Skip to content

Commit e772025

Browse files
jzheauxjzheaux
committed
Update What's New in 6.5
1 parent b257658 commit e772025

File tree

1 file changed

+38
-6
lines changed

1 file changed

+38
-6
lines changed

docs/modules/ROOT/pages/whats-new.adoc

Lines changed: 38 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,7 @@
33

44
Spring Security 6.5 provides a number of new features.
55
Below are the highlights of the release, or you can view https://github.com/spring-projects/spring-security/releases[the release notes] for a detailed listing of each feature and bug fix.
6-
7-
== New Features
8-
9-
* Support for automatic context-propagation with Micrometer (https://github.com/spring-projects/spring-security/issues/16665[gh-16665])
10-
* OAuth 2.0 Demonstrating Proof of Possession (DPoP) (https://github.com/spring-projects/spring-security/pull/16574[gh-16574])
6+
Given that this is the last minor release in the 6.x generation, please consider reading the https://docs.spring.io/spring-security/reference/6.5-SNAPSHOT/migration-7/index.html[Prepare for the 7.0 Migration Guide].
117

128
== Breaking Changes
139

@@ -16,10 +12,46 @@ Below are the highlights of the release, or you can view https://github.com/spri
1612
The `security.security.reached.filter.section` key name was corrected to `spring.security.reached.filter.section`.
1713
Note that this may affect reports that operate on this key name.
1814

19-
== OAuth
15+
== New Features
16+
17+
* https://github.com/spring-projects/spring-security/issues/16665[gh-16665] - Support for automatic context-propagation with Micrometer
18+
* https://github.com/spring-projects/spring-security/pull/16574[gh-16574] - OAuth 2.0 Demonstrating Proof of Possession (DPoP)
19+
20+
== Core
21+
22+
* https://github.com/spring-projects/spring-security/issues/16444[gh-16444] - Add `Authentication` request to ``AuthenticationException``s
23+
* https://github.com/spring-projects/spring-security/issues/16291[gh-16291] - Improve error messaging for impossible authorization configurations
2024

25+
== Messaging
26+
27+
* https://github.com/spring-projects/spring-security/pull/16635[gh-16635] - Add `PathPatternMessageMatcher`
28+
* https://github.com/spring-projects/spring-security/issues/16766[gh-16766] - Add `matcher` support to `MessageMatcher`
29+
30+
== OAuth 2.0
31+
32+
* https://github.com/spring-projects/spring-security/issues/16380[gh-16380] - Pick up `OAuth2AuthorizationRequestResolver` as a bean
2133
* https://github.com/spring-projects/spring-security/pull/16386[gh-16386] - Enable PKCE for confidential clients using `ClientRegistration.clientSettings.requireProofKey=true` for xref:servlet/oauth2/client/core.adoc#oauth2Client-client-registration-requireProofKey[servlet] and xref:reactive/oauth2/client/core.adoc#oauth2Client-client-registration-requireProofKey[reactive] applications
2234
* https://github.com/spring-projects/spring-security/issues/16913[gh-16913] - Prepare OAuth2 Client deprecations for removal in Spring Security 7
35+
* https://github.com/spring-projects/spring-security/pull/16574[gh-16574] - Support https://datatracker.ietf.org/doc/html/rfc9449[RFC 9499]: Dynamic Proof of Possession (DPoP)
36+
* https://github.com/spring-projects/spring-security/issues/13185[gh-13185] - OAuth 2.0 Access Token JWT Profile Support (RFC 9068) - https://docs.spring.io/spring-security/reference/6.5-SNAPSHOT/servlet/oauth2/resource-server/jwt.html#oauth2resourceserver-jwt-validation-rfc9068[(docs)]
37+
* https://github.com/spring-projects/spring-security/pull/16682[gh-16682] - Add `JwtAudienceValidator`
38+
* https://github.com/spring-projects/spring-security/issues/16672[gh-16672] - Add `JwtTypeValidator`
39+
40+
== SAML 2.0
41+
42+
* https://github.com/spring-projects/spring-security/issues/16915[gh-16915] - Simplify support for Response Validation
43+
* https://github.com/spring-projects/spring-security/issues/15578[gh-15578] - Simplify support for Assertion Validation, including support for a custom set of validators
44+
* https://github.com/spring-projects/spring-security/issues/12136[gh-12136] - Simplify support for Response Authentication Conversion, including support for principals not in `<Subject>`
45+
* https://github.com/spring-projects/spring-security/issues/14793[gh-14793] - Add RelayState-based `<AuthnRequest>` repository
46+
47+
== Web
48+
49+
* https://github.com/spring-projects/spring-security/pull/16502[gh-16502] - Add `HttpStatusAccessDeniedHandler`
50+
* https://github.com/spring-projects/spring-security/issues/16059[gh-16059] Add support for `ModelAndView` and
51+
* `ResponseEntity` to `@AuthorizeReturnObject`
52+
* https://github.com/spring-projects/spring-security/issues/16429[gh-16429] - Replace `MvcRequestMatcher` and `AntPathRequestMatcher` with `PathPatternRequestMatcher`
53+
* https://github.com/spring-projects/spring-security/issues/16793[gh-16793] - Add support for `AuthenticationConverter` to `AbstractAuthenticationProcessingFilter`
54+
* https://github.com/spring-projects/spring-security/issues/16678[gh-16678] - Simplify redirect-to-HTTPS support
2355

2456
== WebAuthn
2557

0 commit comments

Comments
 (0)