Spring Security 5.4.0-M1 Released

Releases | Eleftheria Stein-Kousathana | May 07, 2020 | ...

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-M1! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8185 - Resource Server configurers pick up a JwtAuthenticationConverter bean

gh-8324 - Configure AuthoritiesMapper in Reactive OAuth2Login

gh-8324 - Validate ID Token Issuer

gh-8337 - Allow custom header during bearer token extraction

gh-8332 - Provide possibility to use custom cache to store JWK Set

Web

gh-2693 - Transfer session’s max inactive interval in SessionFixationProtectionStrategy

gh-4183 - SwitchUserFilter vulnerable to CSRF

Docs

gh-8391 - Documented dependencies for opaque Resource Server

gh-8182 - Add Figures to Resource Server Docs

gh-8110, gh-8077 and gh-8074 - Document OAuth 2.0 XML support

gh-8050 - Add OAuth 2.0 Test Support Docs

Kotlin

gh-5558 - Idiomatic Kotlin DSL for configuring HTTP security

Crypto

gh-8402 - Allow creating AesBytesEncryptor with key

LDAP

gh-8393 - Flag to enable searching of LDAP groups on subtrees

SAML

gh-8356 - Saml2AuthenticationRequestContext should be extendible

Project Site | Reference | Help

Spring blog

Spring Security 5.4.0-M1 Released

OAuth 2.0

gh-8185 - Resource Server configurers pick up a JwtAuthenticationConverter bean

gh-8324 - Configure AuthoritiesMapper in Reactive OAuth2Login

gh-8324 - Validate ID Token Issuer

gh-8337 - Allow custom header during bearer token extraction

gh-8332 - Provide possibility to use custom cache to store JWK Set

Web

gh-2693 - Transfer session’s max inactive interval in SessionFixationProtectionStrategy

gh-4183 - SwitchUserFilter vulnerable to CSRF

Docs

gh-8391 - Documented dependencies for opaque Resource Server

gh-8182 - Add Figures to Resource Server Docs

gh-8110, gh-8077 and gh-8074 - Document OAuth 2.0 XML support

gh-8050 - Add OAuth 2.0 Test Support Docs

Kotlin

gh-5558 - Idiomatic Kotlin DSL for configuring HTTP security

Crypto

gh-8402 - Allow creating AesBytesEncryptor with key

LDAP

gh-8393 - Flag to enable searching of LDAP groups on subtrees

SAML

gh-8356 - Saml2AuthenticationRequestContext should be extendible

Get the Spring newsletter

Get ahead

Get support

Upcoming events

Spring blog

Spring Security 5.4.0-M1 Released

OAuth 2.0

gh-8185 - Resource Server configurers pick up a JwtAuthenticationConverter bean

gh-8324 - Configure AuthoritiesMapper in Reactive OAuth2Login

gh-8324 - Validate ID Token Issuer

gh-8337 - Allow custom header during bearer token extraction

gh-8332 - Provide possibility to use custom cache to store JWK Set

Web

gh-8033 - Add server request cache that uses cookie

gh-2693 - Transfer session’s max inactive interval in SessionFixationProtectionStrategy

gh-4183 - SwitchUserFilter vulnerable to CSRF

Docs

gh-8391 - Documented dependencies for opaque Resource Server

gh-8182 - Add Figures to Resource Server Docs

gh-8110, gh-8077 and gh-8074 - Document OAuth 2.0 XML support

gh-8050 - Add OAuth 2.0 Test Support Docs

Kotlin

gh-5558 - Idiomatic Kotlin DSL for configuring HTTP security

Crypto

gh-8402 - Allow creating AesBytesEncryptor with key

LDAP

gh-8393 - Flag to enable searching of LDAP groups on subtrees

SAML

gh-8356 - Saml2AuthenticationRequestContext should be extendible

Get the Spring newsletter

Get ahead

Get support

Upcoming events