spring-projects/spring-security (org.springframework.security:spring-security-cas)
### [`v6.2.1`](https://togithub.com/spring-projects/spring-security/releases/tag/6.2.1)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.2.0...6.2.1)
#### :star: New Features
- docs: make XML and Java/Kotlin consistent with AspectJExpressionPointcut [#14219](https://togithub.com/spring-projects/spring-security/pull/14219)
- Document that Shibboleth Repository is Required for SAML Support [#14295](https://togithub.com/spring-projects/spring-security/issues/14295)
- Fix typo in architecture.adoc [#14254](https://togithub.com/spring-projects/spring-security/pull/14254)
- Fixing link in authentication/architecture.adoc [#13593](https://togithub.com/spring-projects/spring-security/pull/13593)
- Integrate HandlerMappingIntrospector Caching [#14332](https://togithub.com/spring-projects/spring-security/issues/14332)
- OAuth2 Resource Server is exposing server information. [#14278](https://togithub.com/spring-projects/spring-security/issues/14278)
#### :beetle: Bug Fixes
- Update Java Config Spring MVC documentation [#14234](https://togithub.com/spring-projects/spring-security/issues/14234)
- add missing \[tabs] fix typo in docs [#14208](https://togithub.com/spring-projects/spring-security/pull/14208)
- AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity [#14267](https://togithub.com/spring-projects/spring-security/issues/14267)
- Correct What's New in 6.2 reference to forServletPattern [#14200](https://togithub.com/spring-projects/spring-security/issues/14200)
- Fix typo in getClaimAsMap docstring [#14183](https://togithub.com/spring-projects/spring-security/pull/14183)
- Fix typo in the 'Authorizing Requests' example [#14169](https://togithub.com/spring-projects/spring-security/pull/14169)
- fix wrong document about "jws-algorithms" [#14280](https://togithub.com/spring-projects/spring-security/issues/14280)
- Improve error message when ServletRegistration API is unavailable [#14232](https://togithub.com/spring-projects/spring-security/issues/14232)
- Update Javadoc Comments in AuthorizationEvent Class [#14175](https://togithub.com/spring-projects/spring-security/pull/14175)
#### :hammer: Dependency Upgrades
- Bump actions/checkout from 3 to 4 [#14323](https://togithub.com/spring-projects/spring-security/pull/14323)
- Bump actions/setup-java from 3 to 4 [#14320](https://togithub.com/spring-projects/spring-security/pull/14320)
- Bump ch.qos.logback:logback-classic from 1.4.11 to 1.4.13 [#14213](https://togithub.com/spring-projects/spring-security/pull/14213)
- Bump ch.qos.logback:logback-classic from 1.4.13 to 1.4.14 [#14239](https://togithub.com/spring-projects/spring-security/pull/14239)
- Bump com.unboundid:unboundid-ldapsdk from 6.0.10 to 6.0.11 [#14223](https://togithub.com/spring-projects/spring-security/pull/14223)
- Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 [#14328](https://togithub.com/spring-projects/spring-security/pull/14328)
- Bump Gradle Wrapper from 8.4 to 8.5 [#14222](https://togithub.com/spring-projects/spring-security/issues/14222)
- Bump io.micrometer:micrometer-observation from 1.12.0 to 1.12.1 [#14284](https://togithub.com/spring-projects/spring-security/pull/14284)
- Bump io.projectreactor:reactor-bom from 2023.0.0 to 2023.0.1 [#14289](https://togithub.com/spring-projects/spring-security/pull/14289)
- Bump org-apache-maven-resolver from 1.9.16 to 1.9.17 [#14184](https://togithub.com/spring-projects/spring-security/pull/14184)
- Bump org-apache-maven-resolver from 1.9.17 to 1.9.18 [#14197](https://togithub.com/spring-projects/spring-security/pull/14197)
- Bump org-aspectj from 1.9.20.1 to 1.9.21 [#14271](https://togithub.com/spring-projects/spring-security/pull/14271)
- Bump org.apache.maven:maven-resolver-provider from 3.9.5 to 3.9.6 [#14228](https://togithub.com/spring-projects/spring-security/pull/14228)
- Bump org.hibernate.orm:hibernate-core from 6.3.1.Final to 6.3.2.Final [#14190](https://togithub.com/spring-projects/spring-security/pull/14190)
- Bump org.jetbrains.kotlin:kotlin-bom from 1.9.20 to 1.9.21 [#14192](https://togithub.com/spring-projects/spring-security/pull/14192)
- Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.20 to 1.9.21 [#14191](https://togithub.com/spring-projects/spring-security/pull/14191)
- Bump org.springframework.data:spring-data-bom from 2023.1.0 to 2023.1.1 [#14341](https://togithub.com/spring-projects/spring-security/pull/14341)
- Bump org.springframework.ldap:spring-ldap-core from 3.2.0 to 3.2.1 [#14335](https://togithub.com/spring-projects/spring-security/pull/14335)
- Bump org.springframework:spring-framework-bom from 6.1.0 to 6.1.1 [#14189](https://togithub.com/spring-projects/spring-security/pull/14189)
- Bump org.springframework:spring-framework-bom from 6.1.1 to 6.1.2 [#14319](https://togithub.com/spring-projects/spring-security/pull/14319)
- Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0 [#14318](https://togithub.com/spring-projects/spring-security/pull/14318)
- Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 [#14322](https://togithub.com/spring-projects/spring-security/pull/14322)
- Bump spring-io/spring-gradle-build-action from 1 to 2 [#14321](https://togithub.com/spring-projects/spring-security/pull/14321)
#### :heart: Contributors
Thank you to all the contributors who worked on this release:
[@ParkerM](https://togithub.com/ParkerM), [@YangSiJun528](https://togithub.com/YangSiJun528), [@aaron-to-go](https://togithub.com/aaron-to-go), [@ahmd-nabil](https://togithub.com/ahmd-nabil), [@andreilisa](https://togithub.com/andreilisa), [@dependabot](https://togithub.com/dependabot)\[bot], [@limvik](https://togithub.com/limvik), and [@prufrock](https://togithub.com/prufrock)
### [`v6.2.0`](https://togithub.com/spring-projects/spring-security/releases/tag/6.2.0)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.1.6...6.2.0)
#### :star: New Features
- AuthorizationManager\[Before/After]ReactiveMethodInterceptor doesn't support Kotlin coroutines [#12080](https://togithub.com/spring-projects/spring-security/issues/12080)
- Simplify configuration of OAuth2 Client component model [#11783](https://togithub.com/spring-projects/spring-security/issues/11783)
#### :beetle: Bug Fixes
- On Cancel, ObservationWebFilterDecorator Starts After-Filter Span without Stopping It [#14064](https://togithub.com/spring-projects/spring-security/issues/14064)
- Authentication not propagated correctly after migrating to SB3 [#14112](https://togithub.com/spring-projects/spring-security/issues/14112)
- Authorization does not show up on Features section [#14105](https://togithub.com/spring-projects/spring-security/issues/14105)
- Fix obsolete comment and typos [#14060](https://togithub.com/spring-projects/spring-security/pull/14060)
- Fix typo in documentation [#14130](https://togithub.com/spring-projects/spring-security/pull/14130)
- improve render in headers.adoc [#14102](https://togithub.com/spring-projects/spring-security/issues/14102)
- ReactiveRemoteJWKSource caches invalid response status into jwkSetURL [#14042](https://togithub.com/spring-projects/spring-security/issues/14042)
- References to WebFlux docs do not link to them [#14108](https://togithub.com/spring-projects/spring-security/issues/14108)
- relay_state should not be included in signing calculation when it is null [#14039](https://togithub.com/spring-projects/spring-security/issues/14039)
- samesite set by Tomcat CookieProcessor ignored when creating XSRF-TOKEN cookie in CsrfTokenRepository [#14138](https://togithub.com/spring-projects/spring-security/issues/14138)
- Security configuration is failed to be initialized in a Servlet 6.0 container [#14166](https://togithub.com/spring-projects/spring-security/issues/14166)
- Spring Security documentation confuses "idempotent" with "read-only" in CSRF section [#14115](https://togithub.com/spring-projects/spring-security/issues/14115)
- Spring Security metric names should not contain dashes [#14067](https://togithub.com/spring-projects/spring-security/issues/14067)
- spring.security counters inaccurate due onComplete and cancel() [#14147](https://togithub.com/spring-projects/spring-security/issues/14147)
- The latest "OAuth2AuthorizedClientManager" class is not AOT ready [#14094](https://togithub.com/spring-projects/spring-security/issues/14094)
- UnboundIdContainer should be marked as not running at shutdown [#14095](https://togithub.com/spring-projects/spring-security/issues/14095)
#### :hammer: Dependency Upgrades
- Bump io-spring-javaformat from 0.0.39 to 0.0.40 [#14156](https://togithub.com/spring-projects/spring-security/pull/14156)
- Bump io.micrometer:micrometer-observation from 1.12.0-RC1 to 1.12.0 [#14135](https://togithub.com/spring-projects/spring-security/pull/14135)
- Bump io.projectreactor:reactor-bom from 2023.0.0-RC1 to 2023.0.0 [#14145](https://togithub.com/spring-projects/spring-security/pull/14145)
- Bump org.junit:junit-bom from 5.10.0 to 5.10.1 [#14097](https://togithub.com/spring-projects/spring-security/pull/14097)
- Bump org.springframework.data:spring-data-bom from 2023.1.0-RC1 to 2023.1.0 [#14172](https://togithub.com/spring-projects/spring-security/pull/14172)
- Bump org.springframework.ldap:spring-ldap-core from 3.2.0-RC1 to 3.2.0 [#14155](https://togithub.com/spring-projects/spring-security/pull/14155)
- Bump org.springframework:spring-framework-bom from 6.1.0-RC1 to 6.1.0-RC2 [#14055](https://togithub.com/spring-projects/spring-security/pull/14055)
- Bump org.springframework:spring-framework-bom from 6.1.0-RC2 to 6.1.0 [#14157](https://togithub.com/spring-projects/spring-security/pull/14157)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@nico-ortiz](https://togithub.com/nico-ortiz)
- [@dependabot\[bot\]](https://togithub.com/apps/dependabot)
- [@martin-lukas](https://togithub.com/martin-lukas)
### [`v6.1.6`](https://togithub.com/spring-projects/spring-security/releases/tag/6.1.6)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.1.5...6.1.6)
#### :star: New Features
- Document that Shibboleth Repository is Required for SAML Support [#14294](https://togithub.com/spring-projects/spring-security/issues/14294)
- Integrate HandlerMappingIntrospector Caching [#14128](https://togithub.com/spring-projects/spring-security/issues/14128)
- OAuth2 Resource Server is exposing server information. [#14277](https://togithub.com/spring-projects/spring-security/issues/14277)
- Resolve RequestMatcher at request-time [#14085](https://togithub.com/spring-projects/spring-security/issues/14085)
#### :beetle: Bug Fixes
- AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity [#14266](https://togithub.com/spring-projects/spring-security/issues/14266)
- Authentication not propagated correctly after migrating to SB3 [#14111](https://togithub.com/spring-projects/spring-security/issues/14111)
- Authorization does not show up on Features section [#14104](https://togithub.com/spring-projects/spring-security/issues/14104)
- DefaultLoginPageGeneratingFilter should be able to handle AuthenticationExceptions without message [#14117](https://togithub.com/spring-projects/spring-security/issues/14117)
- Fix broken link for servlet getting started page [#14119](https://togithub.com/spring-projects/spring-security/pull/14119)
- Fix typo in method-security.adoc [#14059](https://togithub.com/spring-projects/spring-security/pull/14059)
- fix wrong document about "jws-algorithms" [#14279](https://togithub.com/spring-projects/spring-security/issues/14279)
- Improve error message when ServletRegistration API is unavailable [#14231](https://togithub.com/spring-projects/spring-security/issues/14231)
- improve render in headers.adoc [#14101](https://togithub.com/spring-projects/spring-security/issues/14101)
- On Cancel, ObservationWebFilterDecorator Starts After-Filter Span without Stopping It [#14063](https://togithub.com/spring-projects/spring-security/issues/14063)
- ReactiveRemoteJWKSource caches invalid response status into jwkSetURL [#14041](https://togithub.com/spring-projects/spring-security/issues/14041)
- References to WebFlux docs do not link to them [#14107](https://togithub.com/spring-projects/spring-security/issues/14107)
- relay_state should not be included in signing calculation when it is null [#14038](https://togithub.com/spring-projects/spring-security/issues/14038)
- samesite set by Tomcat CookieProcessor ignored when creating XSRF-TOKEN cookie in CsrfTokenRepository [#14131](https://togithub.com/spring-projects/spring-security/issues/14131)
- Security configuration is failed to be initialized in a Servlet 6.0 container [#14165](https://togithub.com/spring-projects/spring-security/issues/14165)
- Spring Security documentation confuses "idempotent" with "read-only" in CSRF section [#14114](https://togithub.com/spring-projects/spring-security/issues/14114)
- Spring Security metric names should not contain dashes [#14066](https://togithub.com/spring-projects/spring-security/issues/14066)
- spring.security counters inaccurate due onComplete and cancel() [#14146](https://togithub.com/spring-projects/spring-security/issues/14146)
- Update Java Config Spring MVC documentation [#14233](https://togithub.com/spring-projects/spring-security/issues/14233)
- Update logout.adoc: Replace Directives with Directive [#14062](https://togithub.com/spring-projects/spring-security/pull/14062)
#### :hammer: Dependency Upgrades
- Bump actions/checkout from 3 to 4 [#14310](https://togithub.com/spring-projects/spring-security/pull/14310)
- Bump actions/setup-java from 3 to 4 [#14327](https://togithub.com/spring-projects/spring-security/pull/14327)
- Bump ch.qos.logback:logback-classic from 1.4.11 to 1.4.13 [#14214](https://togithub.com/spring-projects/spring-security/pull/14214)
- Bump ch.qos.logback:logback-classic from 1.4.13 to 1.4.14 [#14238](https://togithub.com/spring-projects/spring-security/pull/14238)
- Bump com.unboundid:unboundid-ldapsdk from 6.0.10 to 6.0.11 [#14224](https://togithub.com/spring-projects/spring-security/pull/14224)
- Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 [#14317](https://togithub.com/spring-projects/spring-security/pull/14317)
- Bump Gradle Wrapper from 8.4 to 8.5 [#14218](https://togithub.com/spring-projects/spring-security/pull/14218)
- Bump io-spring-javaformat from 0.0.39 to 0.0.40 [#14158](https://togithub.com/spring-projects/spring-security/pull/14158)
- Bump io.micrometer:micrometer-observation from 1.10.12 to 1.10.13 [#14134](https://togithub.com/spring-projects/spring-security/pull/14134)
- Bump io.projectreactor:reactor-bom from 2022.0.12 to 2022.0.13 [#14144](https://togithub.com/spring-projects/spring-security/pull/14144)
- Bump io.projectreactor:reactor-bom from 2022.0.13 to 2022.0.14 [#14288](https://togithub.com/spring-projects/spring-security/pull/14288)
- Bump org-aspectj from 1.9.20.1 to 1.9.21 [#14272](https://togithub.com/spring-projects/spring-security/pull/14272)
- Bump org-eclipse-jetty from 11.0.17 to 11.0.18 [#14081](https://togithub.com/spring-projects/spring-security/pull/14081)
- Bump org.springframework.data:spring-data-bom from 2022.0.11 to 2022.0.12 [#14173](https://togithub.com/spring-projects/spring-security/pull/14173)
- Bump org.springframework:spring-framework-bom from 6.0.13 to 6.0.14 [#14159](https://togithub.com/spring-projects/spring-security/pull/14159)
- Bump org.springframework:spring-framework-bom from 6.0.14 to 6.0.15 [#14312](https://togithub.com/spring-projects/spring-security/pull/14312)
- Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0 [#14315](https://togithub.com/spring-projects/spring-security/pull/14315)
- Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 [#14316](https://togithub.com/spring-projects/spring-security/pull/14316)
- Bump spring-io/spring-gradle-build-action from 1 to 2 [#14305](https://togithub.com/spring-projects/spring-security/pull/14305)
#### :heart: Contributors
Thank you to all the contributors who worked on this release:
[@Ruffeng](https://togithub.com/Ruffeng), [@dependabot](https://togithub.com/dependabot)\[bot], [@github-actions](https://togithub.com/github-actions)\[bot], [@marbon87](https://togithub.com/marbon87), and [@sadidshaikh](https://togithub.com/sadidshaikh)
### [`v6.1.5`](https://togithub.com/spring-projects/spring-security/releases/tag/6.1.5)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.1.4...6.1.5)
##### :star: New Features
- Document how to publish an `AuthenticationManager` `@Bean` without `WebSecurityConfigurerAdapter` [#14015](https://togithub.com/spring-projects/spring-security/issues/14015)
- Replace deprecated method [#13649](https://togithub.com/spring-projects/spring-security/pull/13649)
- Use Gradle's Version Catalog [#13871](https://togithub.com/spring-projects/spring-security/issues/13871)
##### :beetle: Bug Fixes
- Dependency convergence failed: nimbus-jose-jwt [#13843](https://togithub.com/spring-projects/spring-security/issues/13843)
- Docs custom AuthorizationManager fix [#13991](https://togithub.com/spring-projects/spring-security/pull/13991)
- Fix `snapshot_tests` on CI workflow [#13878](https://togithub.com/spring-projects/spring-security/issues/13878)
- Fix parsing of GET SAML logout requests [#13970](https://togithub.com/spring-projects/spring-security/pull/13970)
- Saml-Metadata with special characters is corrupted [#13861](https://togithub.com/spring-projects/spring-security/issues/13861)
- Saml2LogoutRequestMixin relayState property should be binding [#13942](https://togithub.com/spring-projects/spring-security/issues/13942)
##### :hammer: Dependency Upgrades
- Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 [#13984](https://togithub.com/spring-projects/spring-security/pull/13984)
- Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 [#13891](https://togithub.com/spring-projects/spring-security/pull/13891)
- Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 [#13950](https://togithub.com/spring-projects/spring-security/pull/13950)
- Bump com.gradle.enterprise from 3.12.3 to 3.12.6 [#13934](https://togithub.com/spring-projects/spring-security/pull/13934)
- Bump com.unboundid:unboundid-ldapsdk from 6.0.9 to 6.0.10 [#13903](https://togithub.com/spring-projects/spring-security/pull/13903)
- Bump Gradle Wrapper from 8.3 to 8.4 [#13974](https://togithub.com/spring-projects/spring-security/pull/13974)
- Bump io.freefair.gradle:aspectj-plugin from 6.6-rc1 to 6.6.3 [#13935](https://togithub.com/spring-projects/spring-security/pull/13935)
- Bump io.micrometer:micrometer-observation from 1.10.10 to 1.10.11 [#13945](https://togithub.com/spring-projects/spring-security/pull/13945)
- Bump io.micrometer:micrometer-observation from 1.10.11 to 1.10.12 [#14001](https://togithub.com/spring-projects/spring-security/pull/14001)
- Bump io.mockk:mockk from 1.13.7 to 1.13.8 [#13952](https://togithub.com/spring-projects/spring-security/pull/13952)
- Bump io.projectreactor:reactor-bom from 2022.0.10 to 2022.0.11 [#13937](https://togithub.com/spring-projects/spring-security/pull/13937)
- Bump io.projectreactor:reactor-bom from 2022.0.11 to 2022.0.12 [#14000](https://togithub.com/spring-projects/spring-security/pull/14000)
- Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 [#13985](https://togithub.com/spring-projects/spring-security/pull/13985)
- Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.0 to 4.0.1 [#13949](https://togithub.com/spring-projects/spring-security/pull/13949)
- Bump org-aspectj from 1.9.20 to 1.9.20.1 [#13896](https://togithub.com/spring-projects/spring-security/pull/13896)
- Bump org-eclipse-jetty from 11.0.15 to 11.0.16 [#13901](https://togithub.com/spring-projects/spring-security/pull/13901)
- Bump org-eclipse-jetty from 11.0.16 to 11.0.17 [#13999](https://togithub.com/spring-projects/spring-security/pull/13999)
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 [#13953](https://togithub.com/spring-projects/spring-security/pull/13953)
- Bump org.slf4j:slf4j-api from 2.0.7 to 2.0.9 [#13938](https://togithub.com/spring-projects/spring-security/pull/13938)
- Bump org.springframework.data:spring-data-bom from 2022.0.10 to 2022.0.11 [#14019](https://togithub.com/spring-projects/spring-security/pull/14019)
- Bump org.springframework.data:spring-data-bom from 2022.0.9 to 2022.0.10 [#13951](https://togithub.com/spring-projects/spring-security/pull/13951)
- Bump org.springframework.ldap:spring-ldap-core from 3.0.5 to 3.0.6 [#14007](https://togithub.com/spring-projects/spring-security/pull/14007)
- Bump org.springframework:spring-framework-bom from 6.0.11 to 6.0.12 [#13904](https://togithub.com/spring-projects/spring-security/pull/13904)
- Bump org.springframework:spring-framework-bom from 6.0.12 to 6.0.13 [#14006](https://togithub.com/spring-projects/spring-security/pull/14006)
- Update to org.apereo.cas.client:cas-client-core 4.0.3 [#13947](https://togithub.com/spring-projects/spring-security/issues/13947)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@Dyndyn](https://togithub.com/Dyndyn)
- [@limvik](https://togithub.com/limvik)
- [@github-actions\[bot\]](https://togithub.com/apps/github-actions)
- [@dependabot\[bot\]](https://togithub.com/apps/dependabot)
- [@pbborisov18](https://togithub.com/pbborisov18)
### [`v6.1.4`](https://togithub.com/spring-projects/spring-security/releases/tag/6.1.4)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.1.3...6.1.4)
#### :star: New Features
- Automate spring-security.xsd [#13825](https://togithub.com/spring-projects/spring-security/issues/13825)
#### :beetle: Bug Fixes
- CookieCsrfTokenRepository resets httpOnly to true in case a cookieCustomizer is set [#13659](https://togithub.com/spring-projects/spring-security/issues/13659)
- CookieRequestCache ignores user Locale [#13796](https://togithub.com/spring-projects/spring-security/issues/13796)
- Default Security Configuration adds WWW-Authenticate Twice [#13759](https://togithub.com/spring-projects/spring-security/issues/13759)
- Fix inaccurate information about permitting the FORWARD dispatcher in Kotlin [#13729](https://togithub.com/spring-projects/spring-security/pull/13729)
- OAuth2AuthenticationExceptionMixin doesn't work in JDK 17 [#13800](https://togithub.com/spring-projects/spring-security/issues/13800)
- Problem uploading multipart file after migrating to latest Spring Security. [#13820](https://togithub.com/spring-projects/spring-security/issues/13820)
- Saml2AuthenticationExceptionMixin doesn't work in JDK 17 [#13806](https://togithub.com/spring-projects/spring-security/issues/13806)
- Spring ACL and native compilation fail to process datasource properties [#13814](https://togithub.com/spring-projects/spring-security/issues/13814)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@username1103](https://togithub.com/username1103)
### [`v6.1.3`](https://togithub.com/spring-projects/spring-security/releases/tag/6.1.3)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.1.2...6.1.3)
#### :star: New Features
- Add MvcRequestMatcher reference documentation [#13726](https://togithub.com/spring-projects/spring-security/issues/13726)
- Refactor for readability [#13472](https://togithub.com/spring-projects/spring-security/pull/13472)
- requestMatchers servlet validation error should include information about servlet paths [#13722](https://togithub.com/spring-projects/spring-security/issues/13722)
- requestMatchers should not count servlets without mappings [#13724](https://togithub.com/spring-projects/spring-security/issues/13724)
#### :beetle: Bug Fixes
- Add return statement of the roleHierachy method in the servlet/author… [#13596](https://togithub.com/spring-projects/spring-security/pull/13596)
- Fix typo in docs [#13637](https://togithub.com/spring-projects/spring-security/issues/13637)
- Referrer Header is set in Reactive Web Applications by default, although doc says it is not. [#13590](https://togithub.com/spring-projects/spring-security/issues/13590)
- RequestMatcherMetadataResponseResolver only shows last RelyingPartyRegistration [#13700](https://togithub.com/spring-projects/spring-security/issues/13700)
- saml2Login should not override OpenSaml4AuthenticationProvider bean [#13655](https://togithub.com/spring-projects/spring-security/issues/13655)
- The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered [#13580](https://togithub.com/spring-projects/spring-security/issues/13580)
- Update links in adocs [#13632](https://togithub.com/spring-projects/spring-security/issues/13632)
#### :hammer: Dependency Upgrades
- Update io.projectreactor to 2022.0.10 [#13674](https://togithub.com/spring-projects/spring-security/issues/13674)
- Update logback-classic to 1.4.11 [#13669](https://togithub.com/spring-projects/spring-security/issues/13669)
- Update micrometer-observation to 1.10.10 [#13672](https://togithub.com/spring-projects/spring-security/issues/13672)
- Update mockk to 1.13.7 [#13673](https://togithub.com/spring-projects/spring-security/issues/13673)
- Update org.aspectj to 1.9.20 [#13676](https://togithub.com/spring-projects/spring-security/issues/13676)
- Update org.springframework.data to 2022.0.9 [#13677](https://togithub.com/spring-projects/spring-security/issues/13677)
- Update reactor-netty to 1.1.10 [#13675](https://togithub.com/spring-projects/spring-security/issues/13675)
- Update spring-ldap-core to 3.0.5 [#13678](https://togithub.com/spring-projects/spring-security/issues/13678)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@galmegiz](https://togithub.com/galmegiz)
- [@limvik](https://togithub.com/limvik)
### [`v6.1.2`](https://togithub.com/spring-projects/spring-security/releases/tag/6.1.2)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.1.1...6.1.2)
#### :star: New Features
- Improve RequestMatcher Validation [#13557](https://togithub.com/spring-projects/spring-security/issues/13557)
- Improve Security Filters Documentation [#13414](https://togithub.com/spring-projects/spring-security/issues/13414)
- Optimize Querying of RequestCache -> continue parameter [#13488](https://togithub.com/spring-projects/spring-security/issues/13488)
- Optimize Querying of RequestCache -> continue parameter [#13482](https://togithub.com/spring-projects/spring-security/issues/13482)
#### :beetle: Bug Fixes
- Error message should show underlying Client Authentication method [#13498](https://togithub.com/spring-projects/spring-security/issues/13498)
- Javadoc for AuthorizationFilter#filterErrorDispatch is wrong [#13465](https://togithub.com/spring-projects/spring-security/issues/13465)
- once-per-request="true" does not work in XML configuration [#13494](https://togithub.com/spring-projects/spring-security/issues/13494)
- Spring Security 6 combined with AspectJ weaving of spring-security-aspects executes PreAuthorize twice [#13199](https://togithub.com/spring-projects/spring-security/issues/13199)
- Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration [#13421](https://togithub.com/spring-projects/spring-security/issues/13421)
- Unable to Use `hasIpAddress()` Method After Migrating to `authorizeHttpRequests()` in Spring Security 6 [#13478](https://togithub.com/spring-projects/spring-security/issues/13478)
- update l179 of jwt docs [#13480](https://togithub.com/spring-projects/spring-security/pull/13480)
- Use default PathPatternParser instance [#13464](https://togithub.com/spring-projects/spring-security/issues/13464)
#### :hammer: Dependency Upgrades
- Update io.projectreactor to 2022.0.9 [#13525](https://togithub.com/spring-projects/spring-security/issues/13525)
- Update jakarta.websocket to 2.1.1 [#13526](https://togithub.com/spring-projects/spring-security/issues/13526)
- Update micrometer-observation to 1.10.9 [#13524](https://togithub.com/spring-projects/spring-security/issues/13524)
- Update org.springframework to 6.0.11 [#13527](https://togithub.com/spring-projects/spring-security/issues/13527)
- Update org.springframework.data to 2022.0.8 [#13528](https://togithub.com/spring-projects/spring-security/issues/13528)
- Update org.springframework.data to 2022.0.8 [#13522](https://togithub.com/spring-projects/spring-security/issues/13522)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@sueszli](https://togithub.com/sueszli)
### [`v6.1.1`](https://togithub.com/spring-projects/spring-security/releases/tag/6.1.1)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.1.0...6.1.1)
##### :star: New Features
- Add initial Native section to reference docs [#13236](https://togithub.com/spring-projects/spring-security/issues/13236)
- Align Resource Server documentation with Boot's capabilities [#13239](https://togithub.com/spring-projects/spring-security/issues/13239)
- Convert to Asciidoctor Tabs [#13407](https://togithub.com/spring-projects/spring-security/issues/13407)
- Document How to Handle Method Security in Native Image [#13237](https://togithub.com/spring-projects/spring-security/issues/13237)
- Improve javadoc about deprecation of .and() and non-Customizer methods [#13273](https://togithub.com/spring-projects/spring-security/issues/13273)
- Make eclipse/vscode project import work [#13284](https://togithub.com/spring-projects/spring-security/issues/13284)
- Mention that authorizeHttpRequests does not support GrantedAuthorityDefaults [#13229](https://togithub.com/spring-projects/spring-security/issues/13229)
- mockOAuth2Login() does not work in collaboration with Spring Cloud Gateway and TokenRelayGatewayFilter [#13254](https://togithub.com/spring-projects/spring-security/issues/13254)
- Use Antora name of security [#13331](https://togithub.com/spring-projects/spring-security/issues/13331)
##### :beetle: Bug Fixes
- Additional filters registered when using Custom DSL [#13282](https://togithub.com/spring-projects/spring-security/issues/13282)
- AOT Fails to proxy [#13369](https://togithub.com/spring-projects/spring-security/issues/13369)
- CasAuthenticationFilter.successfulAuthentication missing call to securityContextRepository.saveContext [#13243](https://togithub.com/spring-projects/spring-security/issues/13243)
- DefaultAuthorizationCodeTokenResponseClient.getTokenResponse(OAuth2AuthorizationCodeGrantRequest) can return null [#13223](https://togithub.com/spring-projects/spring-security/issues/13223)
- Deprecated hint on BasicAuthenticationFilter [#13279](https://togithub.com/spring-projects/spring-security/issues/13279)
- Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository [#13193](https://togithub.com/spring-projects/spring-security/issues/13193)
- Fix Antora Warnings [#13294](https://togithub.com/spring-projects/spring-security/issues/13294)
- Fix constant value in XContentTypeOptionsServerHttpHeadersWriter [#13221](https://togithub.com/spring-projects/spring-security/issues/13221)
- Fix Documentation Title [#13318](https://togithub.com/spring-projects/spring-security/issues/13318)
- Fix legacy-websocket-configuration cross-reference [#13206](https://togithub.com/spring-projects/spring-security/issues/13206)
- Fix type on method-security.adoc [#13212](https://togithub.com/spring-projects/spring-security/pull/13212)
- http://www.springframework.org/schema/security/spring-security.xsd returns 404 [#13209](https://togithub.com/spring-projects/spring-security/issues/13209)
- Migration to EnableMethodSecurity break Transactional on custom PermissionEvaluator [#13218](https://togithub.com/spring-projects/spring-security/issues/13218)
- No longer maintained net.sourceforge.nekohtml with known security issues [#13287](https://togithub.com/spring-projects/spring-security/issues/13287)
- Provide meaningful error when invalid client-authentication-method is provided [#13309](https://togithub.com/spring-projects/spring-security/issues/13309)
- Proxy Server section is not linked in nav [#13324](https://togithub.com/spring-projects/spring-security/issues/13324)
- Use consistent list of micrometer tags in web observation handler [#13190](https://togithub.com/spring-projects/spring-security/issues/13190)
- UserBuilder does not allow authorities to be overridden [#13290](https://togithub.com/spring-projects/spring-security/pull/13290)
##### :hammer: Dependency Upgrades
- Update cas-client-core to 4.0.2 [#13342](https://togithub.com/spring-projects/spring-security/issues/13342)
- Update com.nimbusds to 9.43.3 [#13335](https://togithub.com/spring-projects/spring-security/issues/13335)
- Update hsqldb to 2.7.2 [#13343](https://togithub.com/spring-projects/spring-security/issues/13343)
- Update io.projectreactor to 2022.0.8 [#13338](https://togithub.com/spring-projects/spring-security/issues/13338)
- Update io.rsocket to 1.1.4 [#13340](https://togithub.com/spring-projects/spring-security/issues/13340)
- Update io.spring.javaformat to 0.0.39 [#13341](https://togithub.com/spring-projects/spring-security/issues/13341)
- Update logback-classic to 1.4.8 [#13334](https://togithub.com/spring-projects/spring-security/issues/13334)
- Update micrometer-observation to 1.10.8 [#13337](https://togithub.com/spring-projects/spring-security/issues/13337)
- Update org.jetbrains.kotlin to 1.8.22 [#13344](https://togithub.com/spring-projects/spring-security/issues/13344)
- Update org.springframework to 6.0.10 [#13345](https://togithub.com/spring-projects/spring-security/issues/13345)
- Update org.springframework.data to 2022.0.7 [#13346](https://togithub.com/spring-projects/spring-security/issues/13346)
- Update reactor-netty to 1.1.8 [#13339](https://togithub.com/spring-projects/spring-security/issues/13339)
- Update spring-ldap-core to 3.0.4 [#13347](https://togithub.com/spring-projects/spring-security/issues/13347)
- Update unboundid-ldapsdk to 6.0.9 [#13336](https://togithub.com/spring-projects/spring-security/issues/13336)
##### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@dkorotych](https://togithub.com/dkorotych)
- [@mariodmpereira](https://togithub.com/mariodmpereira)
### [`v6.1.0`](https://togithub.com/spring-projects/spring-security/releases/tag/6.1.0)
[Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.9...6.1.0)
#### :star: New Features
- Explain the rational about deprecating .and() and non-lambda DSL methods [#13094](https://togithub.com/spring-projects/spring-security/issues/13094)
- Revisit CSRF Documentation [#13089](https://togithub.com/spring-projects/spring-security/issues/13089)
#### :beetle: Bug Fixes
- AffirmativeBased vs. AuthorizationManagers.anyOf(...) documentation [#13087](https://togithub.com/spring-projects/spring-security/issues/13087)
- AuthorizationAnnotationUtils.findUniqueAnnotation broken for synthetic methods [#13154](https://togithub.com/spring-projects/spring-security/issues/13154)
- Clarify that Kotlin DSL needs an import [#13103](https://togithub.com/spring-projects/spring-security/issues/13103)
- CookieCsrfTokenRepository overwrites previous Set-Cookie response headers [#13075](https://togithub.com/spring-projects/spring-security/issues/13075)
- Fix code snippets in Authorize HttpServletRequest [#13126](https://togithub.com/spring-projects/spring-security/issues/13126)
- Fix invalid link in ref doc [#12573](https://togithub.com/spring-projects/spring-security/pull/12573)
- fix javadoc typo [#12884](https://togithub.com/spring-projects/spring-security/pull/12884)
- Fix typo cas.adoc [#13116](https://togithub.com/spring-projects/spring-security/pull/13116)
- Links between migration docs are out of date [#13157](https://togithub.com/spring-projects/spring-security/issues/13157)
- RememberMeAuthenticationFilter does not use SecurityContextRepository configured in HttpSecurity [#13128](https://togithub.com/spring-projects/spring-security/issues/13128)
- rolePrefix with empty string returns HTTP 400 as of version 6.0.3 [#13083](https://togithub.com/spring-projects/spring-security/issues/13083)
- SAML login fails in Internet Explorer 11 [#13142](https://togithub.com/spring-projects/spring-security/issues/13142)
- SimpleAroundFilterObservation.wrap calls scope.close() duplicated [#13150](https://togithub.com/spring-projects/spring-security/issues/13150)
- Spring Boot 3.0 application failing to start with oauth2-resource-server and spring actuator [#13122](https://togithub.com/spring-projects/spring-security/issues/13122)
- Update acls.adoc [#13078](https://togithub.com/spring-projects/spring-security/pull/13078)
- Update architecture.adoc [#13077](https://togithub.com/spring-projects/spring-security/pull/13077)
- Web Security Expression section of Documentation is obsolete or it does not work [#12974](https://togithub.com/spring-projects/spring-security/issues/12974)
#### :hammer: Dependency Upgrades
- Update com.nimbusds to 9.43.2 [#13165](https://togithub.com/spring-projects/spring-security/issues/13165)
- Update io.projectreactor to 2022.0.7 [#13167](https://togithub.com/spring-projects/spring-security/issues/13167)
- Update jackson-bom to 2.14.3 [#13162](https://togithub.com/spring-projects/spring-security/issues/13162)
- Update jackson-databind to 2.14.3 [#13163](https://togithub.com/spring-projects/spring-security/issues/13163)
- Update jackson-datatype-jsr310 to 2.14.3 [#13164](https://togithub.com/spring-projects/spring-security/issues/13164)
- Update junit-bom to 5.9.3 [#13170](https://togithub.com/spring-projects/spring-security/issues/13170)
- Update junit-platform-launcher to 1.9.3 [#13172](https://togithub.com/spring-projects/spring-security/issues/13172)
- Update logback-classic to 1.4.7 [#13161](https://togithub.com/spring-projects/spring-security/issues/13161)
- Update micrometer-observation to 1.10.7 [#13166](https://togithub.com/spring-projects/spring-security/issues/13166)
- Update org.jetbrains.kotlin to 1.8.21 [#13169](https://togithub.com/spring-projects/spring-security/issues/13169)
- Update org.junit.jupiter to 5.9.3 [#13171](https://togithub.com/spring-projects/spring-security/issues/13171)
- Update org.springframework to 6.0.9 [#13173](https://togithub.com/spring-projects/spring-security/issues/13173)
- Update org.springframework.data to 2022.0.6 [#13174](https://togithub.com/spring-projects/spring-security/issues/13174)
- Update reactor-netty to 1.1.7 [#13168](https://togithub.com/spring-projects/spring-security/issues/13168)
- Update Spring Boot to 3.0.6 [#13177](https://togithub.com/spring-projects/spring-security/issues/13177)
- Update spring-ldap-core to 3.0.3 [#13175](https://togithub.com/spring-projects/spring-security/issues/13175)
#### :heart: Contributors
We'd like to thank all the contributors who worked on this release!
- [@SeasonPanPan](https://togithub.com/SeasonPanPan)
- [@neshkeev](https://togithub.com/neshkeev)
- [@1993heqiang](https://togithub.com/1993heqiang)
- [@delvering17](https://togithub.com/delvering17)
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
5.8.9->6.2.1Release Notes
spring-projects/spring-security (org.springframework.security:spring-security-cas)
### [`v6.2.1`](https://togithub.com/spring-projects/spring-security/releases/tag/6.2.1) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.2.0...6.2.1) #### :star: New Features - docs: make XML and Java/Kotlin consistent with AspectJExpressionPointcut [#14219](https://togithub.com/spring-projects/spring-security/pull/14219) - Document that Shibboleth Repository is Required for SAML Support [#14295](https://togithub.com/spring-projects/spring-security/issues/14295) - Fix typo in architecture.adoc [#14254](https://togithub.com/spring-projects/spring-security/pull/14254) - Fixing link in authentication/architecture.adoc [#13593](https://togithub.com/spring-projects/spring-security/pull/13593) - Integrate HandlerMappingIntrospector Caching [#14332](https://togithub.com/spring-projects/spring-security/issues/14332) - OAuth2 Resource Server is exposing server information. [#14278](https://togithub.com/spring-projects/spring-security/issues/14278) #### :beetle: Bug Fixes - Update Java Config Spring MVC documentation [#14234](https://togithub.com/spring-projects/spring-security/issues/14234) - add missing \[tabs] fix typo in docs [#14208](https://togithub.com/spring-projects/spring-security/pull/14208) - AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity [#14267](https://togithub.com/spring-projects/spring-security/issues/14267) - Correct What's New in 6.2 reference to forServletPattern [#14200](https://togithub.com/spring-projects/spring-security/issues/14200) - Fix typo in getClaimAsMap docstring [#14183](https://togithub.com/spring-projects/spring-security/pull/14183) - Fix typo in the 'Authorizing Requests' example [#14169](https://togithub.com/spring-projects/spring-security/pull/14169) - fix wrong document about "jws-algorithms" [#14280](https://togithub.com/spring-projects/spring-security/issues/14280) - Improve error message when ServletRegistration API is unavailable [#14232](https://togithub.com/spring-projects/spring-security/issues/14232) - Update Javadoc Comments in AuthorizationEvent Class [#14175](https://togithub.com/spring-projects/spring-security/pull/14175) #### :hammer: Dependency Upgrades - Bump actions/checkout from 3 to 4 [#14323](https://togithub.com/spring-projects/spring-security/pull/14323) - Bump actions/setup-java from 3 to 4 [#14320](https://togithub.com/spring-projects/spring-security/pull/14320) - Bump ch.qos.logback:logback-classic from 1.4.11 to 1.4.13 [#14213](https://togithub.com/spring-projects/spring-security/pull/14213) - Bump ch.qos.logback:logback-classic from 1.4.13 to 1.4.14 [#14239](https://togithub.com/spring-projects/spring-security/pull/14239) - Bump com.unboundid:unboundid-ldapsdk from 6.0.10 to 6.0.11 [#14223](https://togithub.com/spring-projects/spring-security/pull/14223) - Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 [#14328](https://togithub.com/spring-projects/spring-security/pull/14328) - Bump Gradle Wrapper from 8.4 to 8.5 [#14222](https://togithub.com/spring-projects/spring-security/issues/14222) - Bump io.micrometer:micrometer-observation from 1.12.0 to 1.12.1 [#14284](https://togithub.com/spring-projects/spring-security/pull/14284) - Bump io.projectreactor:reactor-bom from 2023.0.0 to 2023.0.1 [#14289](https://togithub.com/spring-projects/spring-security/pull/14289) - Bump org-apache-maven-resolver from 1.9.16 to 1.9.17 [#14184](https://togithub.com/spring-projects/spring-security/pull/14184) - Bump org-apache-maven-resolver from 1.9.17 to 1.9.18 [#14197](https://togithub.com/spring-projects/spring-security/pull/14197) - Bump org-aspectj from 1.9.20.1 to 1.9.21 [#14271](https://togithub.com/spring-projects/spring-security/pull/14271) - Bump org.apache.maven:maven-resolver-provider from 3.9.5 to 3.9.6 [#14228](https://togithub.com/spring-projects/spring-security/pull/14228) - Bump org.hibernate.orm:hibernate-core from 6.3.1.Final to 6.3.2.Final [#14190](https://togithub.com/spring-projects/spring-security/pull/14190) - Bump org.jetbrains.kotlin:kotlin-bom from 1.9.20 to 1.9.21 [#14192](https://togithub.com/spring-projects/spring-security/pull/14192) - Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.20 to 1.9.21 [#14191](https://togithub.com/spring-projects/spring-security/pull/14191) - Bump org.springframework.data:spring-data-bom from 2023.1.0 to 2023.1.1 [#14341](https://togithub.com/spring-projects/spring-security/pull/14341) - Bump org.springframework.ldap:spring-ldap-core from 3.2.0 to 3.2.1 [#14335](https://togithub.com/spring-projects/spring-security/pull/14335) - Bump org.springframework:spring-framework-bom from 6.1.0 to 6.1.1 [#14189](https://togithub.com/spring-projects/spring-security/pull/14189) - Bump org.springframework:spring-framework-bom from 6.1.1 to 6.1.2 [#14319](https://togithub.com/spring-projects/spring-security/pull/14319) - Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0 [#14318](https://togithub.com/spring-projects/spring-security/pull/14318) - Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 [#14322](https://togithub.com/spring-projects/spring-security/pull/14322) - Bump spring-io/spring-gradle-build-action from 1 to 2 [#14321](https://togithub.com/spring-projects/spring-security/pull/14321) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@ParkerM](https://togithub.com/ParkerM), [@YangSiJun528](https://togithub.com/YangSiJun528), [@aaron-to-go](https://togithub.com/aaron-to-go), [@ahmd-nabil](https://togithub.com/ahmd-nabil), [@andreilisa](https://togithub.com/andreilisa), [@dependabot](https://togithub.com/dependabot)\[bot], [@limvik](https://togithub.com/limvik), and [@prufrock](https://togithub.com/prufrock) ### [`v6.2.0`](https://togithub.com/spring-projects/spring-security/releases/tag/6.2.0) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.1.6...6.2.0) #### :star: New Features - AuthorizationManager\[Before/After]ReactiveMethodInterceptor doesn't support Kotlin coroutines [#12080](https://togithub.com/spring-projects/spring-security/issues/12080) - Simplify configuration of OAuth2 Client component model [#11783](https://togithub.com/spring-projects/spring-security/issues/11783) #### :beetle: Bug Fixes - On Cancel, ObservationWebFilterDecorator Starts After-Filter Span without Stopping It [#14064](https://togithub.com/spring-projects/spring-security/issues/14064) - Authentication not propagated correctly after migrating to SB3 [#14112](https://togithub.com/spring-projects/spring-security/issues/14112) - Authorization does not show up on Features section [#14105](https://togithub.com/spring-projects/spring-security/issues/14105) - Fix obsolete comment and typos [#14060](https://togithub.com/spring-projects/spring-security/pull/14060) - Fix typo in documentation [#14130](https://togithub.com/spring-projects/spring-security/pull/14130) - improve render in headers.adoc [#14102](https://togithub.com/spring-projects/spring-security/issues/14102) - ReactiveRemoteJWKSource caches invalid response status into jwkSetURL [#14042](https://togithub.com/spring-projects/spring-security/issues/14042) - References to WebFlux docs do not link to them [#14108](https://togithub.com/spring-projects/spring-security/issues/14108) - relay_state should not be included in signing calculation when it is null [#14039](https://togithub.com/spring-projects/spring-security/issues/14039) - samesite set by Tomcat CookieProcessor ignored when creating XSRF-TOKEN cookie in CsrfTokenRepository [#14138](https://togithub.com/spring-projects/spring-security/issues/14138) - Security configuration is failed to be initialized in a Servlet 6.0 container [#14166](https://togithub.com/spring-projects/spring-security/issues/14166) - Spring Security documentation confuses "idempotent" with "read-only" in CSRF section [#14115](https://togithub.com/spring-projects/spring-security/issues/14115) - Spring Security metric names should not contain dashes [#14067](https://togithub.com/spring-projects/spring-security/issues/14067) - spring.security counters inaccurate due onComplete and cancel() [#14147](https://togithub.com/spring-projects/spring-security/issues/14147) - The latest "OAuth2AuthorizedClientManager" class is not AOT ready [#14094](https://togithub.com/spring-projects/spring-security/issues/14094) - UnboundIdContainer should be marked as not running at shutdown [#14095](https://togithub.com/spring-projects/spring-security/issues/14095) #### :hammer: Dependency Upgrades - Bump io-spring-javaformat from 0.0.39 to 0.0.40 [#14156](https://togithub.com/spring-projects/spring-security/pull/14156) - Bump io.micrometer:micrometer-observation from 1.12.0-RC1 to 1.12.0 [#14135](https://togithub.com/spring-projects/spring-security/pull/14135) - Bump io.projectreactor:reactor-bom from 2023.0.0-RC1 to 2023.0.0 [#14145](https://togithub.com/spring-projects/spring-security/pull/14145) - Bump org.junit:junit-bom from 5.10.0 to 5.10.1 [#14097](https://togithub.com/spring-projects/spring-security/pull/14097) - Bump org.springframework.data:spring-data-bom from 2023.1.0-RC1 to 2023.1.0 [#14172](https://togithub.com/spring-projects/spring-security/pull/14172) - Bump org.springframework.ldap:spring-ldap-core from 3.2.0-RC1 to 3.2.0 [#14155](https://togithub.com/spring-projects/spring-security/pull/14155) - Bump org.springframework:spring-framework-bom from 6.1.0-RC1 to 6.1.0-RC2 [#14055](https://togithub.com/spring-projects/spring-security/pull/14055) - Bump org.springframework:spring-framework-bom from 6.1.0-RC2 to 6.1.0 [#14157](https://togithub.com/spring-projects/spring-security/pull/14157) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@nico-ortiz](https://togithub.com/nico-ortiz) - [@dependabot\[bot\]](https://togithub.com/apps/dependabot) - [@martin-lukas](https://togithub.com/martin-lukas) ### [`v6.1.6`](https://togithub.com/spring-projects/spring-security/releases/tag/6.1.6) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.1.5...6.1.6) #### :star: New Features - Document that Shibboleth Repository is Required for SAML Support [#14294](https://togithub.com/spring-projects/spring-security/issues/14294) - Integrate HandlerMappingIntrospector Caching [#14128](https://togithub.com/spring-projects/spring-security/issues/14128) - OAuth2 Resource Server is exposing server information. [#14277](https://togithub.com/spring-projects/spring-security/issues/14277) - Resolve RequestMatcher at request-time [#14085](https://togithub.com/spring-projects/spring-security/issues/14085) #### :beetle: Bug Fixes - AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity [#14266](https://togithub.com/spring-projects/spring-security/issues/14266) - Authentication not propagated correctly after migrating to SB3 [#14111](https://togithub.com/spring-projects/spring-security/issues/14111) - Authorization does not show up on Features section [#14104](https://togithub.com/spring-projects/spring-security/issues/14104) - DefaultLoginPageGeneratingFilter should be able to handle AuthenticationExceptions without message [#14117](https://togithub.com/spring-projects/spring-security/issues/14117) - Fix broken link for servlet getting started page [#14119](https://togithub.com/spring-projects/spring-security/pull/14119) - Fix typo in method-security.adoc [#14059](https://togithub.com/spring-projects/spring-security/pull/14059) - fix wrong document about "jws-algorithms" [#14279](https://togithub.com/spring-projects/spring-security/issues/14279) - Improve error message when ServletRegistration API is unavailable [#14231](https://togithub.com/spring-projects/spring-security/issues/14231) - improve render in headers.adoc [#14101](https://togithub.com/spring-projects/spring-security/issues/14101) - On Cancel, ObservationWebFilterDecorator Starts After-Filter Span without Stopping It [#14063](https://togithub.com/spring-projects/spring-security/issues/14063) - ReactiveRemoteJWKSource caches invalid response status into jwkSetURL [#14041](https://togithub.com/spring-projects/spring-security/issues/14041) - References to WebFlux docs do not link to them [#14107](https://togithub.com/spring-projects/spring-security/issues/14107) - relay_state should not be included in signing calculation when it is null [#14038](https://togithub.com/spring-projects/spring-security/issues/14038) - samesite set by Tomcat CookieProcessor ignored when creating XSRF-TOKEN cookie in CsrfTokenRepository [#14131](https://togithub.com/spring-projects/spring-security/issues/14131) - Security configuration is failed to be initialized in a Servlet 6.0 container [#14165](https://togithub.com/spring-projects/spring-security/issues/14165) - Spring Security documentation confuses "idempotent" with "read-only" in CSRF section [#14114](https://togithub.com/spring-projects/spring-security/issues/14114) - Spring Security metric names should not contain dashes [#14066](https://togithub.com/spring-projects/spring-security/issues/14066) - spring.security counters inaccurate due onComplete and cancel() [#14146](https://togithub.com/spring-projects/spring-security/issues/14146) - Update Java Config Spring MVC documentation [#14233](https://togithub.com/spring-projects/spring-security/issues/14233) - Update logout.adoc: Replace Directives with Directive [#14062](https://togithub.com/spring-projects/spring-security/pull/14062) #### :hammer: Dependency Upgrades - Bump actions/checkout from 3 to 4 [#14310](https://togithub.com/spring-projects/spring-security/pull/14310) - Bump actions/setup-java from 3 to 4 [#14327](https://togithub.com/spring-projects/spring-security/pull/14327) - Bump ch.qos.logback:logback-classic from 1.4.11 to 1.4.13 [#14214](https://togithub.com/spring-projects/spring-security/pull/14214) - Bump ch.qos.logback:logback-classic from 1.4.13 to 1.4.14 [#14238](https://togithub.com/spring-projects/spring-security/pull/14238) - Bump com.unboundid:unboundid-ldapsdk from 6.0.10 to 6.0.11 [#14224](https://togithub.com/spring-projects/spring-security/pull/14224) - Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 [#14317](https://togithub.com/spring-projects/spring-security/pull/14317) - Bump Gradle Wrapper from 8.4 to 8.5 [#14218](https://togithub.com/spring-projects/spring-security/pull/14218) - Bump io-spring-javaformat from 0.0.39 to 0.0.40 [#14158](https://togithub.com/spring-projects/spring-security/pull/14158) - Bump io.micrometer:micrometer-observation from 1.10.12 to 1.10.13 [#14134](https://togithub.com/spring-projects/spring-security/pull/14134) - Bump io.projectreactor:reactor-bom from 2022.0.12 to 2022.0.13 [#14144](https://togithub.com/spring-projects/spring-security/pull/14144) - Bump io.projectreactor:reactor-bom from 2022.0.13 to 2022.0.14 [#14288](https://togithub.com/spring-projects/spring-security/pull/14288) - Bump org-aspectj from 1.9.20.1 to 1.9.21 [#14272](https://togithub.com/spring-projects/spring-security/pull/14272) - Bump org-eclipse-jetty from 11.0.17 to 11.0.18 [#14081](https://togithub.com/spring-projects/spring-security/pull/14081) - Bump org.springframework.data:spring-data-bom from 2022.0.11 to 2022.0.12 [#14173](https://togithub.com/spring-projects/spring-security/pull/14173) - Bump org.springframework:spring-framework-bom from 6.0.13 to 6.0.14 [#14159](https://togithub.com/spring-projects/spring-security/pull/14159) - Bump org.springframework:spring-framework-bom from 6.0.14 to 6.0.15 [#14312](https://togithub.com/spring-projects/spring-security/pull/14312) - Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0 [#14315](https://togithub.com/spring-projects/spring-security/pull/14315) - Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 [#14316](https://togithub.com/spring-projects/spring-security/pull/14316) - Bump spring-io/spring-gradle-build-action from 1 to 2 [#14305](https://togithub.com/spring-projects/spring-security/pull/14305) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@Ruffeng](https://togithub.com/Ruffeng), [@dependabot](https://togithub.com/dependabot)\[bot], [@github-actions](https://togithub.com/github-actions)\[bot], [@marbon87](https://togithub.com/marbon87), and [@sadidshaikh](https://togithub.com/sadidshaikh) ### [`v6.1.5`](https://togithub.com/spring-projects/spring-security/releases/tag/6.1.5) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.1.4...6.1.5) ##### :star: New Features - Document how to publish an `AuthenticationManager` `@Bean` without `WebSecurityConfigurerAdapter` [#14015](https://togithub.com/spring-projects/spring-security/issues/14015) - Replace deprecated method [#13649](https://togithub.com/spring-projects/spring-security/pull/13649) - Use Gradle's Version Catalog [#13871](https://togithub.com/spring-projects/spring-security/issues/13871) ##### :beetle: Bug Fixes - Dependency convergence failed: nimbus-jose-jwt [#13843](https://togithub.com/spring-projects/spring-security/issues/13843) - Docs custom AuthorizationManager fix [#13991](https://togithub.com/spring-projects/spring-security/pull/13991) - Fix `snapshot_tests` on CI workflow [#13878](https://togithub.com/spring-projects/spring-security/issues/13878) - Fix parsing of GET SAML logout requests [#13970](https://togithub.com/spring-projects/spring-security/pull/13970) - Saml-Metadata with special characters is corrupted [#13861](https://togithub.com/spring-projects/spring-security/issues/13861) - Saml2LogoutRequestMixin relayState property should be binding [#13942](https://togithub.com/spring-projects/spring-security/issues/13942) ##### :hammer: Dependency Upgrades - Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 [#13984](https://togithub.com/spring-projects/spring-security/pull/13984) - Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 [#13891](https://togithub.com/spring-projects/spring-security/pull/13891) - Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 [#13950](https://togithub.com/spring-projects/spring-security/pull/13950) - Bump com.gradle.enterprise from 3.12.3 to 3.12.6 [#13934](https://togithub.com/spring-projects/spring-security/pull/13934) - Bump com.unboundid:unboundid-ldapsdk from 6.0.9 to 6.0.10 [#13903](https://togithub.com/spring-projects/spring-security/pull/13903) - Bump Gradle Wrapper from 8.3 to 8.4 [#13974](https://togithub.com/spring-projects/spring-security/pull/13974) - Bump io.freefair.gradle:aspectj-plugin from 6.6-rc1 to 6.6.3 [#13935](https://togithub.com/spring-projects/spring-security/pull/13935) - Bump io.micrometer:micrometer-observation from 1.10.10 to 1.10.11 [#13945](https://togithub.com/spring-projects/spring-security/pull/13945) - Bump io.micrometer:micrometer-observation from 1.10.11 to 1.10.12 [#14001](https://togithub.com/spring-projects/spring-security/pull/14001) - Bump io.mockk:mockk from 1.13.7 to 1.13.8 [#13952](https://togithub.com/spring-projects/spring-security/pull/13952) - Bump io.projectreactor:reactor-bom from 2022.0.10 to 2022.0.11 [#13937](https://togithub.com/spring-projects/spring-security/pull/13937) - Bump io.projectreactor:reactor-bom from 2022.0.11 to 2022.0.12 [#14000](https://togithub.com/spring-projects/spring-security/pull/14000) - Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 [#13985](https://togithub.com/spring-projects/spring-security/pull/13985) - Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.0 to 4.0.1 [#13949](https://togithub.com/spring-projects/spring-security/pull/13949) - Bump org-aspectj from 1.9.20 to 1.9.20.1 [#13896](https://togithub.com/spring-projects/spring-security/pull/13896) - Bump org-eclipse-jetty from 11.0.15 to 11.0.16 [#13901](https://togithub.com/spring-projects/spring-security/pull/13901) - Bump org-eclipse-jetty from 11.0.16 to 11.0.17 [#13999](https://togithub.com/spring-projects/spring-security/pull/13999) - Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 [#13953](https://togithub.com/spring-projects/spring-security/pull/13953) - Bump org.slf4j:slf4j-api from 2.0.7 to 2.0.9 [#13938](https://togithub.com/spring-projects/spring-security/pull/13938) - Bump org.springframework.data:spring-data-bom from 2022.0.10 to 2022.0.11 [#14019](https://togithub.com/spring-projects/spring-security/pull/14019) - Bump org.springframework.data:spring-data-bom from 2022.0.9 to 2022.0.10 [#13951](https://togithub.com/spring-projects/spring-security/pull/13951) - Bump org.springframework.ldap:spring-ldap-core from 3.0.5 to 3.0.6 [#14007](https://togithub.com/spring-projects/spring-security/pull/14007) - Bump org.springframework:spring-framework-bom from 6.0.11 to 6.0.12 [#13904](https://togithub.com/spring-projects/spring-security/pull/13904) - Bump org.springframework:spring-framework-bom from 6.0.12 to 6.0.13 [#14006](https://togithub.com/spring-projects/spring-security/pull/14006) - Update to org.apereo.cas.client:cas-client-core 4.0.3 [#13947](https://togithub.com/spring-projects/spring-security/issues/13947) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@Dyndyn](https://togithub.com/Dyndyn) - [@limvik](https://togithub.com/limvik) - [@github-actions\[bot\]](https://togithub.com/apps/github-actions) - [@dependabot\[bot\]](https://togithub.com/apps/dependabot) - [@pbborisov18](https://togithub.com/pbborisov18) ### [`v6.1.4`](https://togithub.com/spring-projects/spring-security/releases/tag/6.1.4) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.1.3...6.1.4) #### :star: New Features - Automate spring-security.xsd [#13825](https://togithub.com/spring-projects/spring-security/issues/13825) #### :beetle: Bug Fixes - CookieCsrfTokenRepository resets httpOnly to true in case a cookieCustomizer is set [#13659](https://togithub.com/spring-projects/spring-security/issues/13659) - CookieRequestCache ignores user Locale [#13796](https://togithub.com/spring-projects/spring-security/issues/13796) - Default Security Configuration adds WWW-Authenticate Twice [#13759](https://togithub.com/spring-projects/spring-security/issues/13759) - Fix inaccurate information about permitting the FORWARD dispatcher in Kotlin [#13729](https://togithub.com/spring-projects/spring-security/pull/13729) - OAuth2AuthenticationExceptionMixin doesn't work in JDK 17 [#13800](https://togithub.com/spring-projects/spring-security/issues/13800) - Problem uploading multipart file after migrating to latest Spring Security. [#13820](https://togithub.com/spring-projects/spring-security/issues/13820) - Saml2AuthenticationExceptionMixin doesn't work in JDK 17 [#13806](https://togithub.com/spring-projects/spring-security/issues/13806) - Spring ACL and native compilation fail to process datasource properties [#13814](https://togithub.com/spring-projects/spring-security/issues/13814) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@username1103](https://togithub.com/username1103) ### [`v6.1.3`](https://togithub.com/spring-projects/spring-security/releases/tag/6.1.3) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.1.2...6.1.3) #### :star: New Features - Add MvcRequestMatcher reference documentation [#13726](https://togithub.com/spring-projects/spring-security/issues/13726) - Refactor for readability [#13472](https://togithub.com/spring-projects/spring-security/pull/13472) - requestMatchers servlet validation error should include information about servlet paths [#13722](https://togithub.com/spring-projects/spring-security/issues/13722) - requestMatchers should not count servlets without mappings [#13724](https://togithub.com/spring-projects/spring-security/issues/13724) #### :beetle: Bug Fixes - Add return statement of the roleHierachy method in the servlet/author… [#13596](https://togithub.com/spring-projects/spring-security/pull/13596) - Fix typo in docs [#13637](https://togithub.com/spring-projects/spring-security/issues/13637) - Referrer Header is set in Reactive Web Applications by default, although doc says it is not. [#13590](https://togithub.com/spring-projects/spring-security/issues/13590) - RequestMatcherMetadataResponseResolver only shows last RelyingPartyRegistration [#13700](https://togithub.com/spring-projects/spring-security/issues/13700) - saml2Login should not override OpenSaml4AuthenticationProvider bean [#13655](https://togithub.com/spring-projects/spring-security/issues/13655) - The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered [#13580](https://togithub.com/spring-projects/spring-security/issues/13580) - Update links in adocs [#13632](https://togithub.com/spring-projects/spring-security/issues/13632) #### :hammer: Dependency Upgrades - Update io.projectreactor to 2022.0.10 [#13674](https://togithub.com/spring-projects/spring-security/issues/13674) - Update logback-classic to 1.4.11 [#13669](https://togithub.com/spring-projects/spring-security/issues/13669) - Update micrometer-observation to 1.10.10 [#13672](https://togithub.com/spring-projects/spring-security/issues/13672) - Update mockk to 1.13.7 [#13673](https://togithub.com/spring-projects/spring-security/issues/13673) - Update org.aspectj to 1.9.20 [#13676](https://togithub.com/spring-projects/spring-security/issues/13676) - Update org.springframework.data to 2022.0.9 [#13677](https://togithub.com/spring-projects/spring-security/issues/13677) - Update reactor-netty to 1.1.10 [#13675](https://togithub.com/spring-projects/spring-security/issues/13675) - Update spring-ldap-core to 3.0.5 [#13678](https://togithub.com/spring-projects/spring-security/issues/13678) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@galmegiz](https://togithub.com/galmegiz) - [@limvik](https://togithub.com/limvik) ### [`v6.1.2`](https://togithub.com/spring-projects/spring-security/releases/tag/6.1.2) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.1.1...6.1.2) #### :star: New Features - Improve RequestMatcher Validation [#13557](https://togithub.com/spring-projects/spring-security/issues/13557) - Improve Security Filters Documentation [#13414](https://togithub.com/spring-projects/spring-security/issues/13414) - Optimize Querying of RequestCache -> continue parameter [#13488](https://togithub.com/spring-projects/spring-security/issues/13488) - Optimize Querying of RequestCache -> continue parameter [#13482](https://togithub.com/spring-projects/spring-security/issues/13482) #### :beetle: Bug Fixes - Error message should show underlying Client Authentication method [#13498](https://togithub.com/spring-projects/spring-security/issues/13498) - Javadoc for AuthorizationFilter#filterErrorDispatch is wrong [#13465](https://togithub.com/spring-projects/spring-security/issues/13465) - once-per-request="true" does not work in XML configuration [#13494](https://togithub.com/spring-projects/spring-security/issues/13494) - Spring Security 6 combined with AspectJ weaving of spring-security-aspects executes PreAuthorize twice [#13199](https://togithub.com/spring-projects/spring-security/issues/13199) - Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration [#13421](https://togithub.com/spring-projects/spring-security/issues/13421) - Unable to Use `hasIpAddress()` Method After Migrating to `authorizeHttpRequests()` in Spring Security 6 [#13478](https://togithub.com/spring-projects/spring-security/issues/13478) - update l179 of jwt docs [#13480](https://togithub.com/spring-projects/spring-security/pull/13480) - Use default PathPatternParser instance [#13464](https://togithub.com/spring-projects/spring-security/issues/13464) #### :hammer: Dependency Upgrades - Update io.projectreactor to 2022.0.9 [#13525](https://togithub.com/spring-projects/spring-security/issues/13525) - Update jakarta.websocket to 2.1.1 [#13526](https://togithub.com/spring-projects/spring-security/issues/13526) - Update micrometer-observation to 1.10.9 [#13524](https://togithub.com/spring-projects/spring-security/issues/13524) - Update org.springframework to 6.0.11 [#13527](https://togithub.com/spring-projects/spring-security/issues/13527) - Update org.springframework.data to 2022.0.8 [#13528](https://togithub.com/spring-projects/spring-security/issues/13528) - Update org.springframework.data to 2022.0.8 [#13522](https://togithub.com/spring-projects/spring-security/issues/13522) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@sueszli](https://togithub.com/sueszli) ### [`v6.1.1`](https://togithub.com/spring-projects/spring-security/releases/tag/6.1.1) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/6.1.0...6.1.1) ##### :star: New Features - Add initial Native section to reference docs [#13236](https://togithub.com/spring-projects/spring-security/issues/13236) - Align Resource Server documentation with Boot's capabilities [#13239](https://togithub.com/spring-projects/spring-security/issues/13239) - Convert to Asciidoctor Tabs [#13407](https://togithub.com/spring-projects/spring-security/issues/13407) - Document How to Handle Method Security in Native Image [#13237](https://togithub.com/spring-projects/spring-security/issues/13237) - Improve javadoc about deprecation of .and() and non-Customizer methods [#13273](https://togithub.com/spring-projects/spring-security/issues/13273) - Make eclipse/vscode project import work [#13284](https://togithub.com/spring-projects/spring-security/issues/13284) - Mention that authorizeHttpRequests does not support GrantedAuthorityDefaults [#13229](https://togithub.com/spring-projects/spring-security/issues/13229) - mockOAuth2Login() does not work in collaboration with Spring Cloud Gateway and TokenRelayGatewayFilter [#13254](https://togithub.com/spring-projects/spring-security/issues/13254) - Use Antora name of security [#13331](https://togithub.com/spring-projects/spring-security/issues/13331) ##### :beetle: Bug Fixes - Additional filters registered when using Custom DSL [#13282](https://togithub.com/spring-projects/spring-security/issues/13282) - AOT Fails to proxy [#13369](https://togithub.com/spring-projects/spring-security/issues/13369) - CasAuthenticationFilter.successfulAuthentication missing call to securityContextRepository.saveContext [#13243](https://togithub.com/spring-projects/spring-security/issues/13243) - DefaultAuthorizationCodeTokenResponseClient.getTokenResponse(OAuth2AuthorizationCodeGrantRequest) can return null [#13223](https://togithub.com/spring-projects/spring-security/issues/13223) - Deprecated hint on BasicAuthenticationFilter [#13279](https://togithub.com/spring-projects/spring-security/issues/13279) - Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository [#13193](https://togithub.com/spring-projects/spring-security/issues/13193) - Fix Antora Warnings [#13294](https://togithub.com/spring-projects/spring-security/issues/13294) - Fix constant value in XContentTypeOptionsServerHttpHeadersWriter [#13221](https://togithub.com/spring-projects/spring-security/issues/13221) - Fix Documentation Title [#13318](https://togithub.com/spring-projects/spring-security/issues/13318) - Fix legacy-websocket-configuration cross-reference [#13206](https://togithub.com/spring-projects/spring-security/issues/13206) - Fix type on method-security.adoc [#13212](https://togithub.com/spring-projects/spring-security/pull/13212) - http://www.springframework.org/schema/security/spring-security.xsd returns 404 [#13209](https://togithub.com/spring-projects/spring-security/issues/13209) - Migration to EnableMethodSecurity break Transactional on custom PermissionEvaluator [#13218](https://togithub.com/spring-projects/spring-security/issues/13218) - No longer maintained net.sourceforge.nekohtml with known security issues [#13287](https://togithub.com/spring-projects/spring-security/issues/13287) - Provide meaningful error when invalid client-authentication-method is provided [#13309](https://togithub.com/spring-projects/spring-security/issues/13309) - Proxy Server section is not linked in nav [#13324](https://togithub.com/spring-projects/spring-security/issues/13324) - Use consistent list of micrometer tags in web observation handler [#13190](https://togithub.com/spring-projects/spring-security/issues/13190) - UserBuilder does not allow authorities to be overridden [#13290](https://togithub.com/spring-projects/spring-security/pull/13290) ##### :hammer: Dependency Upgrades - Update cas-client-core to 4.0.2 [#13342](https://togithub.com/spring-projects/spring-security/issues/13342) - Update com.nimbusds to 9.43.3 [#13335](https://togithub.com/spring-projects/spring-security/issues/13335) - Update hsqldb to 2.7.2 [#13343](https://togithub.com/spring-projects/spring-security/issues/13343) - Update io.projectreactor to 2022.0.8 [#13338](https://togithub.com/spring-projects/spring-security/issues/13338) - Update io.rsocket to 1.1.4 [#13340](https://togithub.com/spring-projects/spring-security/issues/13340) - Update io.spring.javaformat to 0.0.39 [#13341](https://togithub.com/spring-projects/spring-security/issues/13341) - Update logback-classic to 1.4.8 [#13334](https://togithub.com/spring-projects/spring-security/issues/13334) - Update micrometer-observation to 1.10.8 [#13337](https://togithub.com/spring-projects/spring-security/issues/13337) - Update org.jetbrains.kotlin to 1.8.22 [#13344](https://togithub.com/spring-projects/spring-security/issues/13344) - Update org.springframework to 6.0.10 [#13345](https://togithub.com/spring-projects/spring-security/issues/13345) - Update org.springframework.data to 2022.0.7 [#13346](https://togithub.com/spring-projects/spring-security/issues/13346) - Update reactor-netty to 1.1.8 [#13339](https://togithub.com/spring-projects/spring-security/issues/13339) - Update spring-ldap-core to 3.0.4 [#13347](https://togithub.com/spring-projects/spring-security/issues/13347) - Update unboundid-ldapsdk to 6.0.9 [#13336](https://togithub.com/spring-projects/spring-security/issues/13336) ##### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@dkorotych](https://togithub.com/dkorotych) - [@mariodmpereira](https://togithub.com/mariodmpereira) ### [`v6.1.0`](https://togithub.com/spring-projects/spring-security/releases/tag/6.1.0) [Compare Source](https://togithub.com/spring-projects/spring-security/compare/5.8.9...6.1.0) #### :star: New Features - Explain the rational about deprecating .and() and non-lambda DSL methods [#13094](https://togithub.com/spring-projects/spring-security/issues/13094) - Revisit CSRF Documentation [#13089](https://togithub.com/spring-projects/spring-security/issues/13089) #### :beetle: Bug Fixes - AffirmativeBased vs. AuthorizationManagers.anyOf(...) documentation [#13087](https://togithub.com/spring-projects/spring-security/issues/13087) - AuthorizationAnnotationUtils.findUniqueAnnotation broken for synthetic methods [#13154](https://togithub.com/spring-projects/spring-security/issues/13154) - Clarify that Kotlin DSL needs an import [#13103](https://togithub.com/spring-projects/spring-security/issues/13103) - CookieCsrfTokenRepository overwrites previous Set-Cookie response headers [#13075](https://togithub.com/spring-projects/spring-security/issues/13075) - Fix code snippets in Authorize HttpServletRequest [#13126](https://togithub.com/spring-projects/spring-security/issues/13126) - Fix invalid link in ref doc [#12573](https://togithub.com/spring-projects/spring-security/pull/12573) - fix javadoc typo [#12884](https://togithub.com/spring-projects/spring-security/pull/12884) - Fix typo cas.adoc [#13116](https://togithub.com/spring-projects/spring-security/pull/13116) - Links between migration docs are out of date [#13157](https://togithub.com/spring-projects/spring-security/issues/13157) - RememberMeAuthenticationFilter does not use SecurityContextRepository configured in HttpSecurity [#13128](https://togithub.com/spring-projects/spring-security/issues/13128) - rolePrefix with empty string returns HTTP 400 as of version 6.0.3 [#13083](https://togithub.com/spring-projects/spring-security/issues/13083) - SAML login fails in Internet Explorer 11 [#13142](https://togithub.com/spring-projects/spring-security/issues/13142) - SimpleAroundFilterObservation.wrap calls scope.close() duplicated [#13150](https://togithub.com/spring-projects/spring-security/issues/13150) - Spring Boot 3.0 application failing to start with oauth2-resource-server and spring actuator [#13122](https://togithub.com/spring-projects/spring-security/issues/13122) - Update acls.adoc [#13078](https://togithub.com/spring-projects/spring-security/pull/13078) - Update architecture.adoc [#13077](https://togithub.com/spring-projects/spring-security/pull/13077) - Web Security Expression section of Documentation is obsolete or it does not work [#12974](https://togithub.com/spring-projects/spring-security/issues/12974) #### :hammer: Dependency Upgrades - Update com.nimbusds to 9.43.2 [#13165](https://togithub.com/spring-projects/spring-security/issues/13165) - Update io.projectreactor to 2022.0.7 [#13167](https://togithub.com/spring-projects/spring-security/issues/13167) - Update jackson-bom to 2.14.3 [#13162](https://togithub.com/spring-projects/spring-security/issues/13162) - Update jackson-databind to 2.14.3 [#13163](https://togithub.com/spring-projects/spring-security/issues/13163) - Update jackson-datatype-jsr310 to 2.14.3 [#13164](https://togithub.com/spring-projects/spring-security/issues/13164) - Update junit-bom to 5.9.3 [#13170](https://togithub.com/spring-projects/spring-security/issues/13170) - Update junit-platform-launcher to 1.9.3 [#13172](https://togithub.com/spring-projects/spring-security/issues/13172) - Update logback-classic to 1.4.7 [#13161](https://togithub.com/spring-projects/spring-security/issues/13161) - Update micrometer-observation to 1.10.7 [#13166](https://togithub.com/spring-projects/spring-security/issues/13166) - Update org.jetbrains.kotlin to 1.8.21 [#13169](https://togithub.com/spring-projects/spring-security/issues/13169) - Update org.junit.jupiter to 5.9.3 [#13171](https://togithub.com/spring-projects/spring-security/issues/13171) - Update org.springframework to 6.0.9 [#13173](https://togithub.com/spring-projects/spring-security/issues/13173) - Update org.springframework.data to 2022.0.6 [#13174](https://togithub.com/spring-projects/spring-security/issues/13174) - Update reactor-netty to 1.1.7 [#13168](https://togithub.com/spring-projects/spring-security/issues/13168) - Update Spring Boot to 3.0.6 [#13177](https://togithub.com/spring-projects/spring-security/issues/13177) - Update spring-ldap-core to 3.0.3 [#13175](https://togithub.com/spring-projects/spring-security/issues/13175) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@SeasonPanPan](https://togithub.com/SeasonPanPan) - [@neshkeev](https://togithub.com/neshkeev) - [@1993heqiang](https://togithub.com/1993heqiang) - [@delvering17](https://togithub.com/delvering17)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.