[[new]]
= What's New in Spring Security 5.7

Spring Security 5.7 provides a number of new features.
Below are the highlights of the release.

[[whats-new-servlet]]
== Servlet

* Web

** Introduced xref:servlet/authentication/persistence.adoc#requestattributesecuritycontextrepository[`RequestAttributeSecurityContextRepository`]
** Introduced xref:servlet/authentication/persistence.adoc#securitycontextholderfilter[`SecurityContextHolderFilter`] - Ability to require explicit saving of the `SecurityContext`

* OAuth 2.0 Client

** Allow configuring https://github.com/spring-projects/spring-security/issues/6548[PKCE for confidential clients]
** Allow configuring a https://github.com/spring-projects/spring-security/issues/9812[JWT assertion resolver] in `JwtBearerOAuth2AuthorizedClientProvider`
** Allow customizing claims on https://github.com/spring-projects/spring-security/issues/9855[JWT client assertions]

[[whats-new-webflux]]
== WebFlux

* Web

** Allow customizing https://github.com/spring-projects/spring-security/issues/10903[charset] in `ServerHttpBasicAuthenticationConverter`

* OAuth 2.0 Client

** Allow configuring https://github.com/spring-projects/spring-security/issues/6548[PKCE for confidential clients]
** Allow configuring a https://github.com/spring-projects/spring-security/issues/9812[JWT assertion resolver] in `JwtBearerReactiveOAuth2AuthorizedClientProvider`