• Add comments to SQL-scripts to ensure robust timezone handling #2220

• PAR endpoint metadata should only be returned when enabled #2219
• Disallow usage of the openid scope in device authorization requests #2216
• PAR uses requested scopes on consent #2182
• Fix to return client_secret_expires_at in client registration response #2172

• Bump org.springframework.security:spring-security-bom from 6.5.5 to 6.5.6 #2222
• Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #2215
• Bump org.springframework.security:spring-security-bom from 6.5.4 to 6.5.5 #2202
• Bump org.springframework.security:spring-security-bom from 6.5.3 to 6.5.4 #2200
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #2194

We'd like to thank all the contributors who worked on this release!

• @willemvd

• Add comments to SQL-scripts to ensure robust timezone handling #2217

• Disallow usage of the openid scope in device authorization requests #2177
• Fix to return client_secret_expires_at in client registration response #2134

• Bump org.springframework.security:spring-security-bom from 6.4.11 to 6.4.12 #2221
• Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #2214
• Bump org.springframework.security:spring-security-bom from 6.4.10 to 6.4.11 #2201
• Bump org.springframework.security:spring-security-bom from 6.4.9 to 6.4.10 #2199
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #2193

We'd like to thank all the contributors who worked on this release!

• @fine-pine
• @wheleph

• Bump @springio/antora-extensions from 1.14.4 to 1.14.6 in /docs #2096
• Bump io-spring-javaformat from 0.0.46 to 0.0.47 #2066
• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #2124
• Bump io.spring.security.release from 1.0.10 to 1.0.11 #2148
• Bump io.spring.security.release from 1.0.6 to 1.0.8 #2065
• Bump io.spring.security.release from 1.0.8 to 1.0.9 #2105
• Bump io.spring.security.release from 1.0.9 to 1.0.10 #2125
• Bump org.springframework.security:spring-security-bom from 6.5.1 to 6.5.2 #2126
• Bump org.springframework.security:spring-security-bom from 6.5.2 to 6.5.3 #2167
• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #2104
• Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #2149

• Bump @springio/antora-extensions from 1.14.4 to 1.14.6 in /docs #2094
• Bump io-spring-javaformat from 0.0.46 to 0.0.47 #2056
• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #2121
• Bump io.spring.security.release from 1.0.10 to 1.0.11 #2151
• Bump io.spring.security.release from 1.0.6 to 1.0.8 #2059
• Bump io.spring.security.release from 1.0.8 to 1.0.9 #2107
• Bump io.spring.security.release from 1.0.9 to 1.0.10 #2122
• Bump org.springframework.security:spring-security-bom from 6.4.7 to 6.4.8 #2123
• Bump org.springframework.security:spring-security-bom from 6.4.8 to 6.4.9 #2169
• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #2108
• Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #2150

• Provide access token to refresh token generator #2131

• Fix spring cloud gateway routes prefix #2152

• Bump com.nimbusds:nimbus-jose-jwt from 10.3.1 to 10.4.1 #2138
• Bump com.nimbusds:nimbus-jose-jwt from 10.4.1 to 10.4.2 #2147
• Bump Gradle Wrapper from 8.6 to 8.14 #2170
• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #2130
• Bump io.spring.security.release from 1.0.10 to 1.0.11 #2145
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #2139
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 2.2.0 to 2.2.10 #2146
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 5.2.5 to 6.0.0 #2129
• Bump org.junit:junit-bom from 5.13.3 to 5.13.4 #2128
• Bump org.mockito:mockito-core from 5.18.0 to 5.19.0 #2166
• Bump org.springframework.security:spring-security-bom from 7.0.0-M1 to 7.0.0-M2 #2168
• Update to Spring Framework 7.0.0-M8 #2171

• Remove RequestMatcherUtils #2144

Thank you to all the contributors who worked on this release:

@alexanderankin and @malaquf

• Add testRuntimeOnly junit-platform-launcher #2092
• Remove explicit type #2069

• Bump @springio/antora-extensions from 1.14.4 to 1.14.6 in /docs #2095
• Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.19.1 #2079
• Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2 #2116
• Bump com.nimbusds:nimbus-jose-jwt from 9.47 to 10.3.1 #2072
• Bump io-spring-javaformat from 0.0.46 to 0.0.47 #2061
• Bump io.spring.security.release from 1.0.6 to 1.0.8 #2060
• Bump io.spring.security.release from 1.0.8 to 1.0.9 #2106
• Bump org-bouncycastle from 1.79 to 1.81 #2077
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.3 #2063
• Bump org.gradle.wrapper-upgrade from 0.11.4 to 0.12 #2064
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.25 to 2.2.0 #2078
• Bump org.mockito:mockito-core from 4.11.0 to 5.18.0 #2099
• Bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 2.8.0.1969 to 3.3 #2098
• Update docs to Spring Boot 4.0.0-SNAPSHOT #2089
• Update docs to Spring Security 7.0.0-SNAPSHOT #2088
• Update io.spring.security.release to 1.0.10 #2118
• Update samples to Spring Boot 4.0.0-SNAPSHOT #2091
• Update samples to Spring Security 7.0.0-SNAPSHOT #2090
• Update to org.junit:junit-bom:5.13.3 #2117
• Update to Spring Framework 7.0.0-M7 #2119
• Update to Spring Framework 7.0.0-SNAPSHOT #2083
• Update to Spring Security 7.0.0-M1 #2120
• Update to Spring Security 7.0.0-SNAPSHOT #2084

• Fix breaking changes with AntPathRequestMatcher being removed #2086
• Fix breaking changes with ObjectPostProcessor being moved #2085
• Remove DelegatingAuthenticationConverter #2102
• Remove OAuth2AuthorizationServerConfiguration.applyDefaultSecurity() #2101
• Serializable classes should not share serialVersionUID #2100

Thank you to all the contributors who worked on this release:

@ngocnhan-tran1996

• Polish logging in OAuth2ClientAuthenticationFilter #2025

• OAuth2 Pushed Authorization Request request_uri expiry is too short #2024

• Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #2040
• Bump io-spring-javaformat from 0.0.45 to 0.0.46 #2030
• Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #2034
• Bump org.springframework.security:spring-security-bom from 6.5.0 to 6.5.1 #2049
• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #2045

• Check user code expiry and invalidity #1997
• Prevent NPE #1955

• Bump io-spring-javaformat from 0.0.43 to 0.0.45 #2019
• Bump io-spring-javaformat from 0.0.45 to 0.0.46 #2029
• Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #2032
• Bump io.spring.security.release from 1.0.5 to 1.0.6 #1999
• Bump org.springframework.security:spring-security-bom from 6.3.9 to 6.3.10 #2051
• Bump org.springframework:spring-framework-bom from 6.1.19 to 6.1.20 #2017
• Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21 #2046

Thank you to all the contributors who worked on this release:

@antoinelauzon-bell and @ngocnhan-tran1996

• Prevent NPE #1995

• Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #2001
• Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #2039
• Bump io-spring-javaformat from 0.0.43 to 0.0.45 #2022
• Bump io-spring-javaformat from 0.0.45 to 0.0.46 #2031
• Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #2033
• Bump io.spring.security.release from 1.0.5 to 1.0.6 #1998
• Bump org.springframework.security:spring-security-bom from 6.4.5 to 6.4.6 #2023
• Bump org.springframework.security:spring-security-bom from 6.4.6 to 6.4.7 #2050
• Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #2018
• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #2044

Thank you to all the contributors who worked on this release:

@ngocnhan-tran1996

• Add documentation for DPoP support #2009
• Add documentation for OAuth 2.0 Pushed Authorization Requests (PAR) #2014
• Replace @MockBean with @MockitoBean #1972

• Fix DPoP jkt claim to be JWK SHA-256 thumbprint #2007
• Fix DPoP jkt claim validation during refresh_token grant for public clients #2008

• Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #2002
• Bump io-spring-javaformat from 0.0.43 to 0.0.45 #2020
• Bump io.spring.security.release from 1.0.5 to 1.0.6 #2000
• Bump org.springframework.security:spring-security-bom from 6.5.0-RC1 to 6.5.0 #2021
• Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #2016

Thank you to all the contributors who worked on this release:

@DevDengChao