v6.2.0

Changes since 6.1.0:

Features:

• publish JSON Schema for YAML-based configuration (@christiangoerdes)
• added <setCookies ...> which can compute cookie expiration times (@christiangoerdes)

Improvements:

• made some OpenAPI validation corner cases spec-compliant
  • avoid NullPointerException during validation for certain schemas
  • support "type": "null"
  • support missing "type" while still enforcing constraints
  • do not allow "5.3" as a "type": "number" because it is only a "string"
  • patterns are not anchored (use ^...$ to anchor them)
  • support patternProperties
• improved lock contention in LimitedMemoryExchangeStore and HttpEndpointListener (thanks, @Lucamadio!)
• <databaseApiKeyStore>: avoid error when table already exists
• <oauth2Resource2>: issue new session id after login (preventing possible session fixation attacks) (@rrayst)
• <oauth2Resource2>: convert error reconstructing the exchange (e.g. when clicking Back after the login) to an OAuth2Exception, which can be handled by a custom afterErrorUrl. (@rrayst)
• upgrade dependencies (spring-web to 6.2.8, commons-fileupload to 1.6.0, bcpkix-jdk18on to 1.81 and others)
• improved examples