spring-security/docs/modules/ROOT/pages/whats-new.adoc

[[new]]
= What's New in Spring Security 5.7

Spring Security 5.7 provides a number of new features.
Below are the highlights of the release.

[[whats-new-servlet]]
== Servlet

* Web

** Introduced xref:servlet/authentication/persistence.adoc#requestattributesecuritycontextrepository[`RequestAttributeSecurityContextRepository`]
** Introduced xref:servlet/authentication/persistence.adoc#securitycontextholderfilter[`SecurityContextHolderFilter`] - Ability to require explicit saving of the `SecurityContext`

* OAuth 2.0 Client

** Allow configuring https://github.com/spring-projects/spring-security/issues/6548[PKCE for confidential clients]
** Allow configuring a https://github.com/spring-projects/spring-security/issues/9812[JWT assertion resolver] in `JwtBearerOAuth2AuthorizedClientProvider`
** Allow customizing claims on https://github.com/spring-projects/spring-security/issues/9855[JWT client assertions]

[[whats-new-webflux]]
== WebFlux

* Web

** Allow customizing https://github.com/spring-projects/spring-security/issues/10903[charset] in `ServerHttpBasicAuthenticationConverter`

* OAuth 2.0 Client

** Allow configuring https://github.com/spring-projects/spring-security/issues/6548[PKCE for confidential clients]
** Allow configuring a https://github.com/spring-projects/spring-security/issues/9812[JWT assertion resolver] in `JwtBearerReactiveOAuth2AuthorizedClientProvider`
Extract subsections for preface Issue: gh-2567 2018-03-06 06:56:47 +08:00			`[[new]]`
Update Spring Security to 5.7 Closes gh-10509 2021-11-16 07:45:36 +08:00			`= What's New in Spring Security 5.7`
Extract subsections for preface Issue: gh-2567 2018-03-06 06:56:47 +08:00
Update Spring Security to 5.7 Closes gh-10509 2021-11-16 07:45:36 +08:00			`Spring Security 5.7 provides a number of new features.`
Extract subsections for preface Issue: gh-2567 2018-03-06 06:56:47 +08:00			`Below are the highlights of the release.`
Add SecurityContextHolderFilter Closes gh-9635 2022-02-19 05:14:34 +08:00
Allow configuring PKCE for confidential clients Closes gh-6548 2022-03-15 22:25:17 +08:00			`[[whats-new-servlet]]`
			`== Servlet`

			`* Web`

			** Introduced xref:servlet/authentication/persistence.adoc#requestattributesecuritycontextrepository[`RequestAttributeSecurityContextRepository`]
			** Introduced xref:servlet/authentication/persistence.adoc#securitycontextholderfilter[`SecurityContextHolderFilter`] - Ability to require explicit saving of the `SecurityContext`

			`* OAuth 2.0 Client`

			`** Allow configuring https://github.com/spring-projects/spring-security/issues/6548[PKCE for confidential clients]`
Update whats-new.adoc with gh-9812 2022-03-17 16:41:33 +08:00			** Allow configuring a https://github.com/spring-projects/spring-security/issues/9812[JWT assertion resolver] in `JwtBearerOAuth2AuthorizedClientProvider`
Update What's New for 5.7 2022-03-17 22:56:45 +08:00			`** Allow customizing claims on https://github.com/spring-projects/spring-security/issues/9855[JWT client assertions]`
Allow configuring PKCE for confidential clients Closes gh-6548 2022-03-15 22:25:17 +08:00
			`[[whats-new-webflux]]`
			`== WebFlux`

Update What's New for 5.7 2022-03-18 01:56:17 +08:00			`* Web`

			** Allow customizing https://github.com/spring-projects/spring-security/issues/10903[charset] in `ServerHttpBasicAuthenticationConverter`

Allow configuring PKCE for confidential clients Closes gh-6548 2022-03-15 22:25:17 +08:00			`* OAuth 2.0 Client`

			`** Allow configuring https://github.com/spring-projects/spring-security/issues/6548[PKCE for confidential clients]`
Update whats-new.adoc with gh-9812 2022-03-17 16:41:33 +08:00			** Allow configuring a https://github.com/spring-projects/spring-security/issues/9812[JWT assertion resolver] in `JwtBearerReactiveOAuth2AuthorizedClientProvider`