From b225ab3bbe561afdc29d5b93aac490523c4bb6ec Mon Sep 17 00:00:00 2001
From: Joe Grandja <jgrandja@vmware.com>
Date: Fri, 9 Apr 2021 08:50:53 -0400
Subject: [PATCH] Add OAuth 2.0 Client section to What's New

Closes gh-9587
---
 .../asciidoc/_includes/about/whats-new.adoc   | 89 ++-----------------
 1 file changed, 5 insertions(+), 84 deletions(-)

diff --git a/docs/manual/src/docs/asciidoc/_includes/about/whats-new.adoc b/docs/manual/src/docs/asciidoc/_includes/about/whats-new.adoc
index 2bbaef0a41..c3474090fb 100644
--- a/docs/manual/src/docs/asciidoc/_includes/about/whats-new.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/about/whats-new.adoc
@@ -1,92 +1,13 @@
 [[new]]
-== What's New in Spring Security 5.4
+== What's New in Spring Security 5.5
 
-Spring Security 5.4 provides a number of new features.
+Spring Security 5.5 provides a number of new features.
 Below are the highlights of the release.
 
-[[whats-new-documentation]]
-=== Documentation Updates
-
-We will continue our effort to rewrite the documentation.
-
-Here's what you'll see in this release:
-
-* Added <<oauth2resourceserver,OAuth 2.0 Resource Server diagrams>> for <<oauth2resourceserver-jwt-architecture,JWT>> and <<oauth2resourceserver-opaque-architecture,Opaque Token>>
-* Restructured <<servlet-saml2login,SAML 2.0 Relying Party documentation>> and added diagrams
-
-[[whats-new-logging]]
-=== Logging Updates
-
-We have begun an effort to restructure our logging.
-
-Here's what you'll see in this release:
-
-* Restructured https://github.com/spring-projects/spring-security/commit/fa7baf551dc55eab50b9ad94720e7521f0b1d26f[authorization logs]
-* Restructured https://github.com/spring-projects/spring-security/commit/fa7baf551dc55eab50b9ad94720e7521f0b1d26f[Form Login] and https://github.com/spring-projects/spring-security/commit/02d1516c566a58574af0a1d0391fd2ec8c5ad774[HTTP Basic] authentication logs
-* Added https://github.com/spring-projects/spring-security/commit/bf067d679fb5990d6b3d31cee292af171f8a5014[Resource Server] https://github.com/spring-projects/spring-security/commit/b2728059ae903d027d0da0f4a25bed6df213a0ce[logs]
-
 [[whats-new-servlet]]
 === Servlet
-* Configuration
-** Added support for https://github.com/spring-projects/spring-security/issues/8804[publishing `SecurityFilterChain` as a `@Bean`]
-* Kotlin DSL
-** Added https://github.com/spring-projects/spring-security/issues/8981[`authenticationManagerResolver`]
-** Added https://github.com/spring-projects/spring-security/issues/8892[`hasAnyRole` and `hasAnyAuthority`]
-** Added https://github.com/spring-projects/spring-security/issues/8823[custom HeaderWriter support]
-** Updated to https://github.com/spring-projects/spring-security/issues/8697[use reified types]
-** Added https://github.com/spring-projects/spring-security/pull/8350[`authorize()` method that accepts `HttpMethod`]
 * OAuth 2.0 Client
-** Polished <<testing-oauth2-client,OAuth 2.0 Client>> test support to not require an `HttpSessionOAuth2AuthorizedClientRepository` bean
-** Added support for https://github.com/spring-projects/spring-security/issues/8453[client ID and secret placeholders in XML support]
-** Refined `ClientRegistrations` to https://github.com/spring-projects/spring-security/issues/8514[not default scopes to the OIDC `scopes_supported` attribute]
-** Allow for https://github.com/spring-projects/spring-security/issues/8903[custom Client Authentication Method] in `ClientRegistration`
-** Enhanced `OAuth2AuthorizedClientArgumentResolver` to https://github.com/spring-projects/spring-security/issues/8700[pick up `OAuth2AuthorizedClientManager` from the application context]
-** Added https://github.com/spring-projects/spring-security/issues/8669[`OAuth2AuthorizedClientArgumentResolver` support to XML config]
-** Added `RequestCache` support to https://github.com/spring-projects/spring-security/issues/8120[`OAuth2AuthorizationCodeGrantFilter`]
-** Added https://github.com/spring-projects/spring-security/issues/8326[`issuerUri` to `ClientRegistration`]
-* OAuth 2.0 Resource Server
-** Added <<oauth2resourceserver-jwt-timeouts,caching support in `NimbusJwtDecoder`>>
-** Made https://github.com/spring-projects/spring-security/issues/8186[principal claim configurable in `JwtAuthenticationConverter`]
-** Enhanced configuration to <<oauth2resourceserver-jwt-authorization-extraction,pick up `JwtAuthenticationConverter` as a `@Bean`>>
-** Simplified https://github.com/spring-projects/spring-security/pull/8740[attribute retrieval for opaque token]
-* SAML 2.0
-** Made <<servlet-saml2login-sp-initiated-factory-custom-authnrequest,Open SAML `AuthnRequest` construction configurable>>
-** Enhanced <<servlet-saml2login-sp-initiated-factory-custom-authnrequest,`AuthnRequest` construction to access `HttpServletRequest` data>>
-** Opened <<servlet-saml2login-sp-initiated-factory-custom-authnrequest,`Saml2AuthenticationRequestContext` for extension>>
-** Enhanced <<servlet-saml2login-authenticatedprincipal,`Saml2AuthenticatedPrincipal` to include `<saml2:AttributeStatement>`>>
-** Enhanced <<servlet-saml2login-opensamlauthenticationprovider-userdetailsservice,`OpenSamlAuthenticationProvider` to support customizing the `Authentication` returned>>
-** Enhanced <<servlet-saml2login-opensamlauthenticationprovider-additionalvalidation,`OpenSamlAuthenticationProvider` to support customizing `<saml2:Assertion>` validation>>
-** Added support for <<servlet-saml2login-rpr-relyingpartyregistrationresolver,resolving the `RelyingPartyRegistration` from the request>>
-** Added <<servlet-saml2login-opensaml-customization,an initialization service to supercede Open SAML's `InitializationService`>>
-** Added a <<servlet-saml2login-metadata,SAML 2.0 Metadata Filter>>
-** Simplified <<servlet-saml2login-rpr-credentials,`Saml2X509Credential` construction>>
-** Restructured `RelyingPartyRegistration` to <<servlet-saml2login-relyingpartyregistration,separate relying and asserting party configurations>>
-** Added <<servlet-saml2login-relyingpartyregistration,configuration by Asserting Party Metadata endpoint>>
-** Restructured `RelyingPartyRegistration` to <<servlet-saml2login-relyingpartyregistration,reflect metadata terminology>>
-* LDAP
-** Added support for configuring https://github.com/spring-projects/spring-security/issues/8144[`ApacheDSContainer`] with a random port
-** Added support for configuring https://github.com/spring-projects/spring-security/issues/8138[application] with a random port
-* CSRF
-** Made the https://github.com/spring-projects/spring-security/pull/8749[`secure` flag configurable]
 
-[[whats-new-webflux]]
-=== WebFlux
-
-* Added https://github.com/spring-projects/spring-security/issues/5558[Kotlin DSL for WebFlux]
-* Added https://github.com/spring-projects/spring-security/issues/8324[`AuthoritiesMapper` configuration] to OAuth 2.0 Login
-* Added https://github.com/spring-projects/spring-security/issues/8599[`SwitchUserWebFilter`]
-
-[[whats-new-additional]]
-=== Additional Updates
-
-* Renamed https://github.com/spring-projects/spring-security/issues/8676[whitelist and blacklist to allowlist and blocklist]
-* Added https://github.com/spring-projects/spring-security/pull/7052[`RequestRejectedHandler`]
-* Strengthened https://github.com/spring-projects/spring-security/pull/8644[`StrictHttpFirewall`] to <<servlet-httpfirewall-headers-parameters,verify header and parameter names and values>>
-* Made https://github.com/spring-projects/spring-security/issues/5438[`SessionRegistry` aware of `SessionIdChangedEvent`]
-* Allow https://github.com/spring-projects/spring-security/issues/8402[`AesBytesEncryptor` to be constructed with a real key]
-* https://github.com/spring-projects/spring-security/pull/8450[Deprecated OpenID 2.0 support]
-
-[[whats-new-build]]
-=== Build Changes
-
-* https://github.com/spring-projects/spring-security/issues/8113[Improved performance further]
+** Added support for https://github.com/spring-projects/spring-security/pull/9520[Jwt Client Authentication] `private_key_jwt` and `client_secret_jwt`
+** Added https://github.com/spring-projects/spring-security/pull/9535[Jwt Bearer Authorization Grant] support
+** Added https://github.com/spring-projects/spring-security/pull/8765[R2DBC implementation] of `ReactiveOAuth2AuthorizedClientService`