Releases: spring-projects/spring-authorization-server
Releases · spring-projects/spring-authorization-server
2.0.0-M2
⭐ New Features
- Provide access token to refresh token generator #2131
🪲 Bug Fixes
- Fix spring cloud gateway routes prefix #2152
🔨 Dependency Upgrades
- Bump com.nimbusds:nimbus-jose-jwt from 10.3.1 to 10.4.1 #2138
- Bump com.nimbusds:nimbus-jose-jwt from 10.4.1 to 10.4.2 #2147
- Bump Gradle Wrapper from 8.6 to 8.14 #2170
- Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #2130
- Bump io.spring.security.release from 1.0.10 to 1.0.11 #2145
- Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #2139
- Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 2.2.0 to 2.2.10 #2146
- Bump org.jfrog.buildinfo:build-info-extractor-gradle from 5.2.5 to 6.0.0 #2129
- Bump org.junit:junit-bom from 5.13.3 to 5.13.4 #2128
- Bump org.mockito:mockito-core from 5.18.0 to 5.19.0 #2166
- Bump org.springframework.security:spring-security-bom from 7.0.0-M1 to 7.0.0-M2 #2168
- Update to Spring Framework 7.0.0-M8 #2171
⏪ Non-passive
- Remove RequestMatcherUtils #2144
❤️ Contributors
Thank you to all the contributors who worked on this release:
Contributors
malaquf and alexanderankin
Assets 2
1.5.2
🔨 Dependency Upgrades
- Bump
@springio/antora-extensions from 1.14.4 to 1.14.6 in /docs #2096 - Bump io-spring-javaformat from 0.0.46 to 0.0.47 #2066
- Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #2124
- Bump io.spring.security.release from 1.0.10 to 1.0.11 #2148
- Bump io.spring.security.release from 1.0.6 to 1.0.8 #2065
- Bump io.spring.security.release from 1.0.8 to 1.0.9 #2105
- Bump io.spring.security.release from 1.0.9 to 1.0.10 #2125
- Bump org.springframework.security:spring-security-bom from 6.5.1 to 6.5.2 #2126
- Bump org.springframework.security:spring-security-bom from 6.5.2 to 6.5.3 #2167
- Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #2104
- Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #2149
1.4.5
🔨 Dependency Upgrades
- Bump
@springio/antora-extensions from 1.14.4 to 1.14.6 in /docs #2094 - Bump io-spring-javaformat from 0.0.46 to 0.0.47 #2056
- Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #2121
- Bump io.spring.security.release from 1.0.10 to 1.0.11 #2151
- Bump io.spring.security.release from 1.0.6 to 1.0.8 #2059
- Bump io.spring.security.release from 1.0.8 to 1.0.9 #2107
- Bump io.spring.security.release from 1.0.9 to 1.0.10 #2122
- Bump org.springframework.security:spring-security-bom from 6.4.7 to 6.4.8 #2123
- Bump org.springframework.security:spring-security-bom from 6.4.8 to 6.4.9 #2169
- Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #2108
- Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #2150
2.0.0-M1
⭐ New Features
🔨 Dependency Upgrades
- Bump
@springio/antora-extensions from 1.14.4 to 1.14.6 in /docs #2095 - Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.19.1 #2079
- Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2 #2116
- Bump com.nimbusds:nimbus-jose-jwt from 9.47 to 10.3.1 #2072
- Bump io-spring-javaformat from 0.0.46 to 0.0.47 #2061
- Bump io.spring.security.release from 1.0.6 to 1.0.8 #2060
- Bump io.spring.security.release from 1.0.8 to 1.0.9 #2106
- Bump org-bouncycastle from 1.79 to 1.81 #2077
- Bump org.assertj:assertj-core from 3.26.3 to 3.27.3 #2063
- Bump org.gradle.wrapper-upgrade from 0.11.4 to 0.12 #2064
- Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.25 to 2.2.0 #2078
- Bump org.mockito:mockito-core from 4.11.0 to 5.18.0 #2099
- Bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 2.8.0.1969 to 3.3 #2098
- Update docs to Spring Boot 4.0.0-SNAPSHOT #2089
- Update docs to Spring Security 7.0.0-SNAPSHOT #2088
- Update io.spring.security.release to 1.0.10 #2118
- Update samples to Spring Boot 4.0.0-SNAPSHOT #2091
- Update samples to Spring Security 7.0.0-SNAPSHOT #2090
- Update to org.junit:junit-bom:5.13.3 #2117
- Update to Spring Framework 7.0.0-M7 #2119
- Update to Spring Framework 7.0.0-SNAPSHOT #2083
- Update to Spring Security 7.0.0-M1 #2120
- Update to Spring Security 7.0.0-SNAPSHOT #2084
⏪ Non-passive
- Fix breaking changes with AntPathRequestMatcher being removed #2086
- Fix breaking changes with ObjectPostProcessor being moved #2085
- Remove DelegatingAuthenticationConverter #2102
- Remove OAuth2AuthorizationServerConfiguration.applyDefaultSecurity() #2101
- Serializable classes should not share serialVersionUID #2100
❤️ Contributors
Thank you to all the contributors who worked on this release:
Contributors
ngocnhan-tran1996
Assets 2
1.5.1
⭐ New Features
- Polish logging in OAuth2ClientAuthenticationFilter #2025
🪲 Bug Fixes
- OAuth2 Pushed Authorization Request request_uri expiry is too short #2024
🔨 Dependency Upgrades
- Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #2040
- Bump io-spring-javaformat from 0.0.45 to 0.0.46 #2030
- Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #2034
- Bump org.springframework.security:spring-security-bom from 6.5.0 to 6.5.1 #2049
- Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #2045
1.4.4
🪲 Bug Fixes
- Prevent NPE #1995
🔨 Dependency Upgrades
- Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #2001
- Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #2039
- Bump io-spring-javaformat from 0.0.43 to 0.0.45 #2022
- Bump io-spring-javaformat from 0.0.45 to 0.0.46 #2031
- Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #2033
- Bump io.spring.security.release from 1.0.5 to 1.0.6 #1998
- Bump org.springframework.security:spring-security-bom from 6.4.5 to 6.4.6 #2023
- Bump org.springframework.security:spring-security-bom from 6.4.6 to 6.4.7 #2050
- Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #2018
- Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #2044
❤️ Contributors
Thank you to all the contributors who worked on this release:
Contributors
ngocnhan-tran1996
Assets 2
1.3.7
🪲 Bug Fixes
🔨 Dependency Upgrades
- Bump io-spring-javaformat from 0.0.43 to 0.0.45 #2019
- Bump io-spring-javaformat from 0.0.45 to 0.0.46 #2029
- Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #2032
- Bump io.spring.security.release from 1.0.5 to 1.0.6 #1999
- Bump org.springframework.security:spring-security-bom from 6.3.9 to 6.3.10 #2051
- Bump org.springframework:spring-framework-bom from 6.1.19 to 6.1.20 #2017
- Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21 #2046
❤️ Contributors
Thank you to all the contributors who worked on this release:
Contributors
ngocnhan-tran1996 and antoinelauzon-bell
Assets 2
1.5.0
⭐ New Features
- Add documentation for DPoP support #2009
- Add documentation for OAuth 2.0 Pushed Authorization Requests (PAR) #2014
- Replace
@MockBeanwith@MockitoBean#1972
🪲 Bug Fixes
- Fix DPoP jkt claim to be JWK SHA-256 thumbprint #2007
- Fix DPoP jkt claim validation during refresh_token grant for public clients #2008
🔨 Dependency Upgrades
- Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #2002
- Bump io-spring-javaformat from 0.0.43 to 0.0.45 #2020
- Bump io.spring.security.release from 1.0.5 to 1.0.6 #2000
- Bump org.springframework.security:spring-security-bom from 6.5.0-RC1 to 6.5.0 #2021
- Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #2016
❤️ Contributors
Thank you to all the contributors who worked on this release:
Contributors
DevDengChao
Assets 2
1.5.0-RC1
⭐ New Features
- Add authorization server metadata for DPoP support #1951
- Add authorization server metadata for OAuth 2.0 Pushed Authorization Requests (PAR) #1975
- Enforce one-time use for request_uri used in PAR #1974
- request_uri used in PAR must be bound to the client #1971
- Use OAuth2ParameterNames.REQUEST_URI #1991
- Validate expiry for request_uri used in PAR #1973
- Verify DPoP Proof public key during refresh_token grant for public clients #1949
🔨 Dependency Upgrades
- Bump
@springio/asciidoctor-extensions from 1.0.0-alpha.16 to 1.0.0-alpha.17 in /docs #1944 - Bump io.spring.security.release from 1.0.3 to 1.0.4 #1968
- Bump io.spring.security.release from 1.0.4 to 1.0.5 #1987
- Bump org.springframework.security:spring-security-bom from 6.5.0-M3 to 6.5.0-RC1 #1990
- Bump org.springframework:spring-framework-bom from 6.2.4 to 6.2.5 #1940
- Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6 #1979
- Bump spring-io/spring-doc-actions from 0.0.18 to 0.0.19 #1942
1.4.3
🔨 Dependency Upgrades
- Bump
@springio/antora-extensions from 1.14.2 to 1.14.4 in /docs #1916 - Bump
@springio/asciidoctor-extensions from 1.0.0-alpha.16 to 1.0.0-alpha.17 in /docs #1943 - Bump com.fasterxml.jackson:jackson-bom from 2.18.2 to 2.18.3 #1922
- Bump io.spring.security.release from 1.0.3 to 1.0.4 #1966
- Bump io.spring.security.release from 1.0.4 to 1.0.5 #1988
- Bump org.springframework.security:spring-security-bom from 6.4.3 to 6.4.4 #1936
- Bump org.springframework.security:spring-security-bom from 6.4.4 to 6.4.5 #1989
- Bump org.springframework:spring-framework-bom from 6.2.3 to 6.2.4 #1933
- Bump org.springframework:spring-framework-bom from 6.2.4 to 6.2.5 #1939
- Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6 #1980
- Bump spring-io/spring-doc-actions from 0.0.18 to 0.0.19 #1947