On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-M2! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8700 - OAuth2AuthorizedClientArgumentResolver picks up OAuth2AuthorizedClientManager bean

gh-8730 - Add JWTProcessor Configuration Post-Processor

gh-8669 - OAuth2AuthorizedClientArgumentResolver for XML

gh-8587 - Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter

gh-8603 - oauth2Client Test Support no longer requires an HttpSessionOAuth2AuthorizedClientRepository

gh-8501 - Add issuerUri to ClientRegistration

Web

gh-8644, gh-8703 - StrictHttpFirewall improvements

gh-8677 - Deprecate X-Frame-Options ALLOW-FROM

gh-8676 - Replace white/blacklist with allow/blocklist

Docs

gh-8199, gh-8542 - Additional Documentation Restructuring

Kotlin

gh-8697 - Add Reified Function Variants to Security DSL

OpenID

gh-8450 - Deprecate OpenID 2.0 support

LDAP

gh-8416 - ApacheDSContainer allows port 0

SAML

gh-8661 - SAML 2.0 Attribute support

Project Site | Reference | Help