Spring Security 6.3 introduces several key enhancements, including passive JDK serialization support to address issues related to serialization across versions, new authorization features like defining meta-annotations for role management, and the ability to secure return values with the @AuthorizeReturnObject annotation. Additionally, the update includes error handling improvements and compromised password checks using Pwned Passwords API. The update also adds support for OAuth 2.0 Token Exchange, enabling clients to exchange tokens while retaining user identity.
Table of contents
1. Introduction2. Passive JDK Serialization Support3. Authorization4. Compromised Password Checking5. OAuth 2.0 Token Exchange Grant6. ConclusionSort: