:star: New Features

• Adopt dedicated AssertJ assertions for more expressive test failure messages #13619
• Automate spring-security.xsd #13826
• Correct mentioned HTTP Method in Documentation #13751
• Fix grammar on logout page of the docs #13750
• Fix untitled page title in documentation #13575
• Improve StrictHttpFirewall error messaging #13615
• Improve StrictHttpFirewall error messaging #13614
• Replace wildcard type ? with * in Kotlin and fix typo in Spring docs #13719
• Support nested suspend calls for Kotlin coroutines #13766
• Update OAuth2 docs landing page with examples #13784
• Add OIDC Back-channel Logout Support #7845

:beetle: Bug Fixes

• CookieCsrfTokenRepository resets httpOnly to true in case a cookieCustomizer is set #13748
• CookieRequestCache ignores user Locale #13797
• Default Security Configuration adds https://github.com/spring-projects/spring-security/issues/13760cts/spring-security/issues/13760)
• OAuth2AuthenticationExceptionMixin doesn't work in JDK 17 #13802
• Problem uploading multipart file after migrating to latest Spring Security. #13821
• Saml2AuthenticationExceptionMixin doesn't work in JDK 17 #13807
• Spring ACL and native compilation fail to process datasource properties #13815

:hammer: Dependency Upgrades

• Update io.projectreactor to 2023.0.0-M3 #13829
• Update jakarta.xml.bind-api to 4.0.1 #13831
• Update micrometer-observation to 1.12.0-M3 #13828
• Update org.aspectj to 1.9.20.1 #13832
• Update org.eclipse.jetty to 11.0.16 #13833
• Update org.jetbrains.kotlin to 1.9.10 #13835
• Update org.springframework to 6.1.0-M5 #13837
• Update org.springframework.data to 2023.1.0-M3 #13838
• Update reactor-netty to 1.1.11 #13830
• Update slf4j-api to 2.0.9 #13836
• Update Spring Framework to 6.1.0-SNAPSHOT #13765
• Update spring-ldap-core to 3.2.0-M3 #13839

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

• @deniz-husaj
• @sjohnr
• @man-moon
• @timtebeek
• @kevin2jordan
• @bjornharvold
• @ben-larson