|
For the latest stable version, please use Spring Security 6.3.3! |
|
For the latest stable version, please use Spring Security 6.3.3! |
Spring Security 5.8 provides a number of new features. Below are the highlights of the release.
Core
AuthorizationManager API
-
gh-11493 -
AuthorizationManagersupports SpEL -
Additional XML support for
AuthorizationManager -
gh-11393 - Additional DSL support for
AuthorizationManager -
Additional XML Support for `AuthorizationManager
-
gh-11304 -
AuthorizationManagersupportsRoleHierarchy -
gh-11076 -
AuthorizationManagersupports WebSockets -
gh-11326 -
AuthorizationManagersupports AspectJ -
gh-4841, gh-9401 -
ReactiveAuthorizationManagersupports method security -
gh-11625 - Support
AuthorizationManagercomposition
Misc
-
gh-10973 -
SecurityContextHolderStrategycan be published as a@Bean
Config
-
gh-11771 -
HttpSecurityDslshould supportapplymethod
OAuth
-
gh-11590 - Deprecate Resource Owner Password Grant
-
gh-11383 - Add
baseScheme,baseHost,basePortandbasePathto thepost_logout_redirect_uri -
gh-11661 - Add
OpaqueTokenAuthenticationConverter -
gh-11232 -
ClientRegistrations#restdefines 30s connect and read timeouts -
gh-11638 - Refresh remote JWK when unknown KID error occurs
Web
-
gh-11073 - Add
DelegatingServerHttpHeadersWriter -
gh-4001 - Add servlet support for CSRF BREACH protection
-
gh-11959 - Add reactive support for CSRF BREACH protection
-
gh-11464 - Remember Me supports SHA256 algorithm
-
gh-11908 - Make X-Xss-Protection header value configurable in ServerHttpSecurity
-
gh-11347 - Simplify Java Configuration
RequestMatcherUsage -
gh-9159 - Add
securityMatcheras an alias onrequestMatcherinHttpSecurity -
gh-11952 - Add
csrfTokenRequestResolvertoCsrfDsl -
gh-11916 -
HttpSecurityConfigurationpicks upContentNegotiationStrategybean -
gh-11971 - Additional support for
AuthorizationFilterrunning for all dispatcher types
Test
-
gh-6899 -
@WithMockUserworks as meta-annotation