6.0.3
⭐ New Features
- Add new DaoAuthenticationProvider constructor #12874
- Clarify documentation code snippet(s) (unclear where static imported methods come from) #12992
- Documentation should mention that an empty SecurityContext should also be saved #12941
- Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist #12932
- Incomplete documentation regarding Hierarchical roles. #12766
- Remove deprecated
SecurityContextPersistenceFilter
from docs #12690
🪲 Bug Fixes
@EnableReactiveMethodSecurity
causes premature initialization of the ObservationRegistry and prevents it from being post-processed #12780- Broken links in form login section of docs #12822
- chore: typo, removed extra "s" in word implementationss #12882
- EntityId ignored in xml relying-party-registration #12777
- Fix a javadoc typo in ReactiveAuthorizationManager #13000
- Fix a javadoc typo in ReactiveAuthorizationManager #12983
- Fix broken links in form login section #12823
- Fix docs typo #12745
- Fix documentation code block bug. #12980
- Fix typo architecture.adoc #12851
- fix typo in RequestCacheResultMatcher #12814
- HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support #12919
- JdkSerializationRedisSerializer is not able to serialize Saml2LogoutRequest because of a lambda encoder #12767
- MessageMatcherDelegatingAuthorizationManager not extracting path variables for authorization context #12540
- Missing spring-security-oauth2 xsds after release #12806
- NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed #13005
- NoSuchElementException in org.springframework.security.web.server.ObservationWebFilterChainDecorator$AroundWebFilterObservation$SimpleAroundWebFilterObservation.start(ObservationWebFilterChainDecorator.java:274 #12829
- Observation Spans are not nested correctly in Webflux #12849
- RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present #13055
- Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver #12936
- Spring Security 6.0.2 ObservationFilterChainDecorator produce wrong instrument names #12811
- SwitchUserFilter should use HttpSessionSecurityContextRepository by default #12836
🔨 Dependency Upgrades
- Update assertj-core to 3.24.2 #13038
- Update io.projectreactor to 2022.0.6 #13034
- Update io.spring.javaformat to 0.0.38 #13036
- Update logback-classic to 1.4.6 #13030
- Update maven-resolver-provider to 3.8.8 #13037
- Update micrometer-observation to 1.10.6 #13032
- Update mockk to 1.13.5 #13033
- Update org.eclipse.jetty to 11.0.15 #13039
- Update org.springframework to 6.0.8 #13041
- Update org.springframework.data to 2022.0.5 #13042
- Update reactor-netty to 1.1.6 #13035
- Update slf4j-api to 2.0.7 #13040
- Update spring-ldap-core to 3.0.2 #13043
- Update unboundid-ldapsdk to 6.0.8 #13031
❤️ Contributors
We'd like to thank all the contributors who worked on this release!