6.5.8
- Add
@FunctionalInterfaceto RequestMatcher #18337 - Spring Security 7 should provide migration path from request-matcher="ant" #18211
- Stop deploying JavaDoc outside of Antora #18199
- Add Missing Migration Pages to Navigation #18313
- Create SHA-1 MessageDigest for every new check request in Compromised Password Checker #18235
- Fix typo in "Preparing for 7.0" in reference to PathPatternRequestMatcher #18336
- Fix typo in AnnotationTemplateExpressionDefaults documentation #18176
- Fix typos in documentation depenendencies->dependencies #18208
- Bump
@antora/atlas-extension from 1.0.0-alpha.2 to 1.0.0-alpha.5 in /docs #18675 - Bump
@antora/collector-extension from 1.0.1 to 1.0.2 in /docs #18677 - Bump
@springio/antora-extensions from 1.14.4 to 1.14.7 in /docs #18676 - Bump antora from 3.2.0-alpha.8 to 3.2.0-alpha.11 in /docs #18679
- Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 #18192
- Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 #18321
- Bump ch.qos.logback:logback-classic from 1.5.22 to 1.5.24 #18387
- Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25 #18525
- Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 #18591
- Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 #18631
- Bump ch.qos.logback:logback-classic from 1.5.27 to 1.5.28 #18678
- Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 #18710
- Bump gradle-wrapper from 8.14 to 8.14.4 #18704
- Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 #18703
- Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 #18279
- Bump io.mockk:mockk from 1.14.6 to 1.14.7 #18275
- Bump io.projectreactor:reactor-bom from 2024.0.12 to 2024.0.13 #18293
- Bump io.projectreactor:reactor-bom from 2024.0.13 to 2024.0.14 #18495
- Bump io.projectreactor:reactor-bom from 2024.0.14 to 2024.0.15 #18716
- Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 #18535
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.13 to 1.0.14 #18724
- Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 #18670
- Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 #18292
- Bump org-aspectj from 1.9.25 to 1.9.25.1 #18329
- Bump org.apache.maven:maven-resolver-provider from 3.9.11 to 3.9.12 #18352
- Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 #18590
- Bump org.hibernate.orm:hibernate-core from 6.6.34.Final to 6.6.36.Final #18193
- Bump org.hibernate.orm:hibernate-core from 6.6.36.Final to 6.6.38.Final #18241
- Bump org.hibernate.orm:hibernate-core from 6.6.38.Final to 6.6.39.Final #18308
- Bump org.hibernate.orm:hibernate-core from 6.6.39.Final to 6.6.40.Final #18351
- Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final #18524
- Bump org.hibernate.orm:hibernate-core from 6.6.41.Final to 6.6.42.Final #18632
- Bump org.springframework.data:spring-data-bom from 2024.1.12 to 2024.1.13 #18320
- Bump org.springframework.ldap:spring-ldap-core from 3.2.15 to 3.2.16 #18322
- Bump org.springframework:spring-framework-bom from 6.2.13 to 6.2.14 #18206
- Bump org.springframework:spring-framework-bom from 6.2.14 to 6.2.15 #18323
- Bump org.springframework:spring-framework-bom from 6.2.15 to 6.2.16 #18731
- Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22 #18649
- Update Antora UI Spring to v0.4.25 #18402
- Remove unnecessary Gradle wrapper from buildSrc #18692
Thank you to all the contributors who worked on this release:
@garvit-joshi, @ghusta, @kucoll, and @rwinch
7.1.0-M2
- Fail on compiler warnings for spring-security-javascript #18569
TestingAuthenticationToken.credentialsshould be@Nullable#18615- Ability to configure authenticationDetailsSource in AnonymousConfigurer #17878
- Add
@Nullableto changePassword parameters inUserDetailsManager#18271 - Add missing
@Nullableto setters of Nullable fields #18618 - Create Checkstyle Rules for Nullability Usage #18564
- Document RegisteredClient.ClientSettings #18614
- Enable Null checking in spring-security-ldap via JSpecify #17818
- Enable Null checking in spring-security-oauth2-core via JSpecify #17820
- Fail on compiler warnings for spring-security-access #18555
- Fail on compiler warnings for spring-security-acl #18557
- Fail on compiler warnings for spring-security-bom #18576
- Fail on compiler warnings for spring-security-dependencies #18568
- Fail on compiler warnings for spring-security-kerberos-client #18570
- Fail on compiler warnings for spring-security-taglibs #18578
- Fail spring-security-cas on javadoc warnings #18517
- Fail spring-security-ldap on javadoc warnings #18547
- Fail spring-security-messaging on javadoc warnings #18546
- Fail spring-security-oauth2-authorization-server on javadoc warnings #18602
- Fail spring-security-oauth2-core on javadoc warnings #18603
- Fail spring-security-oauth2-jose on javadoc warnings #18604
- Fail spring-security-rsocket on javadoc warnings #18605
- Fail spring-security-saml2-service-provider on javadoc warnings #18606
- Fail spring-security-taglibs on javadoc warnings #18607
- Fail spring-security-webauthn on javadoc warnings #18608
- Fix compiler warnings in spring-security-acl #18626
- Fix compiler warnings in spring-security-aspects #18581
- Fix HttpSecurity javadoc formatting #18526
- Fix javadoc warnings for spring-security-config #18545
- Fix javadoc warnings for spring-security-data #18532
- Fix Javadoc warnings in spring-security-crypto #18519
- Introduce resource_metadata parameter resolver for BearerTokenAuthenticationEntryPoint #18542
- Null safety via JSpecify spring-security-access #18398
- Null safety via JSpecify spring-security-acl #18401
- Null safety via JSpecify spring-security-aspects #18400
- Null safety via JSpecify spring-security-kerberos #18397
- Null safety via JSpecify spring-security-kerberos-client #18552
- Null safety via JSpecify spring-security-kerberos-core #18549
- Null safety via JSpecify spring-security-kerberos-web #18550
- Remove
@NullUnmarked#18491 - Remove compiler warnings for spring-security-cas #18579
- Remove compiler warnings for spring-security-docs #18601
- Remove compiler warnings for spring-security-kerberos-core #18571
- Remove compiler warnings for spring-security-kerberos-test #18572
- Remove compiler warnings for spring-security-kerberos-web #18573
- Remove compiler warnings for spring-security-messaging #18575
- Remove compiler warnings for spring-security-oauth2-authorization-server #18562
- Remove compiler warnings for spring-security-rsocket #18567
- Remove compiler warnings for spring-security-saml2-service-provider #18577
- Remove compiler warnings for spring-security-webauthn #18556
- Remove compiler warnings in spring-security-data #18580
- Remove compiler warnings in spring-security-ldap #18559
- Support hasScope in Method Security #18151
- Create SHA-1 MessageDigest for every new check request in Compromised Password Checker #18595
- ExpressionJwtGrantedAuthoritiesConverter is undocumented #18300
- Fix docs #18488
- Fix typo in authorize-http-requests.adoc #18600
- Fix typos in contributing guide #18635
- Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 #18588
- Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 #18637
- Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 #18628
- Bump ch.qos.logback:logback-classic from 1.5.27 to 1.5.28 #18697
- Bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.20.2 #18529
- Bump com.fasterxml.jackson:jackson-bom from 2.20.2 to 2.21.0 #18696
- Bump com.jayway.jsonpath:json-path from 2.9.0 to 2.10.0 #18690
- Bump github/codeql-action from 3 to 4 #18669
- Bump gradle-wrapper from 9.2.1 to 9.3.1 #18700
- Bump io.freefair.gradle:aspectj-plugin from 8.13.1 to 8.14.4 #18664
- Bump io.micrometer:context-propagation from 1.1.3 to 1.2.0 #18671
- Bump io.micrometer:context-propagation from 1.2.0 to 1.2.1 #18702
- Bump io.micrometer:micrometer-observation from 1.14.14 to 1.16.2 #18689
- Bump io.mockk:mockk from 1.14.7 to 1.14.9 #18597
- Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 #18533
- Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.10 to 0.0.11 #18636
- Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.10 to 0.0.11 #18612
- Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.9 to 0.0.10 #18554
- Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 #18691
- Bump org-bouncycastle from 1.80 to 1.83 #18663
- Bump org-jetbrains-kotlin from 2.3.0 to 2.3.10 #18685
- Bump org-opensaml5 from 5.1.6 to 5.2.0 #18656
- Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.2 to 5.6 #18654
- Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 #18587
- Bump org.hibernate.orm:hibernate-core from 7.0.10.Final to 7.2.3.Final #18695
- Bump org.hibernate.orm:hibernate-core from 7.2.3.Final to 7.2.4.Final #18699
- Bump org.htmlunit:htmlunit from 4.11.1 to 4.21.0 #18688
- Bump org.mockito:mockito-bom from 5.17.0 to 5.21.0 #18661
- Bump org.seleniumhq.selenium:htmlunit3-driver from 4.30.0 to 4.40.0 #18662
- Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.40.0 #18653
- Bump org.springframework.data:spring-data-bom from 2025.1.2 to 2025.1.3 #18734
- Bump org.springframework.ldap:spring-ldap-core from 4.0.1 to 4.0.2 #18730
- Bump org.springframework:spring-framework-bom from 7.0.3 to 7.0.4 #18729
- Bump spring-io/spring-security-release-tools from 1.0.13 to 1.0.14 #18727
- Bump spring-io/spring-security-release-tools/.github/workflows/perform-release.yml from 1.0.13 to 1.0.14 #18726
- Bump tools.jackson:jackson-bom from 3.0.3 to 3.0.4 #18553
- Enable javadoc-warnings-error for oauth2-resource-server #18504
- Fix javadoc warnings for spring-security-kerberos-client #18537
- Fix javadoc warnings for spring-security-kerberos-core #18538
- Fix javadoc warnings for spring-security-kerberos-test #18539
- Fix javadoc warnings for spring-security-kerberos-web #18540
- Fix Javadoc warnings in spring-security-acl #18493
- Fix Javadoc warnings in spring-security-core #18516
Thank you to all the contributors who worked on this release:
@JiHunparkkk, @Kehrlann, @NYgomets, @ParamjotSingh5, @alpin87, @austinhong22, @bloomsei, @c-arianna, @chanjin23, @cmmttd, @coehgns, @congcoding, @dasog94, @dlwldnjs1009, @gisu1102, @jayychoi, @jieun-dev1, @kse-music, @ngocnhan-tran1996, @pocj8ur4in, @ronodhirSoumik, @therepanic, @thuri, and @zooo-code
7.0.3
- Fix Javadoc warnings in spring-security-web #18473
- Fix/gradle 9 deprecations #18485
- Fix/gradle 9 deprecations #18477
- Replace method call with 'Builder.configureMessageConverters()' #18378
- Replacing use of deprecated 'check' in authorization documentation #18390
- Use DefaultParameterNameDiscoverer#getSharedInstance #18481
- Authorization Server fails to start with multiple PasswordEncoder beans #18645
- BearerTokenAuthenticationEntryPoint uses context path #18528
- Create SHA-1 MessageDigest for every new check request in Compromised Password Checker #18594
- Document Client PKCE settings #18304
- Fix docs typo X-Requested-By -> X-Requested-With #18123
- Fix Formatting in mfa.adoc #18134
- Fix typo in documentation #18344
- Fix typos #18121
- Bump ch.qos.logback:logback-classic from 1.5.22 to 1.5.24 #18384
- Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.28 #18684
- Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 #18711
- Bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.20.2 #18660
- Bump com.webauthn4j:webauthn4j-core from 0.29.7.RELEASE to 0.31.0.RELEASE #18687
- Bump gradle-wrapper from 8.14 to 8.14.4 #18705
- Bump io.mockk:mockk from 1.14.7 to 1.14.9 #18681
- Bump io.projectreactor:reactor-bom from 2025.0.1 to 2025.0.2 #18658
- Bump io.projectreactor:reactor-bom from 2025.0.2 to 2025.0.3 #18717
- Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 #18683
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.13 to 1.0.14 #18725
- Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 #18706
- Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 #18309
- Bump org-aspectj from 1.9.25 to 1.9.25.1 #18326
- Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.1 to 5.5.2 #18346
- Bump org.apache.maven:maven-resolver-provider from 3.9.11 to 3.9.12 #18327
- Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 #18682
- Bump org.junit:junit-bom from 6.0.1 to 6.0.2 #18385
- Bump org.springframework.data:spring-data-bom from 2025.1.1 to 2025.1.2 #18655
- Bump org.springframework.ldap:spring-ldap-core from 4.0.0 to 4.0.1 #18316
- Bump org.springframework.ldap:spring-ldap-core from 4.0.1 to 4.0.2 #18733
- Bump org.springframework:spring-framework-bom from 7.0.3 to 7.0.4 #18732
- Bump org.springframework:spring-framework-bom from 7.0.3-SNAPSHOT to 7.0.4-SNAPSHOT #18657
- Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22 #18651
- Bump tools.jackson:jackson-bom from 3.0.3 to 3.0.4 #18659
- Update Antora UI Spring to v0.4.25 #18249
- Update to Spring Framework 7.0.3 #18667
- Update to spring-data-bom 2025.1.3 #18735
Thank you to all the contributors who worked on this release:
@Been24, @Fr05ty-hub, @Kehrlann, @Rigu1, @bloomsei, @martinboulais, @ngocnhan-tran1996, @paulvas, @rwinch, @therepanic, and @vincentstradiot
7.20.0-rc.1014
- AAE-41060 Update GetProcessDefinitionsPayload to support multiple process definition IDs by @jsokolowskii in https://github.com/Activiti/Activiti/pull/5292
Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.1013...7.20.0-rc.1014