spring-projects/spring-security (org.springframework.security:spring-security-cas)
### [`v5.8.8`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.8)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.7...5.8.8)
##### :star: New Features
- Document how to publish an `AuthenticationManager` `@Bean` without `WebSecurityConfigurerAdapter` [#11926](https://togithub.com/spring-projects/spring-security/issues/11926)
- Use Gradle's Version Catalog [#13868](https://togithub.com/spring-projects/spring-security/issues/13868)
##### :beetle: Bug Fixes
- Fix `snapshot_tests` on CI workflow [#13876](https://togithub.com/spring-projects/spring-security/issues/13876)
- fix corrupted saml2 metadata once special characters are present [#13777](https://togithub.com/spring-projects/spring-security/pull/13777)
- Saml-Metadata with special characters is corrupted [#13776](https://togithub.com/spring-projects/spring-security/issues/13776)
- Saml2LogoutRequestMixin relayState property should be binding [#12539](https://togithub.com/spring-projects/spring-security/issues/12539)
##### :hammer: Dependency Upgrades
- Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 [#13982](https://togithub.com/spring-projects/spring-security/pull/13982)
- Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 [#13927](https://togithub.com/spring-projects/spring-security/pull/13927)
- Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 [#13890](https://togithub.com/spring-projects/spring-security/pull/13890)
- Bump com.gradle.enterprise from 3.11.1 to 3.11.4 [#13928](https://togithub.com/spring-projects/spring-security/pull/13928)
- Bump io.projectreactor.netty:reactor-netty from 1.0.35 to 1.0.36 [#13885](https://togithub.com/spring-projects/spring-security/pull/13885)
- Bump io.projectreactor.netty:reactor-netty from 1.0.36 to 1.0.38 [#13998](https://togithub.com/spring-projects/spring-security/pull/13998)
- Bump io.projectreactor:reactor-bom from 2020.0.35 to 2020.0.36 [#13944](https://togithub.com/spring-projects/spring-security/pull/13944)
- Bump io.projectreactor:reactor-bom from 2020.0.36 to 2020.0.37 [#13997](https://togithub.com/spring-projects/spring-security/pull/13997)
- Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 [#13925](https://togithub.com/spring-projects/spring-security/pull/13925)
- Bump org-aspectj from 1.9.20 to 1.9.20.1 [#13893](https://togithub.com/spring-projects/spring-security/pull/13893)
- Bump org-eclipse-jetty from 9.4.51.v20230217 to 9.4.52.v20230823 [#13909](https://togithub.com/spring-projects/spring-security/pull/13909)
- Bump org-eclipse-jetty from 9.4.52.v20230823 to 9.4.53.v20231009 [#13996](https://togithub.com/spring-projects/spring-security/pull/13996)
- Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.17.2 [#13926](https://togithub.com/spring-projects/spring-security/pull/13926)
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 [#13954](https://togithub.com/spring-projects/spring-security/pull/13954)
- Bump org.springframework.data:spring-data-bom from 2021.2.15 to 2021.2.16 [#13907](https://togithub.com/spring-projects/spring-security/pull/13907)
- Bump org.springframework.data:spring-data-bom from 2021.2.16 to 2021.2.17 [#14018](https://togithub.com/spring-projects/spring-security/pull/14018)
- Bump org.springframework:spring-framework-bom from 5.3.29 to 5.3.30 [#13908](https://togithub.com/spring-projects/spring-security/pull/13908)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@JannickWeisshaupt](https://togithub.com/JannickWeisshaupt)
- [@erichaagdev](https://togithub.com/erichaagdev)
- [@dependabot\[bot\]](https://togithub.com/apps/dependabot)
### [`v5.8.7`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.7)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.6...5.8.7)
#### :star: New Features
- Automate spring-security.xsd [#13823](https://togithub.com/spring-projects/spring-security/issues/13823)
#### :beetle: Bug Fixes
- CookieRequestCache ignores user Locale [#13792](https://togithub.com/spring-projects/spring-security/issues/13792)
- Default Security Configuration adds WWW-Authenticate Twice [#13737](https://togithub.com/spring-projects/spring-security/issues/13737)
- OAuth2AuthenticationExceptionMixin doesn't work in JDK 17 [#11893](https://togithub.com/spring-projects/spring-security/issues/11893)
- Saml2AuthenticationExceptionMixin doesn't work in JDK 17 [#13804](https://togithub.com/spring-projects/spring-security/issues/13804)
### [`v5.8.6`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.6)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.5...5.8.6)
##### :star: New Features
- Closes [#11450](https://togithub.com/spring-projects/spring-security/issues/11450) - Add Java beans configuration for Remmember Me Docs [#13570](https://togithub.com/spring-projects/spring-security/pull/13570)
- Dependencies are resolved from appropriate repositories [#13582](https://togithub.com/spring-projects/spring-security/pull/13582)
- requestMatchers servlet validation error should include information about servlet paths [#13667](https://togithub.com/spring-projects/spring-security/issues/13667)
- requestMatchers should not count servlets without mappings [#13666](https://togithub.com/spring-projects/spring-security/issues/13666)
##### :beetle: Bug Fixes
- Fix Bearer Token RestTemplate Support example [#13434](https://togithub.com/spring-projects/spring-security/pull/13434)
- Referrer Header is set in Reactive Web Applications by default, although doc says it is not. [#13561](https://togithub.com/spring-projects/spring-security/issues/13561)
- The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered [#13572](https://togithub.com/spring-projects/spring-security/issues/13572)
##### :hammer: Dependency Upgrades
- Update io.projectreactor to 2020.0.35 [#13702](https://togithub.com/spring-projects/spring-security/issues/13702)
- Update org.aspectj to 1.9.20 [#13704](https://togithub.com/spring-projects/spring-security/issues/13704)
- Update org.springframework.data to 2021.2.15 [#13705](https://togithub.com/spring-projects/spring-security/issues/13705)
- Update reactor-netty to 1.0.35 [#13703](https://togithub.com/spring-projects/spring-security/issues/13703)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@erichaagdev](https://togithub.com/erichaagdev)
- [@petrovskimario](https://togithub.com/petrovskimario)
- [@daniel-shuy](https://togithub.com/daniel-shuy)
### [`v5.8.5`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.5)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.4...5.8.5)
#### :star: New Features
- Improve RequestMatcher Validation [#13551](https://togithub.com/spring-projects/spring-security/issues/13551)
- Improve Security Filters Documentation [#8167](https://togithub.com/spring-projects/spring-security/issues/8167)
#### :beetle: Bug Fixes
- Optimize Querying of RequestCache -> continue parameter [#13438](https://togithub.com/spring-projects/spring-security/issues/13438)
- Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration [#13417](https://togithub.com/spring-projects/spring-security/issues/13417)
- Use default PathPatternParser instance [#13462](https://togithub.com/spring-projects/spring-security/issues/13462)
#### :hammer: Dependency Upgrades
- Update io.projectreactor to 2020.0.34 [#13513](https://togithub.com/spring-projects/spring-security/issues/13513)
- Update org.springframework to 5.3.29 [#13515](https://togithub.com/spring-projects/spring-security/issues/13515)
- Update org.springframework.data to 2021.2.14 [#13516](https://togithub.com/spring-projects/spring-security/issues/13516)
- Update reactor-netty to 1.0.34 [#13514](https://togithub.com/spring-projects/spring-security/issues/13514)
### [`v5.8.4`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.4)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.3...5.8.4)
#### :star: New Features
- Convert to Asciidoctor Tabs [#13405](https://togithub.com/spring-projects/spring-security/issues/13405)
- Mention that authorizeHttpRequests does not support GrantedAuthorityDefaults [#13227](https://togithub.com/spring-projects/spring-security/issues/13227)
- mockOAuth2Login() does not work in collaboration with Spring Cloud Gateway and TokenRelayGatewayFilter [#13252](https://togithub.com/spring-projects/spring-security/issues/13252)
- Use Antora name of security [#13329](https://togithub.com/spring-projects/spring-security/issues/13329)
#### :beetle: Bug Fixes
- Additional filters registered when using Custom DSL [#13280](https://togithub.com/spring-projects/spring-security/issues/13280)
- AffirmativeBased vs. AuthorizationManagers.anyOf(...) documentation [#13069](https://togithub.com/spring-projects/spring-security/issues/13069)
- AuthorizationAnnotationUtils.findUniqueAnnotation broken for synthetic methods [#13132](https://togithub.com/spring-projects/spring-security/issues/13132)
- Clarify that Kotlin DSL needs an import [#13101](https://togithub.com/spring-projects/spring-security/issues/13101)
- Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository [#13191](https://togithub.com/spring-projects/spring-security/issues/13191)
- Fix Antora Warnings [#13292](https://togithub.com/spring-projects/spring-security/issues/13292)
- Fix code snippets in Authorize HttpServletRequest [#11522](https://togithub.com/spring-projects/spring-security/issues/11522)
- Fix constant value in XContentTypeOptionsServerHttpHeadersWriter [#13219](https://togithub.com/spring-projects/spring-security/issues/13219)
- Fix Documentation Title [#13316](https://togithub.com/spring-projects/spring-security/issues/13316)
- Fix legacy-websocket-configuration cross-reference [#12969](https://togithub.com/spring-projects/spring-security/pull/12969)
- Fix typo in authorization.adoc [#13135](https://togithub.com/spring-projects/spring-security/pull/13135)
- http://www.springframework.org/schema/security/spring-security.xsd returns 404 [#13207](https://togithub.com/spring-projects/spring-security/issues/13207)
- Links between migration docs are out of date [#12675](https://togithub.com/spring-projects/spring-security/issues/12675)
- Proxy Server section is not linked in nav [#13322](https://togithub.com/spring-projects/spring-security/issues/13322)
- RememberMeAuthenticationFilter does not use SecurityContextRepository configured in HttpSecurity [#13104](https://togithub.com/spring-projects/spring-security/issues/13104)
- SAML 2.0 HTTP Redirect Binding query params may appear in any order [#12963](https://togithub.com/spring-projects/spring-security/pull/12963)
- SAML login fails in Internet Explorer 11 [#13106](https://togithub.com/spring-projects/spring-security/issues/13106)
- Spring Security 6 combined with AspectJ weaving of spring-security-aspects executes PreAuthorize twice [#13160](https://togithub.com/spring-projects/spring-security/issues/13160)
#### :hammer: Dependency Upgrades
- Address CVE-2023-1370 [#13146](https://togithub.com/spring-projects/spring-security/pull/13146)
- Update com.nimbusds to 9.43.3 [#13374](https://togithub.com/spring-projects/spring-security/issues/13374)
- Update hsqldb to 2.7.2 [#13388](https://togithub.com/spring-projects/spring-security/issues/13388)
- Update io.projectreactor to 2020.0.33 [#13377](https://togithub.com/spring-projects/spring-security/issues/13377)
- Update io.rsocket to 1.1.4 [#13383](https://togithub.com/spring-projects/spring-security/issues/13383)
- Update io.spring.javaformat to 0.0.39 [#13386](https://togithub.com/spring-projects/spring-security/issues/13386)
- Update junit-bom to 5.9.3 [#13391](https://togithub.com/spring-projects/spring-security/issues/13391)
- Update org.junit.jupiter to 5.9.3 [#13393](https://togithub.com/spring-projects/spring-security/issues/13393)
- Update org.springframework to 5.3.28 [#13395](https://togithub.com/spring-projects/spring-security/issues/13395)
- Update org.springframework.data to 2021.2.13 [#13397](https://togithub.com/spring-projects/spring-security/issues/13397)
- Update reactor-netty to 1.0.33 [#13380](https://togithub.com/spring-projects/spring-security/issues/13380)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@LeovR](https://togithub.com/LeovR)
- [@lukaszmigdalek](https://togithub.com/lukaszmigdalek)
- [@fredbalves86](https://togithub.com/fredbalves86)
- [@daisuzz](https://togithub.com/daisuzz)
### [`v5.8.3`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.3)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.2...5.8.3)
#### :star: New Features
- Clarify documentation code snippet(s) (unclear where static imported methods come from) [#12991](https://togithub.com/spring-projects/spring-security/issues/12991)
- Document 5.8 Migration for DefaultMethodSecurityExpressionHandler [#12356](https://togithub.com/spring-projects/spring-security/issues/12356)
- Documentation should mention that an empty SecurityContext should also be saved [#12906](https://togithub.com/spring-projects/spring-security/issues/12906)
- Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist [#12928](https://togithub.com/spring-projects/spring-security/issues/12928)
- Fixed test in DefaultLoginPageGeneratingFilterTests [#12694](https://togithub.com/spring-projects/spring-security/pull/12694)
#### :beetle: Bug Fixes
- Bug in documentation of Storing the Authentication manually [#12850](https://togithub.com/spring-projects/spring-security/issues/12850)
- DaoAuthenticationProvider is not usable on RHEL 8.7 with enforced FIPS mode [#12873](https://togithub.com/spring-projects/spring-security/issues/12873)
- EntityId ignored in xml relying-party-registration [#12776](https://togithub.com/spring-projects/spring-security/issues/12776)
- Fix .access(...) parameter [#12676](https://togithub.com/spring-projects/spring-security/pull/12676)
- Fix a javadoc typo in ReactiveAuthorizationManager [#12999](https://togithub.com/spring-projects/spring-security/issues/12999)
- Fix a javadoc typo in ReactiveAuthorizationManager [#12982](https://togithub.com/spring-projects/spring-security/issues/12982)
- Fix ID of WebSocket Authorization section [#12872](https://togithub.com/spring-projects/spring-security/pull/12872)
- HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support [#12314](https://togithub.com/spring-projects/spring-security/issues/12314)
- JdkSerializationRedisSerializer is not able to serialize Saml2LogoutRequest because of a lambda encoder [#12472](https://togithub.com/spring-projects/spring-security/issues/12472)
- Missing spring-security-oauth2 xsds after release [#12805](https://togithub.com/spring-projects/spring-security/issues/12805)
- NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed [#13004](https://togithub.com/spring-projects/spring-security/issues/13004)
- RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present [#13054](https://togithub.com/spring-projects/spring-security/issues/13054)
- Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver [#12935](https://togithub.com/spring-projects/spring-security/issues/12935)
- SecurityWebApplicationInitializer.getSecurityDispatcherTypes example is wrong in migration guide [#12939](https://togithub.com/spring-projects/spring-security/issues/12939)
- SwitchUserFilter should use HttpSessionSecurityContextRepository by default [#12835](https://togithub.com/spring-projects/spring-security/issues/12835)
#### :hammer: Dependency Upgrades
- Update blockhound to 1.0.8.RELEASE [#13024](https://togithub.com/spring-projects/spring-security/issues/13024)
- Update io.projectreactor to 2020.0.31 [#13022](https://togithub.com/spring-projects/spring-security/issues/13022)
- Update io.spring.javaformat to 0.0.38 [#13025](https://togithub.com/spring-projects/spring-security/issues/13025)
- Update logback-classic to 1.2.12 [#13021](https://togithub.com/spring-projects/spring-security/issues/13021)
- Update org.eclipse.jetty to 9.4.51.v20230217 [#13026](https://togithub.com/spring-projects/spring-security/issues/13026)
- Update org.springframework to 5.3.27 [#13027](https://togithub.com/spring-projects/spring-security/issues/13027)
- Update org.springframework.data to 2021.2.10 [#13028](https://togithub.com/spring-projects/spring-security/issues/13028)
- Update org.springframework.data to 2021.2.11 [#13029](https://togithub.com/spring-projects/spring-security/issues/13029)
- Update reactor-netty to 1.0.31 [#13023](https://togithub.com/spring-projects/spring-security/issues/13023)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@slauth](https://togithub.com/slauth)
- [@twosom](https://togithub.com/twosom)
- [@el-hopaness-romtic](https://togithub.com/el-hopaness-romtic)
### [`v5.8.2`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.2)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.1...5.8.2)
#### :star: New Features
- Add XorCsrfChannelInterceptor [#12562](https://togithub.com/spring-projects/spring-security/pull/12562)
- Document `@EnableWebFluxSecurity` requiring `@Configuration` in 6.0.0 [#12434](https://togithub.com/spring-projects/spring-security/issues/12434)
- fix unclosed block in docs [#12553](https://togithub.com/spring-projects/spring-security/issues/12553)
- Improve documentation on what changed in the default behaviour in version 6 vs 5.7 [#12462](https://togithub.com/spring-projects/spring-security/issues/12462)
- Spring Security 6.0 Migration Guide Should Mention `@Configuration` Meta-Annotation Removal From Configuration Annotations [#12486](https://togithub.com/spring-projects/spring-security/issues/12486)
#### :beetle: Bug Fixes
- AuthorizationManager method security documentation should use AnnotationMatchingPointcut [#12516](https://togithub.com/spring-projects/spring-security/issues/12516)
- DefaultSavedRequest.doesRequestMatch does not work, when matchingRequestParameterName is set [#12665](https://togithub.com/spring-projects/spring-security/issues/12665)
- Document XMLObject retreival for Asserting Party metadata [#12693](https://togithub.com/spring-projects/spring-security/issues/12693)
- Jackson serialization of `DefaultSaml2AuthenticatedPrincipal`: `LinkedMultiValueMap is not in the allowlist` [#12458](https://togithub.com/spring-projects/spring-security/issues/12458)
- NimbusJwtDecoder unknown KID scenario is not correctly tested [#12494](https://togithub.com/spring-projects/spring-security/issues/12494)
- NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard [#12686](https://togithub.com/spring-projects/spring-security/issues/12686)
- SwitchUserFilter not working in Spring Security 6 [#12510](https://togithub.com/spring-projects/spring-security/issues/12510)
- Wrong name of the filter in the SecurityContextHolderFilter diagram [#12526](https://togithub.com/spring-projects/spring-security/issues/12526)
#### :hammer: Dependency Upgrades
- Update blockhound to 1.0.7.RELEASE [#12719](https://togithub.com/spring-projects/spring-security/issues/12719)
- Update hibernate-entitymanager to 5.6.15.Final [#12722](https://togithub.com/spring-projects/spring-security/issues/12722)
- Update io.projectreactor to 2020.0.28 [#12717](https://togithub.com/spring-projects/spring-security/issues/12717)
- Update io.spring.nohttp to 0.0.11 [#12720](https://togithub.com/spring-projects/spring-security/issues/12720)
- Update jackson-bom to 2.13.5 [#12714](https://togithub.com/spring-projects/spring-security/issues/12714)
- Update jackson-databind to 2.13.5 [#12715](https://togithub.com/spring-projects/spring-security/issues/12715)
- Update jackson-datatype-jsr310 to 2.13.5 [#12716](https://togithub.com/spring-projects/spring-security/issues/12716)
- Update junit-bom to 5.9.2 [#12723](https://togithub.com/spring-projects/spring-security/issues/12723)
- Update org.aspectj to 1.9.19 [#12721](https://togithub.com/spring-projects/spring-security/issues/12721)
- Update org.junit.jupiter to 5.9.2 [#12724](https://togithub.com/spring-projects/spring-security/issues/12724)
- Update org.springframework to 5.3.25 [#12725](https://togithub.com/spring-projects/spring-security/issues/12725)
- Update org.springframework.data to 2021.2.8 [#12739](https://togithub.com/spring-projects/spring-security/issues/12739)
- Update org.springframework.data to 2021.2.8 [#12726](https://togithub.com/spring-projects/spring-security/issues/12726)
- Update reactor-netty to 1.0.28 [#12718](https://togithub.com/spring-projects/spring-security/issues/12718)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@sjohnr](https://togithub.com/sjohnr)
### [`v5.8.1`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.1)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.0...5.8.1)
##### :star: New Features
- Add `EnableWebSecurity` migration steps to 5.8 guide [#12334](https://togithub.com/spring-projects/spring-security/issues/12334)
- Replace deprecated set-state set-output GitHub Action's commands [#12298](https://togithub.com/spring-projects/spring-security/issues/12298)
##### :beetle: Bug Fixes
- codes in spring security docs fail to work [#11396](https://togithub.com/spring-projects/spring-security/issues/11396)
- DefaultLdapAuthoritiesPopulator throws NullPointerException [#12408](https://togithub.com/spring-projects/spring-security/issues/12408)
- Fix AuthorizationFilter diagram in docs [#12286](https://togithub.com/spring-projects/spring-security/issues/12286)
- Fix password encoder migration guide [#12318](https://togithub.com/spring-projects/spring-security/pull/12318)
- Fix typo [#12316](https://togithub.com/spring-projects/spring-security/pull/12316)
- Incorrect Javadoc for class ExpressionAuthorizationDecision [#12411](https://togithub.com/spring-projects/spring-security/issues/12411)
- Incorrect sample code in securityMatcher migration docs [#12296](https://togithub.com/spring-projects/spring-security/issues/12296)
- SecurityContextHolderFilter does not apply to async dispatch [#11962](https://togithub.com/spring-projects/spring-security/issues/11962)
##### :hammer: Dependency Upgrades
- Update httpclient to 4.5.14 [#12403](https://togithub.com/spring-projects/spring-security/issues/12403)
- Update io.projectreactor to 2020.0.26 [#12401](https://togithub.com/spring-projects/spring-security/issues/12401)
- Update mockk to 1.13.3 [#12400](https://togithub.com/spring-projects/spring-security/issues/12400)
- Update org.eclipse.jetty to 9.4.50.v20221201 [#12404](https://togithub.com/spring-projects/spring-security/issues/12404)
- Update org.jetbrains.kotlin to 1.7.22 [#12405](https://togithub.com/spring-projects/spring-security/issues/12405)
- Update reactor-netty to 1.0.26 [#12402](https://togithub.com/spring-projects/spring-security/issues/12402)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@heowc](https://togithub.com/heowc)
- [@mschneid](https://togithub.com/mschneid)
### [`v5.8.0`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.0)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.11...5.8.0)
##### :star: New Features
- Add Kotlin example showing integration with WebTestClient [#11611](https://togithub.com/spring-projects/spring-security/issues/11611)
- Add MethodExpressionAuthorizationManager [#11502](https://togithub.com/spring-projects/spring-security/issues/11502)
- Add Polish localization to error messages from ExceptionTranslationFi… [#12201](https://togithub.com/spring-projects/spring-security/pull/12201)
- Add support AuthorizationManager + [#11503](https://togithub.com/spring-projects/spring-security/issues/11503)
- AnonymousAuthenticationFilter should cache its Supplier [#11900](https://togithub.com/spring-projects/spring-security/issues/11900)
- CookieServerCsrfTokenRepository doesn't support setting MaxAge [#11441](https://togithub.com/spring-projects/spring-security/issues/11441)
- DefaultFilterChainValidator should check AuthorizationFilter [#11473](https://togithub.com/spring-projects/spring-security/issues/11473)
- Deprecate Resource Owner Password Credentials grant [#11591](https://togithub.com/spring-projects/spring-security/issues/11591)
- Document Configure Default CsrfToken BREACH Protection [#12107](https://togithub.com/spring-projects/spring-security/issues/12107)
- Document Defer load CsrfToken [#12105](https://togithub.com/spring-projects/spring-security/issues/12105)
- Document DelegatingSecurityContextRepository [#12069](https://togithub.com/spring-projects/spring-security/issues/12069)
- Document deprecations in oauth2-client [#12193](https://togithub.com/spring-projects/spring-security/pull/12193)
- Document how to opt-in for SHA256 in RememberMe [#12097](https://togithub.com/spring-projects/spring-security/issues/12097)
- Document how to use the new `requestMatchers` and `securityMatchers` [#12100](https://togithub.com/spring-projects/spring-security/issues/12100)
- Document Migration to SecurityContextHolderFilter [#12098](https://togithub.com/spring-projects/spring-security/issues/12098)
- Document new oauth2Login() authority defaults [#12188](https://togithub.com/spring-projects/spring-security/pull/12188)
- Document reactive CSRF migration steps [#12226](https://togithub.com/spring-projects/spring-security/pull/12226)
- Document Saved Requests Spring Security 6 Migration [#12089](https://togithub.com/spring-projects/spring-security/issues/12089)
- Document Update to 5.8 for Migration Guide [#12196](https://togithub.com/spring-projects/spring-security/issues/12196)
- Fix Javadoc in EnableWebSocketSecurity [#12211](https://togithub.com/spring-projects/spring-security/pull/12211)
- Improve deprecation notice in WebSecurityConfigurerAdapter [#12261](https://togithub.com/spring-projects/spring-security/issues/12261)
- InterceptMethodsBeanDefinitionDecorator should allow using AuthorizationManager [#11469](https://togithub.com/spring-projects/spring-security/issues/11469)
- Migration guide for CAS support removal [#12240](https://togithub.com/spring-projects/spring-security/pull/12240)
- Preparation and Migration Guides should point to each other [#12093](https://togithub.com/spring-projects/spring-security/issues/12093)
- Preparation Guide should follow Reference Manual standards [#12096](https://togithub.com/spring-projects/spring-security/issues/12096)
- Preparation Guide should show opt-out steps after opt-in steps [#12104](https://togithub.com/spring-projects/spring-security/issues/12104)
- Provide guide for migrating from FilterSecurityInterceptor to AuthorizationFilter [#11337](https://togithub.com/spring-projects/spring-security/issues/11337)
- Register FilterChainProxy for All Dispatcher Types Migration Steps [#12186](https://togithub.com/spring-projects/spring-security/issues/12186)
- SAML: OpenSaml4AuthenticationProvider.createDefaultAssertionValidator() should make it easier to add ValidationContext static parameters [#11675](https://togithub.com/spring-projects/spring-security/issues/11675)
- trigger partial docs build on push (5.8.x) [#12195](https://togithub.com/spring-projects/spring-security/pull/12195)
##### :beetle: Bug Fixes
- AuthenticationServiceException propagation flag is unconfigurable in 5.8 [#12132](https://togithub.com/spring-projects/spring-security/issues/12132)
- CsrfAuthenticationStrategy does not check for existing token [#12236](https://togithub.com/spring-projects/spring-security/issues/12236)
- CsrfAuthenticationStrategy does not regenerate CsrfToken with CookieCsrfTokenRepository [#12141](https://togithub.com/spring-projects/spring-security/issues/12141)
- fix deploy docs workflow (5.8.x) [#12197](https://togithub.com/spring-projects/spring-security/pull/12197)
- Fix saganCreateRelease saganDeleteRelease Required Permissions [#11424](https://togithub.com/spring-projects/spring-security/issues/11424)
- Incorrect scope map fix [#12206](https://togithub.com/spring-projects/spring-security/issues/12206)
- IpAddressServerWebExchangeMatcher throws NullPointerException with framework forward-headers-strategy [#12076](https://togithub.com/spring-projects/spring-security/issues/12076)
- org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute" [#11604](https://togithub.com/spring-projects/spring-security/issues/11604)
- SAML logout: Incorrect log messages [#12209](https://togithub.com/spring-projects/spring-security/issues/12209)
- Saml2MetadataFilter response should configure writer to UTF-8 [#12222](https://togithub.com/spring-projects/spring-security/issues/12222)
- SEC-2839: SecurityNamespaceHandler - related to SEC-1455 [#12126](https://togithub.com/spring-projects/spring-security/issues/12126)
- SecurityContextRepository.loadContext(HttpServletRequest) cache result [#11391](https://togithub.com/spring-projects/spring-security/issues/11391)
- Spring Security Bcrypt with strength/log rounds = 31 results in 'Bad number of rounds' error although 31 should be ok [#11483](https://togithub.com/spring-projects/spring-security/issues/11483)
- Update the RP-initiated Logout links [#12122](https://togithub.com/spring-projects/spring-security/issues/12122)
##### :hammer: Dependency Upgrades
- Change gradle.plugin.org.gretty:gretty:3.0.1 to org.gretty:gretty:3.0.9 [#12154](https://togithub.com/spring-projects/spring-security/issues/12154)
- Update aspectj-plugin to 6.5.0.3 [#11583](https://togithub.com/spring-projects/spring-security/issues/11583)
- Update assertj-core to 3.23.1 [#11572](https://togithub.com/spring-projects/spring-security/issues/11572)
- Update com.nimbusds to 9.38.1 [#11570](https://togithub.com/spring-projects/spring-security/issues/11570)
- Update Gradle to 7.5.1 [#12158](https://togithub.com/spring-projects/spring-security/issues/12158)
- Update hibernate-entitymanager to 5.6.10.Final [#11578](https://togithub.com/spring-projects/spring-security/issues/11578)
- Update hibernate-entitymanager to 5.6.14.Final [#12245](https://togithub.com/spring-projects/spring-security/issues/12245)
- Update hsqldb to 2.7.1 [#12246](https://togithub.com/spring-projects/spring-security/issues/12246)
- Update htmlunit to 2.63.0 [#11575](https://togithub.com/spring-projects/spring-security/issues/11575)
- Update htmlunit-driver to 2.63.0 [#11580](https://togithub.com/spring-projects/spring-security/issues/11580)
- Update io.projectreactor to 2020.0.21 [#11567](https://togithub.com/spring-projects/spring-security/issues/11567)
- Update io.projectreactor to 2020.0.25 [#12243](https://togithub.com/spring-projects/spring-security/issues/12243)
- Update io.spring.javaformat to 0.0.34 [#11573](https://togithub.com/spring-projects/spring-security/issues/11573)
- Update jackson-bom to 2.13.3 [#11574](https://togithub.com/spring-projects/spring-security/issues/11574)
- Update jsonassert to 1.5.1 [#11581](https://togithub.com/spring-projects/spring-security/issues/11581)
- Update junit-bom to 5.9.0-RC1 [#11571](https://togithub.com/spring-projects/spring-security/issues/11571)
- Update mockk to 1.12.4 [#11568](https://togithub.com/spring-projects/spring-security/issues/11568)
- Update org.eclipse.jetty to 9.4.48.v20220622 [#11576](https://togithub.com/spring-projects/spring-security/issues/11576)
- Update org.jetbrains.kotlin to 1.7.10 [#11582](https://togithub.com/spring-projects/spring-security/issues/11582)
- Update org.jetbrains.kotlin to 1.7.21 [#12247](https://togithub.com/spring-projects/spring-security/issues/12247)
- Update org.jetbrains.kotlinx to 1.6.4 [#11566](https://togithub.com/spring-projects/spring-security/issues/11566)
- Update org.springframework to 5.3.22 [#11569](https://togithub.com/spring-projects/spring-security/issues/11569)
- Update org.springframework to 5.3.24 [#12248](https://togithub.com/spring-projects/spring-security/issues/12248)
- Update org.springframework.data to 2021.2.2 [#11579](https://togithub.com/spring-projects/spring-security/issues/11579)
- Update org.springframework.data to 2021.2.6 [#12249](https://togithub.com/spring-projects/spring-security/issues/12249)
- Update reactor-netty to 1.0.25 [#12244](https://togithub.com/spring-projects/spring-security/issues/12244)
- Update spring-ldap-core to 2.4.1 [#11577](https://togithub.com/spring-projects/spring-security/issues/11577)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@sjohnr](https://togithub.com/sjohnr)
- [@LeovR](https://togithub.com/LeovR)
- [@mojavelinux](https://togithub.com/mojavelinux)
- [@marcusdacoregio](https://togithub.com/marcusdacoregio)
- [@kylevessPL](https://togithub.com/kylevessPL)
### [`v5.7.11`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.11)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.10...5.7.11)
#### :star: New Features
- Automate spring-security.xsd [#13819](https://togithub.com/spring-projects/spring-security/issues/13819)
### [`v5.7.10`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.10)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.9...5.7.10)
#### :beetle: Bug Fixes
- Use default PathPatternParser instance [#13461](https://togithub.com/spring-projects/spring-security/issues/13461)
#### :hammer: Dependency Upgrades
- Update io.projectreactor to 2020.0.34 [#13509](https://togithub.com/spring-projects/spring-security/issues/13509)
- Update org.springframework to 5.3.29 [#13511](https://togithub.com/spring-projects/spring-security/issues/13511)
- Update org.springframework.data to 2021.2.14 [#13512](https://togithub.com/spring-projects/spring-security/issues/13512)
- Update reactor-netty to 1.0.34 [#13510](https://togithub.com/spring-projects/spring-security/issues/13510)
### [`v5.7.9`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.9)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.8...5.7.9)
##### :star: New Features
- Convert to Asciidoctor Tabs [#13404](https://togithub.com/spring-projects/spring-security/issues/13404)
- Use Antora name of security [#13328](https://togithub.com/spring-projects/spring-security/issues/13328)
##### :beetle: Bug Fixes
- Additional filters registered when using Custom DSL [#13203](https://togithub.com/spring-projects/spring-security/issues/13203)
- Clarify that Kotlin DSL needs an import [#13092](https://togithub.com/spring-projects/spring-security/issues/13092)
- Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository [#13098](https://togithub.com/spring-projects/spring-security/issues/13098)
- Fix Antora Warnings [#13291](https://togithub.com/spring-projects/spring-security/issues/13291)
- Fix constant value in XContentTypeOptionsServerHttpHeadersWriter [#13155](https://togithub.com/spring-projects/spring-security/issues/13155)
- Fix Documentation Title [#13315](https://togithub.com/spring-projects/spring-security/issues/13315)
- Fix javadoc for migration from WebSecurityConfigurerAdapter [#12996](https://togithub.com/spring-projects/spring-security/pull/12996)
- Fix typo in SecurityMockMvcResultMatchers.java [#12793](https://togithub.com/spring-projects/spring-security/pull/12793)
- fix typo of modules.adoc [#12921](https://togithub.com/spring-projects/spring-security/pull/12921)
- Fix typo overview.adoc [#13269](https://togithub.com/spring-projects/spring-security/pull/13269)
- http://www.springframework.org/schema/security/spring-security.xsd returns 404 [#13131](https://togithub.com/spring-projects/spring-security/issues/13131)
- Proxy Server section is not linked in nav [#13313](https://togithub.com/spring-projects/spring-security/issues/13313)
- Typos in docs [#13283](https://togithub.com/spring-projects/spring-security/pull/13283)
##### :hammer: Dependency Upgrades
- Update io.projectreactor to 2020.0.33 [#13373](https://togithub.com/spring-projects/spring-security/issues/13373)
- Update io.rsocket to 1.1.4 [#13379](https://togithub.com/spring-projects/spring-security/issues/13379)
- Update org.springframework to 5.3.28 [#13382](https://togithub.com/spring-projects/spring-security/issues/13382)
- Update org.springframework.data to 2021.2.13 [#13385](https://togithub.com/spring-projects/spring-security/issues/13385)
- Update reactor-netty to 1.0.33 [#13376](https://togithub.com/spring-projects/spring-security/issues/13376)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@Anubhav-2000](https://togithub.com/Anubhav-2000)
- [@SeasonPanPan](https://togithub.com/SeasonPanPan)
- [@amal-stack](https://togithub.com/amal-stack)
- [@1993heqiang](https://togithub.com/1993heqiang)
- [@xak2000](https://togithub.com/xak2000)
### [`v5.7.8`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.8)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.7...5.7.8)
#### :star: New Features
- Clarify documentation code snippet(s) (unclear where static imported methods come from) [#6597](https://togithub.com/spring-projects/spring-security/issues/6597)
- Document relationship between registrationId, EntityID, and resolving a relying party [#12764](https://togithub.com/spring-projects/spring-security/issues/12764)
#### :beetle: Bug Fixes
- Add test to SimpleUrlAuthenticationSuccessHandlerTests [#12740](https://togithub.com/spring-projects/spring-security/pull/12740)
- Avoid NPE in FilterInvocation [#12922](https://togithub.com/spring-projects/spring-security/pull/12922)
- EntityId ignored in xml relying-party-registration [#11898](https://togithub.com/spring-projects/spring-security/issues/11898)
- Fix a javadoc typo in ReactiveAuthorizationManager [#12998](https://togithub.com/spring-projects/spring-security/issues/12998)
- Fix a javadoc typo in ReactiveAuthorizationManager [#12978](https://togithub.com/spring-projects/spring-security/pull/12978)
- Fix typo in SessionManagementConfigurer javadoc [#12820](https://togithub.com/spring-projects/spring-security/pull/12820)
- Missing spring-security-oauth2 xsds after release [#12804](https://togithub.com/spring-projects/spring-security/issues/12804)
- NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed [#12960](https://togithub.com/spring-projects/spring-security/issues/12960)
- RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present [#12664](https://togithub.com/spring-projects/spring-security/issues/12664)
- SwitchUserFilter should use HttpSessionSecurityContextRepository by default [#12834](https://togithub.com/spring-projects/spring-security/issues/12834)
#### :hammer: Dependency Upgrades
- Update blockhound to 1.0.8.RELEASE [#13016](https://togithub.com/spring-projects/spring-security/issues/13016)
- Update io.projectreactor to 2020.0.31 [#13014](https://togithub.com/spring-projects/spring-security/issues/13014)
- Update logback-classic to 1.2.12 [#13013](https://togithub.com/spring-projects/spring-security/issues/13013)
- Update org.eclipse.jetty to 9.4.51.v20230217 [#13017](https://togithub.com/spring-projects/spring-security/issues/13017)
- Update org.springframework to 5.3.27 [#13018](https://togithub.com/spring-projects/spring-security/issues/13018)
- Update org.springframework.data to 2021.2.11 [#13019](https://togithub.com/spring-projects/spring-security/issues/13019)
- Update reactor-netty to 1.0.31 [#13015](https://togithub.com/spring-projects/spring-security/issues/13015)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@marckchr](https://togithub.com/marckchr)
- [@yuanhang](https://togithub.com/yuanhang)
- [@twosom](https://togithub.com/twosom)
- [@esivakumar18](https://togithub.com/esivakumar18)
- [@martin-tarjanyi](https://togithub.com/martin-tarjanyi)
### [`v5.7.7`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.7)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.6...5.7.7)
#### :star: New Features
- chore: Use cache in continuous-integration-workflow.yml [#12503](https://togithub.com/spring-projects/spring-security/pull/12503)
- fix unclosed block in docs [#12542](https://togithub.com/spring-projects/spring-security/pull/12542)
#### :beetle: Bug Fixes
- AuthorizationManager method security documentation should use AnnotationMatchingPointcut [#11095](https://togithub.com/spring-projects/spring-security/issues/11095)
- Document XMLObject retreival for Asserting Party metadata [#12667](https://togithub.com/spring-projects/spring-security/issues/12667)
- Fix typo in OAuth 2.0 testing docs [#12437](https://togithub.com/spring-projects/spring-security/pull/12437)
- Jackson serialization of `DefaultSaml2AuthenticatedPrincipal`: `LinkedMultiValueMap is not in the allowlist` [#11785](https://togithub.com/spring-projects/spring-security/issues/11785)
- NimbusJwtDecoder unknown KID scenario is not correctly tested [#12238](https://togithub.com/spring-projects/spring-security/pull/12238)
- NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard [#12637](https://togithub.com/spring-projects/spring-security/issues/12637)
- SwitchUserFilter not working in Spring Security 6 [#12504](https://togithub.com/spring-projects/spring-security/issues/12504)
- Wrong name of the filter in the SecurityContextHolderFilter diagram [#11800](https://togithub.com/spring-projects/spring-security/issues/11800)
#### :hammer: Dependency Upgrades
- Update blockhound to 1.0.7.RELEASE [#12733](https://togithub.com/spring-projects/spring-security/issues/12733)
- Update hibernate-entitymanager to 5.6.15.Final [#12736](https://togithub.com/spring-projects/spring-security/issues/12736)
- Update io.projectreactor to 2020.0.28 [#12732](https://togithub.com/spring-projects/spring-security/issues/12732)
- Update io.spring.nohttp to 0.0.11 [#12734](https://togithub.com/spring-projects/spring-security/issues/12734)
- Update jackson-bom to 2.13.5 [#12731](https://togithub.com/spring-projects/spring-security/issues/12731)
- Update org.aspectj to 1.9.19 [#12735](https://togithub.com/spring-projects/spring-security/issues/12735)
- Update org.springframework to 5.3.25 [#12737](https://togithub.com/spring-projects/spring-security/issues/12737)
- Update org.springframework.data to 2021.2.8 [#12738](https://togithub.com/spring-projects/spring-security/issues/12738)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@jonkjenn](https://togithub.com/jonkjenn)
- [@mojavelinux](https://togithub.com/mojavelinux)
- [@jongwooo](https://togithub.com/jongwooo)
- [@eleftherias](https://togithub.com/eleftherias)
### [`v5.7.6`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.6)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.5...5.7.6)
#### :star: New Features
- Improve deprecation notice in WebSecurityConfigurerAdapter [#12260](https://togithub.com/spring-projects/spring-security/issues/12260)
- Replace deprecated set-state set-output GitHub Action's commands [#12297](https://togithub.com/spring-projects/spring-security/issues/12297)
#### :beetle: Bug Fixes
- DefaultLdapAuthoritiesPopulator throws NullPointerException [#12407](https://togithub.com/spring-projects/spring-security/issues/12407)
- Fix AuthorizationFilter diagram in docs [#12285](https://togithub.com/spring-projects/spring-security/issues/12285)
- Incorrect scope map fix [#12205](https://togithub.com/spring-projects/spring-security/issues/12205)
- SAML logout: Incorrect log messages [#12208](https://togithub.com/spring-projects/spring-security/issues/12208)
- Saml2MetadataFilter response should configure writer to UTF-8 [#12221](https://togithub.com/spring-projects/spring-security/issues/12221)
- SEC-2839: SecurityNamespaceHandler - related to SEC-1455 [#12125](https://togithub.com/spring-projects/spring-security/issues/12125)
- Update the RP-initiated Logout links [#12121](https://togithub.com/spring-projects/spring-security/issues/12121)
#### :hammer: Dependency Upgrades
- Change gradle.plugin.org.gretty:gretty:3.0.1 to org.gretty:gretty:3.0.9 [#12153](https://togithub.com/spring-projects/spring-security/issues/12153)
- Update Gradle to 7.5.1 [#12157](https://togithub.com/spring-projects/spring-security/issues/12157)
- Update hibernate-entitymanager to 5.6.14.Final [#12397](https://togithub.com/spring-projects/spring-security/issues/12397)
- Update httpclient to 4.5.14 [#12395](https://togithub.com/spring-projects/spring-security/issues/12395)
- Update io.projectreactor to 2020.0.26 [#12393](https://togithub.com/spring-projects/spring-security/issues/12393)
- Update jackson-bom to 2.13.4.20221013 [#12391](https://togithub.com/spring-projects/spring-security/issues/12391)
- Update jackson-databind to 2.13.4.2 [#12392](https://togithub.com/spring-projects/spring-security/issues/12392)
- Update org.eclipse.jetty to 9.4.50.v20221201 [#12396](https://togithub.com/spring-projects/spring-security/issues/12396)
- Update org.springframework to 5.3.24 [#12398](https://togithub.com/spring-projects/spring-security/issues/12398)
- Update org.springframework.data to 2021.2.6 [#12399](https://togithub.com/spring-projects/spring-security/issues/12399)
- Update reactor-netty to 1.0.26 [#12394](https://togithub.com/spring-projects/spring-security/issues/12394)
### [`v5.7.5`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.5)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.4...5.7.5)
#### :beetle: Bug Fixes
- Fix AuthorizationFilter incorrectly extending OncePerRequestFilter [#12113](https://togithub.com/spring-projects/spring-security/issues/12113)
- Fix scope mapping [#12112](https://togithub.com/spring-projects/spring-security/issues/12112)
- IpAddressServerWebExchangeMatcher throws NullPointerException with framework forward-headers-strategy [#11888](https://togithub.com/spring-projects/spring-security/issues/11888)
### [`v5.7.4`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.4)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.3...5.7.4)
##### :star: New Features
- automatically manage docs version (with collector) [#11955](https://togithub.com/spring-projects/spring-security/issues/11955)
##### :beetle: Bug Fixes
- AuthenticationEventPublisher bean is not picked up if no UserDetailsService bean [#11729](https://togithub.com/spring-projects/spring-security/issues/11729)
- Build fails with missing project property cloneOutputDirectory [#11979](https://togithub.com/spring-projects/spring-security/issues/11979)
- GitHubMilestoneApiTests due_on Should Use LocalDate [#11707](https://togithub.com/spring-projects/spring-security/issues/11707)
- HttpSecurity Bean does not set DefaultAuthenticationEventPublisher [#11727](https://togithub.com/spring-projects/spring-security/issues/11727)
- NamespaceLdapAuthenticationProviderTests Should Use Dynamic Port [#11711](https://togithub.com/spring-projects/spring-security/issues/11711)
- RemoteJwkSet is not refreshed when encountering an unknown KID [#11723](https://togithub.com/spring-projects/spring-security/issues/11723)
- RequestRejectedHandler does not reliable prevent Internal Server Error [#11744](https://togithub.com/spring-projects/spring-security/issues/11744)
##### :hammer: Dependency Upgrades
- Update Gradle Enterprise plugin to 3.11.1 [#11830](https://togithub.com/spring-projects/spring-security/issues/11830)
- Update hibernate-entitymanager to 5.6.10.Final [#11745](https://togithub.com/spring-projects/spring-security/issues/11745)
- Update hibernate-entitymanager to 5.6.12.Final [#12016](https://togithub.com/spring-projects/spring-security/issues/12016)
- Update io.projectreactor to 2020.0.22 [#11743](https://togithub.com/spring-projects/spring-security/issues/11743)
- Update io.projectreactor to 2020.0.24 [#12012](https://togithub.com/spring-projects/spring-security/issues/12012)
- Update io.rsocket to 1.1.3 [#12014](https://togithub.com/spring-projects/spring-security/issues/12014)
- Update jackson-bom to 2.13.4.20221012 [#12008](https://togithub.com/spring-projects/spring-security/issues/12008)
- Update jackson-databind to 2.13.4.1 [#12009](https://togithub.com/spring-projects/spring-security/issues/12009)
- Update jackson-datatype-jsr310 to 2.13.4 [#12010](https://togithub.com/spring-projects/spring-security/issues/12010)
- Update jsonassert to 1.5.1 [#11741](https://togithub.com/spring-projects/spring-security/issues/11741)
- Update mockk to 1.12.8 [#12011](https://togithub.com/spring-projects/spring-security/issues/12011)
- Update org.eclipse.jetty to 9.4.48.v20220622 [#11740](https://togithub.com/spring-projects/spring-security/issues/11740)
- Update org.eclipse.jetty to 9.4.49.v20220914 [#12015](https://togithub.com/spring-projects/spring-security/issues/12015)
- Update org.springframework to 5.3.22 [#11739](https://togithub.com/spring-projects/spring-security/issues/11739)
- Update org.springframework to 5.3.23 [#12017](https://togithub.com/spring-projects/spring-security/issues/12017)
- Update org.springframework.data to 2021.1.6 [#11742](https://togithub.com/spring-projects/spring-security/issues/11742)
- Update org.springframework.data to 2021.2.4 [#12018](https://togithub.com/spring-projects/spring-security/issues/12018)
- Update reactor-netty to 1.0.24 [#12013](https://togithub.com/spring-projects/spring-security/issues/12013)
### [`v5.7.3`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.3)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.2...5.7.3)
#### :star: New Features
- Add Kotlin example showing integration with WebTestClient [#9998](https://togithub.com/spring-projects/spring-security/issues/9998)
- Set permissions for GitHub actions [#11642](https://togithub.com/spring-projects/spring-security/issues/11642)
- Update javadoc of EnableWebSecurity to reflect deprecation of WebSecurityConfigurerAdapter [#11650](https://togithub.com/spring-projects/spring-security/issues/11650)
#### :beetle: Bug Fixes
- Add Deprecated annotation to WebSecurity#securityInterceptor [#11637](https://togithub.com/spring-projects/spring-security/issues/11637)
- Check saganCreateRelease saganDeleteRelease Required Permissions [#11425](https://togithub.com/spring-projects/spring-security/issues/11425)
- org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute" [#11605](https://togithub.com/spring-projects/spring-security/issues/11605)
- RequestAttributeSecurityContextRepository.loadContext(HttpServletRequest) should never return null SecurityContext [#11606](https://togithub.com/spring-projects/spring-security/issues/11606)
- RequestRejectedHandler does not reliable prevent Internal Server Error [#11672](https://togithub.com/spring-projects/spring-security/issues/11672)
- Sources and javadocs missing in latest snapshots [#11628](https://togithub.com/spring-projects/spring-security/issues/11628)
- Spring Security Bcrypt with strength/log rounds = 31 results in 'Bad number of rounds' error although 31 should be ok [#11484](https://togithub.com/spring-projects/spring-security/issues/11484)
- Update javadoc of HttpSecurity, WebSecurityConfiguration and WebSecurity to reflect deprecation of WebSecurityConfigurerAdapter [#11651](https://togithub.com/spring-projects/spring-security/issues/11651)
#### :hammer: Dependency Upgrades
- Update hibernate-entitymanager to 5.6.10.Final [#11694](https://togithub.com/spring-projects/spring-security/issues/11694)
- Update io.projectreactor to 2020.0.22 [#11691](https://togithub.com/spring-projects/spring-security/issues/11691)
- Update jsonassert to 1.5.1 [#11696](https://togithub.com/spring-projects/spring-security/issues/11696)
- Update mockk to 1.12.5 [#11690](https://togithub.com/spring-projects/spring-security/issues/11690)
- Update org.eclipse.jetty to 9.4.48.v20220622 [#11693](https://togithub.com/spring-projects/spring-security/issues/11693)
- Update org.jetbrains.kotlinx to 1.6.4 [#11695](https://togithub.com/spring-projects/spring-security/issues/11695)
- Update org.springframework to 5.3.22 [#11697](https://togithub.com/spring-projects/spring-security/issues/11697)
- Update org.springframework.data to 2021.2.2 [#11698](https://togithub.com/spring-projects/spring-security/issues/11698)
### [`v5.7.2`](https://togithub.com/spring-projects/spring-security/releases/tag/5.7.2)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.1...5.7.2)
#### :star: New Features
- Consider updating testing examples to use JUnit Jupiter [#11293](https://togithub.com/spring-projects/spring-security/issues/11293)
#### :beetle: Bug Fixes
- Some Security Expressions cause NPE when used within `@Query` [#11289](https://togithub.com/spring-projects/spring-security/issues/11289)
- CsrfWebFilter null save content-type check [#11341](https://togithub.com/spring-projects/spring-security/issues/113
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
5.6.3
->5.8.8
Release Notes
spring-projects/spring-security (org.springframework.security:spring-security-cas)
### [`v5.8.8`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.8) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.7...5.8.8) ##### :star: New Features - Document how to publish an `AuthenticationManager` `@Bean` without `WebSecurityConfigurerAdapter` [#11926](https://togithub.com/spring-projects/spring-security/issues/11926) - Use Gradle's Version Catalog [#13868](https://togithub.com/spring-projects/spring-security/issues/13868) ##### :beetle: Bug Fixes - Fix `snapshot_tests` on CI workflow [#13876](https://togithub.com/spring-projects/spring-security/issues/13876) - fix corrupted saml2 metadata once special characters are present [#13777](https://togithub.com/spring-projects/spring-security/pull/13777) - Saml-Metadata with special characters is corrupted [#13776](https://togithub.com/spring-projects/spring-security/issues/13776) - Saml2LogoutRequestMixin relayState property should be binding [#12539](https://togithub.com/spring-projects/spring-security/issues/12539) ##### :hammer: Dependency Upgrades - Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 [#13982](https://togithub.com/spring-projects/spring-security/pull/13982) - Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 [#13927](https://togithub.com/spring-projects/spring-security/pull/13927) - Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 [#13890](https://togithub.com/spring-projects/spring-security/pull/13890) - Bump com.gradle.enterprise from 3.11.1 to 3.11.4 [#13928](https://togithub.com/spring-projects/spring-security/pull/13928) - Bump io.projectreactor.netty:reactor-netty from 1.0.35 to 1.0.36 [#13885](https://togithub.com/spring-projects/spring-security/pull/13885) - Bump io.projectreactor.netty:reactor-netty from 1.0.36 to 1.0.38 [#13998](https://togithub.com/spring-projects/spring-security/pull/13998) - Bump io.projectreactor:reactor-bom from 2020.0.35 to 2020.0.36 [#13944](https://togithub.com/spring-projects/spring-security/pull/13944) - Bump io.projectreactor:reactor-bom from 2020.0.36 to 2020.0.37 [#13997](https://togithub.com/spring-projects/spring-security/pull/13997) - Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 [#13925](https://togithub.com/spring-projects/spring-security/pull/13925) - Bump org-aspectj from 1.9.20 to 1.9.20.1 [#13893](https://togithub.com/spring-projects/spring-security/pull/13893) - Bump org-eclipse-jetty from 9.4.51.v20230217 to 9.4.52.v20230823 [#13909](https://togithub.com/spring-projects/spring-security/pull/13909) - Bump org-eclipse-jetty from 9.4.52.v20230823 to 9.4.53.v20231009 [#13996](https://togithub.com/spring-projects/spring-security/pull/13996) - Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.17.2 [#13926](https://togithub.com/spring-projects/spring-security/pull/13926) - Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 [#13954](https://togithub.com/spring-projects/spring-security/pull/13954) - Bump org.springframework.data:spring-data-bom from 2021.2.15 to 2021.2.16 [#13907](https://togithub.com/spring-projects/spring-security/pull/13907) - Bump org.springframework.data:spring-data-bom from 2021.2.16 to 2021.2.17 [#14018](https://togithub.com/spring-projects/spring-security/pull/14018) - Bump org.springframework:spring-framework-bom from 5.3.29 to 5.3.30 [#13908](https://togithub.com/spring-projects/spring-security/pull/13908) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@JannickWeisshaupt](https://togithub.com/JannickWeisshaupt) - [@erichaagdev](https://togithub.com/erichaagdev) - [@dependabot\[bot\]](https://togithub.com/apps/dependabot) ### [`v5.8.7`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.7) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.6...5.8.7) #### :star: New Features - Automate spring-security.xsd [#13823](https://togithub.com/spring-projects/spring-security/issues/13823) #### :beetle: Bug Fixes - CookieRequestCache ignores user Locale [#13792](https://togithub.com/spring-projects/spring-security/issues/13792) - Default Security Configuration adds WWW-Authenticate Twice [#13737](https://togithub.com/spring-projects/spring-security/issues/13737) - OAuth2AuthenticationExceptionMixin doesn't work in JDK 17 [#11893](https://togithub.com/spring-projects/spring-security/issues/11893) - Saml2AuthenticationExceptionMixin doesn't work in JDK 17 [#13804](https://togithub.com/spring-projects/spring-security/issues/13804) ### [`v5.8.6`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.6) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.5...5.8.6) ##### :star: New Features - Closes [#11450](https://togithub.com/spring-projects/spring-security/issues/11450) - Add Java beans configuration for Remmember Me Docs [#13570](https://togithub.com/spring-projects/spring-security/pull/13570) - Dependencies are resolved from appropriate repositories [#13582](https://togithub.com/spring-projects/spring-security/pull/13582) - requestMatchers servlet validation error should include information about servlet paths [#13667](https://togithub.com/spring-projects/spring-security/issues/13667) - requestMatchers should not count servlets without mappings [#13666](https://togithub.com/spring-projects/spring-security/issues/13666) ##### :beetle: Bug Fixes - Fix Bearer Token RestTemplate Support example [#13434](https://togithub.com/spring-projects/spring-security/pull/13434) - Referrer Header is set in Reactive Web Applications by default, although doc says it is not. [#13561](https://togithub.com/spring-projects/spring-security/issues/13561) - The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered [#13572](https://togithub.com/spring-projects/spring-security/issues/13572) ##### :hammer: Dependency Upgrades - Update io.projectreactor to 2020.0.35 [#13702](https://togithub.com/spring-projects/spring-security/issues/13702) - Update org.aspectj to 1.9.20 [#13704](https://togithub.com/spring-projects/spring-security/issues/13704) - Update org.springframework.data to 2021.2.15 [#13705](https://togithub.com/spring-projects/spring-security/issues/13705) - Update reactor-netty to 1.0.35 [#13703](https://togithub.com/spring-projects/spring-security/issues/13703) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@erichaagdev](https://togithub.com/erichaagdev) - [@petrovskimario](https://togithub.com/petrovskimario) - [@daniel-shuy](https://togithub.com/daniel-shuy) ### [`v5.8.5`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.5) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.4...5.8.5) #### :star: New Features - Improve RequestMatcher Validation [#13551](https://togithub.com/spring-projects/spring-security/issues/13551) - Improve Security Filters Documentation [#8167](https://togithub.com/spring-projects/spring-security/issues/8167) #### :beetle: Bug Fixes - Optimize Querying of RequestCache -> continue parameter [#13438](https://togithub.com/spring-projects/spring-security/issues/13438) - Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration [#13417](https://togithub.com/spring-projects/spring-security/issues/13417) - Use default PathPatternParser instance [#13462](https://togithub.com/spring-projects/spring-security/issues/13462) #### :hammer: Dependency Upgrades - Update io.projectreactor to 2020.0.34 [#13513](https://togithub.com/spring-projects/spring-security/issues/13513) - Update org.springframework to 5.3.29 [#13515](https://togithub.com/spring-projects/spring-security/issues/13515) - Update org.springframework.data to 2021.2.14 [#13516](https://togithub.com/spring-projects/spring-security/issues/13516) - Update reactor-netty to 1.0.34 [#13514](https://togithub.com/spring-projects/spring-security/issues/13514) ### [`v5.8.4`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.4) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.3...5.8.4) #### :star: New Features - Convert to Asciidoctor Tabs [#13405](https://togithub.com/spring-projects/spring-security/issues/13405) - Mention that authorizeHttpRequests does not support GrantedAuthorityDefaults [#13227](https://togithub.com/spring-projects/spring-security/issues/13227) - mockOAuth2Login() does not work in collaboration with Spring Cloud Gateway and TokenRelayGatewayFilter [#13252](https://togithub.com/spring-projects/spring-security/issues/13252) - Use Antora name of security [#13329](https://togithub.com/spring-projects/spring-security/issues/13329) #### :beetle: Bug Fixes - Additional filters registered when using Custom DSL [#13280](https://togithub.com/spring-projects/spring-security/issues/13280) - AffirmativeBased vs. AuthorizationManagers.anyOf(...) documentation [#13069](https://togithub.com/spring-projects/spring-security/issues/13069) - AuthorizationAnnotationUtils.findUniqueAnnotation broken for synthetic methods [#13132](https://togithub.com/spring-projects/spring-security/issues/13132) - Clarify that Kotlin DSL needs an import [#13101](https://togithub.com/spring-projects/spring-security/issues/13101) - Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository [#13191](https://togithub.com/spring-projects/spring-security/issues/13191) - Fix Antora Warnings [#13292](https://togithub.com/spring-projects/spring-security/issues/13292) - Fix code snippets in Authorize HttpServletRequest [#11522](https://togithub.com/spring-projects/spring-security/issues/11522) - Fix constant value in XContentTypeOptionsServerHttpHeadersWriter [#13219](https://togithub.com/spring-projects/spring-security/issues/13219) - Fix Documentation Title [#13316](https://togithub.com/spring-projects/spring-security/issues/13316) - Fix legacy-websocket-configuration cross-reference [#12969](https://togithub.com/spring-projects/spring-security/pull/12969) - Fix typo in authorization.adoc [#13135](https://togithub.com/spring-projects/spring-security/pull/13135) - http://www.springframework.org/schema/security/spring-security.xsd returns 404 [#13207](https://togithub.com/spring-projects/spring-security/issues/13207) - Links between migration docs are out of date [#12675](https://togithub.com/spring-projects/spring-security/issues/12675) - Proxy Server section is not linked in nav [#13322](https://togithub.com/spring-projects/spring-security/issues/13322) - RememberMeAuthenticationFilter does not use SecurityContextRepository configured in HttpSecurity [#13104](https://togithub.com/spring-projects/spring-security/issues/13104) - SAML 2.0 HTTP Redirect Binding query params may appear in any order [#12963](https://togithub.com/spring-projects/spring-security/pull/12963) - SAML login fails in Internet Explorer 11 [#13106](https://togithub.com/spring-projects/spring-security/issues/13106) - Spring Security 6 combined with AspectJ weaving of spring-security-aspects executes PreAuthorize twice [#13160](https://togithub.com/spring-projects/spring-security/issues/13160) #### :hammer: Dependency Upgrades - Address CVE-2023-1370 [#13146](https://togithub.com/spring-projects/spring-security/pull/13146) - Update com.nimbusds to 9.43.3 [#13374](https://togithub.com/spring-projects/spring-security/issues/13374) - Update hsqldb to 2.7.2 [#13388](https://togithub.com/spring-projects/spring-security/issues/13388) - Update io.projectreactor to 2020.0.33 [#13377](https://togithub.com/spring-projects/spring-security/issues/13377) - Update io.rsocket to 1.1.4 [#13383](https://togithub.com/spring-projects/spring-security/issues/13383) - Update io.spring.javaformat to 0.0.39 [#13386](https://togithub.com/spring-projects/spring-security/issues/13386) - Update junit-bom to 5.9.3 [#13391](https://togithub.com/spring-projects/spring-security/issues/13391) - Update org.junit.jupiter to 5.9.3 [#13393](https://togithub.com/spring-projects/spring-security/issues/13393) - Update org.springframework to 5.3.28 [#13395](https://togithub.com/spring-projects/spring-security/issues/13395) - Update org.springframework.data to 2021.2.13 [#13397](https://togithub.com/spring-projects/spring-security/issues/13397) - Update reactor-netty to 1.0.33 [#13380](https://togithub.com/spring-projects/spring-security/issues/13380) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@LeovR](https://togithub.com/LeovR) - [@lukaszmigdalek](https://togithub.com/lukaszmigdalek) - [@fredbalves86](https://togithub.com/fredbalves86) - [@daisuzz](https://togithub.com/daisuzz) ### [`v5.8.3`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.3) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.2...5.8.3) #### :star: New Features - Clarify documentation code snippet(s) (unclear where static imported methods come from) [#12991](https://togithub.com/spring-projects/spring-security/issues/12991) - Document 5.8 Migration for DefaultMethodSecurityExpressionHandler [#12356](https://togithub.com/spring-projects/spring-security/issues/12356) - Documentation should mention that an empty SecurityContext should also be saved [#12906](https://togithub.com/spring-projects/spring-security/issues/12906) - Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist [#12928](https://togithub.com/spring-projects/spring-security/issues/12928) - Fixed test in DefaultLoginPageGeneratingFilterTests [#12694](https://togithub.com/spring-projects/spring-security/pull/12694) #### :beetle: Bug Fixes - Bug in documentation of Storing the Authentication manually [#12850](https://togithub.com/spring-projects/spring-security/issues/12850) - DaoAuthenticationProvider is not usable on RHEL 8.7 with enforced FIPS mode [#12873](https://togithub.com/spring-projects/spring-security/issues/12873) - EntityId ignored in xml relying-party-registration [#12776](https://togithub.com/spring-projects/spring-security/issues/12776) - Fix .access(...) parameter [#12676](https://togithub.com/spring-projects/spring-security/pull/12676) - Fix a javadoc typo in ReactiveAuthorizationManager [#12999](https://togithub.com/spring-projects/spring-security/issues/12999) - Fix a javadoc typo in ReactiveAuthorizationManager [#12982](https://togithub.com/spring-projects/spring-security/issues/12982) - Fix ID of WebSocket Authorization section [#12872](https://togithub.com/spring-projects/spring-security/pull/12872) - HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support [#12314](https://togithub.com/spring-projects/spring-security/issues/12314) - JdkSerializationRedisSerializer is not able to serialize Saml2LogoutRequest because of a lambda encoder [#12472](https://togithub.com/spring-projects/spring-security/issues/12472) - Missing spring-security-oauth2 xsds after release [#12805](https://togithub.com/spring-projects/spring-security/issues/12805) - NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed [#13004](https://togithub.com/spring-projects/spring-security/issues/13004) - RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present [#13054](https://togithub.com/spring-projects/spring-security/issues/13054) - Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver [#12935](https://togithub.com/spring-projects/spring-security/issues/12935) - SecurityWebApplicationInitializer.getSecurityDispatcherTypes example is wrong in migration guide [#12939](https://togithub.com/spring-projects/spring-security/issues/12939) - SwitchUserFilter should use HttpSessionSecurityContextRepository by default [#12835](https://togithub.com/spring-projects/spring-security/issues/12835) #### :hammer: Dependency Upgrades - Update blockhound to 1.0.8.RELEASE [#13024](https://togithub.com/spring-projects/spring-security/issues/13024) - Update io.projectreactor to 2020.0.31 [#13022](https://togithub.com/spring-projects/spring-security/issues/13022) - Update io.spring.javaformat to 0.0.38 [#13025](https://togithub.com/spring-projects/spring-security/issues/13025) - Update logback-classic to 1.2.12 [#13021](https://togithub.com/spring-projects/spring-security/issues/13021) - Update org.eclipse.jetty to 9.4.51.v20230217 [#13026](https://togithub.com/spring-projects/spring-security/issues/13026) - Update org.springframework to 5.3.27 [#13027](https://togithub.com/spring-projects/spring-security/issues/13027) - Update org.springframework.data to 2021.2.10 [#13028](https://togithub.com/spring-projects/spring-security/issues/13028) - Update org.springframework.data to 2021.2.11 [#13029](https://togithub.com/spring-projects/spring-security/issues/13029) - Update reactor-netty to 1.0.31 [#13023](https://togithub.com/spring-projects/spring-security/issues/13023) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@slauth](https://togithub.com/slauth) - [@twosom](https://togithub.com/twosom) - [@el-hopaness-romtic](https://togithub.com/el-hopaness-romtic) ### [`v5.8.2`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.2) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.1...5.8.2) #### :star: New Features - Add XorCsrfChannelInterceptor [#12562](https://togithub.com/spring-projects/spring-security/pull/12562) - Document `@EnableWebFluxSecurity` requiring `@Configuration` in 6.0.0 [#12434](https://togithub.com/spring-projects/spring-security/issues/12434) - fix unclosed block in docs [#12553](https://togithub.com/spring-projects/spring-security/issues/12553) - Improve documentation on what changed in the default behaviour in version 6 vs 5.7 [#12462](https://togithub.com/spring-projects/spring-security/issues/12462) - Spring Security 6.0 Migration Guide Should Mention `@Configuration` Meta-Annotation Removal From Configuration Annotations [#12486](https://togithub.com/spring-projects/spring-security/issues/12486) #### :beetle: Bug Fixes - AuthorizationManager method security documentation should use AnnotationMatchingPointcut [#12516](https://togithub.com/spring-projects/spring-security/issues/12516) - DefaultSavedRequest.doesRequestMatch does not work, when matchingRequestParameterName is set [#12665](https://togithub.com/spring-projects/spring-security/issues/12665) - Document XMLObject retreival for Asserting Party metadata [#12693](https://togithub.com/spring-projects/spring-security/issues/12693) - Jackson serialization of `DefaultSaml2AuthenticatedPrincipal`: `LinkedMultiValueMap is not in the allowlist` [#12458](https://togithub.com/spring-projects/spring-security/issues/12458) - NimbusJwtDecoder unknown KID scenario is not correctly tested [#12494](https://togithub.com/spring-projects/spring-security/issues/12494) - NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard [#12686](https://togithub.com/spring-projects/spring-security/issues/12686) - SwitchUserFilter not working in Spring Security 6 [#12510](https://togithub.com/spring-projects/spring-security/issues/12510) - Wrong name of the filter in the SecurityContextHolderFilter diagram [#12526](https://togithub.com/spring-projects/spring-security/issues/12526) #### :hammer: Dependency Upgrades - Update blockhound to 1.0.7.RELEASE [#12719](https://togithub.com/spring-projects/spring-security/issues/12719) - Update hibernate-entitymanager to 5.6.15.Final [#12722](https://togithub.com/spring-projects/spring-security/issues/12722) - Update io.projectreactor to 2020.0.28 [#12717](https://togithub.com/spring-projects/spring-security/issues/12717) - Update io.spring.nohttp to 0.0.11 [#12720](https://togithub.com/spring-projects/spring-security/issues/12720) - Update jackson-bom to 2.13.5 [#12714](https://togithub.com/spring-projects/spring-security/issues/12714) - Update jackson-databind to 2.13.5 [#12715](https://togithub.com/spring-projects/spring-security/issues/12715) - Update jackson-datatype-jsr310 to 2.13.5 [#12716](https://togithub.com/spring-projects/spring-security/issues/12716) - Update junit-bom to 5.9.2 [#12723](https://togithub.com/spring-projects/spring-security/issues/12723) - Update org.aspectj to 1.9.19 [#12721](https://togithub.com/spring-projects/spring-security/issues/12721) - Update org.junit.jupiter to 5.9.2 [#12724](https://togithub.com/spring-projects/spring-security/issues/12724) - Update org.springframework to 5.3.25 [#12725](https://togithub.com/spring-projects/spring-security/issues/12725) - Update org.springframework.data to 2021.2.8 [#12739](https://togithub.com/spring-projects/spring-security/issues/12739) - Update org.springframework.data to 2021.2.8 [#12726](https://togithub.com/spring-projects/spring-security/issues/12726) - Update reactor-netty to 1.0.28 [#12718](https://togithub.com/spring-projects/spring-security/issues/12718) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@sjohnr](https://togithub.com/sjohnr) ### [`v5.8.1`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.1) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.0...5.8.1) ##### :star: New Features - Add `EnableWebSecurity` migration steps to 5.8 guide [#12334](https://togithub.com/spring-projects/spring-security/issues/12334) - Replace deprecated set-state set-output GitHub Action's commands [#12298](https://togithub.com/spring-projects/spring-security/issues/12298) ##### :beetle: Bug Fixes - codes in spring security docs fail to work [#11396](https://togithub.com/spring-projects/spring-security/issues/11396) - DefaultLdapAuthoritiesPopulator throws NullPointerException [#12408](https://togithub.com/spring-projects/spring-security/issues/12408) - Fix AuthorizationFilter diagram in docs [#12286](https://togithub.com/spring-projects/spring-security/issues/12286) - Fix password encoder migration guide [#12318](https://togithub.com/spring-projects/spring-security/pull/12318) - Fix typo [#12316](https://togithub.com/spring-projects/spring-security/pull/12316) - Incorrect Javadoc for class ExpressionAuthorizationDecision [#12411](https://togithub.com/spring-projects/spring-security/issues/12411) - Incorrect sample code in securityMatcher migration docs [#12296](https://togithub.com/spring-projects/spring-security/issues/12296) - SecurityContextHolderFilter does not apply to async dispatch [#11962](https://togithub.com/spring-projects/spring-security/issues/11962) ##### :hammer: Dependency Upgrades - Update httpclient to 4.5.14 [#12403](https://togithub.com/spring-projects/spring-security/issues/12403) - Update io.projectreactor to 2020.0.26 [#12401](https://togithub.com/spring-projects/spring-security/issues/12401) - Update mockk to 1.13.3 [#12400](https://togithub.com/spring-projects/spring-security/issues/12400) - Update org.eclipse.jetty to 9.4.50.v20221201 [#12404](https://togithub.com/spring-projects/spring-security/issues/12404) - Update org.jetbrains.kotlin to 1.7.22 [#12405](https://togithub.com/spring-projects/spring-security/issues/12405) - Update reactor-netty to 1.0.26 [#12402](https://togithub.com/spring-projects/spring-security/issues/12402) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@heowc](https://togithub.com/heowc) - [@mschneid](https://togithub.com/mschneid) ### [`v5.8.0`](https://togithub.com/spring-projects/spring-security/releases/tag/5.8.0) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.7.11...5.8.0) ##### :star: New Features - Add Kotlin example showing integration with WebTestClient [#11611](https://togithub.com/spring-projects/spring-security/issues/11611) - Add MethodExpressionAuthorizationManager [#11502](https://togithub.com/spring-projects/spring-security/issues/11502) - Add Polish localization to error messages from ExceptionTranslationFi… [#12201](https://togithub.com/spring-projects/spring-security/pull/12201) - Add support AuthorizationManager +Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.