spring-projects/spring-security (org.springframework.security:spring-security-core)
### [`v5.7.12`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.12)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.11...5.7.12)
#### :beetle: Bug Fixes
- Check for `null` Authentication [#14715](https://togithub.com/spring-projects/spring-security/issues/14715)
### [`v5.7.11`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.11)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.10...5.7.11)
#### :star: New Features
- Automate spring-security.xsd [#13819](https://togithub.com/spring-projects/spring-security/issues/13819)
### [`v5.7.10`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.10)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.9...5.7.10)
#### :beetle: Bug Fixes
- Use default PathPatternParser instance [#13461](https://togithub.com/spring-projects/spring-security/issues/13461)
#### :hammer: Dependency Upgrades
- Update io.projectreactor to 2020.0.34 [#13509](https://togithub.com/spring-projects/spring-security/issues/13509)
- Update org.springframework to 5.3.29 [#13511](https://togithub.com/spring-projects/spring-security/issues/13511)
- Update org.springframework.data to 2021.2.14 [#13512](https://togithub.com/spring-projects/spring-security/issues/13512)
- Update reactor-netty to 1.0.34 [#13510](https://togithub.com/spring-projects/spring-security/issues/13510)
### [`v5.7.9`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.9)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.8...5.7.9)
#### :star: New Features
- Convert to Asciidoctor Tabs [#13404](https://togithub.com/spring-projects/spring-security/issues/13404)
- Use Antora name of security [#13328](https://togithub.com/spring-projects/spring-security/issues/13328)
#### :beetle: Bug Fixes
- Additional filters registered when using Custom DSL [#13203](https://togithub.com/spring-projects/spring-security/issues/13203)
- Clarify that Kotlin DSL needs an import [#13092](https://togithub.com/spring-projects/spring-security/issues/13092)
- Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository [#13098](https://togithub.com/spring-projects/spring-security/issues/13098)
- Fix Antora Warnings [#13291](https://togithub.com/spring-projects/spring-security/issues/13291)
- Fix constant value in XContentTypeOptionsServerHttpHeadersWriter [#13155](https://togithub.com/spring-projects/spring-security/issues/13155)
- Fix Documentation Title [#13315](https://togithub.com/spring-projects/spring-security/issues/13315)
- Fix javadoc for migration from WebSecurityConfigurerAdapter [#12996](https://togithub.com/spring-projects/spring-security/pull/12996)
- Fix typo in SecurityMockMvcResultMatchers.java [#12793](https://togithub.com/spring-projects/spring-security/pull/12793)
- fix typo of modules.adoc [#12921](https://togithub.com/spring-projects/spring-security/pull/12921)
- Fix typo overview.adoc [#13269](https://togithub.com/spring-projects/spring-security/pull/13269)
- http://www.springframework.org/schema/security/spring-security.xsd returns 404 [#13131](https://togithub.com/spring-projects/spring-security/issues/13131)
- Proxy Server section is not linked in nav [#13313](https://togithub.com/spring-projects/spring-security/issues/13313)
- Typos in docs [#13283](https://togithub.com/spring-projects/spring-security/pull/13283)
#### :hammer: Dependency Upgrades
- Update io.projectreactor to 2020.0.33 [#13373](https://togithub.com/spring-projects/spring-security/issues/13373)
- Update io.rsocket to 1.1.4 [#13379](https://togithub.com/spring-projects/spring-security/issues/13379)
- Update org.springframework to 5.3.28 [#13382](https://togithub.com/spring-projects/spring-security/issues/13382)
- Update org.springframework.data to 2021.2.13 [#13385](https://togithub.com/spring-projects/spring-security/issues/13385)
- Update reactor-netty to 1.0.33 [#13376](https://togithub.com/spring-projects/spring-security/issues/13376)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@Anubhav-2000](https://togithub.com/Anubhav-2000)
- [@SeasonPanPan](https://togithub.com/SeasonPanPan)
- [@amal-stack](https://togithub.com/amal-stack)
- [@1993heqiang](https://togithub.com/1993heqiang)
- [@xak2000](https://togithub.com/xak2000)
### [`v5.7.8`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.8)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.7...5.7.8)
#### :star: New Features
- Clarify documentation code snippet(s) (unclear where static imported methods come from) [#6597](https://togithub.com/spring-projects/spring-security/issues/6597)
- Document relationship between registrationId, EntityID, and resolving a relying party [#12764](https://togithub.com/spring-projects/spring-security/issues/12764)
#### :beetle: Bug Fixes
- Add test to SimpleUrlAuthenticationSuccessHandlerTests [#12740](https://togithub.com/spring-projects/spring-security/pull/12740)
- Avoid NPE in FilterInvocation [#12922](https://togithub.com/spring-projects/spring-security/pull/12922)
- EntityId ignored in xml relying-party-registration [#11898](https://togithub.com/spring-projects/spring-security/issues/11898)
- Fix a javadoc typo in ReactiveAuthorizationManager [#12998](https://togithub.com/spring-projects/spring-security/issues/12998)
- Fix a javadoc typo in ReactiveAuthorizationManager [#12978](https://togithub.com/spring-projects/spring-security/pull/12978)
- Fix typo in SessionManagementConfigurer javadoc [#12820](https://togithub.com/spring-projects/spring-security/pull/12820)
- Missing spring-security-oauth2 xsds after release [#12804](https://togithub.com/spring-projects/spring-security/issues/12804)
- NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed [#12960](https://togithub.com/spring-projects/spring-security/issues/12960)
- RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present [#12664](https://togithub.com/spring-projects/spring-security/issues/12664)
- SwitchUserFilter should use HttpSessionSecurityContextRepository by default [#12834](https://togithub.com/spring-projects/spring-security/issues/12834)
#### :hammer: Dependency Upgrades
- Update blockhound to 1.0.8.RELEASE [#13016](https://togithub.com/spring-projects/spring-security/issues/13016)
- Update io.projectreactor to 2020.0.31 [#13014](https://togithub.com/spring-projects/spring-security/issues/13014)
- Update logback-classic to 1.2.12 [#13013](https://togithub.com/spring-projects/spring-security/issues/13013)
- Update org.eclipse.jetty to 9.4.51.v20230217 [#13017](https://togithub.com/spring-projects/spring-security/issues/13017)
- Update org.springframework to 5.3.27 [#13018](https://togithub.com/spring-projects/spring-security/issues/13018)
- Update org.springframework.data to 2021.2.11 [#13019](https://togithub.com/spring-projects/spring-security/issues/13019)
- Update reactor-netty to 1.0.31 [#13015](https://togithub.com/spring-projects/spring-security/issues/13015)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@marckchr](https://togithub.com/marckchr)
- [@yuanhang](https://togithub.com/yuanhang)
- [@twosom](https://togithub.com/twosom)
- [@esivakumar18](https://togithub.com/esivakumar18)
- [@martin-tarjanyi](https://togithub.com/martin-tarjanyi)
### [`v5.7.7`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.7)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.6...5.7.7)
#### :star: New Features
- chore: Use cache in continuous-integration-workflow.yml [#12503](https://togithub.com/spring-projects/spring-security/pull/12503)
- fix unclosed block in docs [#12542](https://togithub.com/spring-projects/spring-security/pull/12542)
#### :beetle: Bug Fixes
- AuthorizationManager method security documentation should use AnnotationMatchingPointcut [#11095](https://togithub.com/spring-projects/spring-security/issues/11095)
- Document XMLObject retreival for Asserting Party metadata [#12667](https://togithub.com/spring-projects/spring-security/issues/12667)
- Fix typo in OAuth 2.0 testing docs [#12437](https://togithub.com/spring-projects/spring-security/pull/12437)
- Jackson serialization of `DefaultSaml2AuthenticatedPrincipal`: `LinkedMultiValueMap is not in the allowlist` [#11785](https://togithub.com/spring-projects/spring-security/issues/11785)
- NimbusJwtDecoder unknown KID scenario is not correctly tested [#12238](https://togithub.com/spring-projects/spring-security/pull/12238)
- NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard [#12637](https://togithub.com/spring-projects/spring-security/issues/12637)
- SwitchUserFilter not working in Spring Security 6 [#12504](https://togithub.com/spring-projects/spring-security/issues/12504)
- Wrong name of the filter in the SecurityContextHolderFilter diagram [#11800](https://togithub.com/spring-projects/spring-security/issues/11800)
#### :hammer: Dependency Upgrades
- Update blockhound to 1.0.7.RELEASE [#12733](https://togithub.com/spring-projects/spring-security/issues/12733)
- Update hibernate-entitymanager to 5.6.15.Final [#12736](https://togithub.com/spring-projects/spring-security/issues/12736)
- Update io.projectreactor to 2020.0.28 [#12732](https://togithub.com/spring-projects/spring-security/issues/12732)
- Update io.spring.nohttp to 0.0.11 [#12734](https://togithub.com/spring-projects/spring-security/issues/12734)
- Update jackson-bom to 2.13.5 [#12731](https://togithub.com/spring-projects/spring-security/issues/12731)
- Update org.aspectj to 1.9.19 [#12735](https://togithub.com/spring-projects/spring-security/issues/12735)
- Update org.springframework to 5.3.25 [#12737](https://togithub.com/spring-projects/spring-security/issues/12737)
- Update org.springframework.data to 2021.2.8 [#12738](https://togithub.com/spring-projects/spring-security/issues/12738)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@jonkjenn](https://togithub.com/jonkjenn)
- [@mojavelinux](https://togithub.com/mojavelinux)
- [@jongwooo](https://togithub.com/jongwooo)
- [@eleftherias](https://togithub.com/eleftherias)
### [`v5.7.6`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.6)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.5...5.7.6)
#### :star: New Features
- Improve deprecation notice in WebSecurityConfigurerAdapter [#12260](https://togithub.com/spring-projects/spring-security/issues/12260)
- Replace deprecated set-state set-output GitHub Action's commands [#12297](https://togithub.com/spring-projects/spring-security/issues/12297)
#### :beetle: Bug Fixes
- DefaultLdapAuthoritiesPopulator throws NullPointerException [#12407](https://togithub.com/spring-projects/spring-security/issues/12407)
- Fix AuthorizationFilter diagram in docs [#12285](https://togithub.com/spring-projects/spring-security/issues/12285)
- Incorrect scope map fix [#12205](https://togithub.com/spring-projects/spring-security/issues/12205)
- SAML logout: Incorrect log messages [#12208](https://togithub.com/spring-projects/spring-security/issues/12208)
- Saml2MetadataFilter response should configure writer to UTF-8 [#12221](https://togithub.com/spring-projects/spring-security/issues/12221)
- SEC-2839: SecurityNamespaceHandler - related to SEC-1455 [#12125](https://togithub.com/spring-projects/spring-security/issues/12125)
- Update the RP-initiated Logout links [#12121](https://togithub.com/spring-projects/spring-security/issues/12121)
#### :hammer: Dependency Upgrades
- Change gradle.plugin.org.gretty:gretty:3.0.1 to org.gretty:gretty:3.0.9 [#12153](https://togithub.com/spring-projects/spring-security/issues/12153)
- Update Gradle to 7.5.1 [#12157](https://togithub.com/spring-projects/spring-security/issues/12157)
- Update hibernate-entitymanager to 5.6.14.Final [#12397](https://togithub.com/spring-projects/spring-security/issues/12397)
- Update httpclient to 4.5.14 [#12395](https://togithub.com/spring-projects/spring-security/issues/12395)
- Update io.projectreactor to 2020.0.26 [#12393](https://togithub.com/spring-projects/spring-security/issues/12393)
- Update jackson-bom to 2.13.4.20221013 [#12391](https://togithub.com/spring-projects/spring-security/issues/12391)
- Update jackson-databind to 2.13.4.2 [#12392](https://togithub.com/spring-projects/spring-security/issues/12392)
- Update org.eclipse.jetty to 9.4.50.v20221201 [#12396](https://togithub.com/spring-projects/spring-security/issues/12396)
- Update org.springframework to 5.3.24 [#12398](https://togithub.com/spring-projects/spring-security/issues/12398)
- Update org.springframework.data to 2021.2.6 [#12399](https://togithub.com/spring-projects/spring-security/issues/12399)
- Update reactor-netty to 1.0.26 [#12394](https://togithub.com/spring-projects/spring-security/issues/12394)
### [`v5.7.5`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.5)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.4...5.7.5)
#### :beetle: Bug Fixes
- Fix AuthorizationFilter incorrectly extending OncePerRequestFilter [#12113](https://togithub.com/spring-projects/spring-security/issues/12113)
- Fix scope mapping [#12112](https://togithub.com/spring-projects/spring-security/issues/12112)
- IpAddressServerWebExchangeMatcher throws NullPointerException with framework forward-headers-strategy [#11888](https://togithub.com/spring-projects/spring-security/issues/11888)
### [`v5.7.4`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.4)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.3...5.7.4)
#### :star: New Features
- automatically manage docs version (with collector) [#11955](https://togithub.com/spring-projects/spring-security/issues/11955)
#### :beetle: Bug Fixes
- AuthenticationEventPublisher bean is not picked up if no UserDetailsService bean [#11729](https://togithub.com/spring-projects/spring-security/issues/11729)
- Build fails with missing project property cloneOutputDirectory [#11979](https://togithub.com/spring-projects/spring-security/issues/11979)
- GitHubMilestoneApiTests due_on Should Use LocalDate [#11707](https://togithub.com/spring-projects/spring-security/issues/11707)
- HttpSecurity Bean does not set DefaultAuthenticationEventPublisher [#11727](https://togithub.com/spring-projects/spring-security/issues/11727)
- NamespaceLdapAuthenticationProviderTests Should Use Dynamic Port [#11711](https://togithub.com/spring-projects/spring-security/issues/11711)
- RemoteJwkSet is not refreshed when encountering an unknown KID [#11723](https://togithub.com/spring-projects/spring-security/issues/11723)
- RequestRejectedHandler does not reliable prevent Internal Server Error [#11744](https://togithub.com/spring-projects/spring-security/issues/11744)
#### :hammer: Dependency Upgrades
- Update Gradle Enterprise plugin to 3.11.1 [#11830](https://togithub.com/spring-projects/spring-security/issues/11830)
- Update hibernate-entitymanager to 5.6.10.Final [#11745](https://togithub.com/spring-projects/spring-security/issues/11745)
- Update hibernate-entitymanager to 5.6.12.Final [#12016](https://togithub.com/spring-projects/spring-security/issues/12016)
- Update io.projectreactor to 2020.0.22 [#11743](https://togithub.com/spring-projects/spring-security/issues/11743)
- Update io.projectreactor to 2020.0.24 [#12012](https://togithub.com/spring-projects/spring-security/issues/12012)
- Update io.rsocket to 1.1.3 [#12014](https://togithub.com/spring-projects/spring-security/issues/12014)
- Update jackson-bom to 2.13.4.20221012 [#12008](https://togithub.com/spring-projects/spring-security/issues/12008)
- Update jackson-databind to 2.13.4.1 [#12009](https://togithub.com/spring-projects/spring-security/issues/12009)
- Update jackson-datatype-jsr310 to 2.13.4 [#12010](https://togithub.com/spring-projects/spring-security/issues/12010)
- Update jsonassert to 1.5.1 [#11741](https://togithub.com/spring-projects/spring-security/issues/11741)
- Update mockk to 1.12.8 [#12011](https://togithub.com/spring-projects/spring-security/issues/12011)
- Update org.eclipse.jetty to 9.4.48.v20220622 [#11740](https://togithub.com/spring-projects/spring-security/issues/11740)
- Update org.eclipse.jetty to 9.4.49.v20220914 [#12015](https://togithub.com/spring-projects/spring-security/issues/12015)
- Update org.springframework to 5.3.22 [#11739](https://togithub.com/spring-projects/spring-security/issues/11739)
- Update org.springframework to 5.3.23 [#12017](https://togithub.com/spring-projects/spring-security/issues/12017)
- Update org.springframework.data to 2021.1.6 [#11742](https://togithub.com/spring-projects/spring-security/issues/11742)
- Update org.springframework.data to 2021.2.4 [#12018](https://togithub.com/spring-projects/spring-security/issues/12018)
- Update reactor-netty to 1.0.24 [#12013](https://togithub.com/spring-projects/spring-security/issues/12013)
### [`v5.7.3`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.3)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.2...5.7.3)
#### :star: New Features
- Add Kotlin example showing integration with WebTestClient [#9998](https://togithub.com/spring-projects/spring-security/issues/9998)
- Set permissions for GitHub actions [#11642](https://togithub.com/spring-projects/spring-security/issues/11642)
- Update javadoc of EnableWebSecurity to reflect deprecation of WebSecurityConfigurerAdapter [#11650](https://togithub.com/spring-projects/spring-security/issues/11650)
#### :beetle: Bug Fixes
- Add Deprecated annotation to WebSecurity#securityInterceptor [#11637](https://togithub.com/spring-projects/spring-security/issues/11637)
- Check saganCreateRelease saganDeleteRelease Required Permissions [#11425](https://togithub.com/spring-projects/spring-security/issues/11425)
- org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute" [#11605](https://togithub.com/spring-projects/spring-security/issues/11605)
- RequestAttributeSecurityContextRepository.loadContext(HttpServletRequest) should never return null SecurityContext [#11606](https://togithub.com/spring-projects/spring-security/issues/11606)
- RequestRejectedHandler does not reliable prevent Internal Server Error [#11672](https://togithub.com/spring-projects/spring-security/issues/11672)
- Sources and javadocs missing in latest snapshots [#11628](https://togithub.com/spring-projects/spring-security/issues/11628)
- Spring Security Bcrypt with strength/log rounds = 31 results in 'Bad number of rounds' error although 31 should be ok [#11484](https://togithub.com/spring-projects/spring-security/issues/11484)
- Update javadoc of HttpSecurity, WebSecurityConfiguration and WebSecurity to reflect deprecation of WebSecurityConfigurerAdapter [#11651](https://togithub.com/spring-projects/spring-security/issues/11651)
#### :hammer: Dependency Upgrades
- Update hibernate-entitymanager to 5.6.10.Final [#11694](https://togithub.com/spring-projects/spring-security/issues/11694)
- Update io.projectreactor to 2020.0.22 [#11691](https://togithub.com/spring-projects/spring-security/issues/11691)
- Update jsonassert to 1.5.1 [#11696](https://togithub.com/spring-projects/spring-security/issues/11696)
- Update mockk to 1.12.5 [#11690](https://togithub.com/spring-projects/spring-security/issues/11690)
- Update org.eclipse.jetty to 9.4.48.v20220622 [#11693](https://togithub.com/spring-projects/spring-security/issues/11693)
- Update org.jetbrains.kotlinx to 1.6.4 [#11695](https://togithub.com/spring-projects/spring-security/issues/11695)
- Update org.springframework to 5.3.22 [#11697](https://togithub.com/spring-projects/spring-security/issues/11697)
- Update org.springframework.data to 2021.2.2 [#11698](https://togithub.com/spring-projects/spring-security/issues/11698)
### [`v5.7.2`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.2)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.1...5.7.2)
#### :star: New Features
- Consider updating testing examples to use JUnit Jupiter [#11293](https://togithub.com/spring-projects/spring-security/issues/11293)
#### :beetle: Bug Fixes
- Some Security Expressions cause NPE when used within `@Query` [#11289](https://togithub.com/spring-projects/spring-security/issues/11289)
- CsrfWebFilter null save content-type check [#11341](https://togithub.com/spring-projects/spring-security/issues/11341)
- Docs example uses access(String) with authorizeHttpRequests() [#11296](https://togithub.com/spring-projects/spring-security/issues/11296)
- Fix typo in BasicLookupStrategy Javadoc [#11339](https://togithub.com/spring-projects/spring-security/issues/11339)
- KeyInfo missing in AuthnRequest when using OpenSaml4AuthenticationRequestResolver [#11358](https://togithub.com/spring-projects/spring-security/issues/11358)
- OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice [#11384](https://togithub.com/spring-projects/spring-security/issues/11384)
- SAML request encoding: on redirect binding, base64 encoded message contains CRLF [#11284](https://togithub.com/spring-projects/spring-security/issues/11284)
- SecurityContextRepository.loadContext(HttpServletRequest) cache result [#11390](https://togithub.com/spring-projects/spring-security/issues/11390)
- Should SAML metadata EntityDescriptor tag have the md: prefix? [#11311](https://togithub.com/spring-projects/spring-security/issues/11311)
- Update opaque-token.adoc [#11303](https://togithub.com/spring-projects/spring-security/pull/11303)
#### :hammer: Dependency Upgrades
- Update aspectj-plugin to 6.4.3.1 [#11402](https://togithub.com/spring-projects/spring-security/issues/11402)
- Update hibernate-entitymanager to 5.6.9.Final [#11405](https://togithub.com/spring-projects/spring-security/issues/11405)
- Update io.projectreactor to 2020.0.20 [#11403](https://togithub.com/spring-projects/spring-security/issues/11403)
- Update jackson-bom to 2.13.3 [#11399](https://togithub.com/spring-projects/spring-security/issues/11399)
- Update jackson-databind to 2.13.3 [#11400](https://togithub.com/spring-projects/spring-security/issues/11400)
- Update jackson-datatype-jsr310 to 2.13.3 [#11401](https://togithub.com/spring-projects/spring-security/issues/11401)
- Update org.jetbrains.kotlinx to 1.6.3 [#11406](https://togithub.com/spring-projects/spring-security/issues/11406)
- Update org.opensaml:opensaml-core4 to 4.1.1 [#11410](https://togithub.com/spring-projects/spring-security/issues/11410)
- Update org.springframework to 5.3.21 [#11407](https://togithub.com/spring-projects/spring-security/issues/11407)
- Update org.springframework.data to 2021.2.1 [#11408](https://togithub.com/spring-projects/spring-security/issues/11408)
- Update reactor-netty to 1.0.20 [#11404](https://togithub.com/spring-projects/spring-security/issues/11404)
- Update spring-ldap-core to 2.4.1 [#11409](https://togithub.com/spring-projects/spring-security/issues/11409)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@andrelugomes](https://togithub.com/andrelugomes)
### [`v5.7.1`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.1)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.0...5.7.1)
#### :beetle: Bug Fixes
- StrictHttpFirewall incorrectly rejects valid CJKV characters [#11266](https://togithub.com/spring-projects/spring-security/issues/11266)
### [`v5.7.0`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.0)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.12...5.7.0)
#### :star: New Features
- Check Samples should run against the current artifacts [#11199](https://togithub.com/spring-projects/spring-security/issues/11199)
- Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager#isAuthorized [#11188](https://togithub.com/spring-projects/spring-security/issues/11188)
- Remember me should detect UserDetailsService bean [#11170](https://togithub.com/spring-projects/spring-security/issues/11170)
- WebSessionServerSecurityContextRepository provides Mono.cache option [#8422](https://togithub.com/spring-projects/spring-security/issues/8422)
- X509 should detect UserDetailsService bean [#11174](https://togithub.com/spring-projects/spring-security/issues/11174)
#### :beetle: Bug Fixes
- `@EnableMethodSecurity` doesn't resolve annotations on interfaces through a Proxy [#11177](https://togithub.com/spring-projects/spring-security/pull/11177)
- Add shouldFilterAllDispatcherTypes to Kotlin DSL [#11153](https://togithub.com/spring-projects/spring-security/issues/11153)
- Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator [#11165](https://togithub.com/spring-projects/spring-security/issues/11165)
- Multiple .requestMatchers().mvcMatchers() override previous one [#11185](https://togithub.com/spring-projects/spring-security/issues/11185)
#### :hammer: Dependency Upgrades
- Update aspectj-plugin to 6.4.3 [#11218](https://togithub.com/spring-projects/spring-security/issues/11218)
- Update com.nimbusds to 9.35 [#11217](https://togithub.com/spring-projects/spring-security/issues/11217)
- Update htmlunit to 2.61.0 [#11222](https://togithub.com/spring-projects/spring-security/issues/11222)
- Update htmlunit-driver to 2.61.0 [#11224](https://togithub.com/spring-projects/spring-security/issues/11224)
- Update io.projectreactor to 2020.0.19 [#11220](https://togithub.com/spring-projects/spring-security/issues/11220)
- Update mockk to 1.12.4 [#11219](https://togithub.com/spring-projects/spring-security/issues/11219)
- Update org.jetbrains.kotlin to 1.6.21 [#11223](https://togithub.com/spring-projects/spring-security/issues/11223)
- Update org.springframework to 5.3.20 [#11225](https://togithub.com/spring-projects/spring-security/issues/11225)
- Update org.springframework.data to 2021.2.0 [#11228](https://togithub.com/spring-projects/spring-security/issues/11228)
- Update reactor-netty to 1.1.0-M2 [#11221](https://togithub.com/spring-projects/spring-security/issues/11221)
- Update spring-data-jpa to 2.7.0-RC1 [#11226](https://togithub.com/spring-projects/spring-security/issues/11226)
- Update spring-ldap-core to 2.4.0 [#11227](https://togithub.com/spring-projects/spring-security/issues/11227)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@evgeniycheban](https://togithub.com/evgeniycheban)
### [`v5.6.12`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.12)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.11...5.6.12)
#### :beetle: Bug Fixes
- Use default PathPatternParser instance [#13460](https://togithub.com/spring-projects/spring-security/issues/13460)
#### :hammer: Dependency Upgrades
- Update io.projectreactor to 2020.0.34 [#13505](https://togithub.com/spring-projects/spring-security/issues/13505)
- Update org.springframework to 5.3.29 [#13508](https://togithub.com/spring-projects/spring-security/issues/13508)
- Update reactor-netty to 1.0.34 [#13506](https://togithub.com/spring-projects/spring-security/issues/13506)
### [`v5.6.11`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.11)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.10...5.6.11)
#### :star: New Features
- Convert to Asciidoctor Tabs [#13403](https://togithub.com/spring-projects/spring-security/issues/13403)
- Use Antora name of security [#13327](https://togithub.com/spring-projects/spring-security/issues/13327)
#### :beetle: Bug Fixes
- Fix Antora Warnings [#13210](https://togithub.com/spring-projects/spring-security/issues/13210)
- Fix Documentation Title [#13314](https://togithub.com/spring-projects/spring-security/issues/13314)
#### :hammer: Dependency Upgrades
- Update blockhound to 1.0.8.RELEASE [#13390](https://togithub.com/spring-projects/spring-security/issues/13390)
- Update hibernate-entitymanager to 5.6.15.Final [#13400](https://togithub.com/spring-projects/spring-security/issues/13400)
- Update io.projectreactor to 2020.0.33 [#13387](https://togithub.com/spring-projects/spring-security/issues/13387)
- Update io.rsocket to 1.1.4 [#13392](https://togithub.com/spring-projects/spring-security/issues/13392)
- Update io.spring.nohttp to 0.0.11 [#13394](https://togithub.com/spring-projects/spring-security/issues/13394)
- Update jackson-bom to 2.13.5 [#13375](https://togithub.com/spring-projects/spring-security/issues/13375)
- Update jackson-databind to 2.13.5 [#13378](https://togithub.com/spring-projects/spring-security/issues/13378)
- Update jackson-datatype-jsr310 to 2.13.5 [#13381](https://togithub.com/spring-projects/spring-security/issues/13381)
- Update logback-classic to 1.2.12 [#13372](https://togithub.com/spring-projects/spring-security/issues/13372)
- Update mockk to 1.12.8 [#13384](https://togithub.com/spring-projects/spring-security/issues/13384)
- Update org.antora.gradle.plugin to 1.0.0 [#13396](https://togithub.com/spring-projects/spring-security/issues/13396)
- Update org.aspectj to 1.9.19 [#13398](https://togithub.com/spring-projects/spring-security/issues/13398)
- Update org.eclipse.jetty to 9.4.51.v20230217 [#13399](https://togithub.com/spring-projects/spring-security/issues/13399)
- Update org.springframework to 5.3.28 [#13401](https://togithub.com/spring-projects/spring-security/issues/13401)
- Update reactor-netty to 1.0.33 [#13389](https://togithub.com/spring-projects/spring-security/issues/13389)
### [`v5.6.10`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.10)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.9...5.6.10)
#### :star: New Features
- Replace deprecated set-state set-output GitHub Action's commands [#12032](https://togithub.com/spring-projects/spring-security/issues/12032)
- update generateAntora task to make prereleases unique [#12083](https://togithub.com/spring-projects/spring-security/pull/12083)
#### :beetle: Bug Fixes
- DefaultLdapAuthoritiesPopulator throws NullPointerException [#12090](https://togithub.com/spring-projects/spring-security/issues/12090)
- docs: fix realm typo [#12120](https://togithub.com/spring-projects/spring-security/pull/12120)
- Fix AuthorizationFilter diagram in docs [#12274](https://togithub.com/spring-projects/spring-security/issues/12274)
- Fix typo in DefaultLoginPageConfigurer Javadoc [#12311](https://togithub.com/spring-projects/spring-security/pull/12311)
- Fix typo on opaque-token.adoc [#12114](https://togithub.com/spring-projects/spring-security/pull/12114)
- Fix: Replace tenantRepository with tenants [#12269](https://togithub.com/spring-projects/spring-security/pull/12269)
- Incorrect scope map fix [#12144](https://togithub.com/spring-projects/spring-security/issues/12144)
- OAuth 2.0 Resource Server Multi-tenancy - documentation improvement [#12295](https://togithub.com/spring-projects/spring-security/issues/12295)
- Outdated example in Javadoc of UrlAuthorizationConfigurer [#11487](https://togithub.com/spring-projects/spring-security/issues/11487)
- Saml2MetadataFilter response should configure writer to UTF-8 [#12026](https://togithub.com/spring-projects/spring-security/issues/12026)
- SEC-2839: SecurityNamespaceHandler - related to SEC-1455 [#3065](https://togithub.com/spring-projects/spring-security/issues/3065)
- Update the RP-initiated Logout links [#12081](https://togithub.com/spring-projects/spring-security/issues/12081)
#### :hammer: Dependency Upgrades
- Change gradle.plugin.org.gretty:gretty:3.0.1 to org.gretty:gretty:3.0.9 [#12152](https://togithub.com/spring-projects/spring-security/issues/12152)
- Update Gradle to 7.5.1 [#11779](https://togithub.com/spring-projects/spring-security/issues/11779)
- Update hibernate-entitymanager to 5.6.14.Final [#12388](https://togithub.com/spring-projects/spring-security/issues/12388)
- Update httpclient to 4.5.14 [#12386](https://togithub.com/spring-projects/spring-security/issues/12386)
- Update io.projectreactor to 2020.0.26 [#12384](https://togithub.com/spring-projects/spring-security/issues/12384)
- Update jackson-bom to 2.13.4.20221013 [#12381](https://togithub.com/spring-projects/spring-security/issues/12381)
- Update jackson-databind to 2.13.4.2 [#12382](https://togithub.com/spring-projects/spring-security/issues/12382)
- Update mockk to 1.12.8 [#12383](https://togithub.com/spring-projects/spring-security/issues/12383)
- Update org.eclipse.jetty to 9.4.50.v20221201 [#12387](https://togithub.com/spring-projects/spring-security/issues/12387)
- Update org.springframework to 5.3.24 [#12389](https://togithub.com/spring-projects/spring-security/issues/12389)
- Update org.springframework.data to 2021.1.10 [#12390](https://togithub.com/spring-projects/spring-security/issues/12390)
- Update reactor-netty to 1.0.26 [#12385](https://togithub.com/spring-projects/spring-security/issues/12385)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@markkovari](https://togithub.com/markkovari)
- [@ghusta](https://togithub.com/ghusta)
- [@mojavelinux](https://togithub.com/mojavelinux)
- [@selllami](https://togithub.com/selllami)
- [@cbot59](https://togithub.com/cbot59)
### [`v5.6.9`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.9)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.8...5.6.9)
#### :beetle: Bug Fixes
- Fix AuthorizationFilter incorrectly extending OncePerRequestFilter [#12102](https://togithub.com/spring-projects/spring-security/issues/12102)
- Fix scope mapping [#12101](https://togithub.com/spring-projects/spring-security/issues/12101)
### [`v5.6.8`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.8)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.7...5.6.8)
#### :star: New Features
- automatically manage docs version (with collector) [#11943](https://togithub.com/spring-projects/spring-security/pull/11943)
#### :beetle: Bug Fixes
- Add rncToXsd task description to CONTRIBUTING.adoc [#11935](https://togithub.com/spring-projects/spring-security/pull/11935)
- AuthenticationEventPublisher bean is not picked up if no UserDetailsService bean [#11730](https://togithub.com/spring-projects/spring-security/issues/11730)
- Build fails with missing project property cloneOutputDirectory [#11969](https://togithub.com/spring-projects/spring-security/issues/11969)
- GitHubMilestoneApiTests due_on Should Use LocalDate [#11708](https://togithub.com/spring-projects/spring-security/issues/11708)
- HttpSecurity Bean does not set DefaultAuthenticationEventPublisher [#11728](https://togithub.com/spring-projects/spring-security/issues/11728)
- NamespaceLdapAuthenticationProviderTests Should Use Dynamic Port [#11712](https://togithub.com/spring-projects/spring-security/issues/11712)
- RemoteJwkSet is not refreshed when encountering an unknown KID [#11724](https://togithub.com/spring-projects/spring-security/issues/11724)
- Updated reference to architecture page [#11778](https://togithub.com/spring-projects/spring-security/pull/11778)
#### :hammer: Dependency Upgrades
- Update Gradle Enterprise plugin to 3.11.1 [#11827](https://togithub.com/spring-projects/spring-security/pull/11827)
- Update hibernate-entitymanager to 5.6.12.Final [#12005](https://togithub.com/spring-projects/spring-security/issues/12005)
- Update io.projectreactor to 2020.0.24 [#12001](https://togithub.com/spring-projects/spring-security/issues/12001)
- Update io.rsocket to 1.1.3 [#12003](https://togithub.com/spring-projects/spring-security/issues/12003)
- Update jackson-bom to 2.13.4.20221012 [#11997](https://togithub.com/spring-projects/spring-security/issues/11997)
- Update jackson-databind to 2.13.4.1 [#11998](https://togithub.com/spring-projects/spring-security/issues/11998)
- Update jackson-datatype-jsr310 to 2.13.4 [#11999](https://togithub.com/spring-projects/spring-security/issues/11999)
- Update mockk to 1.12.8 [#12000](https://togithub.com/spring-projects/spring-security/issues/12000)
- Update org.eclipse.jetty to 9.4.49.v20220914 [#12004](https://togithub.com/spring-projects/spring-security/issues/12004)
- Update org.springframework to 5.3.23 [#12006](https://togithub.com/spring-projects/spring-security/issues/12006)
- Update org.springframework.data to 2021.1.8 [#12007](https://togithub.com/spring-projects/spring-security/issues/12007)
- Update reactor-netty to 1.0.24 [#12002](https://togithub.com/spring-projects/spring-security/issues/12002)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@rwinch](https://togithub.com/rwinch)
- [@underground-hill](https://togithub.com/underground-hill)
- [@mojavelinux](https://togithub.com/mojavelinux)
- [@jprinet](https://togithub.com/jprinet)
- [@Kehrlann](https://togithub.com/Kehrlann)
### [`v5.6.7`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.7)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.6...5.6.7)
#### :star: New Features
- Add Kotlin example showing integration with WebTestClient [#11612](https://togithub.com/spring-projects/spring-security/issues/11612)
- Set permissions for GitHub actions [#11644](https://togithub.com/spring-projects/spring-security/issues/11644)
#### :beetle: Bug Fixes
- Add Deprecated annotation to WebSecurity#securityInterceptor [#11636](https://togithub.com/spring-projects/spring-security/issues/11636)
- Fix saganCreateRelease saganDeleteRelease Required Permissions [#11426](https://togithub.com/spring-projects/spring-security/issues/11426)
- org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute" [#11608](https://togithub.com/spring-projects/spring-security/issues/11608)
- RequestRejectedHandler does not reliable prevent Internal Server Error [#11673](https://togithub.com/spring-projects/spring-security/issues/11673)
- Sources and javadocs missing in latest snapshots [#11629](https://togithub.com/spring-projects/spring-security/issues/11629)
- Spring Security Bcrypt with strength/log rounds = 31 results in 'Bad number of rounds' error although 31 should be ok [#11485](https://togithub.com/spring-projects/spring-security/issues/11485)
#### :hammer: Dependency Upgrades
- Update hibernate-entitymanager to 5.6.10.Final [#11683](https://togithub.com/spring-projects/spring-security/issues/11683)
- Update io.projectreactor to 2020.0.22 [#11680](https://togithub.com/spring-projects/spring-security/issues/11680)
- Update jsonassert to 1.5.1 [#11684](https://togithub.com/spring-projects/spring-security/issues/11684)
- Update mockk to 1.12.5 [#11679](https://togithub.com/spring-projects/spring-security/issues/11679)
- Update org.eclipse.jetty to 9.4.48.v20220622 [#11682](https://togithub.com/spring-projects/spring-security/issues/11682)
- Update org.springframework to 5.3.22 [#11685](https://togithub.com/spring-projects/spring-security/issues/11685)
- Update org.springframework.data to 2021.1.6 [#11686](https://togithub.com/spring-projects/spring-security/issues/11686)
- Update reactor-netty to 1.0.22 [#11681](https://togithub.com/spring-projects/spring-security/issues/11681)
### [`v5.6.6`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.6)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.5...5.6.6)
#### :star: New Features
- Consider updating testing examples to use JUnit Jupiter [#11292](https://togithub.com/spring-projects/spring-security/issues/11292)
#### :beetle: Bug Fixes
- CsrfWebFilter null save content-type check [#11342](https://togithub.com/spring-projects/spring-security/issues/11342)
- Docs example uses access(String) with authorizeHttpRequests() [#11297](https://togithub.com/spring-projects/spring-security/issues/11297)
- Fix typo in BasicLookupStrategy Javadoc [#11340](https://togithub.com/spring-projects/spring-security/issues/11340)
- OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice [#11385](https://togithub.com/spring-projects/spring-security/issues/11385)
- SAML request encoding: on redirect binding, base64 encoded message contains CRLF [#11285](https://togithub.com/spring-projects/spring-security/issues/11285)
- Should SAML metadata EntityDescriptor tag have the md: prefix? [#11310](https://togithub.com/spring-projects/spring-security/issues/11310)
- Some Security Expressions cause NPE when used within `@Query` [#11290](https://togithub.com/spring-projects/spring-security/issues/11290)
#### :hammer: Dependency Upgrades
- Update hibernate-entitymanager to 5.6.9.Final [#11416](https://togithub.com/spring-projects/spring-security/issues/11416)
- Update io.projectreactor to 2020.0.20 [#11414](https://togithub.com/spring-projects/spring-security/issues/11414)
- Update jackson-bom to 2.13.3 [#11411](https://togithub.com/spring-projects/spring-security/issues/11411)
- Update jackson-databind to 2.13.3 [#11412](https://togithub.com/spring-projects/spring-security/issues/11412)
- Update jackson-datatype-jsr310 to 2.13.3 [#11413](https://togithub.com/spring-projects/spring-security/issues/11413)
- Update org.opensaml:opensaml-core4 to 4.1.1 [#11420](https://togithub.com/spring-projects/spring-security/issues/11420)
- Update org.springframework to 5.3.21 [#11417](https://togithub.com/spring-projects/spring-security/issues/11417)
- Update org.springframework.data to 2021.1.5 [#11418](https://togithub.com/spring-projects/spring-security/issues/11418)
- Update reactor-netty to 1.0.20 [#11415](https://togithub.com/spring-projects/spring-security/issues/11415)
- Update spring-ldap-core to 2.3.8.RELEASE [#11419](https://togithub.com/spring-projects/spring-security/issues/11419)
### [`v5.6.5`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.5)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.4...5.6.5)
#### :beetle: Bug Fixes
- StrictHttpFirewall incorrectly rejects valid CJKV characters [#11267](https://togithub.com/spring-projects/spring-security/issues/11267)
### [`v5.6.4`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.4)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.3...5.6.4)
#### :star: New Features
- Check Samples should run against the current artifacts [#11200](https://togithub.com/spring-projects/spring-security/issues/11200)
#### :beetle: Bug Fixes
- Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator [#11166](https://togithub.com/spring-projects/spring-security/issues/11166)
- Multiple .requestMatchers().mvcMatchers() override previous one [#11186](https://togithub.com/spring-projects/spring-security/issues/11186)
#### :hammer: Dependency Upgrades
- Update io.projectreactor to 2020.0.19 [#11207](https://togithub.com/spring-projects/spring-security/issues/11207)
- Update mockk to 1.12.4 [#11206](https://togithub.com/spring-projects/spring-security/issues/11206)
- Update org.springframework to 5.3.20 [#11209](https://togithub.com/spring-projects/spring-security/issues/11209)
- Update org.springframework.data to 2021.1.4 [#11210](https://togithub.com/spring-projects/spring-security/issues/11210)
- Update reactor-netty to 1.0.19 [#11208](https://togithub.com/spring-projects/spring-security/issues/11208)
### [`v5.6.3`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.3)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.2...5.6.3)
#### :beetle: Bug Fixes
- AuthorizationManagerWebInvocationPrivilegeEvaluator should grant access when AuthorizationManager abstains [#10951](https://togithub.com/spring-projects/spring-security/issues/10951)
- Change HashSet to LinkedHashSet for RelyingPartyRegistration credentials [#10916](https://togithub.com/spring-projects/spring-security/issues/10916)
- Fix saml2 authentication-requests documentation [#11047](https://togithub.com/spring-projects/spring-security/issues/11047)
- Remove "Hi servlet/authentication/architecture there" from docs [#10963](https://togithub.com/spring-projects/spring-security/issues/10963)
#### :hammer: Dependency Upgrades
- Update hibernate-entitymanager to 5.6.8.Final [#11124](https://togithub.com/spring-projects/spring-security/issues/11124)
- Update io.projectreactor to 2020.0.18 [#11119](https://togithub.com/spring-projects/spring-security/issues/11119)
- Update io.rsocket to 1.1.2 [#11121](https://togithub.com/spring-projects/spring-security/issues/11121)
- Update jackson-bom to 2.13.2.20220328 [#11115](https://togithub.com/spring-projects/spring-security/issues/11115)
- Update jackson-databind to 2.13.2.2 [#11116](https://togithub.com/spring-projects/spring-security/issues/11116)
- Update jackson-datatype-jsr310 to 2.13.2 [#11117](https://togithub.com/spring-projects/spring-security/issues/11117)
- Update logback-classic to 1.2.11 [#11114](https://togithub.com/spring-projects/spring-security/issues/11114)
- Update mockk to 1.12.3 [#11118](https://togithub.com/spring-projects/spring-security/issues/11118)
- Update org.aspectj to 1.9.9.1 [#11122](https://togithub.com/spring-projects/spring-security/issues/11122)
- Update org.eclipse.jetty to 9.4.46.v20220331 [#11123](https://togithub.com/spring-projects/spring-security/issues/11123)
- Update org.springframework to 5.3.19 [#11125](https://togithub.com/spring-projects/spring-security/issues/11125)
- Update org.springframework.data to 2021.1.3 [#11126](https://togithub.com/spring-projects/spring-security/issues/11126)
- Update reactor-netty to 1.0.18 [#11120](https://togithub.com/spring-projects/spring-security/issues/11120)
- Update spring-ldap-core to 2.3.7.RELEASE [#11127](https://togithub.com/spring-projects/spring-security/issues/11127)
### [`v5.6.2`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.2)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.1...5.6.2)
#### :rewind: Breaking Changes
- Saml2 metadata includes SingleLogoutService even if saml2 logout is disabled / not configured [#10734](https://togithub.com/spring-projects/spring-security/issues/10734)
#### :star: New Features
- Document Authorize HTTP Requests for Reactive Security [#10801](https://togithub.com/spring-projects/spring-security/issues/10801)
- Introduce `AuthorizationManagerWebInvocationPrivilegeEvaluator` [#10682](https://togithub.com/spring-projects/spring-security/issues/10682)
#### :beetle: Bug Fixes
- add Kotlin examples for Spring Data Integration of servlet application [#10848](https://togithub.com/spring-projects/spring-security/issues/10848)
- commons-logging:commons-logging is a transitive dependency of some modules [#10772](https://togithub.com/spring-projects/spring-security/issues/10772)
- Do not rely on javax. group ids [#10770](https://togithub.com/spring-projects/spring-security/issues/10770)
- Fix broken link to SAML2 login example [#10806](https://togithub.com/spring-projects/spring-security/issues/10806)
- Getting Spring Security Reference Docs have a error [#10796](https://togithub.com/spring-projects/spring-security/issues/10796)
- Make source code compatible with JDK 8 [#10699](https://togithub.com/spring-projects/spring-security/issues/10699)
- Replace StringUtils class of oauth2-oidc-sdk completely [#10824](https://togithub.com/spring-projects/spring-security/issues/10824)
- RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext [#10792](https://togithub.com/spring-projects/spring-security/issues/10792)
- WebInvocationPrivilegeEvaluator Bean should support multiple `SecurityFilterChain`s [#10680](https://togithub.com/spring-projects/spring-security/issues/10680)
#### :hammer: Dependency Upgrades
- Update hibernate-entitymanager to 5.6.5.Final [#10873](https://togithub.com/spring-projects/spring-security/issues/10873)
- Update io.projectreactor to 2020.0.16 [#10867](https://togithub.com/spring-projects/spring-security/issues/10867)
- Update io.spring.javaformat to 0.0.31 [#10870](https://togithub.com/spring-projects/spring-security/issues/10870)
- Update logback-classic to 1.2.10 [#10865](https://togithub.com/spring-projects/spring-security/issues/10865)
- Update mockk to 1.12.2 [#10866](https://togithub.com/spring-projects/spring-security/issues/10866)
- Update org.aspectj to 1.9.8 [#10871](https://togithub.com/spring-projects/spring-security/issues/10871)
- Update org.eclipse.jetty to 9.4.45.v20220203 [#10872](https://togithub.com/spring-projects/spring-security/issues/10872)
- Update org.slf4j to 1.7.36 [#10874](https://togithub.com/spring-projects/spring-security/issues/10874)
- Update org.springframework to 5.3.16 [#10875](https://togithub.com/spring-projects/spring-security/issues/10875)
- Update org.springframework.data to 2021.1.2 [#10876](https://togithub.com/spring-projects/spring-security/issues/10876)
- Update r2dbc-h2 to 0.8.5.RELEASE [#10869](https://togithub.com/spring-projects/spring-security/issues/10869)
- Update reactor-netty to 1.0.16 [#10868](https://togithub.com/spring-projects/spring-security/issues/10868)
- Update spring-ldap-core to 2.3.6.RELEASE [#10877](https://togithub.com/spring-projects/spring-security/issues/10877)
### [`v5.6.1`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.1)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.0...5.6.1)
#### :star: New Features
- Document authentication helper method in WebClient integration [#10468](https://togithub.com/spring-projects/spring-security/pull/10468)
- Document authentication helper method in WebClient integration for Servlet Environments [#10120](https://togithub.com/spring-projects/spring-security/issues/10120)
- Document parameters converter in oauth2 client servlet docs [#10469](https://togithub.com/spring-projects/spring-security/pull/10469)
- Document parameters converter in oauth2 client servlet docs [#10467](https://togithub.com/spring-projects/spring-security/issues/10467)
#### :beetle: Bug Fixes
- `AuthorityAuthorizationManager` incorrectly compares `GrantedAuthority` [#10595](https://togithub.com/spring-projects/spring-security/issues/10595)
- clockSkew Javadoc is not consistent with implementation [#10535](https://togithub.com/spring-projects/spring-security/issues/10535)
- Invalid_request failures in JwtTokenValidators are always turned into invalid_token errors [#10560](https://togithub.com/spring-projects/spring-security/issues/10560)
- Kotlin DSL examples in reactive oauth2 docs call build twice [#10591](https://togithub.com/spring-projects/spring-security/issues/10591)
- StaticServerHttpHeadersWriter should work with case-insensitive header names [#10581](https://togithub.com/spring-projects/spring-security/issues/10581)
#### :hammer: Dependency Upgrades
- Update cas-client-core to 3.6.4 [#10654](https://togithub.com/spring-projects/spring-security/issues/10654)
- Update hibernate-entitymanager to 5.6.3.Final [#10653](https://togithub.com/spring-projects/spring-security/issues/10653)
- Update io.projectreactor to 2020.0.14 [#10651](https://togithub.com/spring-projects/spring-security/issues/10651)
- Update jackson-bom to 2.13.1 [#10647](https://togithub.com/spring-projects/spring-security/issues/10647)
- Update jackson-databind to 2.13.1 [#10648](https://togithub.com/spring-projects/spring-security/issues/10648)
- Update jackson-datatype-jsr310 to 2.13.1 [#10649](https://togithub.com/spring-projects/spring-security/issues/10649)
- Update junit-bom to 5.8.2 [#10656](https://togithub.com/spring-projects/spring-security/issues/10656)
- Update logback-classic to 1.2.9 [#10646](https://togithub.com/spring-projects/spring-security/issues/10646)
- Update mockk to 1.12.1 [#10650](https://togithub.com/spring-projects/spring-security/issues/10650)
- Update org.jetbrains.kotlin to 1.5.32 [#10655](https://togithub.com/spring-projects/spring-security/issues/10655)
- Update org.junit.jupiter to 5.8.2 [#10657](https://togithub.com/spring-projects/spring-security/issues/10657)
- Update org.springframework to 5.3.14 [#10658](https://togithub.com/spring-projects/spring-security/issues/10658)
- Update reactor-netty to 1.0.14 [#10652](https://togithub.com/spring-projects/spring-security/issues/10652)
- Update spring-ldap-core to 2.3.5.RELEASE [#10659](https://togithub.com/spring-projects/spring-security/issues/10659)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@sjohnr](https://togithub.com/sjohnr)
### [`v5.6.0`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.0)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.5.8...5.6.0)
#### :star: New Features
- DaoAuthenticationProviderTests#avg function doesn't return fraction [#10426](https://togithub.com/spring-projects/spring-security/pull/10426)
- Docs Should Use Section Summary [#10449](https://togithub.com/spring-projects/spring-security/issues/10449)
- MissingCsrfTokenException message is misleading when not storing the CSRF tokens in the session [#10436](https://togithub.com/spring-projects/spring-security/issues/10436)
- Revamp OAuth 2.0 Login/Client reactive documentation [#8174](https://togithub.com/spring-projects/spring-security/issues/8174)
- Revamp Reactive OAuth 2.0 Login documentation [#10479](https://togithub.com/spring-projects/spring-security/pull/10479)
- Split up Documentation Further [#10367](https://togithub.com/spring-projects/spring-security/issues/10367)
- Support Structure 101 License Id in Package Tangle Check [#10443](https://togithub.com/spring-projects/spring-security/issues/10443)
#### :beetle: Bug Fixes
- Adding keyInfo section to LogoutRequest from RP side [#10450](https://togithub.com/spring-projects/spring-security/pull/10450)
- In saml2 LogoutRequest from RP doesn't contain KeyInfo [#10438](https://togithub.com/spring-projects/spring-security/issues/10438)
- Oauth2 Resource Server will not retry on first failure with Multi-tenancy [#10444](https://togithub
This PR contains the following updates:
4.2.13.RELEASE->5.7.12By merging this PR, the issue #110 will be automatically resolved and closed:
Release Notes
spring-projects/spring-security (org.springframework.security:spring-security-core)
### [`v5.7.12`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.12) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.11...5.7.12) #### :beetle: Bug Fixes - Check for `null` Authentication [#14715](https://togithub.com/spring-projects/spring-security/issues/14715) ### [`v5.7.11`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.11) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.10...5.7.11) #### :star: New Features - Automate spring-security.xsd [#13819](https://togithub.com/spring-projects/spring-security/issues/13819) ### [`v5.7.10`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.10) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.9...5.7.10) #### :beetle: Bug Fixes - Use default PathPatternParser instance [#13461](https://togithub.com/spring-projects/spring-security/issues/13461) #### :hammer: Dependency Upgrades - Update io.projectreactor to 2020.0.34 [#13509](https://togithub.com/spring-projects/spring-security/issues/13509) - Update org.springframework to 5.3.29 [#13511](https://togithub.com/spring-projects/spring-security/issues/13511) - Update org.springframework.data to 2021.2.14 [#13512](https://togithub.com/spring-projects/spring-security/issues/13512) - Update reactor-netty to 1.0.34 [#13510](https://togithub.com/spring-projects/spring-security/issues/13510) ### [`v5.7.9`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.9) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.8...5.7.9) #### :star: New Features - Convert to Asciidoctor Tabs [#13404](https://togithub.com/spring-projects/spring-security/issues/13404) - Use Antora name of security [#13328](https://togithub.com/spring-projects/spring-security/issues/13328) #### :beetle: Bug Fixes - Additional filters registered when using Custom DSL [#13203](https://togithub.com/spring-projects/spring-security/issues/13203) - Clarify that Kotlin DSL needs an import [#13092](https://togithub.com/spring-projects/spring-security/issues/13092) - Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository [#13098](https://togithub.com/spring-projects/spring-security/issues/13098) - Fix Antora Warnings [#13291](https://togithub.com/spring-projects/spring-security/issues/13291) - Fix constant value in XContentTypeOptionsServerHttpHeadersWriter [#13155](https://togithub.com/spring-projects/spring-security/issues/13155) - Fix Documentation Title [#13315](https://togithub.com/spring-projects/spring-security/issues/13315) - Fix javadoc for migration from WebSecurityConfigurerAdapter [#12996](https://togithub.com/spring-projects/spring-security/pull/12996) - Fix typo in SecurityMockMvcResultMatchers.java [#12793](https://togithub.com/spring-projects/spring-security/pull/12793) - fix typo of modules.adoc [#12921](https://togithub.com/spring-projects/spring-security/pull/12921) - Fix typo overview.adoc [#13269](https://togithub.com/spring-projects/spring-security/pull/13269) - http://www.springframework.org/schema/security/spring-security.xsd returns 404 [#13131](https://togithub.com/spring-projects/spring-security/issues/13131) - Proxy Server section is not linked in nav [#13313](https://togithub.com/spring-projects/spring-security/issues/13313) - Typos in docs [#13283](https://togithub.com/spring-projects/spring-security/pull/13283) #### :hammer: Dependency Upgrades - Update io.projectreactor to 2020.0.33 [#13373](https://togithub.com/spring-projects/spring-security/issues/13373) - Update io.rsocket to 1.1.4 [#13379](https://togithub.com/spring-projects/spring-security/issues/13379) - Update org.springframework to 5.3.28 [#13382](https://togithub.com/spring-projects/spring-security/issues/13382) - Update org.springframework.data to 2021.2.13 [#13385](https://togithub.com/spring-projects/spring-security/issues/13385) - Update reactor-netty to 1.0.33 [#13376](https://togithub.com/spring-projects/spring-security/issues/13376) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@Anubhav-2000](https://togithub.com/Anubhav-2000) - [@SeasonPanPan](https://togithub.com/SeasonPanPan) - [@amal-stack](https://togithub.com/amal-stack) - [@1993heqiang](https://togithub.com/1993heqiang) - [@xak2000](https://togithub.com/xak2000) ### [`v5.7.8`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.8) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.7...5.7.8) #### :star: New Features - Clarify documentation code snippet(s) (unclear where static imported methods come from) [#6597](https://togithub.com/spring-projects/spring-security/issues/6597) - Document relationship between registrationId, EntityID, and resolving a relying party [#12764](https://togithub.com/spring-projects/spring-security/issues/12764) #### :beetle: Bug Fixes - Add test to SimpleUrlAuthenticationSuccessHandlerTests [#12740](https://togithub.com/spring-projects/spring-security/pull/12740) - Avoid NPE in FilterInvocation [#12922](https://togithub.com/spring-projects/spring-security/pull/12922) - EntityId ignored in xml relying-party-registration [#11898](https://togithub.com/spring-projects/spring-security/issues/11898) - Fix a javadoc typo in ReactiveAuthorizationManager [#12998](https://togithub.com/spring-projects/spring-security/issues/12998) - Fix a javadoc typo in ReactiveAuthorizationManager [#12978](https://togithub.com/spring-projects/spring-security/pull/12978) - Fix typo in SessionManagementConfigurer javadoc [#12820](https://togithub.com/spring-projects/spring-security/pull/12820) - Missing spring-security-oauth2 xsds after release [#12804](https://togithub.com/spring-projects/spring-security/issues/12804) - NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed [#12960](https://togithub.com/spring-projects/spring-security/issues/12960) - RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present [#12664](https://togithub.com/spring-projects/spring-security/issues/12664) - SwitchUserFilter should use HttpSessionSecurityContextRepository by default [#12834](https://togithub.com/spring-projects/spring-security/issues/12834) #### :hammer: Dependency Upgrades - Update blockhound to 1.0.8.RELEASE [#13016](https://togithub.com/spring-projects/spring-security/issues/13016) - Update io.projectreactor to 2020.0.31 [#13014](https://togithub.com/spring-projects/spring-security/issues/13014) - Update logback-classic to 1.2.12 [#13013](https://togithub.com/spring-projects/spring-security/issues/13013) - Update org.eclipse.jetty to 9.4.51.v20230217 [#13017](https://togithub.com/spring-projects/spring-security/issues/13017) - Update org.springframework to 5.3.27 [#13018](https://togithub.com/spring-projects/spring-security/issues/13018) - Update org.springframework.data to 2021.2.11 [#13019](https://togithub.com/spring-projects/spring-security/issues/13019) - Update reactor-netty to 1.0.31 [#13015](https://togithub.com/spring-projects/spring-security/issues/13015) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@marckchr](https://togithub.com/marckchr) - [@yuanhang](https://togithub.com/yuanhang) - [@twosom](https://togithub.com/twosom) - [@esivakumar18](https://togithub.com/esivakumar18) - [@martin-tarjanyi](https://togithub.com/martin-tarjanyi) ### [`v5.7.7`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.7) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.6...5.7.7) #### :star: New Features - chore: Use cache in continuous-integration-workflow.yml [#12503](https://togithub.com/spring-projects/spring-security/pull/12503) - fix unclosed block in docs [#12542](https://togithub.com/spring-projects/spring-security/pull/12542) #### :beetle: Bug Fixes - AuthorizationManager method security documentation should use AnnotationMatchingPointcut [#11095](https://togithub.com/spring-projects/spring-security/issues/11095) - Document XMLObject retreival for Asserting Party metadata [#12667](https://togithub.com/spring-projects/spring-security/issues/12667) - Fix typo in OAuth 2.0 testing docs [#12437](https://togithub.com/spring-projects/spring-security/pull/12437) - Jackson serialization of `DefaultSaml2AuthenticatedPrincipal`: `LinkedMultiValueMap is not in the allowlist` [#11785](https://togithub.com/spring-projects/spring-security/issues/11785) - NimbusJwtDecoder unknown KID scenario is not correctly tested [#12238](https://togithub.com/spring-projects/spring-security/pull/12238) - NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard [#12637](https://togithub.com/spring-projects/spring-security/issues/12637) - SwitchUserFilter not working in Spring Security 6 [#12504](https://togithub.com/spring-projects/spring-security/issues/12504) - Wrong name of the filter in the SecurityContextHolderFilter diagram [#11800](https://togithub.com/spring-projects/spring-security/issues/11800) #### :hammer: Dependency Upgrades - Update blockhound to 1.0.7.RELEASE [#12733](https://togithub.com/spring-projects/spring-security/issues/12733) - Update hibernate-entitymanager to 5.6.15.Final [#12736](https://togithub.com/spring-projects/spring-security/issues/12736) - Update io.projectreactor to 2020.0.28 [#12732](https://togithub.com/spring-projects/spring-security/issues/12732) - Update io.spring.nohttp to 0.0.11 [#12734](https://togithub.com/spring-projects/spring-security/issues/12734) - Update jackson-bom to 2.13.5 [#12731](https://togithub.com/spring-projects/spring-security/issues/12731) - Update org.aspectj to 1.9.19 [#12735](https://togithub.com/spring-projects/spring-security/issues/12735) - Update org.springframework to 5.3.25 [#12737](https://togithub.com/spring-projects/spring-security/issues/12737) - Update org.springframework.data to 2021.2.8 [#12738](https://togithub.com/spring-projects/spring-security/issues/12738) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@jonkjenn](https://togithub.com/jonkjenn) - [@mojavelinux](https://togithub.com/mojavelinux) - [@jongwooo](https://togithub.com/jongwooo) - [@eleftherias](https://togithub.com/eleftherias) ### [`v5.7.6`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.6) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.5...5.7.6) #### :star: New Features - Improve deprecation notice in WebSecurityConfigurerAdapter [#12260](https://togithub.com/spring-projects/spring-security/issues/12260) - Replace deprecated set-state set-output GitHub Action's commands [#12297](https://togithub.com/spring-projects/spring-security/issues/12297) #### :beetle: Bug Fixes - DefaultLdapAuthoritiesPopulator throws NullPointerException [#12407](https://togithub.com/spring-projects/spring-security/issues/12407) - Fix AuthorizationFilter diagram in docs [#12285](https://togithub.com/spring-projects/spring-security/issues/12285) - Incorrect scope map fix [#12205](https://togithub.com/spring-projects/spring-security/issues/12205) - SAML logout: Incorrect log messages [#12208](https://togithub.com/spring-projects/spring-security/issues/12208) - Saml2MetadataFilter response should configure writer to UTF-8 [#12221](https://togithub.com/spring-projects/spring-security/issues/12221) - SEC-2839: SecurityNamespaceHandler - related to SEC-1455 [#12125](https://togithub.com/spring-projects/spring-security/issues/12125) - Update the RP-initiated Logout links [#12121](https://togithub.com/spring-projects/spring-security/issues/12121) #### :hammer: Dependency Upgrades - Change gradle.plugin.org.gretty:gretty:3.0.1 to org.gretty:gretty:3.0.9 [#12153](https://togithub.com/spring-projects/spring-security/issues/12153) - Update Gradle to 7.5.1 [#12157](https://togithub.com/spring-projects/spring-security/issues/12157) - Update hibernate-entitymanager to 5.6.14.Final [#12397](https://togithub.com/spring-projects/spring-security/issues/12397) - Update httpclient to 4.5.14 [#12395](https://togithub.com/spring-projects/spring-security/issues/12395) - Update io.projectreactor to 2020.0.26 [#12393](https://togithub.com/spring-projects/spring-security/issues/12393) - Update jackson-bom to 2.13.4.20221013 [#12391](https://togithub.com/spring-projects/spring-security/issues/12391) - Update jackson-databind to 2.13.4.2 [#12392](https://togithub.com/spring-projects/spring-security/issues/12392) - Update org.eclipse.jetty to 9.4.50.v20221201 [#12396](https://togithub.com/spring-projects/spring-security/issues/12396) - Update org.springframework to 5.3.24 [#12398](https://togithub.com/spring-projects/spring-security/issues/12398) - Update org.springframework.data to 2021.2.6 [#12399](https://togithub.com/spring-projects/spring-security/issues/12399) - Update reactor-netty to 1.0.26 [#12394](https://togithub.com/spring-projects/spring-security/issues/12394) ### [`v5.7.5`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.5) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.4...5.7.5) #### :beetle: Bug Fixes - Fix AuthorizationFilter incorrectly extending OncePerRequestFilter [#12113](https://togithub.com/spring-projects/spring-security/issues/12113) - Fix scope mapping [#12112](https://togithub.com/spring-projects/spring-security/issues/12112) - IpAddressServerWebExchangeMatcher throws NullPointerException with framework forward-headers-strategy [#11888](https://togithub.com/spring-projects/spring-security/issues/11888) ### [`v5.7.4`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.4) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.3...5.7.4) #### :star: New Features - automatically manage docs version (with collector) [#11955](https://togithub.com/spring-projects/spring-security/issues/11955) #### :beetle: Bug Fixes - AuthenticationEventPublisher bean is not picked up if no UserDetailsService bean [#11729](https://togithub.com/spring-projects/spring-security/issues/11729) - Build fails with missing project property cloneOutputDirectory [#11979](https://togithub.com/spring-projects/spring-security/issues/11979) - GitHubMilestoneApiTests due_on Should Use LocalDate [#11707](https://togithub.com/spring-projects/spring-security/issues/11707) - HttpSecurity Bean does not set DefaultAuthenticationEventPublisher [#11727](https://togithub.com/spring-projects/spring-security/issues/11727) - NamespaceLdapAuthenticationProviderTests Should Use Dynamic Port [#11711](https://togithub.com/spring-projects/spring-security/issues/11711) - RemoteJwkSet is not refreshed when encountering an unknown KID [#11723](https://togithub.com/spring-projects/spring-security/issues/11723) - RequestRejectedHandler does not reliable prevent Internal Server Error [#11744](https://togithub.com/spring-projects/spring-security/issues/11744) #### :hammer: Dependency Upgrades - Update Gradle Enterprise plugin to 3.11.1 [#11830](https://togithub.com/spring-projects/spring-security/issues/11830) - Update hibernate-entitymanager to 5.6.10.Final [#11745](https://togithub.com/spring-projects/spring-security/issues/11745) - Update hibernate-entitymanager to 5.6.12.Final [#12016](https://togithub.com/spring-projects/spring-security/issues/12016) - Update io.projectreactor to 2020.0.22 [#11743](https://togithub.com/spring-projects/spring-security/issues/11743) - Update io.projectreactor to 2020.0.24 [#12012](https://togithub.com/spring-projects/spring-security/issues/12012) - Update io.rsocket to 1.1.3 [#12014](https://togithub.com/spring-projects/spring-security/issues/12014) - Update jackson-bom to 2.13.4.20221012 [#12008](https://togithub.com/spring-projects/spring-security/issues/12008) - Update jackson-databind to 2.13.4.1 [#12009](https://togithub.com/spring-projects/spring-security/issues/12009) - Update jackson-datatype-jsr310 to 2.13.4 [#12010](https://togithub.com/spring-projects/spring-security/issues/12010) - Update jsonassert to 1.5.1 [#11741](https://togithub.com/spring-projects/spring-security/issues/11741) - Update mockk to 1.12.8 [#12011](https://togithub.com/spring-projects/spring-security/issues/12011) - Update org.eclipse.jetty to 9.4.48.v20220622 [#11740](https://togithub.com/spring-projects/spring-security/issues/11740) - Update org.eclipse.jetty to 9.4.49.v20220914 [#12015](https://togithub.com/spring-projects/spring-security/issues/12015) - Update org.springframework to 5.3.22 [#11739](https://togithub.com/spring-projects/spring-security/issues/11739) - Update org.springframework to 5.3.23 [#12017](https://togithub.com/spring-projects/spring-security/issues/12017) - Update org.springframework.data to 2021.1.6 [#11742](https://togithub.com/spring-projects/spring-security/issues/11742) - Update org.springframework.data to 2021.2.4 [#12018](https://togithub.com/spring-projects/spring-security/issues/12018) - Update reactor-netty to 1.0.24 [#12013](https://togithub.com/spring-projects/spring-security/issues/12013) ### [`v5.7.3`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.3) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.2...5.7.3) #### :star: New Features - Add Kotlin example showing integration with WebTestClient [#9998](https://togithub.com/spring-projects/spring-security/issues/9998) - Set permissions for GitHub actions [#11642](https://togithub.com/spring-projects/spring-security/issues/11642) - Update javadoc of EnableWebSecurity to reflect deprecation of WebSecurityConfigurerAdapter [#11650](https://togithub.com/spring-projects/spring-security/issues/11650) #### :beetle: Bug Fixes - Add Deprecated annotation to WebSecurity#securityInterceptor [#11637](https://togithub.com/spring-projects/spring-security/issues/11637) - Check saganCreateRelease saganDeleteRelease Required Permissions [#11425](https://togithub.com/spring-projects/spring-security/issues/11425) - org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute" [#11605](https://togithub.com/spring-projects/spring-security/issues/11605) - RequestAttributeSecurityContextRepository.loadContext(HttpServletRequest) should never return null SecurityContext [#11606](https://togithub.com/spring-projects/spring-security/issues/11606) - RequestRejectedHandler does not reliable prevent Internal Server Error [#11672](https://togithub.com/spring-projects/spring-security/issues/11672) - Sources and javadocs missing in latest snapshots [#11628](https://togithub.com/spring-projects/spring-security/issues/11628) - Spring Security Bcrypt with strength/log rounds = 31 results in 'Bad number of rounds' error although 31 should be ok [#11484](https://togithub.com/spring-projects/spring-security/issues/11484) - Update javadoc of HttpSecurity, WebSecurityConfiguration and WebSecurity to reflect deprecation of WebSecurityConfigurerAdapter [#11651](https://togithub.com/spring-projects/spring-security/issues/11651) #### :hammer: Dependency Upgrades - Update hibernate-entitymanager to 5.6.10.Final [#11694](https://togithub.com/spring-projects/spring-security/issues/11694) - Update io.projectreactor to 2020.0.22 [#11691](https://togithub.com/spring-projects/spring-security/issues/11691) - Update jsonassert to 1.5.1 [#11696](https://togithub.com/spring-projects/spring-security/issues/11696) - Update mockk to 1.12.5 [#11690](https://togithub.com/spring-projects/spring-security/issues/11690) - Update org.eclipse.jetty to 9.4.48.v20220622 [#11693](https://togithub.com/spring-projects/spring-security/issues/11693) - Update org.jetbrains.kotlinx to 1.6.4 [#11695](https://togithub.com/spring-projects/spring-security/issues/11695) - Update org.springframework to 5.3.22 [#11697](https://togithub.com/spring-projects/spring-security/issues/11697) - Update org.springframework.data to 2021.2.2 [#11698](https://togithub.com/spring-projects/spring-security/issues/11698) ### [`v5.7.2`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.2) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.1...5.7.2) #### :star: New Features - Consider updating testing examples to use JUnit Jupiter [#11293](https://togithub.com/spring-projects/spring-security/issues/11293) #### :beetle: Bug Fixes - Some Security Expressions cause NPE when used within `@Query` [#11289](https://togithub.com/spring-projects/spring-security/issues/11289) - CsrfWebFilter null save content-type check [#11341](https://togithub.com/spring-projects/spring-security/issues/11341) - Docs example uses access(String) with authorizeHttpRequests() [#11296](https://togithub.com/spring-projects/spring-security/issues/11296) - Fix typo in BasicLookupStrategy Javadoc [#11339](https://togithub.com/spring-projects/spring-security/issues/11339) - KeyInfo missing in AuthnRequest when using OpenSaml4AuthenticationRequestResolver [#11358](https://togithub.com/spring-projects/spring-security/issues/11358) - OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice [#11384](https://togithub.com/spring-projects/spring-security/issues/11384) - SAML request encoding: on redirect binding, base64 encoded message contains CRLF [#11284](https://togithub.com/spring-projects/spring-security/issues/11284) - SecurityContextRepository.loadContext(HttpServletRequest) cache result [#11390](https://togithub.com/spring-projects/spring-security/issues/11390) - Should SAML metadata EntityDescriptor tag have the md: prefix? [#11311](https://togithub.com/spring-projects/spring-security/issues/11311) - Update opaque-token.adoc [#11303](https://togithub.com/spring-projects/spring-security/pull/11303) #### :hammer: Dependency Upgrades - Update aspectj-plugin to 6.4.3.1 [#11402](https://togithub.com/spring-projects/spring-security/issues/11402) - Update hibernate-entitymanager to 5.6.9.Final [#11405](https://togithub.com/spring-projects/spring-security/issues/11405) - Update io.projectreactor to 2020.0.20 [#11403](https://togithub.com/spring-projects/spring-security/issues/11403) - Update jackson-bom to 2.13.3 [#11399](https://togithub.com/spring-projects/spring-security/issues/11399) - Update jackson-databind to 2.13.3 [#11400](https://togithub.com/spring-projects/spring-security/issues/11400) - Update jackson-datatype-jsr310 to 2.13.3 [#11401](https://togithub.com/spring-projects/spring-security/issues/11401) - Update org.jetbrains.kotlinx to 1.6.3 [#11406](https://togithub.com/spring-projects/spring-security/issues/11406) - Update org.opensaml:opensaml-core4 to 4.1.1 [#11410](https://togithub.com/spring-projects/spring-security/issues/11410) - Update org.springframework to 5.3.21 [#11407](https://togithub.com/spring-projects/spring-security/issues/11407) - Update org.springframework.data to 2021.2.1 [#11408](https://togithub.com/spring-projects/spring-security/issues/11408) - Update reactor-netty to 1.0.20 [#11404](https://togithub.com/spring-projects/spring-security/issues/11404) - Update spring-ldap-core to 2.4.1 [#11409](https://togithub.com/spring-projects/spring-security/issues/11409) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@andrelugomes](https://togithub.com/andrelugomes) ### [`v5.7.1`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.1) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.0...5.7.1) #### :beetle: Bug Fixes - StrictHttpFirewall incorrectly rejects valid CJKV characters [#11266](https://togithub.com/spring-projects/spring-security/issues/11266) ### [`v5.7.0`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.0) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.12...5.7.0) #### :star: New Features - Check Samples should run against the current artifacts [#11199](https://togithub.com/spring-projects/spring-security/issues/11199) - Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager#isAuthorized [#11188](https://togithub.com/spring-projects/spring-security/issues/11188) - Remember me should detect UserDetailsService bean [#11170](https://togithub.com/spring-projects/spring-security/issues/11170) - WebSessionServerSecurityContextRepository provides Mono.cache option [#8422](https://togithub.com/spring-projects/spring-security/issues/8422) - X509 should detect UserDetailsService bean [#11174](https://togithub.com/spring-projects/spring-security/issues/11174) #### :beetle: Bug Fixes - `@EnableMethodSecurity` doesn't resolve annotations on interfaces through a Proxy [#11177](https://togithub.com/spring-projects/spring-security/pull/11177) - Add shouldFilterAllDispatcherTypes to Kotlin DSL [#11153](https://togithub.com/spring-projects/spring-security/issues/11153) - Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator [#11165](https://togithub.com/spring-projects/spring-security/issues/11165) - Multiple .requestMatchers().mvcMatchers() override previous one [#11185](https://togithub.com/spring-projects/spring-security/issues/11185) #### :hammer: Dependency Upgrades - Update aspectj-plugin to 6.4.3 [#11218](https://togithub.com/spring-projects/spring-security/issues/11218) - Update com.nimbusds to 9.35 [#11217](https://togithub.com/spring-projects/spring-security/issues/11217) - Update htmlunit to 2.61.0 [#11222](https://togithub.com/spring-projects/spring-security/issues/11222) - Update htmlunit-driver to 2.61.0 [#11224](https://togithub.com/spring-projects/spring-security/issues/11224) - Update io.projectreactor to 2020.0.19 [#11220](https://togithub.com/spring-projects/spring-security/issues/11220) - Update mockk to 1.12.4 [#11219](https://togithub.com/spring-projects/spring-security/issues/11219) - Update org.jetbrains.kotlin to 1.6.21 [#11223](https://togithub.com/spring-projects/spring-security/issues/11223) - Update org.springframework to 5.3.20 [#11225](https://togithub.com/spring-projects/spring-security/issues/11225) - Update org.springframework.data to 2021.2.0 [#11228](https://togithub.com/spring-projects/spring-security/issues/11228) - Update reactor-netty to 1.1.0-M2 [#11221](https://togithub.com/spring-projects/spring-security/issues/11221) - Update spring-data-jpa to 2.7.0-RC1 [#11226](https://togithub.com/spring-projects/spring-security/issues/11226) - Update spring-ldap-core to 2.4.0 [#11227](https://togithub.com/spring-projects/spring-security/issues/11227) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@evgeniycheban](https://togithub.com/evgeniycheban) ### [`v5.6.12`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.12) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.11...5.6.12) #### :beetle: Bug Fixes - Use default PathPatternParser instance [#13460](https://togithub.com/spring-projects/spring-security/issues/13460) #### :hammer: Dependency Upgrades - Update io.projectreactor to 2020.0.34 [#13505](https://togithub.com/spring-projects/spring-security/issues/13505) - Update org.springframework to 5.3.29 [#13508](https://togithub.com/spring-projects/spring-security/issues/13508) - Update reactor-netty to 1.0.34 [#13506](https://togithub.com/spring-projects/spring-security/issues/13506) ### [`v5.6.11`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.11) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.10...5.6.11) #### :star: New Features - Convert to Asciidoctor Tabs [#13403](https://togithub.com/spring-projects/spring-security/issues/13403) - Use Antora name of security [#13327](https://togithub.com/spring-projects/spring-security/issues/13327) #### :beetle: Bug Fixes - Fix Antora Warnings [#13210](https://togithub.com/spring-projects/spring-security/issues/13210) - Fix Documentation Title [#13314](https://togithub.com/spring-projects/spring-security/issues/13314) #### :hammer: Dependency Upgrades - Update blockhound to 1.0.8.RELEASE [#13390](https://togithub.com/spring-projects/spring-security/issues/13390) - Update hibernate-entitymanager to 5.6.15.Final [#13400](https://togithub.com/spring-projects/spring-security/issues/13400) - Update io.projectreactor to 2020.0.33 [#13387](https://togithub.com/spring-projects/spring-security/issues/13387) - Update io.rsocket to 1.1.4 [#13392](https://togithub.com/spring-projects/spring-security/issues/13392) - Update io.spring.nohttp to 0.0.11 [#13394](https://togithub.com/spring-projects/spring-security/issues/13394) - Update jackson-bom to 2.13.5 [#13375](https://togithub.com/spring-projects/spring-security/issues/13375) - Update jackson-databind to 2.13.5 [#13378](https://togithub.com/spring-projects/spring-security/issues/13378) - Update jackson-datatype-jsr310 to 2.13.5 [#13381](https://togithub.com/spring-projects/spring-security/issues/13381) - Update logback-classic to 1.2.12 [#13372](https://togithub.com/spring-projects/spring-security/issues/13372) - Update mockk to 1.12.8 [#13384](https://togithub.com/spring-projects/spring-security/issues/13384) - Update org.antora.gradle.plugin to 1.0.0 [#13396](https://togithub.com/spring-projects/spring-security/issues/13396) - Update org.aspectj to 1.9.19 [#13398](https://togithub.com/spring-projects/spring-security/issues/13398) - Update org.eclipse.jetty to 9.4.51.v20230217 [#13399](https://togithub.com/spring-projects/spring-security/issues/13399) - Update org.springframework to 5.3.28 [#13401](https://togithub.com/spring-projects/spring-security/issues/13401) - Update reactor-netty to 1.0.33 [#13389](https://togithub.com/spring-projects/spring-security/issues/13389) ### [`v5.6.10`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.10) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.9...5.6.10) #### :star: New Features - Replace deprecated set-state set-output GitHub Action's commands [#12032](https://togithub.com/spring-projects/spring-security/issues/12032) - update generateAntora task to make prereleases unique [#12083](https://togithub.com/spring-projects/spring-security/pull/12083) #### :beetle: Bug Fixes - DefaultLdapAuthoritiesPopulator throws NullPointerException [#12090](https://togithub.com/spring-projects/spring-security/issues/12090) - docs: fix realm typo [#12120](https://togithub.com/spring-projects/spring-security/pull/12120) - Fix AuthorizationFilter diagram in docs [#12274](https://togithub.com/spring-projects/spring-security/issues/12274) - Fix typo in DefaultLoginPageConfigurer Javadoc [#12311](https://togithub.com/spring-projects/spring-security/pull/12311) - Fix typo on opaque-token.adoc [#12114](https://togithub.com/spring-projects/spring-security/pull/12114) - Fix: Replace tenantRepository with tenants [#12269](https://togithub.com/spring-projects/spring-security/pull/12269) - Incorrect scope map fix [#12144](https://togithub.com/spring-projects/spring-security/issues/12144) - OAuth 2.0 Resource Server Multi-tenancy - documentation improvement [#12295](https://togithub.com/spring-projects/spring-security/issues/12295) - Outdated example in Javadoc of UrlAuthorizationConfigurer [#11487](https://togithub.com/spring-projects/spring-security/issues/11487) - Saml2MetadataFilter response should configure writer to UTF-8 [#12026](https://togithub.com/spring-projects/spring-security/issues/12026) - SEC-2839: SecurityNamespaceHandler - related to SEC-1455 [#3065](https://togithub.com/spring-projects/spring-security/issues/3065) - Update the RP-initiated Logout links [#12081](https://togithub.com/spring-projects/spring-security/issues/12081) #### :hammer: Dependency Upgrades - Change gradle.plugin.org.gretty:gretty:3.0.1 to org.gretty:gretty:3.0.9 [#12152](https://togithub.com/spring-projects/spring-security/issues/12152) - Update Gradle to 7.5.1 [#11779](https://togithub.com/spring-projects/spring-security/issues/11779) - Update hibernate-entitymanager to 5.6.14.Final [#12388](https://togithub.com/spring-projects/spring-security/issues/12388) - Update httpclient to 4.5.14 [#12386](https://togithub.com/spring-projects/spring-security/issues/12386) - Update io.projectreactor to 2020.0.26 [#12384](https://togithub.com/spring-projects/spring-security/issues/12384) - Update jackson-bom to 2.13.4.20221013 [#12381](https://togithub.com/spring-projects/spring-security/issues/12381) - Update jackson-databind to 2.13.4.2 [#12382](https://togithub.com/spring-projects/spring-security/issues/12382) - Update mockk to 1.12.8 [#12383](https://togithub.com/spring-projects/spring-security/issues/12383) - Update org.eclipse.jetty to 9.4.50.v20221201 [#12387](https://togithub.com/spring-projects/spring-security/issues/12387) - Update org.springframework to 5.3.24 [#12389](https://togithub.com/spring-projects/spring-security/issues/12389) - Update org.springframework.data to 2021.1.10 [#12390](https://togithub.com/spring-projects/spring-security/issues/12390) - Update reactor-netty to 1.0.26 [#12385](https://togithub.com/spring-projects/spring-security/issues/12385) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@markkovari](https://togithub.com/markkovari) - [@ghusta](https://togithub.com/ghusta) - [@mojavelinux](https://togithub.com/mojavelinux) - [@selllami](https://togithub.com/selllami) - [@cbot59](https://togithub.com/cbot59) ### [`v5.6.9`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.9) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.8...5.6.9) #### :beetle: Bug Fixes - Fix AuthorizationFilter incorrectly extending OncePerRequestFilter [#12102](https://togithub.com/spring-projects/spring-security/issues/12102) - Fix scope mapping [#12101](https://togithub.com/spring-projects/spring-security/issues/12101) ### [`v5.6.8`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.8) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.7...5.6.8) #### :star: New Features - automatically manage docs version (with collector) [#11943](https://togithub.com/spring-projects/spring-security/pull/11943) #### :beetle: Bug Fixes - Add rncToXsd task description to CONTRIBUTING.adoc [#11935](https://togithub.com/spring-projects/spring-security/pull/11935) - AuthenticationEventPublisher bean is not picked up if no UserDetailsService bean [#11730](https://togithub.com/spring-projects/spring-security/issues/11730) - Build fails with missing project property cloneOutputDirectory [#11969](https://togithub.com/spring-projects/spring-security/issues/11969) - GitHubMilestoneApiTests due_on Should Use LocalDate [#11708](https://togithub.com/spring-projects/spring-security/issues/11708) - HttpSecurity Bean does not set DefaultAuthenticationEventPublisher [#11728](https://togithub.com/spring-projects/spring-security/issues/11728) - NamespaceLdapAuthenticationProviderTests Should Use Dynamic Port [#11712](https://togithub.com/spring-projects/spring-security/issues/11712) - RemoteJwkSet is not refreshed when encountering an unknown KID [#11724](https://togithub.com/spring-projects/spring-security/issues/11724) - Updated reference to architecture page [#11778](https://togithub.com/spring-projects/spring-security/pull/11778) #### :hammer: Dependency Upgrades - Update Gradle Enterprise plugin to 3.11.1 [#11827](https://togithub.com/spring-projects/spring-security/pull/11827) - Update hibernate-entitymanager to 5.6.12.Final [#12005](https://togithub.com/spring-projects/spring-security/issues/12005) - Update io.projectreactor to 2020.0.24 [#12001](https://togithub.com/spring-projects/spring-security/issues/12001) - Update io.rsocket to 1.1.3 [#12003](https://togithub.com/spring-projects/spring-security/issues/12003) - Update jackson-bom to 2.13.4.20221012 [#11997](https://togithub.com/spring-projects/spring-security/issues/11997) - Update jackson-databind to 2.13.4.1 [#11998](https://togithub.com/spring-projects/spring-security/issues/11998) - Update jackson-datatype-jsr310 to 2.13.4 [#11999](https://togithub.com/spring-projects/spring-security/issues/11999) - Update mockk to 1.12.8 [#12000](https://togithub.com/spring-projects/spring-security/issues/12000) - Update org.eclipse.jetty to 9.4.49.v20220914 [#12004](https://togithub.com/spring-projects/spring-security/issues/12004) - Update org.springframework to 5.3.23 [#12006](https://togithub.com/spring-projects/spring-security/issues/12006) - Update org.springframework.data to 2021.1.8 [#12007](https://togithub.com/spring-projects/spring-security/issues/12007) - Update reactor-netty to 1.0.24 [#12002](https://togithub.com/spring-projects/spring-security/issues/12002) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@rwinch](https://togithub.com/rwinch) - [@underground-hill](https://togithub.com/underground-hill) - [@mojavelinux](https://togithub.com/mojavelinux) - [@jprinet](https://togithub.com/jprinet) - [@Kehrlann](https://togithub.com/Kehrlann) ### [`v5.6.7`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.7) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.6...5.6.7) #### :star: New Features - Add Kotlin example showing integration with WebTestClient [#11612](https://togithub.com/spring-projects/spring-security/issues/11612) - Set permissions for GitHub actions [#11644](https://togithub.com/spring-projects/spring-security/issues/11644) #### :beetle: Bug Fixes - Add Deprecated annotation to WebSecurity#securityInterceptor [#11636](https://togithub.com/spring-projects/spring-security/issues/11636) - Fix saganCreateRelease saganDeleteRelease Required Permissions [#11426](https://togithub.com/spring-projects/spring-security/issues/11426) - org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute" [#11608](https://togithub.com/spring-projects/spring-security/issues/11608) - RequestRejectedHandler does not reliable prevent Internal Server Error [#11673](https://togithub.com/spring-projects/spring-security/issues/11673) - Sources and javadocs missing in latest snapshots [#11629](https://togithub.com/spring-projects/spring-security/issues/11629) - Spring Security Bcrypt with strength/log rounds = 31 results in 'Bad number of rounds' error although 31 should be ok [#11485](https://togithub.com/spring-projects/spring-security/issues/11485) #### :hammer: Dependency Upgrades - Update hibernate-entitymanager to 5.6.10.Final [#11683](https://togithub.com/spring-projects/spring-security/issues/11683) - Update io.projectreactor to 2020.0.22 [#11680](https://togithub.com/spring-projects/spring-security/issues/11680) - Update jsonassert to 1.5.1 [#11684](https://togithub.com/spring-projects/spring-security/issues/11684) - Update mockk to 1.12.5 [#11679](https://togithub.com/spring-projects/spring-security/issues/11679) - Update org.eclipse.jetty to 9.4.48.v20220622 [#11682](https://togithub.com/spring-projects/spring-security/issues/11682) - Update org.springframework to 5.3.22 [#11685](https://togithub.com/spring-projects/spring-security/issues/11685) - Update org.springframework.data to 2021.1.6 [#11686](https://togithub.com/spring-projects/spring-security/issues/11686) - Update reactor-netty to 1.0.22 [#11681](https://togithub.com/spring-projects/spring-security/issues/11681) ### [`v5.6.6`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.6) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.5...5.6.6) #### :star: New Features - Consider updating testing examples to use JUnit Jupiter [#11292](https://togithub.com/spring-projects/spring-security/issues/11292) #### :beetle: Bug Fixes - CsrfWebFilter null save content-type check [#11342](https://togithub.com/spring-projects/spring-security/issues/11342) - Docs example uses access(String) with authorizeHttpRequests() [#11297](https://togithub.com/spring-projects/spring-security/issues/11297) - Fix typo in BasicLookupStrategy Javadoc [#11340](https://togithub.com/spring-projects/spring-security/issues/11340) - OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice [#11385](https://togithub.com/spring-projects/spring-security/issues/11385) - SAML request encoding: on redirect binding, base64 encoded message contains CRLF [#11285](https://togithub.com/spring-projects/spring-security/issues/11285) - Should SAML metadata EntityDescriptor tag have the md: prefix? [#11310](https://togithub.com/spring-projects/spring-security/issues/11310) - Some Security Expressions cause NPE when used within `@Query` [#11290](https://togithub.com/spring-projects/spring-security/issues/11290) #### :hammer: Dependency Upgrades - Update hibernate-entitymanager to 5.6.9.Final [#11416](https://togithub.com/spring-projects/spring-security/issues/11416) - Update io.projectreactor to 2020.0.20 [#11414](https://togithub.com/spring-projects/spring-security/issues/11414) - Update jackson-bom to 2.13.3 [#11411](https://togithub.com/spring-projects/spring-security/issues/11411) - Update jackson-databind to 2.13.3 [#11412](https://togithub.com/spring-projects/spring-security/issues/11412) - Update jackson-datatype-jsr310 to 2.13.3 [#11413](https://togithub.com/spring-projects/spring-security/issues/11413) - Update org.opensaml:opensaml-core4 to 4.1.1 [#11420](https://togithub.com/spring-projects/spring-security/issues/11420) - Update org.springframework to 5.3.21 [#11417](https://togithub.com/spring-projects/spring-security/issues/11417) - Update org.springframework.data to 2021.1.5 [#11418](https://togithub.com/spring-projects/spring-security/issues/11418) - Update reactor-netty to 1.0.20 [#11415](https://togithub.com/spring-projects/spring-security/issues/11415) - Update spring-ldap-core to 2.3.8.RELEASE [#11419](https://togithub.com/spring-projects/spring-security/issues/11419) ### [`v5.6.5`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.5) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.4...5.6.5) #### :beetle: Bug Fixes - StrictHttpFirewall incorrectly rejects valid CJKV characters [#11267](https://togithub.com/spring-projects/spring-security/issues/11267) ### [`v5.6.4`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.4) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.3...5.6.4) #### :star: New Features - Check Samples should run against the current artifacts [#11200](https://togithub.com/spring-projects/spring-security/issues/11200) #### :beetle: Bug Fixes - Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator [#11166](https://togithub.com/spring-projects/spring-security/issues/11166) - Multiple .requestMatchers().mvcMatchers() override previous one [#11186](https://togithub.com/spring-projects/spring-security/issues/11186) #### :hammer: Dependency Upgrades - Update io.projectreactor to 2020.0.19 [#11207](https://togithub.com/spring-projects/spring-security/issues/11207) - Update mockk to 1.12.4 [#11206](https://togithub.com/spring-projects/spring-security/issues/11206) - Update org.springframework to 5.3.20 [#11209](https://togithub.com/spring-projects/spring-security/issues/11209) - Update org.springframework.data to 2021.1.4 [#11210](https://togithub.com/spring-projects/spring-security/issues/11210) - Update reactor-netty to 1.0.19 [#11208](https://togithub.com/spring-projects/spring-security/issues/11208) ### [`v5.6.3`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.3) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.2...5.6.3) #### :beetle: Bug Fixes - AuthorizationManagerWebInvocationPrivilegeEvaluator should grant access when AuthorizationManager abstains [#10951](https://togithub.com/spring-projects/spring-security/issues/10951) - Change HashSet to LinkedHashSet for RelyingPartyRegistration credentials [#10916](https://togithub.com/spring-projects/spring-security/issues/10916) - Fix saml2 authentication-requests documentation [#11047](https://togithub.com/spring-projects/spring-security/issues/11047) - Remove "Hi servlet/authentication/architecture there" from docs [#10963](https://togithub.com/spring-projects/spring-security/issues/10963) #### :hammer: Dependency Upgrades - Update hibernate-entitymanager to 5.6.8.Final [#11124](https://togithub.com/spring-projects/spring-security/issues/11124) - Update io.projectreactor to 2020.0.18 [#11119](https://togithub.com/spring-projects/spring-security/issues/11119) - Update io.rsocket to 1.1.2 [#11121](https://togithub.com/spring-projects/spring-security/issues/11121) - Update jackson-bom to 2.13.2.20220328 [#11115](https://togithub.com/spring-projects/spring-security/issues/11115) - Update jackson-databind to 2.13.2.2 [#11116](https://togithub.com/spring-projects/spring-security/issues/11116) - Update jackson-datatype-jsr310 to 2.13.2 [#11117](https://togithub.com/spring-projects/spring-security/issues/11117) - Update logback-classic to 1.2.11 [#11114](https://togithub.com/spring-projects/spring-security/issues/11114) - Update mockk to 1.12.3 [#11118](https://togithub.com/spring-projects/spring-security/issues/11118) - Update org.aspectj to 1.9.9.1 [#11122](https://togithub.com/spring-projects/spring-security/issues/11122) - Update org.eclipse.jetty to 9.4.46.v20220331 [#11123](https://togithub.com/spring-projects/spring-security/issues/11123) - Update org.springframework to 5.3.19 [#11125](https://togithub.com/spring-projects/spring-security/issues/11125) - Update org.springframework.data to 2021.1.3 [#11126](https://togithub.com/spring-projects/spring-security/issues/11126) - Update reactor-netty to 1.0.18 [#11120](https://togithub.com/spring-projects/spring-security/issues/11120) - Update spring-ldap-core to 2.3.7.RELEASE [#11127](https://togithub.com/spring-projects/spring-security/issues/11127) ### [`v5.6.2`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.2) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.1...5.6.2) #### :rewind: Breaking Changes - Saml2 metadata includes SingleLogoutService even if saml2 logout is disabled / not configured [#10734](https://togithub.com/spring-projects/spring-security/issues/10734) #### :star: New Features - Document Authorize HTTP Requests for Reactive Security [#10801](https://togithub.com/spring-projects/spring-security/issues/10801) - Introduce `AuthorizationManagerWebInvocationPrivilegeEvaluator` [#10682](https://togithub.com/spring-projects/spring-security/issues/10682) #### :beetle: Bug Fixes - add Kotlin examples for Spring Data Integration of servlet application [#10848](https://togithub.com/spring-projects/spring-security/issues/10848) - commons-logging:commons-logging is a transitive dependency of some modules [#10772](https://togithub.com/spring-projects/spring-security/issues/10772) - Do not rely on javax. group ids [#10770](https://togithub.com/spring-projects/spring-security/issues/10770) - Fix broken link to SAML2 login example [#10806](https://togithub.com/spring-projects/spring-security/issues/10806) - Getting Spring Security Reference Docs have a error [#10796](https://togithub.com/spring-projects/spring-security/issues/10796) - Make source code compatible with JDK 8 [#10699](https://togithub.com/spring-projects/spring-security/issues/10699) - Replace StringUtils class of oauth2-oidc-sdk completely [#10824](https://togithub.com/spring-projects/spring-security/issues/10824) - RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext [#10792](https://togithub.com/spring-projects/spring-security/issues/10792) - WebInvocationPrivilegeEvaluator Bean should support multiple `SecurityFilterChain`s [#10680](https://togithub.com/spring-projects/spring-security/issues/10680) #### :hammer: Dependency Upgrades - Update hibernate-entitymanager to 5.6.5.Final [#10873](https://togithub.com/spring-projects/spring-security/issues/10873) - Update io.projectreactor to 2020.0.16 [#10867](https://togithub.com/spring-projects/spring-security/issues/10867) - Update io.spring.javaformat to 0.0.31 [#10870](https://togithub.com/spring-projects/spring-security/issues/10870) - Update logback-classic to 1.2.10 [#10865](https://togithub.com/spring-projects/spring-security/issues/10865) - Update mockk to 1.12.2 [#10866](https://togithub.com/spring-projects/spring-security/issues/10866) - Update org.aspectj to 1.9.8 [#10871](https://togithub.com/spring-projects/spring-security/issues/10871) - Update org.eclipse.jetty to 9.4.45.v20220203 [#10872](https://togithub.com/spring-projects/spring-security/issues/10872) - Update org.slf4j to 1.7.36 [#10874](https://togithub.com/spring-projects/spring-security/issues/10874) - Update org.springframework to 5.3.16 [#10875](https://togithub.com/spring-projects/spring-security/issues/10875) - Update org.springframework.data to 2021.1.2 [#10876](https://togithub.com/spring-projects/spring-security/issues/10876) - Update r2dbc-h2 to 0.8.5.RELEASE [#10869](https://togithub.com/spring-projects/spring-security/issues/10869) - Update reactor-netty to 1.0.16 [#10868](https://togithub.com/spring-projects/spring-security/issues/10868) - Update spring-ldap-core to 2.3.6.RELEASE [#10877](https://togithub.com/spring-projects/spring-security/issues/10877) ### [`v5.6.1`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.1) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.6.0...5.6.1) #### :star: New Features - Document authentication helper method in WebClient integration [#10468](https://togithub.com/spring-projects/spring-security/pull/10468) - Document authentication helper method in WebClient integration for Servlet Environments [#10120](https://togithub.com/spring-projects/spring-security/issues/10120) - Document parameters converter in oauth2 client servlet docs [#10469](https://togithub.com/spring-projects/spring-security/pull/10469) - Document parameters converter in oauth2 client servlet docs [#10467](https://togithub.com/spring-projects/spring-security/issues/10467) #### :beetle: Bug Fixes - `AuthorityAuthorizationManager` incorrectly compares `GrantedAuthority` [#10595](https://togithub.com/spring-projects/spring-security/issues/10595) - clockSkew Javadoc is not consistent with implementation [#10535](https://togithub.com/spring-projects/spring-security/issues/10535) - Invalid_request failures in JwtTokenValidators are always turned into invalid_token errors [#10560](https://togithub.com/spring-projects/spring-security/issues/10560) - Kotlin DSL examples in reactive oauth2 docs call build twice [#10591](https://togithub.com/spring-projects/spring-security/issues/10591) - StaticServerHttpHeadersWriter should work with case-insensitive header names [#10581](https://togithub.com/spring-projects/spring-security/issues/10581) #### :hammer: Dependency Upgrades - Update cas-client-core to 3.6.4 [#10654](https://togithub.com/spring-projects/spring-security/issues/10654) - Update hibernate-entitymanager to 5.6.3.Final [#10653](https://togithub.com/spring-projects/spring-security/issues/10653) - Update io.projectreactor to 2020.0.14 [#10651](https://togithub.com/spring-projects/spring-security/issues/10651) - Update jackson-bom to 2.13.1 [#10647](https://togithub.com/spring-projects/spring-security/issues/10647) - Update jackson-databind to 2.13.1 [#10648](https://togithub.com/spring-projects/spring-security/issues/10648) - Update jackson-datatype-jsr310 to 2.13.1 [#10649](https://togithub.com/spring-projects/spring-security/issues/10649) - Update junit-bom to 5.8.2 [#10656](https://togithub.com/spring-projects/spring-security/issues/10656) - Update logback-classic to 1.2.9 [#10646](https://togithub.com/spring-projects/spring-security/issues/10646) - Update mockk to 1.12.1 [#10650](https://togithub.com/spring-projects/spring-security/issues/10650) - Update org.jetbrains.kotlin to 1.5.32 [#10655](https://togithub.com/spring-projects/spring-security/issues/10655) - Update org.junit.jupiter to 5.8.2 [#10657](https://togithub.com/spring-projects/spring-security/issues/10657) - Update org.springframework to 5.3.14 [#10658](https://togithub.com/spring-projects/spring-security/issues/10658) - Update reactor-netty to 1.0.14 [#10652](https://togithub.com/spring-projects/spring-security/issues/10652) - Update spring-ldap-core to 2.3.5.RELEASE [#10659](https://togithub.com/spring-projects/spring-security/issues/10659) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@sjohnr](https://togithub.com/sjohnr) ### [`v5.6.0`](https://togithub.com/spring-projects/spring-security/releases/tag/5.6.0) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.5.8...5.6.0) #### :star: New Features - DaoAuthenticationProviderTests#avg function doesn't return fraction [#10426](https://togithub.com/spring-projects/spring-security/pull/10426) - Docs Should Use Section Summary [#10449](https://togithub.com/spring-projects/spring-security/issues/10449) - MissingCsrfTokenException message is misleading when not storing the CSRF tokens in the session [#10436](https://togithub.com/spring-projects/spring-security/issues/10436) - Revamp OAuth 2.0 Login/Client reactive documentation [#8174](https://togithub.com/spring-projects/spring-security/issues/8174) - Revamp Reactive OAuth 2.0 Login documentation [#10479](https://togithub.com/spring-projects/spring-security/pull/10479) - Split up Documentation Further [#10367](https://togithub.com/spring-projects/spring-security/issues/10367) - Support Structure 101 License Id in Package Tangle Check [#10443](https://togithub.com/spring-projects/spring-security/issues/10443) #### :beetle: Bug Fixes - Adding keyInfo section to LogoutRequest from RP side [#10450](https://togithub.com/spring-projects/spring-security/pull/10450) - In saml2 LogoutRequest from RP doesn't contain KeyInfo [#10438](https://togithub.com/spring-projects/spring-security/issues/10438) - Oauth2 Resource Server will not retry on first failure with Multi-tenancy [#10444](https://togithub