Spring Security 5.4.0-M1 Released
On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-M1! You can find the complete details in the release notes and the highlights below:
OAuth 2.0
gh-8185 - Resource Server configurers pick up a JwtAuthenticationConverter bean
gh-8324 - Configure AuthoritiesMapper in Reactive OAuth2Login
gh-8324 - Validate ID Token Issuer
gh-8337 - Allow custom header during bearer token extraction
gh-8332 - Provide possibility to use custom cache to store JWK Set
Web
gh-8033 - Add server request cache that uses cookie
gh-2693 - Transfer session’s max inactive interval in SessionFixationProtectionStrategy
gh-4183 - SwitchUserFilter vulnerable to CSRF
Docs
gh-8391 - Documented dependencies for opaque Resource Server
gh-8182 - Add Figures to Resource Server Docs
gh-8050 - Add OAuth 2.0 Test Support Docs
Kotlin
gh-5558 - Idiomatic Kotlin DSL for configuring HTTP security
Crypto
gh-8402 - Allow creating AesBytesEncryptor with key
LDAP
gh-8393 - Flag to enable searching of LDAP groups on subtrees
SAML
gh-8356 - Saml2AuthenticationRequestContext should be extendible
Project Site | Reference | Help