fix(deps): update dependency org.springframework.security:spring-security-oauth2-jose to v5.8.11

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework.security:spring-security-oauth2-jose (source)	5.7.2 -> 5.8.11

---

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-oauth2-jose)

v5.8.11

Compare Source

🪲 Bug Fixes

• Allow tab in HTTP header values. #​14590
• Check for null Authentication #​14664
• PostAuthorize Method Interceptors Should Use Order from AuthorizationInterceptorsOrder #​14720
• Remove duplicate setSecurityContextHolderStrategy #​14603
• Spring security's ServerLogoutHandler order problem. #​14379

🔨 Dependency Upgrades

• Bump io.projectreactor.netty:reactor-netty from 1.0.41 to 1.0.43 #​14730
• Bump io.projectreactor:reactor-bom from 2020.0.41 to 2020.0.42 #​14729
• Bump org.springframework:spring-framework-bom from 5.3.32 to 5.3.33 #​14759

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​chbecker2
• @​kse-music
• @​dependabot[bot]

v5.8.10

Compare Source

⭐ New Features

• Updated broken documentation link in javadocs #​14329

🪲 Bug Fixes

• Fix security filter sort in javadoc #​14552
• ReactiveMethodSecurityConfiguration is initialized prematurely when the context contains a BeanPostProcessor #​11596
• Saml2 LogoutFilter Should Come Before Common LogoutFilter #​14549

🔨 Dependency Upgrades

• Bump Gamesight/slack-workflow-status from 1.2.0 to 1.3.0 #​14584
• Bump gradle/gradle-build-action from 2 to 3 #​14505
• Bump io-spring-javaformat from 0.0.40 to 0.0.41 #​14438
• Bump io.projectreactor.netty:reactor-netty from 1.0.40 to 1.0.41 #​14432
• Bump io.projectreactor:reactor-bom from 2020.0.39 to 2020.0.40 #​14431
• Bump io.projectreactor:reactor-bom from 2020.0.40 to 2020.0.41 #​14614
• Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 #​14464
• Bump org-aspectj from 1.9.20.1 to 1.9.21.1 #​14607
• Bump org-eclipse-jetty from 9.4.53.v20231009 to 9.4.54.v20240208 #​14608
• Bump org.springframework:spring-framework-bom from 5.3.31 to 5.3.32 #​14622
• Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 #​14506
• Bump spring-io/spring-github-workflows from eaf17a1 to 1e8b058 #​14585

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​kse-music
• @​geirhe
• @​aspan
• @​dependabot[bot]

v5.8.9

Compare Source

⭐ New Features

• Document that Shibboleth Repository is Required for SAML Support #​14286
• OAuth2 Resource Server is exposing server information. #​13730
• Resolve RequestMatcher at request-time #​14078
• Update Java Config Spring MVC documentation #​14220

🪲 Bug Fixes

• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #​13625
• Authentication not propagated correctly after migrating to SB3 #​12877
• Authorization does not show up on Features section #​14099
• Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #​13718
• Fix caching error state in ReactiveRemoteJWKSource #​13976
• fix wrong document about "jws-algorithms" #​14252
• Improve error message when ServletRegistration API is unavailable #​14221
• References to WebFlux docs do not link to them #​14100
• relay_state should not be included in signing calculation when it is null #​13913
• Security configuration is failed to be initialized in a Servlet 6.0 container #​13794
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #​13644
• X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #​11948
• XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #​12483

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #​14313
• Bump actions/setup-java from 3 to 4 #​14307
• Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 #​14240
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #​14301
• Bump io-spring-javaformat from 0.0.39 to 0.0.40 #​14153
• Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 #​14143
• Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 #​14290
• Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 #​14142
• Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 #​14291
• Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 #​14170
• Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 #​14154
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #​14303
• Bump spring-io/spring-gradle-build-action from 1 to 2 #​14308

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​dongelci
• @​dependabot[bot]

v5.8.8

Compare Source

⭐ New Features

• Document how to publish an AuthenticationManager @Bean without WebSecurityConfigurerAdapter #​11926
• Use Gradle's Version Catalog #​13868

🪲 Bug Fixes

• Fix snapshot_tests on CI workflow #​13876
• fix corrupted saml2 metadata once special characters are present #​13777
• Saml-Metadata with special characters is corrupted #​13776
• Saml2LogoutRequestMixin relayState property should be binding #​12539

🔨 Dependency Upgrades

• Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 #​13982
• Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 #​13927
• Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 #​13890
• Bump com.gradle.enterprise from 3.11.1 to 3.11.4 #​13928
• Bump io.projectreactor.netty:reactor-netty from 1.0.35 to 1.0.36 #​13885
• Bump io.projectreactor.netty:reactor-netty from 1.0.36 to 1.0.38 #​13998
• Bump io.projectreactor:reactor-bom from 2020.0.35 to 2020.0.36 #​13944
• Bump io.projectreactor:reactor-bom from 2020.0.36 to 2020.0.37 #​13997
• Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 #​13925
• Bump org-aspectj from 1.9.20 to 1.9.20.1 #​13893
• Bump org-eclipse-jetty from 9.4.51.v20230217 to 9.4.52.v20230823 #​13909
• Bump org-eclipse-jetty from 9.4.52.v20230823 to 9.4.53.v20231009 #​13996
• Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.17.2 #​13926
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 #​13954
• Bump org.springframework.data:spring-data-bom from 2021.2.15 to 2021.2.16 #​13907
• Bump org.springframework.data:spring-data-bom from 2021.2.16 to 2021.2.17 #​14018
• Bump org.springframework:spring-framework-bom from 5.3.29 to 5.3.30 #​13908

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​JannickWeisshaupt
• @​erichaagdev
• @​dependabot[bot]

v5.8.7

Compare Source

⭐ New Features

• Automate spring-security.xsd #​13823

🪲 Bug Fixes

• CookieRequestCache ignores user Locale #​13792
• Default Security Configuration adds WWW-Authenticate Twice #​13737
• OAuth2AuthenticationExceptionMixin doesn't work in JDK 17 #​11893
• Saml2AuthenticationExceptionMixin doesn't work in JDK 17 #​13804

v5.8.6

Compare Source

⭐ New Features

• Closes #​11450 - Add Java beans configuration for Remmember Me Docs #​13570
• Dependencies are resolved from appropriate repositories #​13582
• requestMatchers servlet validation error should include information about servlet paths #​13667
• requestMatchers should not count servlets without mappings #​13666

🪲 Bug Fixes

• Fix Bearer Token RestTemplate Support example #​13434
• Referrer Header is set in Reactive Web Applications by default, although doc says it is not. #​13561
• The bean 'preFilterAuthorizationAdvisor', defined in class path resource could not be registered #​13572

🔨 Dependency Upgrades

• Update io.projectreactor to 2020.0.35 #​13702
• Update org.aspectj to 1.9.20 #​13704
• Update org.springframework.data to 2021.2.15 #​13705
• Update reactor-netty to 1.0.35 #​13703

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​erichaagdev
• @​petrovskimario
• @​daniel-shuy

v5.8.5

Compare Source

⭐ New Features

• Improve RequestMatcher Validation #​13551
• Improve Security Filters Documentation #​8167

🪲 Bug Fixes

• Optimize Querying of RequestCache -> continue parameter #​13438
• Unable to Find 'filterProcessingUrl' Method in Spring Security 6.1.1 Saml2LoginConfigurer Configuration #​13417
• Use default PathPatternParser instance #​13462

🔨 Dependency Upgrades

• Update io.projectreactor to 2020.0.34 #​13513
• Update org.springframework to 5.3.29 #​13515
• Update org.springframework.data to 2021.2.14 #​13516
• Update reactor-netty to 1.0.34 #​13514

v5.8.4

Compare Source

⭐ New Features

• Convert to Asciidoctor Tabs #​13405
• Mention that authorizeHttpRequests does not support GrantedAuthorityDefaults #​13227
• mockOAuth2Login() does not work in collaboration with Spring Cloud Gateway and TokenRelayGatewayFilter #​13252
• Use Antora name of security #​13329

🪲 Bug Fixes

• Additional filters registered when using Custom DSL #​13280
• AffirmativeBased vs. AuthorizationManagers.anyOf(...) documentation #​13069
• AuthorizationAnnotationUtils.findUniqueAnnotation broken for synthetic methods #​13132
• Clarify that Kotlin DSL needs an import #​13101
• Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository #​13191
• Fix Antora Warnings #​13292
• Fix code snippets in Authorize HttpServletRequest #​11522
• Fix constant value in XContentTypeOptionsServerHttpHeadersWriter #​13219
• Fix Documentation Title #​13316
• Fix legacy-websocket-configuration cross-reference #​12969
• Fix typo in authorization.adoc #​13135
• http://www.springframework.org/schema/security/spring-security.xsd returns 404 #​13207
• Links between migration docs are out of date #​12675
• Proxy Server section is not linked in nav #​13322
• RememberMeAuthenticationFilter does not use SecurityContextRepository configured in HttpSecurity #​13104
• SAML 2.0 HTTP Redirect Binding query params may appear in any order #​12963
• SAML login fails in Internet Explorer 11 #​13106
• Spring Security 6 combined with AspectJ weaving of spring-security-aspects executes PreAuthorize twice #​13160

🔨 Dependency Upgrades

• Address CVE-2023-1370 #​13146
• Update com.nimbusds to 9.43.3 #​13374
• Update hsqldb to 2.7.2 #​13388
• Update io.projectreactor to 2020.0.33 #​13377
• Update io.rsocket to 1.1.4 #​13383
• Update io.spring.javaformat to 0.0.39 #​13386
• Update junit-bom to 5.9.3 #​13391
• Update org.junit.jupiter to 5.9.3 #​13393
• Update org.springframework to 5.3.28 #​13395
• Update org.springframework.data to 2021.2.13 #​13397
• Update reactor-netty to 1.0.33 #​13380

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​LeovR
• @​lukaszmigdalek
• @​fredbalves86
• @​daisuzz

v5.8.3

Compare Source

⭐ New Features

• Clarify documentation code snippet(s) (unclear where static imported methods come from) #​12991
• Document 5.8 Migration for DefaultMethodSecurityExpressionHandler #​12356
• Documentation should mention that an empty SecurityContext should also be saved #​12906
• Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist #​12928
• Fixed test in DefaultLoginPageGeneratingFilterTests #​12694

🪲 Bug Fixes

• Bug in documentation of Storing the Authentication manually #​12850
• DaoAuthenticationProvider is not usable on RHEL 8.7 with enforced FIPS mode #​12873
• EntityId ignored in xml relying-party-registration #​12776
• Fix .access(...) parameter #​12676
• Fix a javadoc typo in ReactiveAuthorizationManager #​12999
• Fix a javadoc typo in ReactiveAuthorizationManager #​12982
• Fix ID of WebSocket Authorization section #​12872
• HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support #​12314
• JdkSerializationRedisSerializer is not able to serialize Saml2LogoutRequest because of a lambda encoder #​12472
• Missing spring-security-oauth2 xsds after release #​12805
• NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed #​13004
• RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present #​13054
• Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver #​12935
• SecurityWebApplicationInitializer.getSecurityDispatcherTypes example is wrong in migration guide #​12939
• SwitchUserFilter should use HttpSessionSecurityContextRepository by default #​12835

🔨 Dependency Upgrades

• Update blockhound to 1.0.8.RELEASE #​13024
• Update io.projectreactor to 2020.0.31 #​13022
• Update io.spring.javaformat to 0.0.38 #​13025
• Update logback-classic to 1.2.12 #​13021
• Update org.eclipse.jetty to 9.4.51.v20230217 #​13026
• Update org.springframework to 5.3.27 #​13027
• Update org.springframework.data to 2021.2.10 #​13028
• Update org.springframework.data to 2021.2.11 #​13029
• Update reactor-netty to 1.0.31 #​13023

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​slauth
• @​twosom
• @​el-hopaness-romtic

v5.8.2

Compare Source

⭐ New Features

• Add XorCsrfChannelInterceptor #​12562
• Document @EnableWebFluxSecurity requiring @Configuration in 6.0.0 #​12434
• fix unclosed block in docs #​12553
• Improve documentation on what changed in the default behaviour in version 6 vs 5.7 #​12462
• Spring Security 6.0 Migration Guide Should Mention @Configuration Meta-Annotation Removal From Configuration Annotations #​12486

🪲 Bug Fixes

• AuthorizationManager method security documentation should use AnnotationMatchingPointcut #​12516
• DefaultSavedRequest.doesRequestMatch does not work, when matchingRequestParameterName is set #​12665
• Document XMLObject retreival for Asserting Party metadata #​12693
• Jackson serialization of DefaultSaml2AuthenticatedPrincipal: LinkedMultiValueMap is not in the allowlist #​12458
• NimbusJwtDecoder unknown KID scenario is not correctly tested #​12494
• NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard #​12686
• SwitchUserFilter not working in Spring Security 6 #​12510
• Wrong name of the filter in the SecurityContextHolderFilter diagram #​12526

🔨 Dependency Upgrades

• Update blockhound to 1.0.7.RELEASE #​12719
• Update hibernate-entitymanager to 5.6.15.Final #​12722
• Update io.projectreactor to 2020.0.28 #​12717
• Update io.spring.nohttp to 0.0.11 #​12720
• Update jackson-bom to 2.13.5 #​12714
• Update jackson-databind to 2.13.5 #​12715
• Update jackson-datatype-jsr310 to 2.13.5 #​12716
• Update junit-bom to 5.9.2 #​12723
• Update org.aspectj to 1.9.19 #​12721
• Update org.junit.jupiter to 5.9.2 #​12724
• Update org.springframework to 5.3.25 #​12725
• Update org.springframework.data to 2021.2.8 #​12739
• Update org.springframework.data to 2021.2.8 #​12726
• Update reactor-netty to 1.0.28 #​12718

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​sjohnr

v5.8.1

Compare Source

⭐ New Features

• Add EnableWebSecurity migration steps to 5.8 guide #​12334
• Replace deprecated set-state set-output GitHub Action's commands #​12298

🪲 Bug Fixes

• codes in spring security docs fail to work #​11396
• DefaultLdapAuthoritiesPopulator throws NullPointerException #​12408
• Fix AuthorizationFilter diagram in docs #​12286
• Fix password encoder migration guide #​12318
• Fix typo #​12316
• Incorrect Javadoc for class ExpressionAuthorizationDecision #​12411
• Incorrect sample code in securityMatcher migration docs #​12296
• SecurityContextHolderFilter does not apply to async dispatch #​11962

🔨 Dependency Upgrades

• Update httpclient to 4.5.14 #​12403
• Update io.projectreactor to 2020.0.26 #​12401
• Update mockk to 1.13.3 #​12400
• Update org.eclipse.jetty to 9.4.50.v20221201 #​12404
• Update org.jetbrains.kotlin to 1.7.22 #​12405
• Update reactor-netty to 1.0.26 #​12402

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​heowc
• @​mschneid

v5.8.0

Compare Source

⭐ New Features

• Add Kotlin example showing integration with WebTestClient #​11611
• Add MethodExpressionAuthorizationManager #​11502
• Add Polish localization to error messages from ExceptionTranslationFi… #​12201
• Add support AuthorizationManager + #​11503
• AnonymousAuthenticationFilter should cache its Supplier #​11900
• CookieServerCsrfTokenRepository doesn't support setting MaxAge #​11441
• DefaultFilterChainValidator should check AuthorizationFilter #​11473
• Deprecate Resource Owner Password Credentials grant #​11591
• Document Configure Default CsrfToken BREACH Protection #​12107
• Document Defer load CsrfToken #​12105
• Document DelegatingSecurityContextRepository #​12069
• Document deprecations in oauth2-client #​12193
• Document how to opt-in for SHA256 in RememberMe #​12097
• Document how to use the new requestMatchers and securityMatchers #​12100
• Document Migration to SecurityContextHolderFilter #​12098
• Document new oauth2Login() authority defaults #​12188
• Document reactive CSRF migration steps #​12226
• Document Saved Requests Spring Security 6 Migration #​12089
• Document Update to 5.8 for Migration Guide #​12196
• Fix Javadoc in EnableWebSocketSecurity #​12211
• Improve deprecation notice in WebSecurityConfigurerAdapter #​12261
• InterceptMethodsBeanDefinitionDecorator should allow using AuthorizationManager #​11469
• Migration guide for CAS support removal #​12240
• Preparation and Migration Guides should point to each other #​12093
• Preparation Guide should follow Reference Manual standards #​12096
• Preparation Guide should show opt-out steps after opt-in steps #​12104
• Provide guide for migrating from FilterSecurityInterceptor to AuthorizationFilter #​11337
• Register FilterChainProxy for All Dispatcher Types Migration Steps #​12186
• SAML: OpenSaml4AuthenticationProvider.createDefaultAssertionValidator() should make it easier to add ValidationContext static parameters #​11675
• trigger partial docs build on push (5.8.x) #​12195

🪲 Bug Fixes

• AuthenticationServiceException propagation flag is unconfigurable in 5.8 #​12132
• CsrfAuthenticationStrategy does not check for existing token #​12236
• CsrfAuthenticationStrategy does not regenerate CsrfToken with CookieCsrfTokenRepository #​12141
• fix deploy docs workflow (5.8.x) #​12197
• Fix saganCreateRelease saganDeleteRelease Required Permissions #​11424
• Incorrect scope map fix #​12206
• IpAddressServerWebExchangeMatcher throws NullPointerException with framework forward-headers-strategy #​12076
• org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal fails to return more than one "attribute" #​11604
• SAML logout: Incorrect log messages #​12209
• Saml2MetadataFilter response should configure writer to UTF-8 #​12222
• SEC-2839: SecurityNamespaceHandler - related to SEC-1455 #​12126
• SecurityContextRepository.loadContext(HttpServletRequest) cache result #​11391
• Spring Security Bcrypt with strength/log rounds = 31 results in 'Bad number of rounds' error although 31 should be ok #​11483
• Update the RP-initiated Logout links #​12122

🔨 Dependency Upgrades

• Change gradle.plugin.org.gretty:gretty:3.0.1 to org.gretty:gretty:3.0.9 #​12154
• Update aspectj-plugin to 6.5.0.3 #​11583
• Update assertj-core to 3.23.1 #​11572
• Update com.nimbusds to 9.38.1 #​11570
• Update Gradle to 7.5.1 #​12158
• Update hibernate-entitymanager to 5.6.10.Final #​11578
• Update hibernate-entitymanager to 5.6.14.Final #​12245
• Update hsqldb to 2.7.1 #​12246
• Update htmlunit to 2.63.0 #​11575
• Update htmlunit-driver to 2.63.0 #​11580
• Update io.projectreactor to 2020.0.21 #​11567
• Update io.projectreactor to 2020.0.25 #​12243
• Update io.spring.javaformat to 0.0.34 #​11573
• Update jackson-bom to 2.13.3 #​11574
• Update jsonassert to 1.5.1 #​11581
• Update junit-bom to 5.9.0-RC1 #​11571
• Update mockk to 1.12.4 #​11568
• Update org.eclipse.jetty to 9.4.48.v20220622 #​11576
• Update org.jetbrains.kotlin to 1.7.10 #​11582
• Update org.jetbrains.kotlin to 1.7.21 #​12247
• Update org.jetbrains.kotlinx to 1.6.4 #​11566
• Update org.springframework to 5.3.22 #​11569
• Update org.springframework to 5.3.24 #​12248
• Update org.springframework.data to 2021.2.2 #​11579
• Update org.springframework.data to 2021.2.6 #​12249
• Update reactor-netty to 1.0.25 #​12244
• Update spring-ldap-core to 2.4.1 #​11577

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​sjohnr
• @​LeovR
• @​mojavelinux
• @​marcusdacoregio
• @​kylevessPL

v5.7.12

Compare Source

🪲 Bug Fixes

• Check for null Authentication #​14715

v5.7.11

Compare Source

⭐ New Features

• Automate spring-security.xsd #​13819

v5.7.10

Compare Source

🪲 Bug Fixes

• Use default PathPatternParser instance #​13461

🔨 Dependency Upgrades

• Update io.projectreactor to 2020.0.34 #​13509
• Update org.springframework to 5.3.29 #​13511
• Update org.springframework.data to 2021.2.14 #​13512
• Update reactor-netty to 1.0.34 #​13510

v5.7.9

Compare Source

⭐ New Features

• Convert to Asciidoctor Tabs #​13404
• Use Antora name of security #​13328

🪲 Bug Fixes

• Additional filters registered when using Custom DSL #​13203
• Clarify that Kotlin DSL needs an import #​13092
• Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository #​13098
• Fix Antora Warnings #​13291
• Fix constant value in XContentTypeOptionsServerHttpHeadersWriter #​13155
• Fix Documentation Title #​13315
• Fix javadoc for migration from WebSecurityConfigurerAdapter #​12996
• Fix typo in SecurityMockMvcResultMatchers.java #​12793
• fix typo of modules.adoc #​12921
• Fix typo overview.adoc #​13269
• http://www.springframework.org/schema/security/spring-security.xsd returns 404 #​13131
• Proxy Server section is not linked in nav #​13313
• Typos in docs #​13283

🔨 Dependency Upgrades

• Update io.projectreactor to 2020.0.33 #​13373
• Update io.rsocket to 1.1.4 #​13379
• Update org.springframework to 5.3.28 #​13382
• Update org.springframework.data to 2021.2.13 #​13385
• Update reactor-netty to 1.0.33 #​13376

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​Anubhav-2000
• @​SeasonPanPan
• @​amal-stack
• @​1993heqiang
• @​xak2000

v5.7.8

Compare Source

⭐ New Features

• Clarify documentation code snippet(s) (unclear where static imported methods come from) #​6597
• Document relationship between registrationId, EntityID, and resolving a relying party #​12764

🪲 Bug Fixes

• Add test to SimpleUrlAuthenticationSuccessHandlerTests #​12740
• Avoid NPE in FilterInvocation #​12922
• EntityId ignored in xml relying-party-registration #​11898
• Fix a javadoc typo in ReactiveAuthorizationManager #​12998
• Fix a javadoc typo in ReactiveAuthorizationManager #​12978
• Fix typo in SessionManagementConfigurer javadoc #​12820
• Missing spring-security-oauth2 xsds after release #​12804
• NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed #​12960
• RelyingPartyRegistrations should not fail when SPSSODescriptor elements are present #​12664
• SwitchUserFilter should use HttpSessionSecurityContextRepository by default #​12834

🔨 Dependency Upgrades

• Update blockhound to 1.0.8.RELEASE #​13016
• Update io.projectreactor to 2020.0.31 #​13014
• Update logback-classic to 1.2.12 #​13013
• Update org.eclipse.jetty to 9.4.51.v20230217 #​13017
• Update org.springframework to 5.3.27 #​13018
• Update org.springframework.data to 2021.2.11 #​13019
• Update reactor-netty to 1.0.31 #​13015

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​marckchr
• @​yuanhang
• @​twosom
• @​esivakumar18
• @​martin-tarjanyi

v5.7.7

Compare Source

⭐ New Features

• chore: Use cache in continuous-integration-workflow.yml #​12503
• fix unclosed block in docs #​12542

🪲 Bug Fixes

• AuthorizationManager method security documentation should use AnnotationMatchingPointcut #​11095
• Document XMLObject retreival for Asserting Party metadata #​12667
• Fix typo in OAuth 2.0 testing docs #​12437
• Jackson serialization of DefaultSaml2AuthenticatedPrincipal: LinkedMultiValueMap is not in the allowlist #​11785
• NimbusJwtDecoder unknown KID scenario is not correctly tested #​12238
• NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard #​12637
• SwitchUserFilter not working in Spring Security 6 #​12504
• Wrong name of the filter in the SecurityContextHolderFilter diagram #​11800

🔨 Dependency Upgrades

• Update blockhound to 1.0.7.RELEASE #​12733
• Update hibernate-entitymanager to 5.6.15.Final #​12736
• Update io.projectreactor to 2020.0.28 #​12732
• Update io.spring.nohttp to 0.0.11 #​12734
• Update jackson-bom to 2.13.5 #​12731
• Update org.aspectj to 1.9.19 #​12735
• Update org.springframework to 5.3.25 #​12737
• Update org.springframework.data to 2021.2.8 #​12738

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​jonkjenn
• @​mojavelinux
• @​jongwooo
• @​eleftherias

v5.7.6

Compare Source

⭐ New Features

• Improve deprecation notice in WebSecurityConfigurerAdapter #​12260
• Replace deprecated set-state set-output GitHub Action's commands #​12297

🪲 Bug Fixes

• DefaultLdapAuthoritiesPopulator throws NullPointerException #​12407
• Fix AuthorizationFilter diagram in docs #​12285
• Incorrect scope map fix #​12205
• SAML logout: Incorrect log messages [#​12208](https://togithub.com/spring-projects/sp

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication