Skip to content

5.4.7
Compare
Choose a tag to compare
@sjohnr sjohnr released this 21 Jun 18:24
· 9172 commits to main since this release
5.4.7
73e6ef2
This commit was signed with the committer’s verified signature.
jzheaux Josh Cummings
GPG key ID: 49EF60DD7FF83443
Verified
Learn about vigilant mode.

⭐ New Features

  • Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository #9920

🪲 Bug Fixes

  • Disabling logout keeps LogoutPageGeneratingWebFilter registered at /logout #9942
  • Missing log of "caused by" exception when OP document metadata cannot be reached #9940
  • Using the SecurityMockServerConfigurers.java requires the com.nimbusds oauth2-oidc-sdk on the classpath #9930
  • Adding filters relative to custom ones is broken #9908
  • SEC-3139: Anonymous authentication token not passed to Controller #9891
  • Clarify quick start section in README #9886
  • RSocket and WebClient with Security refCount: 0 #9871
  • Client credentials not correctly encoded in Basic Auth #9861
  • Docs should state default value for Resource Server validation clock skew is 60 seconds #9848
  • OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #9820
  • DefaultSpringSecurityContextSource can't handle spaces in baseDn #9807
  • OAuth2ErrorResponseErrorHandler throws IllegalArgumentException for a nonstandard HTTP status code response #9802
  • NPE in HttpSessionSecurityContextRepository.isTransientAuthentication #9800
  • docs.af.pivotal.io->docs-ip.spring.io #9686
  • Buffer LEAK detected by ResourceLeakDetector in AuthenticationPayloadExchangeConverter #9681
  • NullPointerException in StrictHttpFirewall spring-security-web version 5.4.5 #9674
  • WebFlux httpBasic() should match on XHR requests #9662
  • HttpSecurity.addFilter* with same Filter in Different Position Places in Incorrect Location #9643
  • oauth2Login() generates authorization links for "client_credentials" grant type #9637
Assets 2
Loading