Spring Security 5.2.0.M4 Released

August 05, 2019

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.M4! You can find the complete details in the changelog and the highlights below:

OAuth 2.0

gh-6811 for Servlets - Introduce OAuth2AuthorizedClient Manager/Provider

gh-6886 - OpenID Connect Userinfo not fetched for custom claims

gh-7033 - Add Resource Server JWE Sample

gh-7034 - Nimbus Jwt decoders should not force SignedJWT

Core

gh-6506 - Add Generic `AuthenticationFilter`

gh-5300 - Allow configuration of SessionAuthenticationStrategy for CSRF

gh-5557 - DSL nested builder for HTTP security

gh-7082 - Add Chinese Traditional localized messages

gh-7042 - Allow upgrading between different BCrypt encodings

gh-7057 - Allow upgrading between different SCrypt encodings

From previous, 5.2.0.M3, release - Add nohttp to build

For more information about the nohttp project see this blog post.

Web

gh-4310 - Added Hostname Features to StrictHttpFirewall

gh-7168 - BASIC authentication case sensitivity

WebFlux

gh-7107 - Support nested builder in DSL for reactive apps

gh-7113 - Support disabled users

Dependencies and CI

gh-7147 - Upgrade external dependencies

travis-ci - Build using OpenJDK8 on Travis CI

Project Site | Reference | Help

Spring Blog