spring-security/docs/modules/ROOT/pages/whats-new.adoc

[[new]]
= What's New in Spring Security 6.0

Spring Security 6.0 provides a number of new features.
Below are the highlights of the release.

== Breaking Changes

* https://github.com/spring-projects/spring-security/issues/10556[gh-10556] - Remove EOL OpenSaml 3 Support.
Use the OpenSaml 4 Support instead.
* https://github.com/spring-projects/spring-security/issues/8980[gh-8980] - Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)`.
Instead use data storage to encrypt values.
* https://github.com/spring-projects/spring-security/issues/11520[gh-11520] - Remember Me uses SHA256 by default
* https://github.com/spring-projects/spring-security/issues/8819 - Move filters to web package
Reorganize imports
* https://github.com/spring-projects/spring-security/issues/7349 - Move filter and token to appropriate packages
Reorganize imports
* https://github.com/spring-projects/spring-security/issues/11026[gh-11026] - Use `RequestAttributeSecurityContextRepository` instead of `NullSecurityContextRepository`
* https://github.com/spring-projects/spring-security/pull/11887[gh-11827] - Change default authority for `oauth2Login()`
* https://github.com/spring-projects/spring-security/issues/10347[gh-10347] - Remove `UsernamePasswordAuthenticationToken` check in `BasicAuthenticationFilter`
Extract subsections for preface Issue: gh-2567 2018-03-05 16:56:47 -06:00			`[[new]]`
Merge Clean up Reference Documentation Closes gh-9668 2021-12-13 16:57:36 -06:00			`= What's New in Spring Security 6.0`
Extract subsections for preface Issue: gh-2567 2018-03-05 16:56:47 -06:00
Merge Clean up Reference Documentation Closes gh-9668 2021-12-13 16:57:36 -06:00			`Spring Security 6.0 provides a number of new features.`
Extract subsections for preface Issue: gh-2567 2018-03-05 16:56:47 -06:00			`Below are the highlights of the release.`
Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)` This method is insecure. Users should instead encrypt with their database. Closes gh-8980 2022-09-07 13:51:58 -05:00
			`== Breaking Changes`

Remove Deprecated OpenSAML 3 Support Closes gh-10556 2022-09-07 13:39:26 -05:00			`* https://github.com/spring-projects/spring-security/issues/10556[gh-10556] - Remove EOL OpenSaml 3 Support.`
			`Use the OpenSaml 4 Support instead.`
Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)` This method is insecure. Users should instead encrypt with their database. Closes gh-8980 2022-09-07 13:51:58 -05:00			* https://github.com/spring-projects/spring-security/issues/8980[gh-8980] - Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)`.
Update What's New for 6.0 2022-09-20 08:32:30 -03:00			`Instead use data storage to encrypt values.`
			`* https://github.com/spring-projects/spring-security/issues/11520[gh-11520] - Remember Me uses SHA256 by default`
Move Saml2 Authentication Filters Closes gh-8819 2022-09-20 17:18:05 -06:00			`* https://github.com/spring-projects/spring-security/issues/8819 - Move filters to web package`
			`Reorganize imports`
Adjust OAuth2 Resource Server packaging Closes gh-7349 2022-09-20 17:44:05 -06:00			`* https://github.com/spring-projects/spring-security/issues/7349 - Move filter and token to appropriate packages`
			`Reorganize imports`
Update What's New for 6.0 2022-09-26 09:48:52 -05:00			* https://github.com/spring-projects/spring-security/issues/11026[gh-11026] - Use `RequestAttributeSecurityContextRepository` instead of `NullSecurityContextRepository`
Update What's New for 6.0 2022-09-26 10:07:50 -05:00			* https://github.com/spring-projects/spring-security/pull/11887[gh-11827] - Change default authority for `oauth2Login()`
Merge branch '5.8.x' Closes gh-11347 in 6.0.x Closes gh-11945 2022-10-03 16:02:18 -03:00			* https://github.com/spring-projects/spring-security/issues/10347[gh-10347] - Remove `UsernamePasswordAuthenticationToken` check in `BasicAuthenticationFilter`