭐ New Features

• HTTP Host header attack #8640

🪲 Bug Fixes

• Remove unused field 'digester' in Md4PasswordEncoder #8578
• ACL : AclImpl.hashCode leads to StackOverflowError #8572
• Blocking in WebSessionServerCsrfTokenRepository #8547
• Fix AntPathRequestMatcher Javadoc #8529
• Document NoOpPasswordEncoder will not be removed #8524
• Fix non-standard HTTP method for CsrfWebFilter #8518

🔨 Dependency Upgrades

• Update to Jython 2.5.3 #8638
• Update to okhttp 3.12.12 #8637
• Update to mockwebserver 3.12.12 #8636

4.2.17.RELEASE

⭐ New Features

• HTTP Host header attack #8639

🪲 Bug Fixes

• Fix AntPathRequestMatcher Javadoc #8530
• Document NoOpPasswordEncoder will not be removed #8525
• Spring Security BOM 4.2.14.RELEASE is missing #7975