This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Security 6.4.2! |
What’s New in Spring Security 5.8
Spring Security 5.8 provides a number of new features. Below are the highlights of the release.
Core
AuthorizationManager API
-
gh-11493 -
AuthorizationManager
supports SpEL -
Additional XML support for
AuthorizationManager
-
gh-11393 - Additional DSL support for
AuthorizationManager
-
Additional XML Support for `AuthorizationManager
-
gh-11304 -
AuthorizationManager
supportsRoleHierarchy
-
gh-11076 -
AuthorizationManager
supports WebSockets -
gh-11326 -
AuthorizationManager
supports AspectJ -
gh-4841, gh-9401 -
ReactiveAuthorizationManager
supports method security -
gh-11625 - Support
AuthorizationManager
composition
Misc
-
gh-10973 -
SecurityContextHolderStrategy
can be published as a@Bean
Config
-
gh-11771 -
HttpSecurityDsl
should supportapply
method
OAuth
-
gh-11590 - Deprecate Resource Owner Password Grant
-
gh-11383 - Add
baseScheme
,baseHost
,basePort
andbasePath
to thepost_logout_redirect_uri
-
gh-11661 - Add
OpaqueTokenAuthenticationConverter
-
gh-11232 -
ClientRegistrations#rest
defines 30s connect and read timeouts -
gh-11638 - Refresh remote JWK when unknown KID error occurs
Web
-
gh-11073 - Add
DelegatingServerHttpHeadersWriter
-
gh-4001 - Add servlet support for CSRF BREACH protection
-
gh-11959 - Add reactive support for CSRF BREACH protection
-
gh-11464 - Remember Me supports SHA256 algorithm
-
gh-11908 - Make X-Xss-Protection header value configurable in ServerHttpSecurity
-
gh-11347 - Simplify Java Configuration
RequestMatcher
Usage -
gh-9159 - Add
securityMatcher
as an alias onrequestMatcher
inHttpSecurity
-
gh-11952 - Add
csrfTokenRequestResolver
toCsrfDsl
-
gh-11916 -
HttpSecurityConfiguration
picks upContentNegotiationStrategy
bean -
gh-11971 - Additional support for
AuthorizationFilter
running for all dispatcher types
Test
-
gh-6899 -
@WithMockUser
works as meta-annotation