close

Spring Security 5.4.0-M1 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-M1! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8185 - Resource Server configurers pick up a JwtAuthenticationConverter bean
gh-8324 - Configure AuthoritiesMapper in Reactive OAuth2Login
gh-8324 - Validate ID Token Issuer
gh-8337 - Allow custom header during bearer token extraction
gh-8332 - Provide possibility to use custom cache to store JWK Set

Web

gh-2693 - Transfer session’s max inactive interval in SessionFixationProtectionStrategy
gh-4183 - SwitchUserFilter vulnerable to CSRF

Docs

gh-8391 - Documented dependencies for opaque Resource Server
gh-8182 - Add Figures to Resource Server Docs
gh-8110, gh-8077 and gh-8074 - Document OAuth 2.0 XML support
gh-8050 - Add OAuth 2.0 Test Support Docs

Kotlin

gh-5558 - Idiomatic Kotlin DSL for configuring HTTP security

Crypto

gh-8402 - Allow creating AesBytesEncryptor with key

LDAP

gh-8393 - Flag to enable searching of LDAP groups on subtrees

SAML

gh-8356 - Saml2AuthenticationRequestContext should be extendible
comments powered by Disqus