spring-security/docs/modules/ROOT/pages/whats-new.adoc

[[new]]
= What's New in Spring Security 6.0

Spring Security 6.0 provides a number of new features.
Below are the highlights of the release.

== Breaking Changes

* https://github.com/spring-projects/spring-security/issues/10556[gh-10556] - Remove EOL OpenSaml 3 Support.
Use the OpenSaml 4 Support instead.
* https://github.com/spring-projects/spring-security/issues/8980[gh-8980] - Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)`.
Instead use data storage to encrypt values.
* https://github.com/spring-projects/spring-security/issues/11520[gh-11520] - Remember Me uses SHA256 by default
* https://github.com/spring-projects/spring-security/issues/8819 - Move filters to web package
Reorganize imports
* https://github.com/spring-projects/spring-security/issues/7349 - Move filter and token to appropriate packages
Reorganize imports
* https://github.com/spring-projects/spring-security/issues/11026[gh-11026] - Use `RequestAttributeSecurityContextRepository` instead of `NullSecurityContextRepository`
* https://github.com/spring-projects/spring-security/pull/11887[gh-11827] - Change default authority for `oauth2Login()`
* https://github.com/spring-projects/spring-security/issues/10347[gh-10347] - Remove `UsernamePasswordAuthenticationToken` check in `BasicAuthenticationFilter`
Extract subsections for preface Issue: gh-2567 2018-03-06 06:56:47 +08:00			`[[new]]`
Merge Clean up Reference Documentation Closes gh-9668 2021-12-14 06:57:36 +08:00			`= What's New in Spring Security 6.0`
Extract subsections for preface Issue: gh-2567 2018-03-06 06:56:47 +08:00
Merge Clean up Reference Documentation Closes gh-9668 2021-12-14 06:57:36 +08:00			`Spring Security 6.0 provides a number of new features.`
Extract subsections for preface Issue: gh-2567 2018-03-06 06:56:47 +08:00			`Below are the highlights of the release.`
Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)` This method is insecure. Users should instead encrypt with their database. Closes gh-8980 2022-09-08 02:51:58 +08:00
			`== Breaking Changes`

Remove Deprecated OpenSAML 3 Support Closes gh-10556 2022-09-08 02:39:26 +08:00			`* https://github.com/spring-projects/spring-security/issues/10556[gh-10556] - Remove EOL OpenSaml 3 Support.`
			`Use the OpenSaml 4 Support instead.`
Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)` This method is insecure. Users should instead encrypt with their database. Closes gh-8980 2022-09-08 02:51:58 +08:00			* https://github.com/spring-projects/spring-security/issues/8980[gh-8980] - Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)`.
Update What's New for 6.0 2022-09-20 19:32:30 +08:00			`Instead use data storage to encrypt values.`
			`* https://github.com/spring-projects/spring-security/issues/11520[gh-11520] - Remember Me uses SHA256 by default`
Move Saml2 Authentication Filters Closes gh-8819 2022-09-21 07:18:05 +08:00			`* https://github.com/spring-projects/spring-security/issues/8819 - Move filters to web package`
			`Reorganize imports`
Adjust OAuth2 Resource Server packaging Closes gh-7349 2022-09-21 07:44:05 +08:00			`* https://github.com/spring-projects/spring-security/issues/7349 - Move filter and token to appropriate packages`
			`Reorganize imports`
Update What's New for 6.0 2022-09-26 22:48:52 +08:00			* https://github.com/spring-projects/spring-security/issues/11026[gh-11026] - Use `RequestAttributeSecurityContextRepository` instead of `NullSecurityContextRepository`
Update What's New for 6.0 2022-09-26 23:07:50 +08:00			* https://github.com/spring-projects/spring-security/pull/11887[gh-11827] - Change default authority for `oauth2Login()`
Update What's New for 6.0 2022-09-30 04:57:48 +08:00			* https://github.com/spring-projects/spring-security/issues/10347[gh-10347] - Remove `UsernamePasswordAuthenticationToken` check in `BasicAuthenticationFilter`