On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.0.0-M5 is available now.

This release includes dependency upgrades, bug fixes, and minor enhancements as well as a fix for a bug where the StrictHttpFirewall incorrectly rejects valid CJKV characters. The milestone contains a few noteworthy changes:

• Authorization on Every Dispatch Type

• Change the default of shouldFilterAllDispatchTypes to true

• Default to SecurityContextHolderFilter instead of SecurityContextPersistenceFilter

• Remove SAML Deprecations

See the release notes here and here for more details.

Project Site | Reference | Help