What is new in different version of SPring boot Security

Categories: Spring Boot

Spring Security has also evolved significantly over the years, especially in how it integrates with Spring Boot. Below is a version-wise summary of what's new in different versions of Spring Security, especially in relation to Spring Boot integration and security features.

Spring Security 5.x Series (2018–2022)

Spring Security 5.0 (Jan 2018)

  • OAuth 2.0 Login Support
  • Password Encoders with DelegatingPasswordEncoder
  • WebFlux Security (Reactive stack support)

  • Security Matcher updatesmvcMatchers() and antMatchers()

  • OAuth 2.0 Resource Server support (initial)

Spring Security 5.1 (Sept 2018)

  • Form login + OAuth 2.0 simplifications

  •  Automatic JWT decoding
  • SAML 2.0 initial support
  •  Enhancements to SecurityContextHolder

Spring Security 5.2 (Oct 2019)

  • OAuth2 Authorization Server refinements (separate project)

  • JWT Bearer Token support
  • SameSite cookie support
  • CSRF configuration improvements

Spring Security 5.3 (March 2020)

  • Support for X.509 Authentication in WebFlux

  • DelegatingAuthorizationManager
  • Authorization event logging
  • OAuth2 enhancements

Spring Security 5.4 (Sept 2020)

  • @EnableMethodSecurity (replacement for @EnableGlobalMethodSecurity)

  • SecurityFilterChain bean customization

  • OAuth2 PKCE support

  • SAML 2.0 refinements

  • More lambda DSL support

Spring Security 5.5 (May 2021)

  • New AuthorizationManager API (replacing AccessDecisionManager)

  • OAuth2 Authorization Server improvements

  • SecurityContextHolderStrategy (for async scenarios)

Spring Security 5.6 (Nov 2021)

  • Support for Spring Native / AOT

  • BouncyCastle support for JCA

  • Improvements for OAuth2 token introspection

Spring Security 5.7 (May 2022)

  • Deprecated WebSecurityConfigurerAdapter
  • Move to component-based security configuration via SecurityFilterChain beans

  • Enhanced method-level security annotations

  • @EnableMethodSecurity replaces older global settings

Spring Security 6.x Series (2022–Present)

 Supports Spring Boot 3.x and Jakarta EE

 Spring Security 6.0 (Nov 2022)

  • Java 17 baseline
  • Jakarta EE 9+ package support (javax.*jakarta.*)

  • Component-based security config only (WebSecurityConfigurerAdapter removed)

  • New configuration DSL using lambdas

  • Enhanced support for GraalVM native image
  • Updated OAuth2 client and server modules

Spring Security 6.1 (May 2023)

  • Method Security Expressions overhaul

  • AuthorizationManager for all major use cases

  • Improved multi-tenancy support
  • JWT decoding enhancements
  • Easier use of custom claims and scopes in token validation

  • Better support for Docker and Cloud Native environments

Spring Security 6.2 (Nov 2023)

  • Virtual thread compatibility
  • Better error message handling
  • More flexible authentication entry points
  • Support for OAuth2 Token Revocation
  • Continued improvements for AOT/Natively compiled applications

Upcoming (Spring Security 6.3 in 2024/2025)

  • Improved OpenID Connect support

  • Expanded SAML 2.0 features

  • Performance and native image optimizations

Key Shifts Summary

Version

Key Features

5.0

OAuth 2.0 Login, Password Encoding

5.2

JWT & OAuth2 Resource Server

5.4

Lambda DSL, AuthorizationManager

5.7

Deprecated WebSecurityConfigurerAdapter

6.0

Jakarta EE, Java 17+, Native Ready

6.1

Method Security revamp, AuthorizationManager

6.2

Virtual Threads, OAuth2 Revocation


-----------------

Top Blogs
How do you handle exceptions in a Spring Boot application? Published at:- How do you schedule tasks in a Spring Boot application? Published at:- Can you explain how you would use Spring Boot to build a RESTful API for a project? Published at:- what is new in Spring Boot Published at:- What is new in different version of SPring boot Security Published at:-
R4R.co.in Team
The content on R4R is created by expert teams.