Domů Procházet Nápověda
Registrovat se Přihlásit se
github
/
spring-security
zrcadlo https://github.com/spring-projects/spring-security
2
0
Rozštěpit 0
Soubory Úkoly 0 Wiki
Strom: e3c39f02bc
Větve Značky
spring-security
/
docs
/
modules
/
ROOT
/
pages
/
whats-new.adoc

whats-new.adoc 2.3 KB
Historie Surový

1234567891011121314151617181920212223242526272829303132 
  1. [[new]]
    2. 

  2. = What's New in Spring Security 6.5
    3. 

  3. 

  4. Spring Security 6.5 provides a number of new features.
    5. 

  5. Below are the highlights of the release, or you can view https://github.com/spring-projects/spring-security/releases[the release notes] for a detailed listing of each feature and bug fix.
    6. 

  6. 

  7. == New Features
    8. 

  8. 

  9. * Support for automatic context-propagation with Micrometer (https://github.com/spring-projects/spring-security/issues/16665[gh-16665])
    10. 

  10. * OAuth 2.0 Demonstrating Proof of Possession (DPoP) (https://github.com/spring-projects/spring-security/pull/16574[gh-16574])
    11. 

  11. 

  12. == Breaking Changes
    13. 

  13. 

  14. === Observability
    15. 

  15. 

  16. The `security.security.reached.filter.section` key name was corrected to `spring.security.reached.filter.section`.
    17. 

  17. Note that this may affect reports that operate on this key name.
    18. 

  18. 

  19. == OAuth
    20. 

  20. 

  21. * https://github.com/spring-projects/spring-security/pull/16386[gh-16386] - Enable PKCE for confidential clients using `ClientRegistration.clientSettings.requireProofKey=true` for xref:servlet/oauth2/client/core.adoc#oauth2Client-client-registration-requireProofKey[servlet] and xref:reactive/oauth2/client/core.adoc#oauth2Client-client-registration-requireProofKey[reactive] applications
    22. 

  22. * https://github.com/spring-projects/spring-security/issues/16913[gh-16913] - Prepare OAuth2 Client deprecations for removal in Spring Security 7
    23. 

  23. 

  24. == WebAuthn
    25. 

  25. 

  26. * https://github.com/spring-projects/spring-security/pull/16282[gh-16282] - xref:servlet/authentication/passkeys.adoc#passkeys-configuration-persistence[JDBC Persistence] for WebAuthn/Passkeys
    27. 

  27. * https://github.com/spring-projects/spring-security/pull/16397[gh-16397] - Added the ability to configure a custom `HttpMessageConverter` for Passkeys using the optional xref:servlet/authentication/passkeys.adoc#passkeys-configuration[`messageConverter` property] on the `webAuthn` DSL.
    28. 

  28. * https://github.com/spring-projects/spring-security/pull/16396[gh-16396] - Added the ability to configure a custom xref:servlet/authentication/passkeys.adoc#passkeys-configuration-pkccor[`PublicKeyCredentialCreationOptionsRepository`]
    29. 

  29. 

  30. == One-Time Token Login
    31. 

  31. 

  32. * https://github.com/spring-projects/spring-security/issues/16291[gh-16291] - `oneTimeTokenLogin()` now supports customizing GenerateOneTimeTokenRequest xref:servlet/authentication/onetimetoken.adoc#customize-generate-token-request[via GenerateOneTimeTokenRequestResolver]
    33.