Spring Security 4.1.0.RC1 Released
Spring Security 4.1.0.RC1 is live! Here are the highlights, including Content Security Policy (CSP), HTTP Public Key Pinning (HPKP), and method security meta-annotations.
Join the DZone community and get the full member experience.Join For Free
On behalf of the community, I’m pleased to announce the release of Spring Security 4.1.0.RC1. This release resolved over 100 tickets. You can find some of the highlights below:
- Path Variables in Web Security Expressions
- Content Security Policy (CSP)
- HTTP Public Key Pinning (HPKP)
- SCrypt supports with
- Simplified UserDetailsService Java Configuration
- Simplified AuthenticationProvider Java Configuration
- Moved to GitHub issues
- Test Meta-Annotations
- Method Security Meta-Annotations
Without the community, we couldn’t be the successful project we are today. I’d like to thank everyone that created issues & provided feedback. Special thanks to the following people who provided pull requests for this release:
- #199 - Fix a broken link to a blog posting on the Spring website Thanks, Yi EungJun
- #230 - Fix formatting error in documentation. Thanks, Martin Macko
- #248 - SEC-3175: Migrate to assertj. Thanks, Billy Korando
- #257 - Use XML Namespace for PreAuth Samples. Thanks, Michael Osipov
- #258 - SEC-2746: Fix keys in messages bundle. Thanks, Karol Lewandowski
- #259 - Rename HeaderWriter loop variable name. Thanks bax1989
- #3699 - Fix ` in documentation. Thanks drdamour
- #3700 - Allow override of SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR. Thanks, Andrei Ivanov
- #3707 - HTTP Public Key Pinning. Thanks, Tim Ysewyn
- #3717 - Add SCryptPasswordEncoder. Thanks, Shazin Sadakath
- #3724 - Fix Javadoc on ProviderManager.authenticate. Thanks hmolsen
- #3729 - ForwardAuthenticationFailureHandler and ForwardAuthenticationSuccessHandler. Thanks, Shazin Sadakath
- #3731 - Sort ObjectPostProcessors prior to invoking them. Thanks, Wallace Wadge
- #3734 - Upgrade Apache Commons Collections to v3.2.2 Thanks, Justine Tunney
- #3740 - Forward after authentication attempt configuration support (#3728). ThanksShazin Sadakath
- #3749 - Add RememberMeConfigurer set domain. Thanks, Eddú Meléndez Gonzales
- #3750 - Upgrade to Sonarqube plugin. Thanks Eddú Meléndez Gonzales
If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via the comments section. You can also ping me @rob_winch or Joe (our latest full-time Spring Security team member) @joe_grandja on Twitter.
Of course, the best feedback comes in the form of contributions.
Original article by Rob Winch
Published at DZone with permission of Rob Winch. See the original article here.
Opinions expressed by DZone contributors are their own.