On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.M4! You can find the complete details in the changelog and the highlights below:

OAuth 2.0

gh-6811 for Servlets - Introduce OAuth2AuthorizedClient Manager/Provider

gh-6886 - OpenID Connect Userinfo not fetched for custom claims

gh-7033 - Add Resource Server JWE Sample

gh-7034 - Nimbus Jwt decoders should not force SignedJWT

Core

gh-6506 - Add Generic AuthenticationFilter

gh-5300 - Allow configuration of SessionAuthenticationStrategy for CSRF

gh-5557 - DSL nested builder for HTTP security

gh-7082 - Add Chinese Traditional localized messages

gh-7042 - Allow upgrading between different BCrypt encodings

gh-7057 - Allow upgrading between different SCrypt encodings

From previous, 5.2.0.M3, release - Add nohttp to build

For more information about the nohttp project see this blog post.

Web

gh-4310 - Added Hostname Features to StrictHttpFirewall

gh-7168 - BASIC authentication case sensitivity

WebFlux

gh-7107 - Support nested builder in DSL for reactive apps

gh-7113 - Support disabled users

Dependencies and CI

gh-7147 - Upgrade external dependencies

travis-ci - Build using OpenJDK8 on Travis CI

Project Site | Reference | Help