This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Security 6.2.4!

What’s New in Spring Security 6.3

Spring Security 6.3 provides a number of new features. Below are the highlights of the release.

General

blog post - Added Passive JDK Serialization/Deserialization for Seamless Upgrades

Authentication

gh-7395 - docs - Add Compromised Password Checker

Authorization

gh-14596 - docs - Add Programmatic Proxy Support for Method Security
gh-14597 - docs - Add Securing of Return Values
gh-14601 - docs - Add Authorization Denied Handlers for Method Security

Configuration

gh-6192 - (docs) - Add Concurrent Sessions Control on WebFlux

CAS

gh-14193 - Added support for CAS Gateway Authentication

Crypto

gh-14202 - Migrated spring-security-rsa into spring-security-crypto

OAuth2

gh-13259 - Customize when UserInfo is called
gh-14168 - Introduce Customizable AuthorizationFailureHandler in OAuth2AuthorizationRequestRedirectFilter
gh-5199, gh-14701 - Add support for OAuth 2.0 Token Exchange Grant
gh-14672 - Customize mapping the OidcUser from OidcUserRequest and OidcUserInfo

Documentation

gh-14263 - (docs) - Add documentation for CachingUserDetailsService