7.0.4
- Update
RestTemplateBuilderusage inopaque-token.adoc#18836
- Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18784
- Add Jackson Mixin for WebAuthnAuthentication #18878
- Add Missing OnCommitedResponseWrapper Header Overrides #18799
- Document the change in dependency coordinates with Spring Security 7 #18773
- Ensure tests clear AuthorizationServerContextHolder #18768
- Fix CookieRequestCache parameters #18864
- Fix Flaky Crypto Tests #18842
- Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs #18897
- HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 #18834
- OAuth2DeviceVerificationEndpointFilter should be applied after AuthorizationFilter #18873
- Restore upgradeEncoding condition in DaoAuthenticationProvider #18788
- saveAuthenticationRequest should read relayState from authenticationRequest #18884
- SecurityExpressionRoot#hasAuthority should delegate to AuthorizationManagerFactory#hasAuthority #18487
- ServerHttpSecurityConfiguration should not set userDetailsPasswordService to a null value #18276
- TokenBasedRememberMeServices documentation snippets should compile #18642
- Update request-matcher XML property to support PathPatternRequestMatcher #18737
- Bump
@antora/collector-extension from 1.0.2 to 1.0.3 in /docs #18853 - Bump actions/upload-artifact from 6.0.0 to 7.0.0 #18810
- Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 #18752
- Bump com.webauthn4j:webauthn4j-core from 0.31.0.RELEASE to 0.31.1.RELEASE #18830
- Bump io.projectreactor:reactor-bom from 2025.0.3 to 2025.0.4 #18877
- Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 #18751
- Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 #18792
- Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 #18861
- Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 #18887
- Bump org.junit:junit-bom from 6.0.2 to 6.0.3 #18743
- Bump org.springframework.data:spring-data-bom from 2025.1.3 to 2025.1.4 #18904
- Bump org.springframework:spring-framework-bom from 7.0.4 to 7.0.5 #18764
- Bump org.springframework:spring-framework-bom from 7.0.5 to 7.0.6 #18905
- Update Antora UI Spring to v0.4.26 #18893
- Update to spring-security-release-tools 1.0.15 #18909
Thank you to all the contributors who worked on this release:
@busoco-sjb, @making, @meliezer, @ngocnhan-tran1996, @rwinch, @sephiroth-j, @therepanic, @thuri, and @ziqin
7.1.0-M3
- Add
postProcessortoSpringOpaqueTokenIntrospectorBuilders #18625 - Add InetAddressMatcher #18634
- Add MessageExpressionAuthorizationManager #18813
- Add missing AOT Runtime Hints #18767
- Add nullability contract to
PasswordEncoder#encodeimplementations #18490 - Add RestClientOpaqueTokenIntrospector #18746
- Add tests for PathPatternRequestMatcher request path caching #18721
- Allow custom token settings for OAuth 2.0 dynamic client registration #18870
- Change
ActiveDirectoryLdapAuthenticationProviderto useLdapClient#18627 - Clarify need for method attribute in JSP authorize tag #18566
- Cleanup #17801
- Document multipart CSRF header option #18757
- Enable Null checking in spring-security-oauth2-jose via JSpecify #17821
- Ensure ID Token is updated after refresh token (Reactive) #17246
- Fail on javadoc warnings for spring-security-aspects #18855
- Fail spring-security-docs on javadoc warnings #18613
- Fix ClientAttributes Javadoc Typos #18802
- Fix compile warning in spring-security-test #18593
- Fix compile warnings for spring-security-config #18596
- Make authenticationConverter customizable in SpringOpaqueTokenIntrospector.Builder #18623
- Make PublicKeyCredentialCreationOptions Serializable #18354
- Mark
CsrfTokenRequestAttributeHandler#setCsrfRequestAttributeNameas Nullable #18620 - Remove unused
@Nullablein Switch User andFactorGrantedAuthority#18765 - Specify charset in
WWW-Authenticatefor Basic Auth #18760 - Support custom
OAuth2AuthenticatedPrincipalin Jwt-based authentication flow #17191 - Support single-line PEM encoded RSA keys in
RsaKeyConverters#18599 - Update servlet/architecture.adoc to use include-code #18536
- Use attributes in Antora to replace the original links #18819
- Use include-code for websocket.adoc #18856
- Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18785
- Add Jackson Mixin for WebAuthnAuthentication #18907
- Add Missing OnCommitedResponseWrapper Header Overrides #18800
- Document Keberose Dependency Coordinates #18786
- Ensure tests clear AuthorizationServerContextHolder #18769
- Fix CookieRequestCache parameters #18865
- Fix Flaky Crypto Tests #18843
- Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs #18908
- Fix SecurityContextLogoutHandler.logout
@paramresponse Javadoc (cannot be null) #18795 - Fix spring-security-webauthn dependency in passkeys documentation #18866
- HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 #18835
- Improve error message for missing access attribute in intercept-url #18530
- Mark
targetDomainObjectas@NullableinPermissionEvaluator#18796 - Update password4j docs to use BcryptPassword4jPasswordEncoder #18232
- Bump
@antora/collector-extension from 1.0.2 to 1.0.3 #18851 - Bump
@antora/collector-extension from 1.0.2 to 1.0.3 in /docs #18852 - Bump actions/upload-artifact from 6.0.0 to 7.0.0 #18808
- Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.31 #18740
- Bump ch.qos.logback:logback-classic from 1.5.31 to 1.5.32 #18748
- Bump com.fasterxml.jackson:jackson-bom from 2.21.0 to 2.21.1 #18778
- Bump com.nimbusds:oauth2-oidc-sdk from 11.33 to 11.34 #18859
- Bump com.webauthn4j:webauthn4j-core from 0.31.0.RELEASE to 0.31.1.RELEASE #18827
- Bump gradle-wrapper from 9.3.1 to 9.4.0 #18849
- Bump io.micrometer:micrometer-observation from 1.16.3 to 1.16.4 #18868
- Bump io.projectreactor:reactor-bom from 2025.0.3 to 2025.0.4 #18875
- Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.11 to 0.0.12 #18828
- Bump minimatch from 3.1.2 to 3.1.5 in /javascript #18811
- Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 #18747
- Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 #18789
- Bump org-opensaml5 from 5.2.0 to 5.2.1 #18754
- Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 #18858
- Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 #18885
- Bump org.hibernate.orm:hibernate-core from 7.2.4.Final to 7.2.5.Final #18775
- Bump org.hibernate.orm:hibernate-core from 7.2.5.Final to 7.2.6.Final #18826
- Bump org.hibernate.orm:hibernate-core from 7.2.6.Final to 7.2.7.Final #18901
- Bump org.junit:junit-bom from 6.0.2 to 6.0.3 #18741
- Bump org.mockito:mockito-bom from 5.21.0 to 5.22.0 #18825
- Bump org.mockito:mockito-bom from 5.22.0 to 5.23.0 #18881
- Bump org.seleniumhq.selenium:htmlunit3-driver from 4.40.0 to 4.41.0 #18777
- Bump org.seleniumhq.selenium:selenium-java from 4.40.0 to 4.41.0 #18776
- Bump org.springframework.data:spring-data-bom from 2025.1.3 to 2025.1.4 #18902
- Bump org.springframework:spring-framework-bom from 7.0.4 to 7.0.5 #18763
- Bump org.springframework:spring-framework-bom from 7.0.5 to 7.0.6 #18900
- Bump spring-io/spring-security-release-tools/.github/workflows/test.yml from 1.0.13 to 1.0.14 #18728
- Bump tools.jackson:jackson-bom from 3.0.4 to 3.1.0 #18790
- Update Antora UI Spring to v0.4.26 #18894
Thank you to all the contributors who worked on this release:
@023-dev, @DDINGJOO, @Hann244, @chanani, @coehgns, @earlgrey02, @evgeniycheban, @itsmevichu, @jkuhel, @joshlong, @kimyounguk1, @kmw10693, @ngocnhan-tran1996, @nidhogg5, @pahlevani, @rwinch, @scordio, @therepanic, and @wonderfulrosemari
6.5.9
- Update Link to CSRF Docs in FAQ #18616
- Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18544
saveAuthenticationRequestshould readrelayStatefromauthenticationRequest#18872- Add Missing OnCommitedResponseWrapper Header Overrides #18798
- Clarify Resource Server startup expectations #18518
- Correct Reference to Clear-Site-Data Directive enum #18273
- Fix CookieRequestCache parameters #18857
- Fix Flaky Crypto Tests #18841
- Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs #18896
- Bump
@antora/collector-extension from 1.0.2 to 1.0.3 in /docs #18854 - Bump actions/upload-artifact from 6.0.0 to 7.0.0 #18809
- Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 #18749
- Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 #18779
- Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 #18876
- Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 #18750
- Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 #18791
- Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 #18860
- Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 #18886
- Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final #18780
- Bump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final #18829
- Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 #18903
Thank you to all the contributors who worked on this release:
@Hann244, @Khyojae, @ghusta, @itsmevichu, @qihaiyan, @rwinch, @therepanic, and @ziqin
7.21.0-rc.25
- AAE-42877 Move jackson bom higher to enforce the right version by @killerboot in https://github.com/Activiti/Activiti/pull/5330
Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.24...7.21.0-rc.25