Engineering
Releases
News and Events

Spring Security 5.2.0.M4 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.M4! You can find the complete details in the changelog and the highlights below:

OAuth 2.0

gh-6811 for Servlets - Introduce OAuth2AuthorizedClient Manager/Provider
gh-6886 - OpenID Connect Userinfo not fetched for custom claims
gh-7033 - Add Resource Server JWE Sample
gh-7034 - Nimbus Jwt decoders should not force SignedJWT

Core

gh-5300 - Allow configuration of SessionAuthenticationStrategy for CSRF
gh-5557 - DSL nested builder for HTTP security
gh-7082 - Add Chinese Traditional localized messages
gh-7042 - Allow upgrading between different BCrypt encodings
gh-7057 - Allow upgrading between different SCrypt encodings
From previous, 5.2.0.M3, release - Add nohttp to build

For more information about the nohttp project see this blog post.

Web

gh-4310 - Added Hostname Features to StrictHttpFirewall
gh-7168 - BASIC authentication case sensitivity

WebFlux

gh-7107 - Support nested builder in DSL for reactive apps
gh-7113 - Support disabled users

Dependencies and CI

gh-7147 - Upgrade external dependencies
travis-ci - Build using OpenJDK8 on Travis CI
comments powered by Disqus