Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.624...7.20.0-rc.625

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.623...7.20.0-rc.624

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.622...7.20.0-rc.623

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.621...7.20.0-rc.622

• chore(deps): update actions/stale action to v10 (release/5.0.x) by @renovate[bot] in https://github.com/dropwizard/metrics/pull/4938
• fix(deps): update jetty monorepo to v12.1.1 (release/5.0.x) (patch) by @renovate[bot] in https://github.com/dropwizard/metrics/pull/4940
• chore(deps): update maven plugins (release/5.0.x) (patch) by @renovate[bot] in https://github.com/dropwizard/metrics/pull/4942
• Optimize SlidingTimeWindowMovingAverages sumBuckets by @joschi in https://github.com/dropwizard/metrics/pull/4943

Full Changelog: https://github.com/dropwizard/metrics/compare/v5.0.4...v5.0.5

• chore(deps): update actions/stale action to v10 (release/4.2.x) by @renovate[bot] in https://github.com/dropwizard/metrics/pull/4937
• fix(deps): update jetty monorepo to v12.1.1 (release/4.2.x) (patch) by @renovate[bot] in https://github.com/dropwizard/metrics/pull/4939
• chore(deps): update maven plugins (release/4.2.x) (patch) by @renovate[bot] in https://github.com/dropwizard/metrics/pull/4941
• Optimize SlidingTimeWindowMovingAverages sumBuckets by @schlosna in https://github.com/dropwizard/metrics/pull/4936

Full Changelog: https://github.com/dropwizard/metrics/compare/v4.2.36...v4.2.37

• 8f0bee2: [dotnet][rb][java][js][py] Automated Browser Version Update (#16264) (Selenium CI Bot) #16264
• d702027: [py]: enable fedcm tests for chrome (#16118) (Navin Chandra) #16118
• 3d16e7c: [py] Fix type annotations in the chromium webdriver file (#16309) (Pallavi) #16309

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.619...7.20.0-rc.621

• Remove PortResolver #17524
• Support Expression Templates by Default #17763

• Add discoverJwsAlgorithms() in NimbusJwtDecoder #17788
• Add AuthorizationManagerFactory #17673
• Add Builders for all Authentication implementations #17861
• Add OneTimeTokenAuthentication #17799
• Add option to disable anonymous authentication in RSocketSecurity #17159
• Add password4j implementation of PasswordEncoder #17825
• Add SecurityAssertions #17844
• Align NimbusJwtDecoder HTTP timeout defaults with Nimbus by setting to 500ms #17669
• Allow multiple ServerLogoutHandler instances in ServerHttpSecurity #17381
• Allow specifying a ServerAuthenticationConverter for x509() #17382
• AuthenticatedMatcher#withRoles should only check roles #17843
• Change @Bean method signature to return RsaKeyConversionServicePostProcessor instead of BeanFactoryPostProcessor #17672
• Enable Null checking in spring-security-cas via JSpecify #17826
• Enable Null checking in spring-security-data via JSpecify #17789
• Enable Null checking in spring-security-messaging via JSpecify #17817
• Enable Null checking in spring-security-rsocket via JSpecify #17827
• Enable Null checking in spring-security-taglibs via JSpecify #17828
• Enable Null checking in spring-security-test via JSpecify #17840
• Enable Null checking in spring-security-webauthn via JSpecify #17839
• Integrate Spring Authorization Server #17880
• Move Access API to Separate Module #17847
• Move Spring Security Kerberos Extension into Spring Security #17879
• Propagate Authorities From Previous Authentications #17862
• Remove PortResolver #15971
• Remove redundant code in document #17813
• RequestMatchers should implement equals and hashCode #17842
• SpringTestContext should register a WebTestClient Bean #17780
• Support @ClientRegistrationId at Class Level #17838
• Support Modular Spring Security Configuration #16258

• APIs should Use Supplier<? extends @Nullable Authentication> #17814
• AuthorizationManager should allow null Authentication #17795

• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17872
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17834
• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17856
• Bump io.projectreactor:reactor-bom from 2025.0.0-M6 to 2025.0.0-M7 #17866
• Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.2 to 0.0.3 #17765
• Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.3 to 0.0.4 #17776
• Bump org-opensaml5 from 5.1.5 to 5.1.6 #17809
• Bump org.jetbrains.kotlin:kotlin-bom from 2.2.0 to 2.2.20 #17871
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 2.2.0 to 2.2.20 #17873
• Bump org.springframework.data:spring-data-bom from 2025.1.0-M5 to 2025.1.0-M6 #17888
• Bump org.springframework:spring-framework-bom from 7.0.0-M8 to 7.0.0-M9 #17876

• Bump @antora/atlas-extension from 1.0.0-alpha.2 to 1.0.0-alpha.5 in /docs #17886
• Fix misleading variable name in authentication filter #17751
• Remove unused import #17750

Thank you to all the contributors who worked on this release:

@bbudano, @blake-bauman, @frido37, @jaehwan02, @jzheaux, @kse-music, @mehrdadbozorgmehr, @ngocnhan-tran1996, @quaff, @sjohnr, and @therepanic

• Update servlet test method docs to use include-code #17749

• Annonation Scanning Should Fallback to Object when Parameter Matching #17899
• Fix double-slash when basePath is root #17841
• Fix traceId discrepancy in case error in servlet web #17796
• Reference should advise avoiding post-authorization on writes #17798

• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17893
• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #17874
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17895
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17854
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #17836
• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17894
• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #17858
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #17767
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17766
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #17759
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #17853
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #17837
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #17896
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #17897
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17855
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17791
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17771
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #17758
• Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #17773

Thank you to all the contributors who worked on this release:

@jkuhel and @therepanic