This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Security 6.3.4!

What’s New in Spring Security 5.7

Spring Security 5.7 provides a number of new features. Below are the highlights of the release.

Servlet

Web
- Introduced RequestAttributeSecurityContextRepository
- Introduced SecurityContextHolderFilter - Ability to require explicit saving of the SecurityContext
- Added DSL support for Cross Origin Policies headers
OAuth 2.0 Client
- Allow configuring PKCE for confidential clients
- Allow configuring a JWT assertion resolver in JwtBearerOAuth2AuthorizedClientProvider
- Allow customizing claims on JWT client assertions
SAML 2.0
- Added SAML 2.0 Login & Single Logout XML support

Web
- Allow customizing charset in ServerHttpBasicAuthenticationConverter
- Added DSL support for Cross Origin Policies headers
OAuth 2.0 Client
- Allow configuring PKCE for confidential clients
- Allow configuring a JWT assertion resolver in JwtBearerReactiveOAuth2AuthorizedClientProvider