[!WARNING]
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
spring-projects/spring-security (org.springframework.security:spring-security-web)
### [`v5.8.14`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.14)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.13...5.8.14)
##### :star: New Features
- Document the role of `CredentialsContainer` [#15319](https://togithub.com/spring-projects/spring-security/issues/15319)
##### :beetle: Bug Fixes
- Clarify url Parameter Usage in AD Provider Constructor [#15409](https://togithub.com/spring-projects/spring-security/pull/15409)
- Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' [#15363](https://togithub.com/spring-projects/spring-security/issues/15363)
##### :hammer: Dependency Upgrades
- Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 [#15375](https://togithub.com/spring-projects/spring-security/pull/15375)
- Bump io.projectreactor.netty:reactor-netty from 1.0.46 to 1.0.47 [#15391](https://togithub.com/spring-projects/spring-security/pull/15391)
- Bump io.projectreactor.netty:reactor-netty from 1.0.47 to 1.0.48 [#15606](https://togithub.com/spring-projects/spring-security/pull/15606)
- Bump io.projectreactor:reactor-bom from 2020.0.45 to 2020.0.46 [#15390](https://togithub.com/spring-projects/spring-security/pull/15390)
- Bump io.projectreactor:reactor-bom from 2020.0.46 to 2020.0.47 [#15604](https://togithub.com/spring-projects/spring-security/pull/15604)
- Bump org-eclipse-jetty from 9.4.54.v20240208 to 9.4.55.v20240627 [#15360](https://togithub.com/spring-projects/spring-security/pull/15360)
- Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.2 [#15291](https://togithub.com/spring-projects/spring-security/pull/15291)
- Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 [#15335](https://togithub.com/spring-projects/spring-security/pull/15335)
- Bump org.springframework:spring-framework-bom from 5.3.37 to 5.3.39 [#15615](https://togithub.com/spring-projects/spring-security/pull/15615)
##### :nut_and_bolt: Build Updates
- Automate check of expected branch version [#15226](https://togithub.com/spring-projects/spring-security/issues/15226)
- Bump `@antora`/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs [#15447](https://togithub.com/spring-projects/spring-security/pull/15447)
- Bump `@antora`/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs [#15484](https://togithub.com/spring-projects/spring-security/pull/15484)
- Bump `@antora`/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs [#15558](https://togithub.com/spring-projects/spring-security/pull/15558)
- Bump `@antora`/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs [#15633](https://togithub.com/spring-projects/spring-security/pull/15633)
- Bump `@springio`/antora-extensions from 1.11.1 to 1.12.0 in /docs [#15417](https://togithub.com/spring-projects/spring-security/pull/15417)
- Bump `@springio`/antora-extensions from 1.12.0 to 1.13.0 in /docs [#15523](https://togithub.com/spring-projects/spring-security/pull/15523)
- Bump `@springio`/antora-extensions from 1.13.0 to 1.13.1 in /docs [#15559](https://togithub.com/spring-projects/spring-security/pull/15559)
- Bump `@springio`/antora-extensions from 1.13.1 to 1.14.2 in /docs [#15632](https://togithub.com/spring-projects/spring-security/pull/15632)
- Bump `@springio`/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs [#15416](https://togithub.com/spring-projects/spring-security/pull/15416)
- Bump `@springio`/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs [#15524](https://togithub.com/spring-projects/spring-security/pull/15524)
- Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs [#15330](https://togithub.com/spring-projects/spring-security/pull/15330)
- Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs [#15481](https://togithub.com/spring-projects/spring-security/pull/15481)
- Bump com.gradle.develocity from 3.17.5 to 3.17.6 [#15463](https://togithub.com/spring-projects/spring-security/pull/15463)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@Haarolean](https://togithub.com/Haarolean)
- [@dependabot\[bot\]](https://togithub.com/apps/dependabot)
### [`v5.8.13`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.13)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.12...5.8.13)
##### :star: New Features
- doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean [#14779](https://togithub.com/spring-projects/spring-security/pull/14779)
- Enhance Logging in RequestMatcherDelegatingAuthorizationManage [#14837](https://togithub.com/spring-projects/spring-security/issues/14837)
- Improve PasswordEncoder Error Messaging [#14951](https://togithub.com/spring-projects/spring-security/pull/14951)
- InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified [#14880](https://togithub.com/spring-projects/spring-security/issues/14880)
- Mention all required dependencies in LDAP documentation [#15235](https://togithub.com/spring-projects/spring-security/pull/15235)
- Remove useBase64 parameter [#14862](https://togithub.com/spring-projects/spring-security/pull/14862)
##### :beetle: Bug Fixes
- AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc [#13849](https://togithub.com/spring-projects/spring-security/issues/13849)
- Always Use Request-Level ServletContext to Evaluate Request Matcher Paths [#15195](https://togithub.com/spring-projects/spring-security/pull/15195)
- Assert WebSession is not null [#14977](https://togithub.com/spring-projects/spring-security/pull/14977)
- Conditionally Add Conventions Plugin [#15152](https://togithub.com/spring-projects/spring-security/pull/15152)
- DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext [#14418](https://togithub.com/spring-projects/spring-security/issues/14418)
- Fix Java example in multitenanci.adoc [#15146](https://togithub.com/spring-projects/spring-security/pull/15146)
- LDIF file on official documentation breaks the startup process [#15089](https://togithub.com/spring-projects/spring-security/issues/15089)
- Link to article with remember-me-persistent-token strategy is broken [#14358](https://togithub.com/spring-projects/spring-security/issues/14358)
- ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class [#14931](https://togithub.com/spring-projects/spring-security/issues/14931)
- Resolving invalid CSRF token values is not consistent [#15184](https://togithub.com/spring-projects/spring-security/issues/15184)
- Restore Build Scan Capability [#15120](https://togithub.com/spring-projects/spring-security/issues/15120)
- Wrong information for RequestCacheAwareFilter in the Spring Security documentation. [#14855](https://togithub.com/spring-projects/spring-security/issues/14855)
##### :hammer: Dependency Upgrades
- Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 [#15074](https://togithub.com/spring-projects/spring-security/pull/15074)
- Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 [#15231](https://togithub.com/spring-projects/spring-security/pull/15231)
- Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE [#14923](https://togithub.com/spring-projects/spring-security/pull/14923)
- Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 [#15073](https://togithub.com/spring-projects/spring-security/pull/15073)
- Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 [#15230](https://togithub.com/spring-projects/spring-security/pull/15230)
- Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 [#15191](https://togithub.com/spring-projects/spring-security/pull/15191)
- Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 [#15085](https://togithub.com/spring-projects/spring-security/pull/15085)
- Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 [#15135](https://togithub.com/spring-projects/spring-security/pull/15135)
- Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 [#15253](https://togithub.com/spring-projects/spring-security/pull/15253)
- Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 [#14938](https://togithub.com/spring-projects/spring-security/pull/14938)
##### :nut_and_bolt: Build Updates
- Attach Antora Docs to Pull Requests [#14992](https://togithub.com/spring-projects/spring-security/issues/14992)
- Bump `@antora`/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs [#15160](https://togithub.com/spring-projects/spring-security/pull/15160)
- Bump `@springio`/antora-extensions from 1.10.0 to 1.11.1 in /docs [#15140](https://togithub.com/spring-projects/spring-security/pull/15140)
- Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 [#15001](https://togithub.com/spring-projects/spring-security/pull/15001)
- Bump com.gradle.develocity from 3.17.2 to 3.17.4 [#15099](https://togithub.com/spring-projects/spring-security/pull/15099)
- Bump com.gradle.develocity from 3.17.4 to 3.17.5 [#15240](https://togithub.com/spring-projects/spring-security/pull/15240)
- Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 [#14959](https://togithub.com/spring-projects/spring-security/pull/14959)
- Consider Adding a Build Updates section to the release changelog [#14485](https://togithub.com/spring-projects/spring-security/issues/14485)
- Migrate to com.gradle.develocity plugin [#15021](https://togithub.com/spring-projects/spring-security/issues/15021)
- Update Gradle Enterprise plugin to 3.17.2 [#15020](https://togithub.com/spring-projects/spring-security/issues/15020)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@caio-henrique](https://togithub.com/caio-henrique)
- [@jzheaux](https://togithub.com/jzheaux)
- [@dukbong](https://togithub.com/dukbong)
- [@Harsh4902](https://togithub.com/Harsh4902)
- [@abimael-turing](https://togithub.com/abimael-turing)
- [@dependabot\[bot\]](https://togithub.com/apps/dependabot)
- [@sheriumair](https://togithub.com/sheriumair)
- [@paschm](https://togithub.com/paschm)
### [`v5.8.12`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.12)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.11...5.8.12)
##### :beetle: Bug Fixes
- Conditional check for data-source-ref is incorrect [#14742](https://togithub.com/spring-projects/spring-security/pull/14742)
##### :hammer: Dependency Upgrades
- Bump io.projectreactor.netty:reactor-netty from 1.0.43 to 1.0.44 [#14878](https://togithub.com/spring-projects/spring-security/pull/14878)
- Bump io.projectreactor:reactor-bom from 2020.0.42 to 2020.0.43 [#14877](https://togithub.com/spring-projects/spring-security/pull/14877)
- Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 [#14822](https://togithub.com/spring-projects/spring-security/pull/14822)
- Bump org.springframework:spring-framework-bom from 5.3.33 to 5.3.34 [#14891](https://togithub.com/spring-projects/spring-security/pull/14891)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@dependabot\[bot\]](https://togithub.com/apps/dependabot)
- [@sheriumair](https://togithub.com/sheriumair)
### [`v5.8.11`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.11)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.10...5.8.11)
##### :beetle: Bug Fixes
- Allow tab in HTTP header values. [#14590](https://togithub.com/spring-projects/spring-security/pull/14590)
- Check for `null` Authentication [#14664](https://togithub.com/spring-projects/spring-security/issues/14664)
- PostAuthorize Method Interceptors Should Use Order from `AuthorizationInterceptorsOrder` [#14720](https://togithub.com/spring-projects/spring-security/issues/14720)
- Remove duplicate setSecurityContextHolderStrategy [#14603](https://togithub.com/spring-projects/spring-security/pull/14603)
- Spring security's ServerLogoutHandler order problem. [#14379](https://togithub.com/spring-projects/spring-security/issues/14379)
##### :hammer: Dependency Upgrades
- Bump io.projectreactor.netty:reactor-netty from 1.0.41 to 1.0.43 [#14730](https://togithub.com/spring-projects/spring-security/pull/14730)
- Bump io.projectreactor:reactor-bom from 2020.0.41 to 2020.0.42 [#14729](https://togithub.com/spring-projects/spring-security/pull/14729)
- Bump org.springframework:spring-framework-bom from 5.3.32 to 5.3.33 [#14759](https://togithub.com/spring-projects/spring-security/pull/14759)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@chbecker2](https://togithub.com/chbecker2)
- [@kse-music](https://togithub.com/kse-music)
- [@dependabot\[bot\]](https://togithub.com/apps/dependabot)
### [`v5.8.10`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.10)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.9...5.8.10)
##### :star: New Features
- Updated broken documentation link in javadocs [#14329](https://togithub.com/spring-projects/spring-security/pull/14329)
##### :beetle: Bug Fixes
- Fix security filter sort in javadoc [#14552](https://togithub.com/spring-projects/spring-security/pull/14552)
- ReactiveMethodSecurityConfiguration is initialized prematurely when the context contains a BeanPostProcessor [#11596](https://togithub.com/spring-projects/spring-security/issues/11596)
- Saml2 LogoutFilter Should Come Before Common LogoutFilter [#14549](https://togithub.com/spring-projects/spring-security/pull/14549)
##### :hammer: Dependency Upgrades
- Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 [#14584](https://togithub.com/spring-projects/spring-security/pull/14584)
- Bump gradle/gradle-build-action from 2 to 3 [#14505](https://togithub.com/spring-projects/spring-security/pull/14505)
- Bump io-spring-javaformat from 0.0.40 to 0.0.41 [#14438](https://togithub.com/spring-projects/spring-security/pull/14438)
- Bump io.projectreactor.netty:reactor-netty from 1.0.40 to 1.0.41 [#14432](https://togithub.com/spring-projects/spring-security/pull/14432)
- Bump io.projectreactor:reactor-bom from 2020.0.39 to 2020.0.40 [#14431](https://togithub.com/spring-projects/spring-security/pull/14431)
- Bump io.projectreactor:reactor-bom from 2020.0.40 to 2020.0.41 [#14614](https://togithub.com/spring-projects/spring-security/pull/14614)
- Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 [#14464](https://togithub.com/spring-projects/spring-security/pull/14464)
- Bump org-aspectj from 1.9.20.1 to 1.9.21.1 [#14607](https://togithub.com/spring-projects/spring-security/pull/14607)
- Bump org-eclipse-jetty from 9.4.53.v20231009 to 9.4.54.v20240208 [#14608](https://togithub.com/spring-projects/spring-security/pull/14608)
- Bump org.springframework:spring-framework-bom from 5.3.31 to 5.3.32 [#14622](https://togithub.com/spring-projects/spring-security/pull/14622)
- Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 [#14506](https://togithub.com/spring-projects/spring-security/pull/14506)
- Bump spring-io/spring-github-workflows from [`eaf17a1`](https://togithub.com/spring-projects/spring-security/commit/eaf17a1890b1ef1b337f015d6eb263baaf8c6dab) to [`1e8b058`](https://togithub.com/spring-projects/spring-security/commit/1e8b0587a1f4f01697f9753fa3339c3e0d30f396) [#14585](https://togithub.com/spring-projects/spring-security/pull/14585)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@kse-music](https://togithub.com/kse-music)
- [@geirhe](https://togithub.com/geirhe)
- [@aspan](https://togithub.com/aspan)
- [@dependabot\[bot\]](https://togithub.com/apps/dependabot)
### [`v5.8.9`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.9)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.8...5.8.9)
##### :star: New Features
- Document that Shibboleth Repository is Required for SAML Support [#14286](https://togithub.com/spring-projects/spring-security/issues/14286)
- OAuth2 Resource Server is exposing server information. [#13730](https://togithub.com/spring-projects/spring-security/issues/13730)
- Resolve RequestMatcher at request-time [#14078](https://togithub.com/spring-projects/spring-security/issues/14078)
- Update Java Config Spring MVC documentation [#14220](https://togithub.com/spring-projects/spring-security/issues/14220)
##### :beetle: Bug Fixes
- AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity [#13625](https://togithub.com/spring-projects/spring-security/issues/13625)
- Authentication not propagated correctly after migrating to SB3 [#12877](https://togithub.com/spring-projects/spring-security/issues/12877)
- Authorization does not show up on Features section [#14099](https://togithub.com/spring-projects/spring-security/issues/14099)
- Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing [#13718](https://togithub.com/spring-projects/spring-security/issues/13718)
- Fix caching error state in ReactiveRemoteJWKSource [#13976](https://togithub.com/spring-projects/spring-security/pull/13976)
- fix wrong document about "jws-algorithms" [#14252](https://togithub.com/spring-projects/spring-security/issues/14252)
- Improve error message when ServletRegistration API is unavailable [#14221](https://togithub.com/spring-projects/spring-security/issues/14221)
- References to WebFlux docs do not link to them [#14100](https://togithub.com/spring-projects/spring-security/issues/14100)
- relay_state should not be included in signing calculation when it is null [#13913](https://togithub.com/spring-projects/spring-security/issues/13913)
- Security configuration is failed to be initialized in a Servlet 6.0 container [#13794](https://togithub.com/spring-projects/spring-security/issues/13794)
- Spring Security documentation confuses "idempotent" with "read-only" in CSRF section [#13644](https://togithub.com/spring-projects/spring-security/issues/13644)
- X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive [#11948](https://togithub.com/spring-projects/spring-security/issues/11948)
- XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 [#12483](https://togithub.com/spring-projects/spring-security/issues/12483)
##### :hammer: Dependency Upgrades
- Bump actions/checkout from 3 to 4 [#14313](https://togithub.com/spring-projects/spring-security/pull/14313)
- Bump actions/setup-java from 3 to 4 [#14307](https://togithub.com/spring-projects/spring-security/pull/14307)
- Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 [#14240](https://togithub.com/spring-projects/spring-security/pull/14240)
- Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 [#14301](https://togithub.com/spring-projects/spring-security/pull/14301)
- Bump io-spring-javaformat from 0.0.39 to 0.0.40 [#14153](https://togithub.com/spring-projects/spring-security/pull/14153)
- Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 [#14143](https://togithub.com/spring-projects/spring-security/pull/14143)
- Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 [#14290](https://togithub.com/spring-projects/spring-security/pull/14290)
- Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 [#14142](https://togithub.com/spring-projects/spring-security/pull/14142)
- Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 [#14291](https://togithub.com/spring-projects/spring-security/pull/14291)
- Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 [#14170](https://togithub.com/spring-projects/spring-security/pull/14170)
- Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 [#14154](https://togithub.com/spring-projects/spring-security/pull/14154)
- Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 [#14303](https://togithub.com/spring-projects/spring-security/pull/14303)
- Bump spring-io/spring-gradle-build-action from 1 to 2 [#14308](https://togithub.com/spring-projects/spring-security/pull/14308)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@dongelci](https://togithub.com/dongelci)
- [@dependabot\[bot\]](https://togithub.com/apps/dependabot)
### [`v5.8.8`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.8)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.7...5.8.8)
##### :star: New Features
- Document how to publish an `AuthenticationManager` `@Bean` without `WebSecurityConfigurerAdapter` [#11926](https://togithub.com/spring-projects/spring-security/issues/11926)
- Use Gradle's Version Catalog [#13868](https://togithub.com/spring-projects/spring-security/issues/13868)
##### :beetle: Bug Fixes
- Fix `snapshot_tests` on CI workflow [#13876](https://togithub.com/spring-projects/spring-security/issues/13876)
- fix corrupted saml2 metadata once special characters are present [#13777](https://togithub.com/spring-projects/spring-security/pull/13777)
- Saml-Metadata with special characters is corrupted [#13776](https://togithub.com/spring-projects/spring-security/issues/13776)
- Saml2LogoutRequestMixin relayState property should be binding [#12539](https://togithub.com/spring-projects/spring-security/issues/12539)
##### :hammer: Dependency Upgrades
- Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 [#13982](https://togithub.com/spring-projects/spring-security/pull/13982)
- Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 [#13927](https://togithub.com/spring-projects/spring-security/pull/13927)
- Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 [#13890](https://togithub.com/spring-projects/spring-security/pull/13890)
- Bump com.gradle.enterprise from 3.11.1 to 3.11.4 [#13928](https://togithub.com/spring-projects/spring-security/pull/13928)
- Bump io.projectreactor.netty:reactor-netty from 1.0.35 to 1.0.36 [#13885](https://togithub.com/spring-projects/spring-security/pull/13885)
- Bump io.projectreactor.netty:reactor-netty from 1.0.36 to 1.0.38 [#13998](https://togithub.com/spring-projects/spring-security/pull/13998)
- Bump io.projectreactor:reactor-bom from 2020.0.35 to 2020.0.36 [#13944](https://togithub.com/spring-projects/spring-security/pull/13944)
- Bump io.projectreactor:reactor-bom from 2020.0.36 to 2020.0.37 [#13997](https://togithub.com/spring-projects/spring-security/pull/13997)
- Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 [#13925](https://togithub.com/spring-projects/spring-security/pull/13925)
- Bump org-aspectj from 1.9.20 to 1.9.20.1 [#13893](https://togithub.com/spring-projects/spring-security/pull/13893)
- Bump org-eclipse-jetty from 9.4.51.v20230217 to 9.4.52.v20230823 [#13909](https://togithub.com/spring-projects/spring-security/pull/13909)
- Bump org-eclipse-jetty from 9.4.52.v20230823 to 9.4.53.v20231009 [#13996](https://togithub.com/spring-projects/spring-security/pull/13996)
- Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.17.2 [#13926](https://togithub.com/spring-projects/spring-security/pull/13926)
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 [#13954](https://togithub.com/spring-projects/spring-security/pull/13954)
- Bump org.springframework.data:spring-data-bom from 2021.2.15 to 2021.2.16 [#13907](https://togithub.com/spring-projects/spring-security/pull/13907)
- Bump org.springframework.data:spring-data-bom from 2021.2.16 to 2021.2.17 [#14018](https://togithub.com/spring-projects/spring-security/pull/14018)
- Bump org.springframework:spring-framework-bom from 5.3.29 to 5.3.30 [#13908](https://togithub.com/spring-projects/spring-security/pull/13908)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@JannickWeisshaupt](https://togithub.com/JannickWeisshaupt)
- [@erichaagdev](https://togithub.com/erichaagdev)
- [@dependabot\[bot\]](https://togithub.com/apps/dependabot)
### [`v5.8.7`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.7)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.6...5.8.7)
##### :star: New Features
- Automate spring-security.xsd [#13823](https://togithub.com/spring-projects/spring-security/issues/13823)
##### :beetle: Bug Fixes
- CookieRequestCache ignores user Locale [#13792](https://togithub.com/spring-projects/spring-security/issues/13792)
- Default Security Configuration adds WWW-Authenticate Twice [#13737](https://togithub.com/spring-projects/spring-security/issues/13737)
- OAuth2AuthenticationExceptionMixin doesn't work in JDK 17 [#11893](https://togithub.com/spring-projects/spring-security/issues/11893)
- Saml2AuthenticationExceptionMixin doesn't work in JDK 17 [#13804](https://togithub.com/spring-projects/spring-security/issues/13804)
### [`v5.8.6`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.6)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.5...5.8.6)
##### :star: New Features
- Closes [#11450](https://togithub.com/spring-projects/spring-security/issues/11450) - Add Java beans configuration for Remmember Me Docs [#13570](https://togithub.com/spring-projects/spring-security/pull/13570)
- Dependencies are resolved from appropriate repositories [#13582](https://togithub.com/spring-projects/spring-security/pull/13582)
- requestMatchers servlet validation error should include information about servlet paths [#13667](https://togithub.com/spring-projects/spring-security/issues/13667)
- requestMatchers should not count servlets without mappings [#13666](https://togithub.com/spring-projects/spring-security/issues/13666)
##### :beetle: Bug Fixes
- Fix Bearer Token RestTemplate Support example [#13434](https://togithub.com/spring-projects/spring-security/pull/13434)
- Referrer Header is set in Reactive Web Applications by default, although doc says it is not. [#13561](https://togithub.com/spring-projects/spring-security/issues/13561)
- The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered [#13572](https://togithub.com/spring-projects/spring-security/issues/13572)
##### :hammer: Dependency Upgrades
- Update io.projectreactor to 2020.0.35 [#13702](https://togithub.com/spring-projects/spring-security/issues/13702)
- Update org.aspectj to 1.9.20 [#13704](https://togithub.com/spring-projects/spring-security/issues/13704)
- Update org.springframework.data to 2021.2.15 [#13705](https://togithub.com/spring-projects/spring-security/issues/13705)
- Update reactor-netty to 1.0.35 [#13703](https://togithub.com/spring-projects/spring-security/issues/13703)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@erichaagdev](https://togithub.com/erichaagdev)
- [@petrovskimario](https://togithub.com/petrovskimario)
- [@daniel-shuy](https://togithub.com/daniel-shuy)
### [`v5.8.5`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.5)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.4...5.8.5)
##### :star: New Features
- Improve RequestMatcher Validation [#13551](https://togithub.com/spring-projects/spring-security/issues/13551)
- Improve Security Filters Documentation [#8167](https://togithub.com/spring-projects/spring-security/issues/8167)
##### :beetle: Bug Fixes
- Optimize Querying of RequestCache -> continue parameter [#13438](https://togithub.com/spring-projects/spring-security/issues/13438)
- Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration [#13417](https://togithub.com/spring-projects/spring-security/issues/13417)
- Use default PathPatternParser instance [#13462](https://togithub.com/spring-projects/spring-security/issues/13462)
##### :hammer: Dependency Upgrades
- Update io.projectreactor to 2020.0.34 [#13513](https://togithub.com/spring-projects/spring-security/issues/13513)
- Update org.springframework to 5.3.29 [#13515](https://togithub.com/spring-projects/spring-security/issues/13515)
- Update org.springframework.data to 2021.2.14 [#13516](https://togithub.com/spring-projects/spring-security/issues/13516)
- Update reactor-netty to 1.0.34 [#13514](https://togithub.com/spring-projects/spring-security/issues/13514)
### [`v5.8.4`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.4)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.3...5.8.4)
##### :star: New Features
- Convert to Asciidoctor Tabs [#13405](https://togithub.com/spring-projects/spring-security/issues/13405)
- Mention that authorizeHttpRequests does not support GrantedAuthorityDefaults [#13227](https://togithub.com/spring-projects/spring-security/issues/13227)
- mockOAuth2Login() does not work in collaboration with Spring Cloud Gateway and TokenRelayGatewayFilter [#13252](https://togithub.com/spring-projects/spring-security/issues/13252)
- Use Antora name of security [#13329](https://togithub.com/spring-projects/spring-security/issues/13329)
##### :beetle: Bug Fixes
- Additional filters registered when using Custom DSL [#13280](https://togithub.com/spring-projects/spring-security/issues/13280)
- AffirmativeBased vs. AuthorizationManagers.anyOf(...) documentation [#13069](https://togithub.com/spring-projects/spring-security/issues/13069)
- AuthorizationAnnotationUtils.findUniqueAnnotation broken for synthetic methods [#13132](https://togithub.com/spring-projects/spring-security/issues/13132)
- Clarify that Kotlin DSL needs an import [#13101](https://togithub.com/spring-projects/spring-security/issues/13101)
- Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository [#13191](https://togithub.com/spring-projects/spring-security/issues/13191)
- Fix Antora Warnings [#13292](https://togithub.com/spring-projects/spring-security/issues/13292)
- Fix code snippets in Authorize HttpServletRequest [#11522](https://togithub.com/spring-projects/spring-security/issues/11522)
- Fix constant value in XContentTypeOptionsServerHttpHeadersWriter [#13219](https://togithub.com/spring-projects/spring-security/issues/13219)
- Fix Documentation Title [#13316](https://togithub.com/spring-projects/spring-security/issues/13316)
- Fix legacy-websocket-configuration cross-reference [#12969](https://togithub.com/spring-projects/spring-security/pull/12969)
- Fix typo in authorization.adoc [#13135](https://togithub.com/spring-projects/spring-security/pull/13135)
- http://www.springframework.org/schema/security/spring-security.xsd returns 404 [#13207](https://togithub.com/spring-projects/spring-security/issues/13207)
- Links between migration docs are out of date [#12675](https://togithub.com/spring-projects/spring-security/issues/12675)
- Proxy Server section is not linked in nav [#13322](https://togithub.com/spring-projects/spring-security/issues/13322)
- RememberMeAuthenticationFilter does not use SecurityContextRepository configured in HttpSecurity [#13104](https://togithub.com/spring-projects/spring-security/issues/13104)
- SAML 2.0 HTTP Redirect Binding query params may appear in any order [#12963](https://togithub.com/spring-projects/spring-security/pull/12963)
- SAML login fails in Internet Explorer 11 [#13106](https://togithub.com/spring-projects/spring-security/issues/13106)
- Spring Security 6 combined with AspectJ weaving of spring-security-aspects executes PreAuthorize twice [#13160](https://togithub.com/spring-projects/spring-security/issues/13160)
##### :hammer: Dependency Upgrades
- Address CVE-2023-1370 [#13146](https://togithub.com/spring-projects/spring-security/pull/13146)
- Update com.nimbusds to 9.43.3 [#13374](https://togithub.com/spring-projects/spring-security/issues/13374)
- Update hsqldb to 2.7.2 [#13388](https://togithub.com/spring-projects/spring-security/issues/13388)
- Update io.projectreactor to 2020.0.33 [#13377](https://togithub.com/spring-projects/spring-security/issues/13377)
- Update io.rsocket to 1.1.4 [#13383](https://togithub.com/spring-projects/spring-security/issues/13383)
- Update io.spring.javaformat to 0.0.39 [#13386](https://togithub.com/spring-projects/spring-security/issues/13386)
- Update junit-bom to 5.9.3 [#13391](https://togithub.com/spring-projects/spring-security/issues/13391)
- Update org.junit.jupiter to 5.9.3 [#13393](https://togithub.com/spring-projects/spring-security/issues/13393)
- Update org.springframework to 5.3.28 [#13395](https://togithub.com/spring-projects/spring-security/issues/13395)
- Update org.springframework.data to 2021.2.13 [#13397](https://togithub.com/spring-projects/spring-security/issues/13397)
- Update reactor-netty to 1.0.33 [#13380](https://togithub.com/spring-projects/spring-security/issues/13380)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@LeovR](https://togithub.com/LeovR)
- [@lukaszmigdalek](https://togithub.com/lukaszmigdalek)
- [@fredbalves86](https://togithub.com/fredbalves86)
- [@daisuzz](https://togithub.com/daisuzz)
### [`v5.8.3`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.3)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.2...5.8.3)
##### :star: New Features
- Clarify documentation code snippet(s) (unclear where static imported methods come from) [#12991](https://togithub.com/spring-projects/spring-security/issues/12991)
- Document 5.8 Migration for DefaultMethodSecurityExpressionHandler [#12356](https://togithub.com/spring-projects/spring-security/issues/12356)
- Documentation should mention that an empty SecurityContext should also be saved [#12906](https://togithub.com/spring-projects/spring-security/issues/12906)
- Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist [#12928](https://togithub.com/spring-projects/spring-security/issues/12928)
- Fixed test in DefaultLoginPageGeneratingFilterTests [#12694](https://togithub.com/spring-projects/spring-security/pull/12694)
##### :beetle: Bug Fixes
- Bug in documentation of Storing the Authentication manually [#12850](https://togithub.com/spring-projects/spring-security/issues/12850)
- DaoAuthenticationProvider is not usable on RHEL 8.7 with enforced FIPS mode [#12873](https://togithub.com/spring-projects/spring-security/issues/12873)
- EntityId ignored in xml relying-party-registration [#12776](https://togithub.com/spring-projects/spring-security/issues/12776)
- Fix .access(...) parameter [#12676](https://togithub.com/spring-projects/spring-security/pull/12676)
- Fix a javadoc typo in ReactiveAuthorizationManager [#12999](https://togithub.com/spring-projects/spring-security/issues/12999)
- Fix a javadoc typo in ReactiveAuthorizationManager [#12982](https://togithub.com/spring-projects/spring-security/issues/12982)
- Fix ID of WebSocket Authorization section [#12872](https://togithub.com/spring-projects/spring-security/pull/12872)
- HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support [#12314](https://togithub.com/spring-projects/spring-security/issues/12314)
- JdkSerializationRedisSerializer is not able to serialize Saml2LogoutRequest because of a lambda encoder [#12472](https://togithub.com/spring-projects/spring-security/issues/12472)
- Missing spring-security-oauth2 xsds after release [#12805](https://togithub.com/spring-projects/spring-security/issues/12805)
- NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed [#13004](https://togithub.com/spring-projects/spring-security/issues/13004)
- RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present [#13054](https://togithub.com/spring-projects/spring-security/issues/13054)
- Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver [#12935](https://togithub.com/spring-projects/spring-security/issues/12935)
- SecurityWebApplicationInitializer.getSecurityDispatcherTypes example is wrong in migration guide [#12939](https://togithub.com/spring-projects/spring-security/issues/12939)
- SwitchUserFilter should use HttpSessionSecurityContextRepository by default [#12835](https://togithub.com/spring-projects/spring-security/issues/12835)
##### :hammer: Dependency Upgrades
- Update blockhound to 1.0.8.RELEASE [#13024](https://togithub.com/spring-projects/spring-security/issues/13024)
- Update io.projectreactor to 2020.0.31 [#13022](https://togithub.com/spring-projects/spring-security/issues/13022)
- Update io.spring.javaformat to 0.0.38 [#13025](https://togithub.com/spring-projects/spring-security/issues/13025)
- Update logback-classic to 1.2.12 [#13021](https://togithub.com/spring-projects/spring-security/issues/13021)
- Update org.eclipse.jetty to 9.4.51.v20230217 [#13026](https://togithub.com/spring-projects/spring-security/issues/13026)
- Update org.springframework to 5.3.27 [#13027](https://togithub.com/spring-projects/spring-security/issues/13027)
- Update org.springframework.data to 2021.2.10 [#13028](https://togithub.com/spring-projects/spring-security/issues/13028)
- Update org.springframework.data to 2021.2.11 [#13029](https://togithub.com/spring-projects/spring-security/issues/13029)
- Update reactor-netty to 1.0.31 [#13023](https://togithub.com/spring-projects/spring-security/issues/13023)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@slauth](https://togithub.com/slauth)
- [@twosom](https://togithub.com/twosom)
- [@el-hopaness-romtic](https://togithub.com/el-hopaness-romtic)
### [`v5.8.2`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.2)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.1...5.8.2)
##### :star: New Features
- Add XorCsrfChannelInterceptor [#12562](https://togithub.com/spring-projects/spring-security/pull/12562)
- Document `@EnableWebFluxSecurity` requiring `@Configuration` in 6.0.0 [#12434](https://togithub.com/spring-projects/spring-security/issues/12434)
- fix unclosed block in docs [#12553](https://togithub.com/spring-projects/spring-security/issues/12553)
- Improve documentation on what changed in the default behaviour in version 6 vs 5.7 [#12462](https://togithub.com/spring-projects/spring-security/issues/12462)
- Spring Security 6.0 Migration Guide Should Mention `@Configuration` Meta-Annotation Removal From Configuration Annotations [#12486](https://togithub.com/spring-projects/spring-security/issues/12486)
##### :beetle: Bug Fixes
- AuthorizationManager method security documentation should use AnnotationMatchingPointcut [#12516](https://togithub.com/spring-projects/spring-security/issues/12516)
- DefaultSavedRequest.doesRequestMatch does not work, when matchingRequestParameterName is set [#12665](https://togithub.com/spring-projects/spring-security/issues/12665)
- Document XMLObject retreival for Asserting Party metadata [#12693](https://togithub.com/spring-projects/spring-security/issues/12693)
- Jackson serialization of `DefaultSaml2AuthenticatedPrincipal`: `LinkedMultiValueMap is not in the allowlist` [#12458](https://togithub.com/spring-projects/spring-security/issues/12458)
- NimbusJwtDecoder unknown KID scenario is not correctly tested [#12494](https://togithub.com/spring-projects/spring-security/issues/12494)
- NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard [#12686](https://togithub.com/spring-projects/spring-security/issues/12686)
- SwitchUserFilter not working in Spring Security 6 [#12510](https://togithub.com/spring-projects/spring-security/issues/12510)
- Wrong name of the filter in the SecurityContextHolderFilter diagram [#12526](https://togithub.com/spring-projects/spring-security/issues/12526)
##### :hammer: Dependency Upgrades
- Update blockhound to 1.0.7.RELEASE [#12719](https://togithub.com/spring-projects/spring-security/issues/12719)
- Update hibernate-entitymanager to 5.6.15.Final [#12722](https://togithub.com/spring-projects/spring-security/issues/12722)
- Update io.projectreactor to 2020.0.28 [#12717](https://togithub.com/spring-projects/spring-security/issues/12717)
- Update io.spring.nohttp to 0.0.11 [#12720](https://togithub.com/spring-projects/spring-security/issues/12720)
- Update jackson-bom to 2.13.5 [#12714](https://togithub.com/spring-projects/spring-security/issues/12714)
- Update jackson-databind to 2.13.5 [#12715](https://togithub.com/spring-projects/spring-security/issues/12715)
- Update jackson-datatype-jsr310 to 2.13.5 [#12716](https://togithub.com/spring-projects/spring-security/issues/12716)
- Update junit-bom to 5.9.2 [#12723](https://togithub.com/spring-projects/spring-security/issues/12723)
- Update org.aspectj to 1.9.19 [#12721](https://togithub.com/spring-projects/spring-security/issues/12721)
- Update org.junit.jupiter to 5.9.2 [#12724](https://togithub.com/spring-projects/spring-security/issues/12724)
- Update org.springframework to 5.3.25 [#12725](https://togithub.com/spring-projects/spring-security/issues/12725)
- Update org.springframework.data to 2021.2.8 [#12739](https://togithub.com/spring-projects/spring-security/issues/12739)
- Update org.springframework.data to 2021.2.8 [#12726](https://togithub.com/spring-projects/spring-security/issues/12726)
- Update reactor-netty to 1.0.28 [#12718](https://togithub.com/spring-projects/spring-security/issues/12718)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@sjohnr](https://togithub.com/sjohnr)
### [`v5.8.1`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.1)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.0...5.8.1)
##### :star: New Features
- Add `EnableWebSecurity` migration steps to 5.8 guide [#12334](https://togithub.com/spring-projects/spring-security/issues/12334)
- Replace deprecated set-state set-output GitHub Action's commands [#12298](https://togithub.com/spring-projects/spring-security/issues/12298)
##### :beetle: Bug Fixes
- codes in spring security docs fail to work [#11396](https://togithub.com/spring-projects/spring-security/issues/11396)
- DefaultLdapAuthoritiesPopulator throws NullPointerException [#12408](https://togithub.com/spring-projects/spring-security/issues/12408)
- Fix AuthorizationFilter diagram in docs [#12286](https://togithub.com/spring-projects/spring-security/issues/12286)
- Fix password encoder migration guide [#12318](https://togithub.com/spring-projects/spring-security/pull/12318)
- Fix typo [#12316](https://togithub.com/spring-projects/spring-security/pull/12316)
- Incorrect Javadoc for class ExpressionAuthorizationDecision [#12411](https://togithub.com/spring-projects/spring-security/issues/12411)
- Incorrect sample code in securityMatcher migration docs [#12296](https://togithub.com/spring-projects/spring-security/issues/12296)
- SecurityContextHolderFilter does not apply to async dispatch [#11962](https://togithub.com/spring-projects/spring-security/issues/11962)
##### :hammer: Dependency Upgrades
- Update httpclient to 4.5.14 [#12403](https://togithub.com/spring-projects/spring-security/issues/12403)
- Update io.projectreactor to 2020.0.26 [#12401](https://togithub.com/spring-projects/spring-security/issues/12401)
- Update mockk to 1.13.3 [#12400](https://togithub.com/spring-projects/spring-security/issues/12400)
- Update org.eclipse.jetty to 9.4.50.v20221201 [#12404](https://togithub.com/spring-projects/spring-security/issues/12404)
- Update org.jetbrains.kotlin to 1.7.22 [#12405](https://togithub.com/spring-projects/spring-security/issues/12405)
- Update reactor-netty to 1.0.26 [#12402](https://togithub.com/spring-projects/spring-security/issues/12402)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@heowc](https://togithub.com/heowc)
- [@mschneid](https://togithub.com/mschneid)
### [`v5.8.0`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.0)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.12...5.8.0)
##### :star: New Features
- Add Kotlin example showing integration with WebTestClient [#11611](https://togithub.com/spring-projects/spring-security/issues/11611)
- Add MethodExpressionAuthorizationManager [#11502](https://togithub.com/spring-projects/spring-security/issues/11502)
- Add Polish localization to error messages from ExceptionTranslationFi… [#12201](https://togithub.com/spring-projects/spring-security/pull/12201)
- Add support AuthorizationManager + [#11503](https://togithub.com/spring-projects/spring-security/issues/11503)
- AnonymousAuthenticationFilter should cache its Supplier [#11900](https://togithub.com/spring-projects/spring-security/issues/11900)
- CookieServerCsrfTokenRepository doesn't support setting MaxAge [#11441](https://togithub.com/spring-projects/spring-security/issues/11441)
- DefaultFilterChainValidator should check AuthorizationFilter [#11473](https://togithub.com/spring-projects/spring-security/issues/11473)
- Deprecate Resource Owner Password Credentials grant [#11591](https://togithub.com/spring-projects/spring-security/issues/11591)
- Document Configure Default CsrfToken BREACH Protection [#12107](https://togithub.com/spring-projects/spring-security/issues/12107)
- Document Defer load CsrfToken [#12105](https://togithub.com/spring-projects/spring-security/issues/12105)
- Document DelegatingSecurityContextRepository [#12069](https://togithub.com/spring-projects/spring-security/issues/12069)
- Document deprecations in oauth2-client [#12193](https://togithub.com/spring-projects/spring-security/pull/12193)
- Document how to opt-in for SHA256 in RememberMe [#12097](https://togithub.com/spring-projects/spring-security/issues/12097)
- Document how to use the new `requestMatchers` and `securityMatchers` [#12100](https://togithub.com/spring-projects/spring-security/issues/12100)
- Document Migration to SecurityContextHolderFilter [#12098](https://togithub.com/spring-projects/spring-security/issues/12098)
- Document new oauth2Login() authority defaults [#12188](https://togithub.com/spring-projects/spring-security/pull/12188)
- Document reactive CSRF migration steps [#12226](https://togithub.com/spring-projects/spring-security/pull/12226)
- Document Saved Requests Spring Security 6 Migration [#12089](https://togithub.com/spring-projects/spring-security/issues/12089)
- Document Update to 5.8 for Migration Guide [#12196](https://togithub.com/spring-projects/spring-security/issues/12196)
- Fix Javadoc in EnableWebSocketSecurity [#12211](https://togithub.com/spring-projects/spring-security/pull/12211)
- Improve deprecation notice in WebSecurityConfigurerAdapter [#12261](https://togithub.com/spring-projects/spring-security/issues/12261)
- InterceptMethodsBeanDefinitionDecorator should allow using AuthorizationManager [#11469](https://togithub.com/spring-projects/spring-security/issues/11469)
- Migration guide for CAS support removal [#12240](https://togithub.com/spring-projects/spring-security/pull/12240)
- Preparation and Migration Guides should point to each other [#12093](https://togithub.com/spring-projects/spring-security/issues/12093)
- Preparation Guide should follow Reference Manual standards [#12096](https://togithub.com/spring-projects/spring-security/issues/12096)
- Preparation Guide should show opt-out steps after opt-in steps [#12104](https://togithub.com/spring-projects/spring-security/issues/12104)
- Provide guide for migrating from FilterSecurityInterceptor to AuthorizationFilter [#11337](https://togithub.com/spring-projects/spring-security/issues/11337)
- Register FilterChainProxy for All Dispatcher Types Migration Steps [#12186](https://togithub.com/spring-projects/spring-security/issues/12186)
- SAML: OpenSaml4AuthenticationProvider.createDefaultAssertionValidator() should make it easier to add ValidationContext static parameters [#11675](https://togithub.com/spring-projects/spring-security/issues/11675)
- trigger partial docs build on push (5.8.x) [#12195](https://togithub.com/spring-projects/spring-security/pull/12195)
##### :beetle: Bug Fixes
- AuthenticationServiceException propagation flag is unconfigurable in 5.8 [#12132](https://togithub.com/spring-projects/spring-security/issues/12132)
- CsrfAuthenticationStrategy does not check for existing token [#12236](https://togithub.com/spring-projects/spring-security/issues/12236)
- CsrfAuthenticationStrategy does not regenerate CsrfToken with CookieCsrfTokenRepository [#12141](https://togithub.com/spring-projects/spring-security/issues/12141)
- fix deploy docs workflow (5.8.x) [#12197](https://togithub.com/spring-projects/spring-security/pull/12197)
- Fix saganCreateRelease saganDeleteRelease Required Permissions [#11424](https://togithub.com/spring-projects/spring-security/issues/11424)
- Incorrect scope map fix [#12206](https://togithub.com/spring-projects/spring-security/issues/12206)
- IpAddressServerWebExchangeMatcher throws NullPointerException with framework forward-headers-strategy [#12076](https://togithub.com/spring-projects/spring-security/issues/12076)
- org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute" [#11604](https://togithub.com/spring-projects/spring-security/issues/11604)
- SAML logout: Incorrect log messages [#12209](https://togithub.com/spring-projects/spring-security/issues/12209)
- Saml2MetadataFilter response should configure writer to UTF-8 [#12222](https://togithub.com/spring-projects/spring-security/issues/12222)
- SEC-2839: SecurityNamespaceHandler - related to SEC-1455 [#12126](https://togithub.com/spring-projects/spring-security/issues/12126)
- SecurityContextRepository.loadContext(HttpServletRequest) cache result [#11391](https://togithub.com/spring-projects/spring-security/issues/11391)
- Spring Security Bcrypt with strength/log rounds = 31 results in 'Bad number of rounds' error although 31 should be ok [#11483](https://togithub.com/spring-projects/spring-security/issues/11483)
- Update the RP-initiated Logout links [#12122](https://togithub.com/spring-projects/spring-security/issues/12122)
##### :hammer: Dependency Upgrades
- Change gradle.plugin.org.gretty:gretty:3.0.1 to org.gretty:gretty:3.0.9 [#12154](https:/
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
5.7.2
->5.8.14
5.7.2
->5.8.14
5.7.2
->5.8.14
5.7.2
->5.8.14
5.7.2
->5.8.14
Release Notes
spring-projects/spring-security (org.springframework.security:spring-security-web)
### [`v5.8.14`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.14) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.13...5.8.14) ##### :star: New Features - Document the role of `CredentialsContainer` [#15319](https://togithub.com/spring-projects/spring-security/issues/15319) ##### :beetle: Bug Fixes - Clarify url Parameter Usage in AD Provider Constructor [#15409](https://togithub.com/spring-projects/spring-security/pull/15409) - Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' [#15363](https://togithub.com/spring-projects/spring-security/issues/15363) ##### :hammer: Dependency Upgrades - Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 [#15375](https://togithub.com/spring-projects/spring-security/pull/15375) - Bump io.projectreactor.netty:reactor-netty from 1.0.46 to 1.0.47 [#15391](https://togithub.com/spring-projects/spring-security/pull/15391) - Bump io.projectreactor.netty:reactor-netty from 1.0.47 to 1.0.48 [#15606](https://togithub.com/spring-projects/spring-security/pull/15606) - Bump io.projectreactor:reactor-bom from 2020.0.45 to 2020.0.46 [#15390](https://togithub.com/spring-projects/spring-security/pull/15390) - Bump io.projectreactor:reactor-bom from 2020.0.46 to 2020.0.47 [#15604](https://togithub.com/spring-projects/spring-security/pull/15604) - Bump org-eclipse-jetty from 9.4.54.v20240208 to 9.4.55.v20240627 [#15360](https://togithub.com/spring-projects/spring-security/pull/15360) - Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.2 [#15291](https://togithub.com/spring-projects/spring-security/pull/15291) - Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 [#15335](https://togithub.com/spring-projects/spring-security/pull/15335) - Bump org.springframework:spring-framework-bom from 5.3.37 to 5.3.39 [#15615](https://togithub.com/spring-projects/spring-security/pull/15615) ##### :nut_and_bolt: Build Updates - Automate check of expected branch version [#15226](https://togithub.com/spring-projects/spring-security/issues/15226) - Bump `@antora`/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs [#15447](https://togithub.com/spring-projects/spring-security/pull/15447) - Bump `@antora`/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs [#15484](https://togithub.com/spring-projects/spring-security/pull/15484) - Bump `@antora`/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs [#15558](https://togithub.com/spring-projects/spring-security/pull/15558) - Bump `@antora`/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs [#15633](https://togithub.com/spring-projects/spring-security/pull/15633) - Bump `@springio`/antora-extensions from 1.11.1 to 1.12.0 in /docs [#15417](https://togithub.com/spring-projects/spring-security/pull/15417) - Bump `@springio`/antora-extensions from 1.12.0 to 1.13.0 in /docs [#15523](https://togithub.com/spring-projects/spring-security/pull/15523) - Bump `@springio`/antora-extensions from 1.13.0 to 1.13.1 in /docs [#15559](https://togithub.com/spring-projects/spring-security/pull/15559) - Bump `@springio`/antora-extensions from 1.13.1 to 1.14.2 in /docs [#15632](https://togithub.com/spring-projects/spring-security/pull/15632) - Bump `@springio`/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs [#15416](https://togithub.com/spring-projects/spring-security/pull/15416) - Bump `@springio`/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs [#15524](https://togithub.com/spring-projects/spring-security/pull/15524) - Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs [#15330](https://togithub.com/spring-projects/spring-security/pull/15330) - Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs [#15481](https://togithub.com/spring-projects/spring-security/pull/15481) - Bump com.gradle.develocity from 3.17.5 to 3.17.6 [#15463](https://togithub.com/spring-projects/spring-security/pull/15463) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@Haarolean](https://togithub.com/Haarolean) - [@dependabot\[bot\]](https://togithub.com/apps/dependabot) ### [`v5.8.13`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.13) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.12...5.8.13) ##### :star: New Features - doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean [#14779](https://togithub.com/spring-projects/spring-security/pull/14779) - Enhance Logging in RequestMatcherDelegatingAuthorizationManage [#14837](https://togithub.com/spring-projects/spring-security/issues/14837) - Improve PasswordEncoder Error Messaging [#14951](https://togithub.com/spring-projects/spring-security/pull/14951) - InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified [#14880](https://togithub.com/spring-projects/spring-security/issues/14880) - Mention all required dependencies in LDAP documentation [#15235](https://togithub.com/spring-projects/spring-security/pull/15235) - Remove useBase64 parameter [#14862](https://togithub.com/spring-projects/spring-security/pull/14862) ##### :beetle: Bug Fixes - AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc [#13849](https://togithub.com/spring-projects/spring-security/issues/13849) - Always Use Request-Level ServletContext to Evaluate Request Matcher Paths [#15195](https://togithub.com/spring-projects/spring-security/pull/15195) - Assert WebSession is not null [#14977](https://togithub.com/spring-projects/spring-security/pull/14977) - Conditionally Add Conventions Plugin [#15152](https://togithub.com/spring-projects/spring-security/pull/15152) - DispatcherServletDelegatingRequestMatcher causes errors when there is more than one ServletContext [#14418](https://togithub.com/spring-projects/spring-security/issues/14418) - Fix Java example in multitenanci.adoc [#15146](https://togithub.com/spring-projects/spring-security/pull/15146) - LDIF file on official documentation breaks the startup process [#15089](https://togithub.com/spring-projects/spring-security/issues/15089) - Link to article with remember-me-persistent-token strategy is broken [#14358](https://togithub.com/spring-projects/spring-security/issues/14358) - ProxyRestrictionConditionValidator is missing in the OpenSaml4AuthenticationProvider.SAML20AssertionValidators class [#14931](https://togithub.com/spring-projects/spring-security/issues/14931) - Resolving invalid CSRF token values is not consistent [#15184](https://togithub.com/spring-projects/spring-security/issues/15184) - Restore Build Scan Capability [#15120](https://togithub.com/spring-projects/spring-security/issues/15120) - Wrong information for RequestCacheAwareFilter in the Spring Security documentation. [#14855](https://togithub.com/spring-projects/spring-security/issues/14855) ##### :hammer: Dependency Upgrades - Bump io.projectreactor.netty:reactor-netty from 1.0.44 to 1.0.45 [#15074](https://togithub.com/spring-projects/spring-security/pull/15074) - Bump io.projectreactor.netty:reactor-netty from 1.0.45 to 1.0.46 [#15231](https://togithub.com/spring-projects/spring-security/pull/15231) - Bump io.projectreactor.tools:blockhound from 1.0.8.RELEASE to 1.0.9.RELEASE [#14923](https://togithub.com/spring-projects/spring-security/pull/14923) - Bump io.projectreactor:reactor-bom from 2020.0.43 to 2020.0.44 [#15073](https://togithub.com/spring-projects/spring-security/pull/15073) - Bump io.projectreactor:reactor-bom from 2020.0.44 to 2020.0.45 [#15230](https://togithub.com/spring-projects/spring-security/pull/15230) - Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 [#15191](https://togithub.com/spring-projects/spring-security/pull/15191) - Bump org.springframework:spring-framework-bom from 5.3.34 to 5.3.35 [#15085](https://togithub.com/spring-projects/spring-security/pull/15085) - Bump org.springframework:spring-framework-bom from 5.3.35 to 5.3.36 [#15135](https://togithub.com/spring-projects/spring-security/pull/15135) - Bump org.springframework:spring-framework-bom from 5.3.36 to 5.3.37 [#15253](https://togithub.com/spring-projects/spring-security/pull/15253) - Bump slackapi/slack-github-action from 1.25.0 to 1.26.0 [#14938](https://togithub.com/spring-projects/spring-security/pull/14938) ##### :nut_and_bolt: Build Updates - Attach Antora Docs to Pull Requests [#14992](https://togithub.com/spring-projects/spring-security/issues/14992) - Bump `@antora`/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs [#15160](https://togithub.com/spring-projects/spring-security/pull/15160) - Bump `@springio`/antora-extensions from 1.10.0 to 1.11.1 in /docs [#15140](https://togithub.com/spring-projects/spring-security/pull/15140) - Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 [#15001](https://togithub.com/spring-projects/spring-security/pull/15001) - Bump com.gradle.develocity from 3.17.2 to 3.17.4 [#15099](https://togithub.com/spring-projects/spring-security/pull/15099) - Bump com.gradle.develocity from 3.17.4 to 3.17.5 [#15240](https://togithub.com/spring-projects/spring-security/pull/15240) - Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 [#14959](https://togithub.com/spring-projects/spring-security/pull/14959) - Consider Adding a Build Updates section to the release changelog [#14485](https://togithub.com/spring-projects/spring-security/issues/14485) - Migrate to com.gradle.develocity plugin [#15021](https://togithub.com/spring-projects/spring-security/issues/15021) - Update Gradle Enterprise plugin to 3.17.2 [#15020](https://togithub.com/spring-projects/spring-security/issues/15020) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@caio-henrique](https://togithub.com/caio-henrique) - [@jzheaux](https://togithub.com/jzheaux) - [@dukbong](https://togithub.com/dukbong) - [@Harsh4902](https://togithub.com/Harsh4902) - [@abimael-turing](https://togithub.com/abimael-turing) - [@dependabot\[bot\]](https://togithub.com/apps/dependabot) - [@sheriumair](https://togithub.com/sheriumair) - [@paschm](https://togithub.com/paschm) ### [`v5.8.12`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.12) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.11...5.8.12) ##### :beetle: Bug Fixes - Conditional check for data-source-ref is incorrect [#14742](https://togithub.com/spring-projects/spring-security/pull/14742) ##### :hammer: Dependency Upgrades - Bump io.projectreactor.netty:reactor-netty from 1.0.43 to 1.0.44 [#14878](https://togithub.com/spring-projects/spring-security/pull/14878) - Bump io.projectreactor:reactor-bom from 2020.0.42 to 2020.0.43 [#14877](https://togithub.com/spring-projects/spring-security/pull/14877) - Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 [#14822](https://togithub.com/spring-projects/spring-security/pull/14822) - Bump org.springframework:spring-framework-bom from 5.3.33 to 5.3.34 [#14891](https://togithub.com/spring-projects/spring-security/pull/14891) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@dependabot\[bot\]](https://togithub.com/apps/dependabot) - [@sheriumair](https://togithub.com/sheriumair) ### [`v5.8.11`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.11) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.10...5.8.11) ##### :beetle: Bug Fixes - Allow tab in HTTP header values. [#14590](https://togithub.com/spring-projects/spring-security/pull/14590) - Check for `null` Authentication [#14664](https://togithub.com/spring-projects/spring-security/issues/14664) - PostAuthorize Method Interceptors Should Use Order from `AuthorizationInterceptorsOrder` [#14720](https://togithub.com/spring-projects/spring-security/issues/14720) - Remove duplicate setSecurityContextHolderStrategy [#14603](https://togithub.com/spring-projects/spring-security/pull/14603) - Spring security's ServerLogoutHandler order problem. [#14379](https://togithub.com/spring-projects/spring-security/issues/14379) ##### :hammer: Dependency Upgrades - Bump io.projectreactor.netty:reactor-netty from 1.0.41 to 1.0.43 [#14730](https://togithub.com/spring-projects/spring-security/pull/14730) - Bump io.projectreactor:reactor-bom from 2020.0.41 to 2020.0.42 [#14729](https://togithub.com/spring-projects/spring-security/pull/14729) - Bump org.springframework:spring-framework-bom from 5.3.32 to 5.3.33 [#14759](https://togithub.com/spring-projects/spring-security/pull/14759) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@chbecker2](https://togithub.com/chbecker2) - [@kse-music](https://togithub.com/kse-music) - [@dependabot\[bot\]](https://togithub.com/apps/dependabot) ### [`v5.8.10`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.10) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.9...5.8.10) ##### :star: New Features - Updated broken documentation link in javadocs [#14329](https://togithub.com/spring-projects/spring-security/pull/14329) ##### :beetle: Bug Fixes - Fix security filter sort in javadoc [#14552](https://togithub.com/spring-projects/spring-security/pull/14552) - ReactiveMethodSecurityConfiguration is initialized prematurely when the context contains a BeanPostProcessor [#11596](https://togithub.com/spring-projects/spring-security/issues/11596) - Saml2 LogoutFilter Should Come Before Common LogoutFilter [#14549](https://togithub.com/spring-projects/spring-security/pull/14549) ##### :hammer: Dependency Upgrades - Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 [#14584](https://togithub.com/spring-projects/spring-security/pull/14584) - Bump gradle/gradle-build-action from 2 to 3 [#14505](https://togithub.com/spring-projects/spring-security/pull/14505) - Bump io-spring-javaformat from 0.0.40 to 0.0.41 [#14438](https://togithub.com/spring-projects/spring-security/pull/14438) - Bump io.projectreactor.netty:reactor-netty from 1.0.40 to 1.0.41 [#14432](https://togithub.com/spring-projects/spring-security/pull/14432) - Bump io.projectreactor:reactor-bom from 2020.0.39 to 2020.0.40 [#14431](https://togithub.com/spring-projects/spring-security/pull/14431) - Bump io.projectreactor:reactor-bom from 2020.0.40 to 2020.0.41 [#14614](https://togithub.com/spring-projects/spring-security/pull/14614) - Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 [#14464](https://togithub.com/spring-projects/spring-security/pull/14464) - Bump org-aspectj from 1.9.20.1 to 1.9.21.1 [#14607](https://togithub.com/spring-projects/spring-security/pull/14607) - Bump org-eclipse-jetty from 9.4.53.v20231009 to 9.4.54.v20240208 [#14608](https://togithub.com/spring-projects/spring-security/pull/14608) - Bump org.springframework:spring-framework-bom from 5.3.31 to 5.3.32 [#14622](https://togithub.com/spring-projects/spring-security/pull/14622) - Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 [#14506](https://togithub.com/spring-projects/spring-security/pull/14506) - Bump spring-io/spring-github-workflows from [`eaf17a1`](https://togithub.com/spring-projects/spring-security/commit/eaf17a1890b1ef1b337f015d6eb263baaf8c6dab) to [`1e8b058`](https://togithub.com/spring-projects/spring-security/commit/1e8b0587a1f4f01697f9753fa3339c3e0d30f396) [#14585](https://togithub.com/spring-projects/spring-security/pull/14585) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@kse-music](https://togithub.com/kse-music) - [@geirhe](https://togithub.com/geirhe) - [@aspan](https://togithub.com/aspan) - [@dependabot\[bot\]](https://togithub.com/apps/dependabot) ### [`v5.8.9`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.9) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.8...5.8.9) ##### :star: New Features - Document that Shibboleth Repository is Required for SAML Support [#14286](https://togithub.com/spring-projects/spring-security/issues/14286) - OAuth2 Resource Server is exposing server information. [#13730](https://togithub.com/spring-projects/spring-security/issues/13730) - Resolve RequestMatcher at request-time [#14078](https://togithub.com/spring-projects/spring-security/issues/14078) - Update Java Config Spring MVC documentation [#14220](https://togithub.com/spring-projects/spring-security/issues/14220) ##### :beetle: Bug Fixes - AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity [#13625](https://togithub.com/spring-projects/spring-security/issues/13625) - Authentication not propagated correctly after migrating to SB3 [#12877](https://togithub.com/spring-projects/spring-security/issues/12877) - Authorization does not show up on Features section [#14099](https://togithub.com/spring-projects/spring-security/issues/14099) - Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing [#13718](https://togithub.com/spring-projects/spring-security/issues/13718) - Fix caching error state in ReactiveRemoteJWKSource [#13976](https://togithub.com/spring-projects/spring-security/pull/13976) - fix wrong document about "jws-algorithms" [#14252](https://togithub.com/spring-projects/spring-security/issues/14252) - Improve error message when ServletRegistration API is unavailable [#14221](https://togithub.com/spring-projects/spring-security/issues/14221) - References to WebFlux docs do not link to them [#14100](https://togithub.com/spring-projects/spring-security/issues/14100) - relay_state should not be included in signing calculation when it is null [#13913](https://togithub.com/spring-projects/spring-security/issues/13913) - Security configuration is failed to be initialized in a Servlet 6.0 container [#13794](https://togithub.com/spring-projects/spring-security/issues/13794) - Spring Security documentation confuses "idempotent" with "read-only" in CSRF section [#13644](https://togithub.com/spring-projects/spring-security/issues/13644) - X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive [#11948](https://togithub.com/spring-projects/spring-security/issues/11948) - XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 [#12483](https://togithub.com/spring-projects/spring-security/issues/12483) ##### :hammer: Dependency Upgrades - Bump actions/checkout from 3 to 4 [#14313](https://togithub.com/spring-projects/spring-security/pull/14313) - Bump actions/setup-java from 3 to 4 [#14307](https://togithub.com/spring-projects/spring-security/pull/14307) - Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 [#14240](https://togithub.com/spring-projects/spring-security/pull/14240) - Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 [#14301](https://togithub.com/spring-projects/spring-security/pull/14301) - Bump io-spring-javaformat from 0.0.39 to 0.0.40 [#14153](https://togithub.com/spring-projects/spring-security/pull/14153) - Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 [#14143](https://togithub.com/spring-projects/spring-security/pull/14143) - Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 [#14290](https://togithub.com/spring-projects/spring-security/pull/14290) - Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 [#14142](https://togithub.com/spring-projects/spring-security/pull/14142) - Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 [#14291](https://togithub.com/spring-projects/spring-security/pull/14291) - Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 [#14170](https://togithub.com/spring-projects/spring-security/pull/14170) - Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 [#14154](https://togithub.com/spring-projects/spring-security/pull/14154) - Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 [#14303](https://togithub.com/spring-projects/spring-security/pull/14303) - Bump spring-io/spring-gradle-build-action from 1 to 2 [#14308](https://togithub.com/spring-projects/spring-security/pull/14308) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@dongelci](https://togithub.com/dongelci) - [@dependabot\[bot\]](https://togithub.com/apps/dependabot) ### [`v5.8.8`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.8) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.7...5.8.8) ##### :star: New Features - Document how to publish an `AuthenticationManager` `@Bean` without `WebSecurityConfigurerAdapter` [#11926](https://togithub.com/spring-projects/spring-security/issues/11926) - Use Gradle's Version Catalog [#13868](https://togithub.com/spring-projects/spring-security/issues/13868) ##### :beetle: Bug Fixes - Fix `snapshot_tests` on CI workflow [#13876](https://togithub.com/spring-projects/spring-security/issues/13876) - fix corrupted saml2 metadata once special characters are present [#13777](https://togithub.com/spring-projects/spring-security/pull/13777) - Saml-Metadata with special characters is corrupted [#13776](https://togithub.com/spring-projects/spring-security/issues/13776) - Saml2LogoutRequestMixin relayState property should be binding [#12539](https://togithub.com/spring-projects/spring-security/issues/12539) ##### :hammer: Dependency Upgrades - Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 [#13982](https://togithub.com/spring-projects/spring-security/pull/13982) - Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 [#13927](https://togithub.com/spring-projects/spring-security/pull/13927) - Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 [#13890](https://togithub.com/spring-projects/spring-security/pull/13890) - Bump com.gradle.enterprise from 3.11.1 to 3.11.4 [#13928](https://togithub.com/spring-projects/spring-security/pull/13928) - Bump io.projectreactor.netty:reactor-netty from 1.0.35 to 1.0.36 [#13885](https://togithub.com/spring-projects/spring-security/pull/13885) - Bump io.projectreactor.netty:reactor-netty from 1.0.36 to 1.0.38 [#13998](https://togithub.com/spring-projects/spring-security/pull/13998) - Bump io.projectreactor:reactor-bom from 2020.0.35 to 2020.0.36 [#13944](https://togithub.com/spring-projects/spring-security/pull/13944) - Bump io.projectreactor:reactor-bom from 2020.0.36 to 2020.0.37 [#13997](https://togithub.com/spring-projects/spring-security/pull/13997) - Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 [#13925](https://togithub.com/spring-projects/spring-security/pull/13925) - Bump org-aspectj from 1.9.20 to 1.9.20.1 [#13893](https://togithub.com/spring-projects/spring-security/pull/13893) - Bump org-eclipse-jetty from 9.4.51.v20230217 to 9.4.52.v20230823 [#13909](https://togithub.com/spring-projects/spring-security/pull/13909) - Bump org-eclipse-jetty from 9.4.52.v20230823 to 9.4.53.v20231009 [#13996](https://togithub.com/spring-projects/spring-security/pull/13996) - Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.17.2 [#13926](https://togithub.com/spring-projects/spring-security/pull/13926) - Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 [#13954](https://togithub.com/spring-projects/spring-security/pull/13954) - Bump org.springframework.data:spring-data-bom from 2021.2.15 to 2021.2.16 [#13907](https://togithub.com/spring-projects/spring-security/pull/13907) - Bump org.springframework.data:spring-data-bom from 2021.2.16 to 2021.2.17 [#14018](https://togithub.com/spring-projects/spring-security/pull/14018) - Bump org.springframework:spring-framework-bom from 5.3.29 to 5.3.30 [#13908](https://togithub.com/spring-projects/spring-security/pull/13908) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@JannickWeisshaupt](https://togithub.com/JannickWeisshaupt) - [@erichaagdev](https://togithub.com/erichaagdev) - [@dependabot\[bot\]](https://togithub.com/apps/dependabot) ### [`v5.8.7`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.7) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.6...5.8.7) ##### :star: New Features - Automate spring-security.xsd [#13823](https://togithub.com/spring-projects/spring-security/issues/13823) ##### :beetle: Bug Fixes - CookieRequestCache ignores user Locale [#13792](https://togithub.com/spring-projects/spring-security/issues/13792) - Default Security Configuration adds WWW-Authenticate Twice [#13737](https://togithub.com/spring-projects/spring-security/issues/13737) - OAuth2AuthenticationExceptionMixin doesn't work in JDK 17 [#11893](https://togithub.com/spring-projects/spring-security/issues/11893) - Saml2AuthenticationExceptionMixin doesn't work in JDK 17 [#13804](https://togithub.com/spring-projects/spring-security/issues/13804) ### [`v5.8.6`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.6) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.5...5.8.6) ##### :star: New Features - Closes [#11450](https://togithub.com/spring-projects/spring-security/issues/11450) - Add Java beans configuration for Remmember Me Docs [#13570](https://togithub.com/spring-projects/spring-security/pull/13570) - Dependencies are resolved from appropriate repositories [#13582](https://togithub.com/spring-projects/spring-security/pull/13582) - requestMatchers servlet validation error should include information about servlet paths [#13667](https://togithub.com/spring-projects/spring-security/issues/13667) - requestMatchers should not count servlets without mappings [#13666](https://togithub.com/spring-projects/spring-security/issues/13666) ##### :beetle: Bug Fixes - Fix Bearer Token RestTemplate Support example [#13434](https://togithub.com/spring-projects/spring-security/pull/13434) - Referrer Header is set in Reactive Web Applications by default, although doc says it is not. [#13561](https://togithub.com/spring-projects/spring-security/issues/13561) - The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered [#13572](https://togithub.com/spring-projects/spring-security/issues/13572) ##### :hammer: Dependency Upgrades - Update io.projectreactor to 2020.0.35 [#13702](https://togithub.com/spring-projects/spring-security/issues/13702) - Update org.aspectj to 1.9.20 [#13704](https://togithub.com/spring-projects/spring-security/issues/13704) - Update org.springframework.data to 2021.2.15 [#13705](https://togithub.com/spring-projects/spring-security/issues/13705) - Update reactor-netty to 1.0.35 [#13703](https://togithub.com/spring-projects/spring-security/issues/13703) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@erichaagdev](https://togithub.com/erichaagdev) - [@petrovskimario](https://togithub.com/petrovskimario) - [@daniel-shuy](https://togithub.com/daniel-shuy) ### [`v5.8.5`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.5) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.4...5.8.5) ##### :star: New Features - Improve RequestMatcher Validation [#13551](https://togithub.com/spring-projects/spring-security/issues/13551) - Improve Security Filters Documentation [#8167](https://togithub.com/spring-projects/spring-security/issues/8167) ##### :beetle: Bug Fixes - Optimize Querying of RequestCache -> continue parameter [#13438](https://togithub.com/spring-projects/spring-security/issues/13438) - Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration [#13417](https://togithub.com/spring-projects/spring-security/issues/13417) - Use default PathPatternParser instance [#13462](https://togithub.com/spring-projects/spring-security/issues/13462) ##### :hammer: Dependency Upgrades - Update io.projectreactor to 2020.0.34 [#13513](https://togithub.com/spring-projects/spring-security/issues/13513) - Update org.springframework to 5.3.29 [#13515](https://togithub.com/spring-projects/spring-security/issues/13515) - Update org.springframework.data to 2021.2.14 [#13516](https://togithub.com/spring-projects/spring-security/issues/13516) - Update reactor-netty to 1.0.34 [#13514](https://togithub.com/spring-projects/spring-security/issues/13514) ### [`v5.8.4`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.4) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.3...5.8.4) ##### :star: New Features - Convert to Asciidoctor Tabs [#13405](https://togithub.com/spring-projects/spring-security/issues/13405) - Mention that authorizeHttpRequests does not support GrantedAuthorityDefaults [#13227](https://togithub.com/spring-projects/spring-security/issues/13227) - mockOAuth2Login() does not work in collaboration with Spring Cloud Gateway and TokenRelayGatewayFilter [#13252](https://togithub.com/spring-projects/spring-security/issues/13252) - Use Antora name of security [#13329](https://togithub.com/spring-projects/spring-security/issues/13329) ##### :beetle: Bug Fixes - Additional filters registered when using Custom DSL [#13280](https://togithub.com/spring-projects/spring-security/issues/13280) - AffirmativeBased vs. AuthorizationManagers.anyOf(...) documentation [#13069](https://togithub.com/spring-projects/spring-security/issues/13069) - AuthorizationAnnotationUtils.findUniqueAnnotation broken for synthetic methods [#13132](https://togithub.com/spring-projects/spring-security/issues/13132) - Clarify that Kotlin DSL needs an import [#13101](https://togithub.com/spring-projects/spring-security/issues/13101) - Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository [#13191](https://togithub.com/spring-projects/spring-security/issues/13191) - Fix Antora Warnings [#13292](https://togithub.com/spring-projects/spring-security/issues/13292) - Fix code snippets in Authorize HttpServletRequest [#11522](https://togithub.com/spring-projects/spring-security/issues/11522) - Fix constant value in XContentTypeOptionsServerHttpHeadersWriter [#13219](https://togithub.com/spring-projects/spring-security/issues/13219) - Fix Documentation Title [#13316](https://togithub.com/spring-projects/spring-security/issues/13316) - Fix legacy-websocket-configuration cross-reference [#12969](https://togithub.com/spring-projects/spring-security/pull/12969) - Fix typo in authorization.adoc [#13135](https://togithub.com/spring-projects/spring-security/pull/13135) - http://www.springframework.org/schema/security/spring-security.xsd returns 404 [#13207](https://togithub.com/spring-projects/spring-security/issues/13207) - Links between migration docs are out of date [#12675](https://togithub.com/spring-projects/spring-security/issues/12675) - Proxy Server section is not linked in nav [#13322](https://togithub.com/spring-projects/spring-security/issues/13322) - RememberMeAuthenticationFilter does not use SecurityContextRepository configured in HttpSecurity [#13104](https://togithub.com/spring-projects/spring-security/issues/13104) - SAML 2.0 HTTP Redirect Binding query params may appear in any order [#12963](https://togithub.com/spring-projects/spring-security/pull/12963) - SAML login fails in Internet Explorer 11 [#13106](https://togithub.com/spring-projects/spring-security/issues/13106) - Spring Security 6 combined with AspectJ weaving of spring-security-aspects executes PreAuthorize twice [#13160](https://togithub.com/spring-projects/spring-security/issues/13160) ##### :hammer: Dependency Upgrades - Address CVE-2023-1370 [#13146](https://togithub.com/spring-projects/spring-security/pull/13146) - Update com.nimbusds to 9.43.3 [#13374](https://togithub.com/spring-projects/spring-security/issues/13374) - Update hsqldb to 2.7.2 [#13388](https://togithub.com/spring-projects/spring-security/issues/13388) - Update io.projectreactor to 2020.0.33 [#13377](https://togithub.com/spring-projects/spring-security/issues/13377) - Update io.rsocket to 1.1.4 [#13383](https://togithub.com/spring-projects/spring-security/issues/13383) - Update io.spring.javaformat to 0.0.39 [#13386](https://togithub.com/spring-projects/spring-security/issues/13386) - Update junit-bom to 5.9.3 [#13391](https://togithub.com/spring-projects/spring-security/issues/13391) - Update org.junit.jupiter to 5.9.3 [#13393](https://togithub.com/spring-projects/spring-security/issues/13393) - Update org.springframework to 5.3.28 [#13395](https://togithub.com/spring-projects/spring-security/issues/13395) - Update org.springframework.data to 2021.2.13 [#13397](https://togithub.com/spring-projects/spring-security/issues/13397) - Update reactor-netty to 1.0.33 [#13380](https://togithub.com/spring-projects/spring-security/issues/13380) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@LeovR](https://togithub.com/LeovR) - [@lukaszmigdalek](https://togithub.com/lukaszmigdalek) - [@fredbalves86](https://togithub.com/fredbalves86) - [@daisuzz](https://togithub.com/daisuzz) ### [`v5.8.3`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.3) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.2...5.8.3) ##### :star: New Features - Clarify documentation code snippet(s) (unclear where static imported methods come from) [#12991](https://togithub.com/spring-projects/spring-security/issues/12991) - Document 5.8 Migration for DefaultMethodSecurityExpressionHandler [#12356](https://togithub.com/spring-projects/spring-security/issues/12356) - Documentation should mention that an empty SecurityContext should also be saved [#12906](https://togithub.com/spring-projects/spring-security/issues/12906) - Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist [#12928](https://togithub.com/spring-projects/spring-security/issues/12928) - Fixed test in DefaultLoginPageGeneratingFilterTests [#12694](https://togithub.com/spring-projects/spring-security/pull/12694) ##### :beetle: Bug Fixes - Bug in documentation of Storing the Authentication manually [#12850](https://togithub.com/spring-projects/spring-security/issues/12850) - DaoAuthenticationProvider is not usable on RHEL 8.7 with enforced FIPS mode [#12873](https://togithub.com/spring-projects/spring-security/issues/12873) - EntityId ignored in xml relying-party-registration [#12776](https://togithub.com/spring-projects/spring-security/issues/12776) - Fix .access(...) parameter [#12676](https://togithub.com/spring-projects/spring-security/pull/12676) - Fix a javadoc typo in ReactiveAuthorizationManager [#12999](https://togithub.com/spring-projects/spring-security/issues/12999) - Fix a javadoc typo in ReactiveAuthorizationManager [#12982](https://togithub.com/spring-projects/spring-security/issues/12982) - Fix ID of WebSocket Authorization section [#12872](https://togithub.com/spring-projects/spring-security/pull/12872) - HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support [#12314](https://togithub.com/spring-projects/spring-security/issues/12314) - JdkSerializationRedisSerializer is not able to serialize Saml2LogoutRequest because of a lambda encoder [#12472](https://togithub.com/spring-projects/spring-security/issues/12472) - Missing spring-security-oauth2 xsds after release [#12805](https://togithub.com/spring-projects/spring-security/issues/12805) - NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed [#13004](https://togithub.com/spring-projects/spring-security/issues/13004) - RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present [#13054](https://togithub.com/spring-projects/spring-security/issues/13054) - Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver [#12935](https://togithub.com/spring-projects/spring-security/issues/12935) - SecurityWebApplicationInitializer.getSecurityDispatcherTypes example is wrong in migration guide [#12939](https://togithub.com/spring-projects/spring-security/issues/12939) - SwitchUserFilter should use HttpSessionSecurityContextRepository by default [#12835](https://togithub.com/spring-projects/spring-security/issues/12835) ##### :hammer: Dependency Upgrades - Update blockhound to 1.0.8.RELEASE [#13024](https://togithub.com/spring-projects/spring-security/issues/13024) - Update io.projectreactor to 2020.0.31 [#13022](https://togithub.com/spring-projects/spring-security/issues/13022) - Update io.spring.javaformat to 0.0.38 [#13025](https://togithub.com/spring-projects/spring-security/issues/13025) - Update logback-classic to 1.2.12 [#13021](https://togithub.com/spring-projects/spring-security/issues/13021) - Update org.eclipse.jetty to 9.4.51.v20230217 [#13026](https://togithub.com/spring-projects/spring-security/issues/13026) - Update org.springframework to 5.3.27 [#13027](https://togithub.com/spring-projects/spring-security/issues/13027) - Update org.springframework.data to 2021.2.10 [#13028](https://togithub.com/spring-projects/spring-security/issues/13028) - Update org.springframework.data to 2021.2.11 [#13029](https://togithub.com/spring-projects/spring-security/issues/13029) - Update reactor-netty to 1.0.31 [#13023](https://togithub.com/spring-projects/spring-security/issues/13023) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@slauth](https://togithub.com/slauth) - [@twosom](https://togithub.com/twosom) - [@el-hopaness-romtic](https://togithub.com/el-hopaness-romtic) ### [`v5.8.2`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.2) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.1...5.8.2) ##### :star: New Features - Add XorCsrfChannelInterceptor [#12562](https://togithub.com/spring-projects/spring-security/pull/12562) - Document `@EnableWebFluxSecurity` requiring `@Configuration` in 6.0.0 [#12434](https://togithub.com/spring-projects/spring-security/issues/12434) - fix unclosed block in docs [#12553](https://togithub.com/spring-projects/spring-security/issues/12553) - Improve documentation on what changed in the default behaviour in version 6 vs 5.7 [#12462](https://togithub.com/spring-projects/spring-security/issues/12462) - Spring Security 6.0 Migration Guide Should Mention `@Configuration` Meta-Annotation Removal From Configuration Annotations [#12486](https://togithub.com/spring-projects/spring-security/issues/12486) ##### :beetle: Bug Fixes - AuthorizationManager method security documentation should use AnnotationMatchingPointcut [#12516](https://togithub.com/spring-projects/spring-security/issues/12516) - DefaultSavedRequest.doesRequestMatch does not work, when matchingRequestParameterName is set [#12665](https://togithub.com/spring-projects/spring-security/issues/12665) - Document XMLObject retreival for Asserting Party metadata [#12693](https://togithub.com/spring-projects/spring-security/issues/12693) - Jackson serialization of `DefaultSaml2AuthenticatedPrincipal`: `LinkedMultiValueMap is not in the allowlist` [#12458](https://togithub.com/spring-projects/spring-security/issues/12458) - NimbusJwtDecoder unknown KID scenario is not correctly tested [#12494](https://togithub.com/spring-projects/spring-security/issues/12494) - NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard [#12686](https://togithub.com/spring-projects/spring-security/issues/12686) - SwitchUserFilter not working in Spring Security 6 [#12510](https://togithub.com/spring-projects/spring-security/issues/12510) - Wrong name of the filter in the SecurityContextHolderFilter diagram [#12526](https://togithub.com/spring-projects/spring-security/issues/12526) ##### :hammer: Dependency Upgrades - Update blockhound to 1.0.7.RELEASE [#12719](https://togithub.com/spring-projects/spring-security/issues/12719) - Update hibernate-entitymanager to 5.6.15.Final [#12722](https://togithub.com/spring-projects/spring-security/issues/12722) - Update io.projectreactor to 2020.0.28 [#12717](https://togithub.com/spring-projects/spring-security/issues/12717) - Update io.spring.nohttp to 0.0.11 [#12720](https://togithub.com/spring-projects/spring-security/issues/12720) - Update jackson-bom to 2.13.5 [#12714](https://togithub.com/spring-projects/spring-security/issues/12714) - Update jackson-databind to 2.13.5 [#12715](https://togithub.com/spring-projects/spring-security/issues/12715) - Update jackson-datatype-jsr310 to 2.13.5 [#12716](https://togithub.com/spring-projects/spring-security/issues/12716) - Update junit-bom to 5.9.2 [#12723](https://togithub.com/spring-projects/spring-security/issues/12723) - Update org.aspectj to 1.9.19 [#12721](https://togithub.com/spring-projects/spring-security/issues/12721) - Update org.junit.jupiter to 5.9.2 [#12724](https://togithub.com/spring-projects/spring-security/issues/12724) - Update org.springframework to 5.3.25 [#12725](https://togithub.com/spring-projects/spring-security/issues/12725) - Update org.springframework.data to 2021.2.8 [#12739](https://togithub.com/spring-projects/spring-security/issues/12739) - Update org.springframework.data to 2021.2.8 [#12726](https://togithub.com/spring-projects/spring-security/issues/12726) - Update reactor-netty to 1.0.28 [#12718](https://togithub.com/spring-projects/spring-security/issues/12718) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@sjohnr](https://togithub.com/sjohnr) ### [`v5.8.1`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.1) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.0...5.8.1) ##### :star: New Features - Add `EnableWebSecurity` migration steps to 5.8 guide [#12334](https://togithub.com/spring-projects/spring-security/issues/12334) - Replace deprecated set-state set-output GitHub Action's commands [#12298](https://togithub.com/spring-projects/spring-security/issues/12298) ##### :beetle: Bug Fixes - codes in spring security docs fail to work [#11396](https://togithub.com/spring-projects/spring-security/issues/11396) - DefaultLdapAuthoritiesPopulator throws NullPointerException [#12408](https://togithub.com/spring-projects/spring-security/issues/12408) - Fix AuthorizationFilter diagram in docs [#12286](https://togithub.com/spring-projects/spring-security/issues/12286) - Fix password encoder migration guide [#12318](https://togithub.com/spring-projects/spring-security/pull/12318) - Fix typo [#12316](https://togithub.com/spring-projects/spring-security/pull/12316) - Incorrect Javadoc for class ExpressionAuthorizationDecision [#12411](https://togithub.com/spring-projects/spring-security/issues/12411) - Incorrect sample code in securityMatcher migration docs [#12296](https://togithub.com/spring-projects/spring-security/issues/12296) - SecurityContextHolderFilter does not apply to async dispatch [#11962](https://togithub.com/spring-projects/spring-security/issues/11962) ##### :hammer: Dependency Upgrades - Update httpclient to 4.5.14 [#12403](https://togithub.com/spring-projects/spring-security/issues/12403) - Update io.projectreactor to 2020.0.26 [#12401](https://togithub.com/spring-projects/spring-security/issues/12401) - Update mockk to 1.13.3 [#12400](https://togithub.com/spring-projects/spring-security/issues/12400) - Update org.eclipse.jetty to 9.4.50.v20221201 [#12404](https://togithub.com/spring-projects/spring-security/issues/12404) - Update org.jetbrains.kotlin to 1.7.22 [#12405](https://togithub.com/spring-projects/spring-security/issues/12405) - Update reactor-netty to 1.0.26 [#12402](https://togithub.com/spring-projects/spring-security/issues/12402) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@heowc](https://togithub.com/heowc) - [@mschneid](https://togithub.com/mschneid) ### [`v5.8.0`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.0) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.12...5.8.0) ##### :star: New Features - Add Kotlin example showing integration with WebTestClient [#11611](https://togithub.com/spring-projects/spring-security/issues/11611) - Add MethodExpressionAuthorizationManager [#11502](https://togithub.com/spring-projects/spring-security/issues/11502) - Add Polish localization to error messages from ExceptionTranslationFi… [#12201](https://togithub.com/spring-projects/spring-security/pull/12201) - Add support AuthorizationManager +Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.