Accueil Explorer Aide
S'inscrire Connexion
github
/
spring-security
miroir de https://github.com/spring-projects/spring-security
2
0
Fork 0
Fichiers Tickets 0 Wiki
Aborescence: fe96a62dfc
Branches Tags
spring-security
/
docs
/
modules
/
ROOT
/
pages
/
whats-new.adoc

whats-new.adoc 3.0 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536 
  1. [[new]]
    2. 

  2. = What's New in Spring Security 6.0
    3. 

  3. 

  4. Spring Security 6.0 provides a number of new features.
    5. 

  5. Below are the highlights of the release.
    6. 

  6. 

  7. == Breaking Changes
    8. 

  8. 

  9. * https://github.com/spring-projects/spring-security/issues/10556[gh-10556] - Remove EOL OpenSaml 3 Support.
    10. 

  10. Use the OpenSaml 4 Support instead.
    11. 

  11. * https://github.com/spring-projects/spring-security/issues/8980[gh-8980] - Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)`.
    12. 

  12. Instead use data storage to encrypt values.
    13. 

  13. * https://github.com/spring-projects/spring-security/issues/11520[gh-11520] - Remember Me uses SHA256 by default
    14. 

  14. * https://github.com/spring-projects/spring-security/issues/8819 - Move filters to web package
    15. 

  15. Reorganize imports
    16. 

  16. * https://github.com/spring-projects/spring-security/issues/7349 - Move filter and token to appropriate packages
    17. 

  17. Reorganize imports
    18. 

  18. * https://github.com/spring-projects/spring-security/issues/11026[gh-11026] - Use `RequestAttributeSecurityContextRepository` instead of `NullSecurityContextRepository`
    19. 

  19. * https://github.com/spring-projects/spring-security/pull/11887[gh-11827] - Change default authority for `oauth2Login()`
    20. 

  20. * https://github.com/spring-projects/spring-security/issues/10347[gh-10347] - Remove `UsernamePasswordAuthenticationToken` check in `BasicAuthenticationFilter`
    21. 

  21. * https://github.com/spring-projects/spring-security/pull/11923[gh-11923] - Remove `WebSecurityConfigurerAdapter`.
    22. 

  22. Instead, create a https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter[SecurityFilterChain bean].
    23. 

  23. * https://github.com/spring-projects/spring-security/issues/11899[gh-11899] - Use `MvcRequestMatcher` by default if Spring MVC is present.
    24. 

  24. You can configure a different `RequestMatcher` by using the https://docs.spring.io/spring-security/reference/servlet/appendix/namespace/http.html#nsa-http-attributes[request-matcher attribute from <http>].
    25. 

  25. * Change use-authorization-manager="true" to default
    26. 

  26. If the application uses `use-expressions="true"` or `access-decision-manager-ref` switch to `use-expressions="false"` or `authorization-manager-ref`, respectively.
    27. 

  27. If application relies on the implicit `<intercept-url pattern="/**" access="permitAll"/>`, this is no longer implicit and needs to be specified.
    28. 

  28. Or use `use-authorization-manager="false"`
    29. 

  29. * https://github.com/spring-projects/spring-security/issues/11939[gh-11939] - Remove deprecated `antMatchers`, `mvcMatchers`, `regexMatchers` helper methods from Java Configuration.
    30. 

  30. Instead, use `requestMatchers` or `HttpSecurity#securityMatchers`.
    31. 

  31. * https://github.com/spring-projects/spring-security/issues/11985[gh-11985] - Remove deprecated constructors in `Argon2PasswordEncoder`, `SCryptPasswordEncoder` and `Pbkdf2PasswordEncoder`.
    32. 

  32. 

  33. == Observability
    34. 

  34. 

  35. * xref:servlet/integrations/observability.adoc[Instrumentation] of `AuthenticationManager`, `AuthorizationManager`, and `FilterChainProxy`
    36. 

  36. * xref:reactive/integrations/observability.adoc[Instrumentation] of `ReactiveAuthenticationManager`, `ReactiveAuthorizationManager`, and `WebFilterChainProxy`
    37.