Spring Security 5.2.0.M4 Released

Releases | Filip Hanik | August 05, 2019 | ...

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.M4! You can find the complete details in the changelog and the highlights below:

OAuth 2.0

gh-6811 for Servlets - Introduce OAuth2AuthorizedClient Manager/Provider
gh-6886 - OpenID Connect Userinfo not fetched for custom claims
gh-7033 - Add Resource Server JWE Sample
gh-7034 - Nimbus Jwt decoders should not force SignedJWT

Core

gh-6506 - Add Generic AuthenticationFilter
gh-5300 - Allow configuration of SessionAuthenticationStrategy for CSRF
gh-5557 - DSL nested builder for HTTP security
gh-7082 - Add Chinese Traditional localized messages
gh-7042 - Allow upgrading between different BCrypt encodings
gh-7057 - Allow upgrading between different SCrypt encodings
From previous, 5.2.0.M3, release - Add nohttp to build

For more information about the nohttp project see this blog post.

Web

gh-4310 - Added Hostname Features to StrictHttpFirewall
gh-7168 - BASIC authentication case sensitivity

WebFlux

gh-7107 - Support nested builder in DSL for reactive apps
gh-7113 - Support disabled users

Dependencies and CI

gh-7147 - Upgrade external dependencies
travis-ci - Build using OpenJDK8 on Travis CI

Project Site | Reference | Help

Get the Spring newsletter

Stay connected with the Spring newsletter

Subscribe

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all