6.4.0-RC1

⭐ New Features

• Add API for Looking Up Security Annotations #15700
• Add loginPage() to DSL in reactive oauth2Login() #15674
• Add public InMemoryOneTimeTokenService.setClock(Clock) #15864
• Support One-Time Tokens in a Clustered Environment [#15735][https://github.com//issues/15735]
• Add Reactive One-Time Token Login Kotlin DSL Support #15888
• Add Support for Passkeys #13305
• Allow OAuth2ClientSpec to get ReactiveOAuth2AccessTokenResponseClient from Spring IoC #11097
• Allow access token request parameters to override defaults #15339
• Allow building a ClientRegistration from provided configuration #15716
• Allow logout+jwt JWT type for reactive #15847
• AuthorizationEventPublisher should accept an AuthorizationResult #15915
• AuthorizationManager should return AuthorizationResult #14846
• Clarify Username/Password Authentication Docs #15806
• Customize the strategy for resolving the principal #15833
• Introduce ExpressionJwtGrantedAuthoritiesConverter to extract nested authorities via SpEL expression #15202
• Improve encapsulation for jwtValidators #15879
• Improve readibility of empty collection checks #15898
• Improved error message for PasswordEncoder #14968
• Make Security Observations Selectable #15678
• ObjectProvider over custom getBeanOrNull method #15816
• Parameters customizer called before all parameters are set #15939
• Polish diamond operator usage #15900
• Polish OAuth2ClientConfiguration #15857
• Reactive oauth2Login should pick up OAuth2ReactiveUserService bean #15848
• Replace Date().getTime() method with System.currentTimeMillis() #15890
• Simplify Casting with ReactiveJwtDecoders #15797
• Support refresh token for Token Exchange #15534
• Update document #15862
• Update javaDoc for DefaultOneTimeTokenSubmitPageGeneratingFilter #15870
• Update websocket integration docs #15438
• Use SessionAuthenticationStrategy for Remember-Me authentication #15748

🪲 Bug Fixes

• Fix HttpSecurity Deprecation notices #15827
• Minor fix in Kotlin docs for noSpringSecurityObservations #15831
• OidcBackChannelLogoutTokenValidator should not construct when missing OIDC Provider Issuer #15824
• Restore Framework version on Snapshot build #15916
• The additionalParameters array parameter of OAuth2AuthorizationRequest causes the authorizationRequestUri to be incorrect #15830

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.10 to 1.5.11 #15924
• Bump com.fasterxml.jackson:jackson-bom from 2.17.2 to 2.18.0 #15859
• Bump io.freefair.gradle:aspectj-plugin from 8.10 to 8.10.2 #15881
• Bump io.micrometer:micrometer-observation from 1.13.5 to 1.13.6 #15918
• Bump io.mockk:mockk from 1.13.12 to 1.13.13 #15895
• Bump io.projectreactor:reactor-bom from 2023.0.10 to 2023.0.11 #15922
• Bump io.spring.develocity.conventions from 0.0.21 to 0.0.22 #15871
• Bump org.hibernate.orm:hibernate-core from 6.6.0.Final to 6.6.1.Final #15823
• Bump org.htmlunit:htmlunit from 4.4.0 to 4.5.0 #15960
• Bump org.junit:junit-bom from 5.11.1 to 5.11.2 #15882
• Bump org.mockito:mockito-bom from 5.14.1 to 5.14.2 #15923
• Bump org.seleniumhq.selenium:htmlunit3-driver from 4.23.0 to 4.25.0 #15959
• Bump org.seleniumhq.selenium:selenium-java from 4.24.0 to 4.25.0 #15839
• Bump org.springframework.data:spring-data-bom from 2024.0.4 to 2024.0.5 #15961
• Bump org.springframework.ldap:spring-ldap-core from 3.2.6 to 3.2.7 #15942
• Bump org.springframework:spring-framework-bom from 6.2.0-RC1 to 6.2.0-RC2 #15943

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-beta.2 to 1.0.0-beta.3 in /docs #15911
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.13 to 1.0.0-alpha.14 in /docs #15834
• Fix Broken Resource Server Doc Links #15845
• Fix typo of createDefaultRequestMacher in WebSessionServerRequestCache #15867
• Polish ExpressionTemplateSecurityAnnotationScanner #15832
• Release 6.4.0-RC1 #15966

❤️ Contributors

Thank you to all the contributors who worked on this release:

@JohnNiang, @bottlerocketjonny, @c1rd3cm, @dependabot[bot], @franticticktick, @heruan, @jinia91, @kse-music, @kwonyonghyun, @ngocnhan-tran1996, @nimakarimiank, @openrefactorymunawar, @regiuss-own, @rs017991, @sjohnr, @thomasdarimont, @wapkch, and @xhaggi

6.3.4

🪲 Bug Fixes

• Annotation expression template processing should not fail on Class parameter types #15711
• Disabling credentials erasure on custom AuthenticationManager is not working #15808
• Documentation inconsistency in AuthorizationManager's verify method return type #15822
• Methods annotated with @PostFilter are processed twice by PostFilterAuthorizationMethodInterceptor #15676
• OidcBackChannelLogoutTokenValidator should not construct when missing OIDC Provider Issuer #15868
• SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #15767
• The additionalParameters array parameter of OAuth2AuthorizationRequest causes the authorizationRequestUri to be incorrect #15829

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.10 to 1.5.11 #15926
• Bump io.micrometer:micrometer-observation from 1.12.10 to 1.12.11 #15917
• Bump io.mockk:mockk from 1.13.12 to 1.13.13 #15897
• Bump io.projectreactor:reactor-bom from 2023.0.10 to 2023.0.11 #15925
• Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.1 to 3.0.2 #15694
• Bump org-eclipse-jetty from 11.0.23 to 11.0.24 #15731
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.21 to 4.33.22 #15761
• Bump org.junit:junit-bom from 5.10.4 to 5.10.5 #15883
• Bump org.springframework.data:spring-data-bom from 2024.0.4 to 2024.0.5 #15958
• Bump org.springframework.ldap:spring-ldap-core from 3.2.6 to 3.2.7 #15944
• Bump org.springframework:spring-framework-bom from 6.1.13 to 6.1.14 #15945

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-beta.2 to 1.0.0-beta.3 in /docs #15907
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.13 to 1.0.0-alpha.14 in /docs #15836
• Migrate slack notifications to GChat #15668
• Release 6.3.4 #15964
• Update eclipse/vscode configuration to use -parameters #15681

❤️ Contributors

Thank you to all the contributors who worked on this release:

@dependabot[bot] and @kse-music

6.2.7

🪲 Bug Fixes

• Disabling credentials erasure on custom AuthenticationManager is not working #15807
• Documentation inconsistency in AuthorizationManager's verify method return type #15704
• Fix code format in OIDC Logout docs #15566
• Fix OIDC Logout docs: Session Strategy vs. Registry #15686
• Methods annotated with @PostFilter are processed twice by PostFilterAuthorizationMethodInterceptor #15675
• Methods annotated with @PostFilter are processed twice by PostFilterAuthorizationMethodInterceptor #15651
• SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #15766
• The additionalParameters array parameter of OAuth2AuthorizationRequest causes the authorizationRequestUri to be incorrect #15828

🔨 Dependency Upgrades

• Bump Gradle Wrapper from 8.10.1 to 8.10.2 #15841
• Bump io.micrometer:micrometer-observation from 1.12.10 to 1.12.11 #15919
• Bump io.mockk:mockk from 1.13.12 to 1.13.13 #15896
• Bump io.projectreactor:reactor-bom from 2023.0.10 to 2023.0.11 #15927
• Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.1 to 3.0.2 #15693
• Bump org-eclipse-jetty from 11.0.23 to 11.0.24 #15733
• Bump org.junit:junit-bom from 5.10.4 to 5.10.5 #15880
• Bump org.springframework.data:spring-data-bom from 2023.1.10 to 2023.1.11 #15962
• Bump org.springframework.ldap:spring-ldap-core from 3.2.6 to 3.2.7 #15946
• Bump org.springframework:spring-framework-bom from 6.1.13 to 6.1.14 #15947

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-beta.2 to 1.0.0-beta.3 in /docs #15910
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.13 to 1.0.0-alpha.14 in /docs #15838
• Bump Gradle Wrapper from 8.7 to 8.10 #15609
• CORS documentation should use UrlBasedCorsConfigurationSource #15769
• Migrate slack notifications to GChat #15667
• Release 6.2.7 #15965
• Update CORS document #15784
• Update eclipse/vscode configuration to use -parameters #15680

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Junhyunny, @dependabot[bot], @github-actions[bot], @hwanders, and @ngocnhan-tran1996

5.8.15

⭐ New Features

• Address unnecessary method invocation in AbstractRequestMatcherRegistry #15718
• The SecuredAuthorizationManager can now find @Secured annotations on … #15014

🪲 Bug Fixes

• Disabling credentials erasure on custom AuthenticationManager is not working #15683
• Methods annotated with @PostFilter are processed twice by PostFilterAuthorizationMethodInterceptor #15624
• SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #15749
• The additionalParameters array parameter of OAuth2AuthorizationRequest causes the authorizationRequestUri to be incorrect #15533

🔨 Dependency Upgrades

• Bump io.projectreactor.tools:blockhound from 1.0.9.RELEASE to 1.0.10.RELEASE #15928
• Bump org-eclipse-jetty from 9.4.55.v20240627 to 9.4.56.v20240826 #15730
• Bump org.springframework.ldap:spring-ldap-core from 2.4.1 to 2.4.2 #15941

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-beta.2 to 1.0.0-beta.3 in /docs #15908
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.13 to 1.0.0-alpha.14 in /docs #15837
• Migrate slack notifications to GChat #15503
• Release 5.8.15 #15963

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @chenzhenjia
• @tugjg
• @abimael-turing
• @dependabot[bot]

5.7.13

Release 5.7.13

6.4.0-M4

⭐ New Features

• Abstract Common Code in UnmodifiableListDeserializer and UnmodifiableSetDeserializer #15673
• Add API for Registering Security Hints #15772
• Add cookie customizer to CookieRequestCache #15685
• Add DefaultResourcesFitler to XML configuration #15790
• Add One-Time Token Login support to Kotlin DSL #15727
• Add RestClient implementations #15337
• Add Support for One-Time Token Login #15114
• Cache Annotation Lookups #15799
• Consider adding RestClient implementations of OAuth2AccessTokenResponseClient #15298
• Deprecate default OAuth2AccessTokenResponseClients in favor of RestClient-based ones #15737
• Document how to configure One-Time Token TTL #15743
• EnableReactiveMethodSecurity Supports Custom MethodSecurityExpressionHandler #15719
• Fix adding more implied roles in the RoleHierarchy Builder. #15717
• Include FilterChain on SessionInformationExpiredEvent to allow continuing the request #14077
• Make OidcSessionRegistry Configurable in Kotlin #15814
• Oidc Logout Improvements #15540
• Pick Up OidcSessionRegistry bean in OIDC Configuration #15813
• Polish OneTimeTokenLogin #15750
• Provide Runtime Hints for Beans used in Pre/PostAuthorize Expressions #15794
• Remove the need for @JsonSerialize when serializing authorization proxy objects with Jackson #15687
• Remove trailing spaces in default UIs #15791
• Serve static resources (JS, CSS) from dedicated filter #15723
• Throw AuthorizationDeniedException when AuthorizationResult is available #15706
• Use HTML templating in default UIs #15580

🪲 Bug Fixes

• Correct Title in logout.adoc #15736
• Disabling credentials erasure on custom AuthenticationManager is not working #15809
• Fix getBeansWithName in global authentication configurers #15781
• Fix variable targetClassToUse is not passed into the synthesize method #15568
• Fixed typo in the Servlet API Integration documentation #15691
• Fixed typos in the Servlet and Reactive Observability documents #15692
• Hardcode ott-username input name in DefaultLoginPageGeneratingFilter #15740
• SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #15768

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.7 to 1.5.8 #15762
• Bump com.gradle.develocity from 3.17.6 to 3.18 #15682
• Bump io.micrometer:micrometer-observation from 1.13.3 to 1.13.4 #15777
• Bump io.projectreactor:reactor-bom from 2023.0.9 to 2023.0.10 #15787
• Bump io.spring.develocity.conventions from 0.0.20 to 0.0.21 #15795
• Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.1 to 3.0.2 #15695
• Bump org-eclipse-jetty from 11.0.23 to 11.0.24 #15732
• Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.8.1 to 1.9.0 #15810
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.21 to 4.33.22 #15763
• Bump org.mockito:mockito-bom from 5.12.0 to 5.13.0 #15703
• Bump org.seleniumhq.selenium:selenium-java from 4.23.1 to 4.24.0 #15708
• Bump org.springframework.data:spring-data-bom from 2024.0.3 to 2024.0.4 #15811
• Bump org.springframework:spring-framework-bom from 6.2.0-M7 to 6.2.0-RC1 #15801

🔩 Build Updates

• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.12 to 1.0.0-alpha.13 in /docs #15755
• Check samples is stuck on an old snapshot dependency #15798
• Update Spring Boot links #15720

❤️ Contributors

Thank you to all the contributors who worked on this release:

@CrazyParanoid, @Kehrlann, @dependabot[bot], @fb64, @hyunmin0317, @jzheaux, @kse-music, @marcusdacoregio, @ngocnhan-tran1996, @nielsbasjes, @sjohnr, and @ximinghui

6.4.0-M3

⭐ New Features

• Simplify adding AuthorizationAdvisors to AuthorizationAdvisorProxyFactory #15497

🔨 Dependency Upgrades

• Bump com.gradle.develocity from 3.17.6 to 3.18 #15654
• Bump io.freefair.gradle:aspectj-plugin from 8.7.1 to 8.10 #15653
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.20 to 4.33.21 #15671

🔩 Build Updates

• Migrate slack notifications to GChat #15669

❤️ Contributors

Thank you to all the contributors who worked on this release:

@dependabot[bot]

6.3.3

🪲 Bug Fixes

• ObservationRegistry is never post-processed #15658

🔨 Dependency Upgrades

• Bump org-eclipse-jetty from 11.0.22 to 11.0.23 #15664

❤️ Contributors

Thank you to all the contributors who worked on this release:

@dependabot[bot]

6.4.0-M2

⭐ New Features

• (Spring Boot 2.7->3.2) Duplicate @PreAuthorize annotation error across class hierarchy #15097
• Add @FunctionalInterface to AuthenticationManager #15441
• Add RestClient interceptor #15437
• Add AssertingPartyMetadataRepository #15349
• Add AuthorizationDeniedException(String) constructor #15607
• Add methods to augment allowed headers and parameters in StrictHttpFi… #15048
• Bad return type for HeadersConfigurer#permissionsPolicy method with customizer #14803
• Fix NPE when nameAttributeValue is null (#15338) #15407
• Improve @AuthenticationPrincipal meta-annotations #15344
• Improve @CurrentSecurityContext meta-annotations #15553
• Inline CSS for default login and logout page #15303
• Method Annotations Should Support @AliasFor #15436
• Preserve custom user type in InMemoryUserDetailsManager #15498
• RelyingPartyRegistrations typically produces unusable registrationId #15017
• Validate asserting party metadata signature #12116

🪲 Bug Fixes

• @DeniedHandler should not require an ApplicationContext to function #15496
• AuthorizationAnnotationUtils.findUniqueAnnotation is broken when interface is inherited #13490
• EnableMethodSecurity should publish only one bean of each AuthorizationAdvisor #15608

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.6 to 1.5.7 #15621
• Bump com.google.code.gson:gson from 2.10.1 to 2.11.0 #15575
• Bump io.freefair.gradle:aspectj-plugin from 8.6 to 8.7.1 #15586
• Bump io.micrometer:micrometer-observation from 1.12.8 to 1.13.3 #15585
• Bump io.mockk:mockk from 1.13.11 to 1.13.12 #15429
• Bump io.projectreactor:reactor-bom from 2023.0.8 to 2023.0.9 #15600
• Bump jakarta-websocket from 2.1.1 to 2.2.0 #15573
• Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.0 to 3.0.1 #15587
• Bump jakarta.servlet:jakarta.servlet-api from 6.0.0 to 6.1.0 #15576
• Bump org-apache-maven-resolver from 1.9.21 to 1.9.22 #15548
• Bump org.apache.maven:maven-resolver-provider from 3.9.8 to 3.9.9 #15641
• Bump org.assertj:assertj-core from 3.25.3 to 3.26.3 #15577
• Bump org.gretty:gretty from 4.1.4 to 4.1.5 #15428
• Bump org.hibernate.orm:hibernate-core from 6.4.10.Final to 6.6.0.Final #15603
• Bump org.hibernate.orm:hibernate-core from 6.4.9.Final to 6.4.10.Final #15531
• Bump org.htmlunit:htmlunit from 4.1.0 to 4.4.0 #15612
• Bump org.jetbrains.kotlin:kotlin-bom from 1.9.24 to 1.9.25 #15453
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.24 to 1.9.25 #15454
• Bump org.junit:junit-bom from 5.10.3 to 5.11.0 #15610
• Bump org.mockito:mockito-bom from 5.11.0 to 5.12.0 #15584
• Bump org.seleniumhq.selenium:htmlunit3-driver from 4.20.0 to 4.23.0 #15574
• Bump org.seleniumhq.selenium:selenium-java from 4.20.0 to 4.23.1 #15602
• Bump org.slf4j:slf4j-api from 2.0.13 to 2.0.14 #15532
• Bump org.slf4j:slf4j-api from 2.0.13 to 2.0.15 #15547
• Bump org.slf4j:slf4j-api from 2.0.15 to 2.0.16 #15569
• Bump org.springframework.data:spring-data-bom from 2024.0.2 to 2024.0.3 #15640
• Bump org.springframework.ldap:spring-ldap-core from 3.2.4 to 3.2.6 #15622
• Bump org.springframework:spring-framework-bom from 6.2.0-M5 to 6.2.0-M6 #15443
• Bump org.springframework:spring-framework-bom from 6.2.0-M6 to 6.2.0-M7 #15611

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs #15448
• Bump @antora/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs #15485
• Bump @antora/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs #15564
• Bump @antora/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs #15634
• Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs #15520
• Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs #15565
• Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs #15635
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs #15519
• Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs #15483
• Bump com.gradle.develocity from 3.17.5 to 3.17.6 #15462
• Bump io-spring-javaformat from 0.0.42 to 0.0.43 #15646
• Fix code formatting in documentation #15572
• Migrate slack notifications to GChat #15506
• Remove duplicated "the" in JavaDoc #15469
• Update spring-test to Mock TestContext in Tests #15579

❤️ Contributors

Thank you to all the contributors who worked on this release:

@HyoJongPark, @Kehrlann, @MrJovanovic13, @baezzys, @benelog, @crusherd, @dependabot[bot], @jzheaux, @kse-music, @pongdangx2, and @sjohnr

6.3.2

⭐ New Features

• ActiveDirectoryLdapAuthenticationProvider does not implement support for multiple urls #15495
• Document the role of CredentialsContainer #15321
• OIDC Backchannel Logout should allow logout tokens having typ header of logout+jwt #15410

🪲 Bug Fixes

• A broken link in Spring Security reference #15297
• Documentation for ServletBearerExchangeFilterFunction incomplete or incorrect #15460
• EnableMethodSecurity should publish only one bean of each AuthorizationAdvisor #15592
• Fix Compromised Password Checker Docs Sample Not Working #15305
• Fix for #15172 introduces significant performance degredation #15324
• Pre/PostAuthorize should not ignore HandleAuthorizationDenied#handlerClass when ApplicationContext is not provided #15535
• Update prerequisites documentation with Java 17 #15340
• Use Correct Meta-Annotation in Kotlin Sample #15472
• Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null' #15440

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.6 to 1.5.7 #15619
• Bump com.fasterxml.jackson:jackson-bom from 2.17.1 to 2.17.2 #15374
• Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14 #15373
• Bump io.micrometer:micrometer-observation from 1.12.7 to 1.12.8 #15383
• Bump io.micrometer:micrometer-observation from 1.12.8 to 1.12.9 #15581
• Bump io.mockk:mockk from 1.13.11 to 1.13.12 #15430
• Bump io.projectreactor:reactor-bom from 2023.0.7 to 2023.0.8 #15388
• Bump io.projectreactor:reactor-bom from 2023.0.8 to 2023.0.9 #15597
• Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api from 3.0.0 to 3.0.1 #15582
• Bump org-apache-maven-resolver from 1.9.20 to 1.9.21 #15372
• Bump org-apache-maven-resolver from 1.9.21 to 1.9.22 #15545
• Bump org-eclipse-jetty from 11.0.21 to 11.0.22 #15356
• Bump org.apache.maven:maven-resolver-provider from 3.9.7 to 3.9.8 #15268
• Bump org.apache.maven:maven-resolver-provider from 3.9.8 to 3.9.9 #15642
• Bump org.gretty:gretty from 4.1.4 to 4.1.5 #15431
• Bump org.hibernate.orm:hibernate-core from 6.4.9.Final to 6.4.10.Final #15530
• Bump org.jetbrains.kotlin:kotlin-bom from 1.9.24 to 1.9.25 #15456
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.24 to 1.9.25 #15455
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.19 to 4.33.20 #15267
• Bump org.junit:junit-bom from 5.10.2 to 5.10.3 #15315
• Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3 #15336
• Bump org.slf4j:slf4j-api from 2.0.13 to 2.0.14 #15529
• Bump org.slf4j:slf4j-api from 2.0.14 to 2.0.15 #15546
• Bump org.slf4j:slf4j-api from 2.0.15 to 2.0.16 #15571
• Bump org.springframework.data:spring-data-bom from 2024.0.1 to 2024.0.2 #15421
• Bump org.springframework.data:spring-data-bom from 2024.0.2 to 2024.0.3 #15643
• Bump org.springframework.ldap:spring-ldap-core from 3.2.4 to 3.2.6 #15620
• Bump org.springframework:spring-framework-bom from 6.1.10 to 6.1.11 #15402
• Bump org.springframework:spring-framework-bom from 6.1.11 to 6.1.12 #15613
• Bump org.springframework:spring-framework-bom from 6.1.9 to 6.1.10 #15279

🔩 Build Updates

• Automate check of expected branch version #15310
• Bump @antora/collector-extension from 1.0.0-alpha.4 to 1.0.0-alpha.6 in /docs #15449
• Bump @antora/collector-extension from 1.0.0-alpha.6 to 1.0.0-alpha.7 in /docs #15482
• Bump @antora/collector-extension from 1.0.0-alpha.7 to 1.0.0-beta.1 in /docs #15560
• Bump @antora/collector-extension from 1.0.0-beta.1 to 1.0.0-beta.2 in /docs #15637
• Bump @springio/antora-extensions from 1.11.1 to 1.12.0 in /docs #15418
• Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs #15517
• Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs #15561
• Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs #15636
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.10 to 1.0.0-alpha.11 in /docs #15419
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.11 to 1.0.0-alpha.12 in /docs #15515
• Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs #15329
• Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs #15480
• Bump com.gradle.develocity from 3.17.5 to 3.17.6 #15464
• Bump io-spring-javaformat from 0.0.42 to 0.0.43 #15650
• Fix typos and formatting in documentation #15380
• Migrate slack notifications to GChat #15505
• Use explicit types instead of var #15537

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Kehrlann, @dependabot[bot], and @tahakorkem