4.0.1

What's Changed

• Update major test dependencies by @devondragon in #238

Full Changelog: 4.0.0...4.0.1

4.0.0

Spring Boot 4.0 Upgrade

This major release upgrades the Spring User Framework to Spring Boot 4.0, bringing Spring Security 7, Java 21 support, and modernized infrastructure.

Breaking Changes

Java 21 Required

Spring Boot 4.0 requires Java 21 or higher. Update your JDK and build configuration before upgrading.

Spring Security 7

• All URL patterns must start with / - Update your unprotectedURIs and protectedURIs configuration
• Deprecated APIs removed: authorizeRequests() → authorizeHttpRequests(), antMatchers() → requestMatchers()

Test Infrastructure

Test annotations have moved to new packages:

Annotation	New Package
@AutoConfigureMockMvc	org.springframework.boot.webmvc.test.autoconfigure
@WebMvcTest	org.springframework.boot.webmvc.test.autoconfigure
@DataJpaTest	org.springframework.boot.data.jpa.test.autoconfigure

New test dependencies required:
testImplementation 'org.springframework.boot:spring-boot-data-jpa-test'
testImplementation 'org.springframework.boot:spring-boot-webmvc-test'

API Changes

• Profile Update Endpoint: /user/updateUser now accepts UserProfileUpdateDto (firstName, lastName only) instead of UserDto. This improves security by not requiring password fields for profile updates.

New Features

• UserProfileUpdateDto - New DTO for profile updates with validation constraints
• Comprehensive Migration Guide - See MIGRATION.md for detailed upgrade instructions

Dependencies

Dependency	Version
Spring Boot	4.0.0
Spring Security	7.x
Java	21+
Thymeleaf Extras Spring Security	3.1.3.RELEASE (compatible with Spring Security 7)

Documentation

• Added MIGRATION.md with step-by-step upgrade instructions
• Updated README with Spring Boot 4.0 installation instructions
• Added version compatibility table

Migration

See the MIGRATION.md for detailed instructions on upgrading from 3.x.

Quick checklist:

1. Update to Java 21+
2. Update framework dependency to 4.0.0
3. Ensure all URL patterns in security config start with /
4. Update test annotation imports to new packages
5. Update any code calling /user/updateUser to use new DTO format

Full Changelog: 3.5.1...4.0.0

3.5.1

What's Changed

• Feature/password validation fixes by @devondragon in #226
• Add Claude Code GitHub Workflow by @devondragon in #227

Full Changelog: 3.5.0...3.5.1

3.5.0

What's Changed

• Bump org.projectlombok:lombok from 1.18.38 to 1.18.40 by @dependabot[bot] in #212
• Bump org.projectlombok:lombok from 1.18.40 to 1.18.42 by @dependabot[bot] in #213
• Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 by @dependabot[bot] in #216
• Bump org.springframework.boot from 3.5.5 to 3.5.6 by @dependabot[bot] in #214
• Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre by @dependabot[bot] in #215
• Add Password Policy Functionality by @Edamijueda in #217
• Bump com.github.ben-manes.versions from 0.52.0 to 0.53.0 by @dependabot[bot] in #221
• Bump com.h2database:h2 from 2.3.232 to 2.4.240 by @dependabot[bot] in #219
• Bump com.icegreen:greenmail from 2.1.5 to 2.1.6 by @dependabot[bot] in #220
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 by @dependabot[bot] in #222
• Bump com.icegreen:greenmail from 2.1.6 to 2.1.7 by @dependabot[bot] in #223
• Bump version to 3.5.0-SNAPSHOT; add VS Code Java home settings; use A… by @devondragon in #225

Full Changelog: 3.4.1...3.5.0

3.4.1

What's Changed

• Fix NPE in audit logging when user ID is null by @devondragon in #211

Full Changelog: 3.4.0...3.4.1

3.4.0

What's Changed

• Bump org.springframework.boot from 3.5.3 to 3.5.4 by @dependabot[bot] in #195
• Bump org.testcontainers:testcontainers from 1.19.3 to 1.21.3 by @dependabot[bot] in #196
• Bump springBootVersion from 3.5.3 to 3.5.4 by @dependabot[bot] in #197
• Bump org.assertj:assertj-core from 3.24.2 to 3.27.3 by @dependabot[bot] in #198
• Bump io.rest-assured:rest-assured from 5.3.2 to 5.5.5 by @dependabot[bot] in #199
• Bump org.awaitility:awaitility from 4.2.0 to 4.3.0 by @dependabot[bot] in #200
• Bump com.tngtech.archunit:archunit-junit5 from 1.2.0 to 1.4.1 by @dependabot[bot] in #201
• Bump com.icegreen:greenmail from 2.0.0 to 2.1.4 by @dependabot[bot] in #202
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 by @dependabot[bot] in #203
• Bump org.mariadb.jdbc:mariadb-java-client from 3.5.4 to 3.5.5 by @dependabot[bot] in #205
• Bump com.icegreen:greenmail from 2.1.4 to 2.1.5 by @dependabot[bot] in #204
• Bump io.rest-assured:rest-assured from 5.5.5 to 5.5.6 by @dependabot[bot] in #206
• Bump springBootVersion from 3.5.4 to 3.5.5 by @dependabot[bot] in #207
• Bump org.springframework.boot from 3.5.4 to 3.5.5 by @dependabot[bot] in #208
• Small-fixes-improvements by @devondragon in #209

Full Changelog: 3.3.0...3.4.0

3.3.0

What's Changed

• Bump org.mariadb.jdbc:mariadb-java-client from 3.5.3 to 3.5.4 by @dependabot[bot] in #191
• Bump com.vanniktech.maven.publish from 0.33.0 to 0.34.0 by @dependabot[bot] in #192
• Feature/test improvements by @devondragon in #193
• Fix/hibernate entity management issue, and other improvements by @devondragon in #194

Features

Comprehensive Test Infrastructure and Service Tests

Established a comprehensive testing foundation including modular test configurations, custom annotations, test data builders, and a mock email service. This setup is crucial for facilitating both unit and integration tests within the library.
Implemented test data builders for User, Role, and Token entities to streamline the creation of test data.
Added testing support for OAuth2/OIDC with configured mock providers.
Authored detailed test plans and phase-specific task lists targeting a test coverage increase from 27% to 80%+.
Support for Parallel Test Execution

Enabled JUnit 5's parallel execution capabilities to significantly improve test performance by leveraging multiple CPU cores.
Expected test execution time reduced by 30-50%.
End-to-End Testing Infrastructure

Established a framework for end-to-end (E2E) testing which includes database setup using Testcontainers and email testing using GreenMail.
Initiated examples of user registration and password reset journey tests which validate integration across system boundaries.
Dependency and Version Updates

Updated org.mariadb.jdbc:mariadb-java-client to version 3.5.4 to ensure compatibility with the latest database features and security patches.
Updated the Gradle wrapper to version 8.14.3 for enhanced build performance and new functionalities.
Fixes

Improved Handling of Authentication Types

Enhanced AuthenticationEventListener to correctly handle various authentication types, including OAuth2User and DSUserDetails, solving issues related to improper principal extraction and null user scenarios in OAuth2 authentication flows.
Fixed deprecated API usage in WebSecurityConfig by replacing RoleHierarchyImpl.fromHierarchy() with the new constructor and setHierarchy() method.
Hibernate Entity Management

Addressed a critical issue related to Hibernate's immutable collection proxy by refactoring User entity's role storage from List to Set. This change prevents UnsupportedOperationException during entity saves in specific integration scenarios.
Patch Vulnerabilities and Improve Compatibility

Resolved the compilation error by aligning with the latest vanniktech maven publish plugin (0.34.0), ensuring smooth publishing to Maven Central.
Refactoring

Improved Readability and Consistency in Test Code

Refactored test data builders for improved readability and consistent code style, enhancing maintainability and developer understanding.
Refactored UserServiceTest to leverage centralized TestFixtures for cleaner setup and more organized test logic.
Testing

Extensive Test Coverage

Added a comprehensive suite of unit and integration tests for DSUserDetailsService and AuthorityService, covering user role loading, OAuth2 flows, and role hierarchy management.
Refined test classes to ensure appropriate usage of mocking and context initialization, leading to robust validation of expected behaviors across various scenarios.
Test Documentation

Authored detailed documentation outlining testing conventions, best practices, and guidelines for leveraging custom test annotations.
Documented the new test infrastructure setup extensively to guide future test development and optimization.
Other Changes

File Renaming and Cleanup

Streamlined test and source files by fixing naming discrepancies and correcting file paths where necessary for improved project organization.
Deleted outdated and redundant documentation files such as TESTPLAN.md, TESTNEXTTASKS.md, and FAILING_TESTS_ANALYSIS.md, integrating relevant content into a unified test improvement document.
Overall, these changes enhance the library's testability, reliability, and developer experience, setting a robust foundation for future development and maintenance.

Full Changelog: 3.2.3...3.3.0

3.2.2

What's Changed

• Bump com.google.guava:guava from 33.4.6-jre to 33.4.7-jre by @dependabot in #177
• Bump com.google.guava:guava from 33.4.7-jre to 33.4.8-jre by @dependabot in #178
• Bump springBootVersion from 3.4.4 to 3.4.5 by @dependabot in #179
• Bump org.springframework.boot from 3.4.4 to 3.4.5 by @dependabot in #180
• Refactor conditional annotation in FileAuditLogFlushScheduler to use … by @devondragon in #183

Full Changelog: 3.2.1...3.2.2

3.2.1

What's Changed

• Devondragon contributing guide by @devondragon in #168
• Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre by @dependabot in #169
• Bump org.mariadb.jdbc:mariadb-java-client from 3.5.2 to 3.5.3 by @dependabot in #170
• Update dependencies and enhance logging in authentication process by @devondragon in #174
• Add user account deletion handling and event publishing for cleanup by @devondragon in #176

Full Changelog: 3.2.0...3.2.1

3.1.1

[3.1.1] - 2025-02-24

Features

• Version Update to Develop Branch: The project version has been incremented to 3.1.1-SNAPSHOT. This is a preparatory step for future developments, ensuring that ongoing changes do not interfere with the stable release version. This change was made in the gradle.properties file. (commit d24ae77c)

Fixes

• Dependency Updates: The dependencies have been updated to ensure compatibility and incorporate the latest security and performance enhancements:
  • Spring Boot has been upgraded from version 3.4.1 to 3.4.3.
  • The plugin com.github.ben-manes.versions has been updated from 0.51.0 to 0.52.0.
    These updates were applied within the build.gradle file, reflecting changes in both the plugins and extension configurations. (commit a498695e, commit fb7aeb6)