:star: New Features

• #12811 - compressing simple class name for observation #12955
• Add new DaoAuthenticationProvider constructor #12964
• Add NimbusJwtDecoder#withIssuerLocation #10309
• Clarify documentation code snippet(s) (unclear where static imported methods come from) #12993
• Deprecate shouldFilterAllDispatcherTypes #12138
• Document in the reference how to migrate to lambda #12628
• Documentation should mention that an empty SecurityContext should also be saved #12942
• Don't use raw xml saml authentication request for response validation #12962
• Ensure access token isn't resolved from query for form-encoded requests #12990
• Expression-Based Access Control do not working as explain in spring security document for 6.0.2 also tried 6.0.5 the issue persist #12933
• Remove OpenSaml deprecation warnings #12947
• Replace deprecated OpenSaml methods #12948
• We should deprecate .and() along with non lambda DSL methods #12629

:beetle: Bug Fixes

• Fix a javadoc typo in ReactiveAuthorizationManager #13001
• Fix a javadoc typo in ReactiveAuthorizationManager #12984
• Fix documentation code block bug. #12981
• HttpSessionSecurityContextRepository fails to create a session because of the deferred security context support #12920
• MessageMatcherDelegatingAuthorizationManager not extracting path variables for authorization context #12924
• NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder holds a reference to JWSVerificationKeySelector before ConfigurableJWTProcessor.setJWSKeySelector is executed #13006
• Observation Spans are not nested correctly in Webflux #12934
• Saml2 RelyingPartyRegistration.nameIdFormat is ignored and not set in AuthnRequest from OpenSamlAuthenticationRequestResolver #12937

:hammer: Dependency Upgrades

• Update reactor-netty to 1.1.6 #13047

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

• @1livv
• @jzheaux
• @Brummolix
• @bvn13