6.3.9

⭐ New Features

• Add link to docs zip file to the reference #16798
• Clarify WebInvocationPrivilegeEvaluator JavaDoc #16548
• Fix attribute name in http.adoc #16776
• Fix Spring Framework reference link #16718
• Fix WebFlux authentication reference link #16719
• Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc #16555

🪲 Bug Fixes

• Do not validate parameters in ServerBearerTokenAuthenticationConverter and DefaultBearerTokenResolver if not enabled #16039
• Fix the request matcher patterns in the documentation #16713
• setCookieCustomizer should not reset withHttpOnlyFalse httpOnly setting #16822
• Sorting in AuthorizationAdvisorProxyFactory should be thread-safe #16834
• Use correct message prompt in AuthorizeReturnObjectMethodInterceptor constructor #16829
• XML config does not apply request-handler-ref to CsrfAuthenticationStrategy #16801

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.17 to 1.5.18 #16769
• Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17 #16942
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 #16916
• Bump org-aspectj from 1.9.22.1 to 1.9.24 #16927
• Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #16759
• Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12 #16957
• Bump org.springframework:spring-framework-bom from 6.1.18 to 6.1.19 #16958

🔩 Build Updates

• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.16 to 1.0.0-alpha.17 in /docs #16809
• Release 6.3.9 #16973

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Bragolgirith, @dependabot[bot], @jonah1und1, @kse-music, and @ngocnhan-tran1996