首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
目录树: 45c37c4454
分支列表 标签列表
spring-security
/
docs
/
modules
/
ROOT
/
pages
/
whats-new.adoc

whats-new.adoc 4.3 KB
文件历史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 
  1. [[new]]
    2. 

  2. = What's New in Spring Security 5.8
    3. 

  3. 

  4. Spring Security 5.8 provides a number of new features.
    5. 

  5. Below are the highlights of the release.
    6. 

  6. 

  7. == Core
    8. 

  8. 

  9. === Session Handling Improvements
    10. 

  10. * https://github.com/spring-projects/spring-security/issues/6125[gh-6125] - improved session creation and access
    11. 

  11. * https://github.com/spring-projects/spring-security/issues/11392[gh-11392] - Support deferring lookup of `SecurityContext`
    12. 

  12. 

  13. === AuthorizationManager API
    14. 

  14. * https://github.com/spring-projects/spring-security/issues/11493[gh-11493] - `AuthorizationManager` supports SpEL
    15. 

  15. * Additional XML support for `AuthorizationManager`
    16. 

  16. * https://github.com/spring-projects/spring-security/pull/11393[gh-11393] - Additional DSL support for `AuthorizationManager`
    17. 

  17. * Additional XML Support for `AuthorizationManager
    18. 

  18. * https://github.com/spring-projects/spring-security/issues/11304[gh-11304] - `AuthorizationManager` supports `RoleHierarchy`
    19. 

  19. * https://github.com/spring-projects/spring-security/issues/11076[gh-11076] - `AuthorizationManager` supports WebSockets
    20. 

  20. * https://github.com/spring-projects/spring-security/issues/11326[gh-11326] - `AuthorizationManager` supports AspectJ
    21. 

  21. * https://github.com/spring-projects/spring-security/issues/4841[gh-4841], https://github.com/spring-projects/spring-security/issues/9401[gh-9401] - `ReactiveAuthorizationManager` supports method security
    22. 

  22. * https://github.com/spring-projects/spring-security/issues/11625[gh-11625] - Support `AuthorizationManager` composition
    23. 

  23. 

  24. === Misc
    25. 

  25. * https://github.com/spring-projects/spring-security/issues/10973[gh-10973] - `SecurityContextHolderStrategy` can be published as a `@Bean`
    26. 

  26. 

  27. == Config
    28. 

  28. 

  29. * https://github.com/spring-projects/spring-security/pull/11771[gh-11771] - `HttpSecurityDsl` should support `apply` method
    30. 

  30. 

  31. == OAuth
    32. 

  32. 

  33. * https://github.com/spring-projects/spring-security/issues/11590[gh-11590] - Deprecate Resource Owner Password Grant
    34. 

  34. * https://github.com/spring-projects/spring-security/issues/11383[gh-11383] - Add `baseScheme`, `baseHost`, `basePort` and `basePath` to the `post_logout_redirect_uri`
    35. 

  35. * https://github.com/spring-projects/spring-security/issues/11661[gh-11661] - Add `OpaqueTokenAuthenticationConverter`
    36. 

  36. * https://github.com/spring-projects/spring-security/pull/11232[gh-11232] - `ClientRegistrations#rest` defines 30s connect and read timeouts
    37. 

  37. * https://github.com/spring-projects/spring-security/pull/11638[gh-11638] - Refresh remote JWK when unknown KID error occurs
    38. 

  38. 

  39. == SAML
    40. 

  40. 

  41. * https://github.com/spring-projects/spring-security/issues/11286[gh-11286] - Support configuring multiple relying party logout bindings
    42. 

  42. * https://github.com/spring-projects/spring-security/issues/11065[gh-11065] - Allow custom relay state for AuthnRequests
    43. 

  43. * https://github.com/spring-projects/spring-security/issues/11468[gh-11468] - Simplify `AuthnRequest#id` access
    44. 

  44. 

  45. == Web
    46. 

  46. * https://github.com/spring-projects/spring-security/issues/11073[gh-11073] - Add `DelegatingServerHttpHeadersWriter`
    47. 

  47. * https://github.com/spring-projects/spring-security/issues/4001[gh-4001] - Add xref:servlet/exploits/csrf.adoc#servlet-csrf-configure-request-handler[servlet support] for CSRF BREACH protection
    48. 

  48. * https://github.com/spring-projects/spring-security/issues/11959[gh-11959] - Add xref:reactive/exploits/csrf.adoc#webflux-csrf-configure-request-handler[reactive support] for CSRF BREACH protection
    49. 

  49. * https://github.com/spring-projects/spring-security/pull/11464[gh-11464] - Remember Me supports SHA256 algorithm
    50. 

  50. * https://github.com/spring-projects/spring-security/pull/11908[gh-11908] - Make X-Xss-Protection header value configurable in ServerHttpSecurity
    51. 

  51. * https://github.com/spring-projects/spring-security/issues/11347[gh-11347] - Simplify Java Configuration `RequestMatcher` Usage
    52. 

  52. * https://github.com/spring-projects/spring-security/issues/9159[gh-9159] - Add `securityMatcher` as an alias on `requestMatcher` in `HttpSecurity`
    53. 

  53. * https://github.com/spring-projects/spring-security/issues/11952[gh-11952] - Add `csrfTokenRequestResolver` to `CsrfDsl`
    54. 

  54. * https://github.com/spring-projects/spring-security/issues/11916[gh-11916] - `HttpSecurityConfiguration` picks up `ContentNegotiationStrategy` bean
    55. 

  55. * https://github.com/spring-projects/spring-security/issues/11971[gh-11971] - Additional support for `AuthorizationFilter` running for all dispatcher types
    56. 

  56. 

  57. == Test
    58. 

  58. * https://github.com/spring-projects/spring-security/issues/6899[gh-6899] - `@WithMockUser` works as meta-annotation
    59.