spring-security/docs/modules/ROOT/pages/whats-new.adoc

[[new]]
= What's New in Spring Security 6.5

Spring Security 6.5 provides a number of new features.
Below are the highlights of the release, or you can view https://github.com/spring-projects/spring-security/releases[the release notes] for a detailed listing of each feature and bug fix.

== Breaking Changes

=== Observability

The `security.security.reached.filter.section` key name was corrected to `spring.security.reached.filter.section`.
Note that this may affect reports that operate on this key name.

== OAuth

* https://github.com/spring-projects/spring-security/pull/16386[gh-16386] - Enable PKCE for confidential clients using `ClientRegistration.clientSettings.requireProofKey=true` for xref:servlet/oauth2/client/core.adoc#oauth2Client-client-registration-requireProofKey[servlet] and xref:reactive/oauth2/client/core.adoc#oauth2Client-client-registration-requireProofKey[reactive] applications

== WebAuthn

* https://github.com/spring-projects/spring-security/pull/16397[gh-16397] - Added the ability to configure a custom `HttpMessageConverter` for Passkeys using the optional xref:servlet/authentication/passkeys.adoc#passkeys-configuration[`messageConverter` property] on the `webAuthn` DSL.
* https://github.com/spring-projects/spring-security/pull/16396[gh-16396] - Added the ability to configure a custom xref:servlet/authentication/passkeys.adoc#passkeys-configuration-pkccor[`PublicKeyCredentialCreationOptionsRepository`]
Extract subsections for preface Issue: gh-2567 2018-03-05 16:56:47 -06:00			`[[new]]`
Increment to 6.5.0-SNAPSHOT Closes gh-16221 2024-12-12 21:44:08 -06:00			`= What's New in Spring Security 6.5`
Extract subsections for preface Issue: gh-2567 2018-03-05 16:56:47 -06:00
Increment to 6.5.0-SNAPSHOT Closes gh-16221 2024-12-12 21:44:08 -06:00			`Spring Security 6.5 provides a number of new features.`
Update What's New in 6.3 Closes gh-14918 2024-04-17 10:13:49 -06:00			`Below are the highlights of the release, or you can view https://github.com/spring-projects/spring-security/releases[the release notes] for a detailed listing of each feature and bug fix.`
Add Breaking Change Section for 6.5 Issue gh-16422 2025-01-16 14:30:01 -07:00
			`== Breaking Changes`

			`=== Observability`

			The `security.security.reached.filter.section` key name was corrected to `spring.security.reached.filter.section`.
			`Note that this may affect reports that operate on this key name.`
Document requireProofKey Issue gh-16386 2025-01-17 16:43:27 -06:00
			`== OAuth`

			* https://github.com/spring-projects/spring-security/pull/16386[gh-16386] - Enable PKCE for confidential clients using `ClientRegistration.clientSettings.requireProofKey=true` for xref:servlet/oauth2/client/core.adoc#oauth2Client-client-registration-requireProofKey[servlet] and xref:reactive/oauth2/client/core.adoc#oauth2Client-client-registration-requireProofKey[reactive] applications
Document PublicKeyCredentialCreationOptionsRepository Issue gh-16396 2025-01-17 20:47:45 -06:00
			`== WebAuthn`

Document custom HttpMessageConverter support for WebAuthn Issue gh-16397 2025-01-17 21:08:16 -06:00			* https://github.com/spring-projects/spring-security/pull/16397[gh-16397] - Added the ability to configure a custom `HttpMessageConverter` for Passkeys using the optional xref:servlet/authentication/passkeys.adoc#passkeys-configuration[`messageConverter` property] on the `webAuthn` DSL.
Document PublicKeyCredentialCreationOptionsRepository Issue gh-16396 2025-01-17 20:47:45 -06:00			* https://github.com/spring-projects/spring-security/pull/16396[gh-16396] - Added the ability to configure a custom xref:servlet/authentication/passkeys.adoc#passkeys-configuration-pkccor[`PublicKeyCredentialCreationOptionsRepository`]