spring-security/docs/modules/ROOT/pages/whats-new.adoc

[[new]]
= What's New in Spring Security 6.2

Spring Security 6.2 provides a number of new features.
Below are the highlights of the release.

== Configuration

* https://github.com/spring-projects/spring-security/issues/5011[gh-5011] - xref:servlet/integrations/cors.adoc[(docs)] Automatically enable `.cors()` if `CorsConfigurationSource` bean is present
* https://github.com/spring-projects/spring-security/issues/13204[gh-13204] - xref:migration-7/configuration.adoc#_use_with_instead_of_apply_for_custom_dsls[(docs)] Add `AbstractConfiguredSecurityBuilder.with(...)` method to apply configurers returning the builder
* https://github.com/spring-projects/spring-security/pull/13587[gh-13587] - https://spring.io/blog/2023/08/22/tackling-the-oauth2-client-component-model-in-spring-security/[blog post] Simplify configuration of OAuth2 Client component model
* https://github.com/spring-projects/spring-security/issues/13666[gh-13666], https://github.com/spring-projects/spring-security/pull/13667[gh-13667], https://github.com/spring-projects/spring-security/issues/13726[gh-13726], https://github.com/spring-projects/spring-security/issues/13850[gh-13850] - xref:servlet/authorization/authorize-http-requests.adoc#match-by-mvc[docs] Improved CVE-2023-34035 detection

== OAuth 2.0/OIDC

* https://github.com/spring-projects/spring-security/issues/7845[gh-7845] - xref:reactive/oauth2/login/logout.adoc#configure-provider-initiated-oidc-logout[docs] Add OIDC Back-channel Logout Support

== Messaging

* https://github.com/spring-projects/spring-security/pull/12532[gh-12532] - Add Security Context Propagation Support

== Web

* https://github.com/spring-projects/spring-security/pull/12817[gh-12817] - Make Configurable RedirectStrategy status code
* https://github.com/spring-projects/spring-security/issues/13988[gh-13988] - Make Configurable HTTP Basic request parsing

== Documentation

* https://github.com/spring-projects/spring-security/issues/13784[gh-13784] - xref:servlet/oauth2/index.adoc[docs] - Update OAuth2 docs landing page with examples
* https://github.com/spring-projects/spring-security/issues/11926[gh-11926] - xref:servlet/authentication/passwords/index.adoc#publish-authentication-manager-bean[docs] Document how to publish an `AuthenticationManager` `@Bean` without `WebSecurityConfigurerAdapter`
Extract subsections for preface Issue: gh-2567 2018-03-05 16:56:47 -06:00			`[[new]]`
Revert unnecessary commits from main Issue gh-15016 2024-05-08 13:44:07 -03:00			`= What's New in Spring Security 6.2`
Extract subsections for preface Issue: gh-2567 2018-03-05 16:56:47 -06:00
Revert unnecessary commits from main Issue gh-15016 2024-05-08 13:44:07 -03:00			`Spring Security 6.2 provides a number of new features.`
			`Below are the highlights of the release.`
Add Max Sessions on WebFlux Closes gh-6192 2023-07-25 15:31:30 -03:00
Revert unnecessary commits from main Issue gh-15016 2024-05-08 13:44:07 -03:00			`== Configuration`
Add Passive Serialization to What's New Issue gh-14409 2024-01-31 11:28:23 -03:00
Revert unnecessary commits from main Issue gh-15016 2024-05-08 13:44:07 -03:00			* https://github.com/spring-projects/spring-security/issues/5011[gh-5011] - xref:servlet/integrations/cors.adoc[(docs)] Automatically enable `.cors()` if `CorsConfigurationSource` bean is present
			* https://github.com/spring-projects/spring-security/issues/13204[gh-13204] - xref:migration-7/configuration.adoc#_use_with_instead_of_apply_for_custom_dsls[(docs)] Add `AbstractConfiguredSecurityBuilder.with(...)` method to apply configurers returning the builder
			`* https://github.com/spring-projects/spring-security/pull/13587[gh-13587] - https://spring.io/blog/2023/08/22/tackling-the-oauth2-client-component-model-in-spring-security/[blog post] Simplify configuration of OAuth2 Client component model`
			`* https://github.com/spring-projects/spring-security/issues/13666[gh-13666], https://github.com/spring-projects/spring-security/pull/13667[gh-13667], https://github.com/spring-projects/spring-security/issues/13726[gh-13726], https://github.com/spring-projects/spring-security/issues/13850[gh-13850] - xref:servlet/authorization/authorize-http-requests.adoc#match-by-mvc[docs] Improved CVE-2023-34035 detection`
Add Passive Serialization to What's New Issue gh-14409 2024-01-31 11:28:23 -03:00
Revert unnecessary commits from main Issue gh-15016 2024-05-08 13:44:07 -03:00			`== OAuth 2.0/OIDC`
Add Compromised Password Checker Closes gh-7395 2024-03-05 14:45:33 -03:00
Revert unnecessary commits from main Issue gh-15016 2024-05-08 13:44:07 -03:00			`* https://github.com/spring-projects/spring-security/issues/7845[gh-7845] - xref:reactive/oauth2/login/logout.adoc#configure-provider-initiated-oidc-logout[docs] Add OIDC Back-channel Logout Support`
Add Authorization Proxy Support Closes gh-14596 2024-02-29 14:14:02 -07:00
Revert unnecessary commits from main Issue gh-15016 2024-05-08 13:44:07 -03:00			`== Messaging`
Add Authorization Proxy Support Closes gh-14596 2024-02-29 14:14:02 -07:00
Revert unnecessary commits from main Issue gh-15016 2024-05-08 13:44:07 -03:00			`* https://github.com/spring-projects/spring-security/pull/12532[gh-12532] - Add Security Context Propagation Support`
Add Max Sessions on WebFlux Closes gh-6192 2023-07-25 15:31:30 -03:00
Revert unnecessary commits from main Issue gh-15016 2024-05-08 13:44:07 -03:00			`== Web`
Polish gh-14193 Issue gh-14193 2023-12-20 10:54:16 -03:00
Revert unnecessary commits from main Issue gh-15016 2024-05-08 13:44:07 -03:00			`* https://github.com/spring-projects/spring-security/pull/12817[gh-12817] - Make Configurable RedirectStrategy status code`
			`* https://github.com/spring-projects/spring-security/issues/13988[gh-13988] - Make Configurable HTTP Basic request parsing`
Polish gh-14193 Issue gh-14193 2023-12-20 10:54:16 -03:00
Revert unnecessary commits from main Issue gh-15016 2024-05-08 13:44:07 -03:00			`== Documentation`
Update What's New in 6.3 Closes gh-14918 2024-04-17 10:13:49 -06:00
Revert unnecessary commits from main Issue gh-15016 2024-05-08 13:44:07 -03:00			`* https://github.com/spring-projects/spring-security/issues/13784[gh-13784] - xref:servlet/oauth2/index.adoc[docs] - Update OAuth2 docs landing page with examples`
			* https://github.com/spring-projects/spring-security/issues/11926[gh-11926] - xref:servlet/authentication/passwords/index.adoc#publish-authentication-manager-bean[docs] Document how to publish an `AuthenticationManager` `@Bean` without `WebSecurityConfigurerAdapter`