Spring Security 5.4.0-M1 Released

Releases | Eleftheria Stein-Kousathana | May 07, 2020 | ...

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-M1! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8185 - Resource Server configurers pick up a JwtAuthenticationConverter bean
gh-8324 - Configure AuthoritiesMapper in Reactive OAuth2Login
gh-8324 - Validate ID Token Issuer
gh-8337 - Allow custom header during bearer token extraction
gh-8332 - Provide possibility to use custom cache to store JWK Set

Web

gh-8033 - Add server request cache that uses cookie
gh-2693 - Transfer session’s max inactive interval in SessionFixationProtectionStrategy
gh-4183 - SwitchUserFilter vulnerable to CSRF

Docs

gh-8391 - Documented dependencies for opaque Resource Server
gh-8182 - Add Figures to Resource Server Docs
gh-8110, gh-8077 and gh-8074 - Document OAuth 2.0 XML support
gh-8050 - Add OAuth 2.0 Test Support Docs

Kotlin

gh-5558 - Idiomatic Kotlin DSL for configuring HTTP security

Crypto

gh-8402 - Allow creating AesBytesEncryptor with key

LDAP

gh-8393 - Flag to enable searching of LDAP groups on subtrees

SAML

gh-8356 - Saml2AuthenticationRequestContext should be extendible

Project Site | Reference | Help

Get the Spring newsletter

Thank you!

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all