• Spring Authorization Server fails to start with multiple PasswordEncoder beans #1610

• Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 #2277
• Bump io.spring.security.release from 1.0.13 to 1.0.14 #2284
• Bump org.springframework.security:spring-security-bom from 6.5.7 to 6.5.8 #2287
• Bump org.springframework:spring-framework-bom from 6.2.15 to 6.2.16 #2285

• Release 1.5.5 #2268

• Release 1.4.8 #2269

• Deploy JavaDoc with Antora #2244

• Missing response_type in POST authorization request should return invalid_request #2226

• Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #2228
• Bump io.spring.security.release from 1.0.11 to 1.0.13 #2230
• Bump org.springframework.security:spring-security-bom from 6.5.6 to 6.5.7 #2242
• Bump org.springframework:spring-framework-bom from 6.2.12 to 6.2.14 #2247
• Bump org.springframework:spring-framework-bom from 6.2.14 to 6.2.15 #2267

• Deploy JavaDoc with Antora #2243
• Stop deploying JavaDoc outside of Antora #2245

• Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #2227
• Bump io.spring.security.release from 1.0.11 to 1.0.13 #2229
• Bump org.springframework.security:spring-security-bom from 6.4.12 to 6.4.13 #2241
• Bump org.springframework:spring-framework-bom from 6.2.12 to 6.2.14 #2246
• Bump org.springframework:spring-framework-bom from 6.2.14 to 6.2.15 #2266

• Add comments to SQL-scripts to ensure robust timezone handling #2220

• PAR endpoint metadata should only be returned when enabled #2219
• Disallow usage of the openid scope in device authorization requests #2216
• PAR uses requested scopes on consent #2182
• Fix to return client_secret_expires_at in client registration response #2172

• Bump org.springframework.security:spring-security-bom from 6.5.5 to 6.5.6 #2222
• Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #2215
• Bump org.springframework.security:spring-security-bom from 6.5.4 to 6.5.5 #2202
• Bump org.springframework.security:spring-security-bom from 6.5.3 to 6.5.4 #2200
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #2194

We'd like to thank all the contributors who worked on this release!

• @willemvd

• Add comments to SQL-scripts to ensure robust timezone handling #2217

• Disallow usage of the openid scope in device authorization requests #2177
• Fix to return client_secret_expires_at in client registration response #2134

• Bump org.springframework.security:spring-security-bom from 6.4.11 to 6.4.12 #2221
• Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #2214
• Bump org.springframework.security:spring-security-bom from 6.4.10 to 6.4.11 #2201
• Bump org.springframework.security:spring-security-bom from 6.4.9 to 6.4.10 #2199
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #2193

We'd like to thank all the contributors who worked on this release!

• @fine-pine
• @wheleph

• Bump @springio/antora-extensions from 1.14.4 to 1.14.6 in /docs #2096
• Bump io-spring-javaformat from 0.0.46 to 0.0.47 #2066
• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #2124
• Bump io.spring.security.release from 1.0.10 to 1.0.11 #2148
• Bump io.spring.security.release from 1.0.6 to 1.0.8 #2065
• Bump io.spring.security.release from 1.0.8 to 1.0.9 #2105
• Bump io.spring.security.release from 1.0.9 to 1.0.10 #2125
• Bump org.springframework.security:spring-security-bom from 6.5.1 to 6.5.2 #2126
• Bump org.springframework.security:spring-security-bom from 6.5.2 to 6.5.3 #2167
• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #2104
• Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #2149

• Bump @springio/antora-extensions from 1.14.4 to 1.14.6 in /docs #2094
• Bump io-spring-javaformat from 0.0.46 to 0.0.47 #2056
• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #2121
• Bump io.spring.security.release from 1.0.10 to 1.0.11 #2151
• Bump io.spring.security.release from 1.0.6 to 1.0.8 #2059
• Bump io.spring.security.release from 1.0.8 to 1.0.9 #2107
• Bump io.spring.security.release from 1.0.9 to 1.0.10 #2122
• Bump org.springframework.security:spring-security-bom from 6.4.7 to 6.4.8 #2123
• Bump org.springframework.security:spring-security-bom from 6.4.8 to 6.4.9 #2169
• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #2108
• Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #2150

• Provide access token to refresh token generator #2131

• Fix spring cloud gateway routes prefix #2152

• Bump com.nimbusds:nimbus-jose-jwt from 10.3.1 to 10.4.1 #2138
• Bump com.nimbusds:nimbus-jose-jwt from 10.4.1 to 10.4.2 #2147
• Bump Gradle Wrapper from 8.6 to 8.14 #2170
• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #2130
• Bump io.spring.security.release from 1.0.10 to 1.0.11 #2145
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #2139
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 2.2.0 to 2.2.10 #2146
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 5.2.5 to 6.0.0 #2129
• Bump org.junit:junit-bom from 5.13.3 to 5.13.4 #2128
• Bump org.mockito:mockito-core from 5.18.0 to 5.19.0 #2166
• Bump org.springframework.security:spring-security-bom from 7.0.0-M1 to 7.0.0-M2 #2168
• Update to Spring Framework 7.0.0-M8 #2171

• Remove RequestMatcherUtils #2144

Thank you to all the contributors who worked on this release:

@alexanderankin and @malaquf