Spring Security 5.2.0.M4 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.M4! You can find the complete details in the changelog and the highlights below:

OAuth 2.0

gh-6811 for Servlets - Introduce OAuth2AuthorizedClient Manager/Provider
gh-6886 - OpenID Connect Userinfo not fetched for custom claims
gh-7033 - Add Resource Server JWE Sample
gh-7034 - Nimbus Jwt decoders should not force SignedJWT


gh-5300 - Allow configuration of SessionAuthenticationStrategy for CSRF
gh-5557 - DSL nested builder for HTTP security
gh-7082 - Add Chinese Traditional localized messages
gh-7042 - Allow upgrading between different BCrypt encodings
gh-7057 - Allow upgrading between different SCrypt encodings
From previous, 5.2.0.M3, release - Add nohttp to build

For more information about the nohttp project see this blog post.


gh-4310 - Added Hostname Features to StrictHttpFirewall
gh-7168 - BASIC authentication case sensitivity


gh-7107 - Support nested builder in DSL for reactive apps
gh-7113 - Support disabled users

Dependencies and CI

gh-7147 - Upgrade external dependencies
travis-ci - Build using OpenJDK8 on Travis CI
comments powered by Disqus