Release Notes - Spring Security - Version 4.0.3 - HTML format

Bug

  • [SEC-2190] - Support WebApplicationContext in any ServletContext attribute
  • [SEC-2941] - Default RequestPostProcessor overrides additional DefaultRequestPostProcessor
  • [SEC-3052] - s/CsrfFilter.DEFAULT_MATCHER/CsrfFilter.DEFAULT_CSRF_MATCHER/
  • [SEC-3056] - Fix JavaDoc errors for JDK8
  • [SEC-3057] - Spring Security Distribution Missing Files
  • [SEC-3062] - WebMvcSecurityConfiguration may unnecessarily create RequestDataValueProcessor
  • [SEC-3063] - OnMissingBeanCondition avoid initializing beans
  • [SEC-3068] - project spring-security-samples-tutorial logout link is not working
  • [SEC-3070] - Logout invalidate-session=false and Spring Session doesn't work
  • [SEC-3082] - SavedRequest parameters are treated as case-insensitive
  • [SEC-3108] - DigestAuthenticationFilter should use SecurityContextHolder.createEmptyContext()
  • [SEC-3109] - Concurrent/ThreadPoolTaskScheduler don't work with DelegatingSecurityContextExecutor
  • [SEC-3120] - HSTS Documentation still refers to hsts() instead of httpStrictTransportSecurity()
  • [SEC-3124] - Fix broken Javadoc related to `<` and `>`
  • [SEC-3128] - RoleVoter throws NPE with null Authentication
  • [SEC-3132] - securityBuilder cannot be null
  • [SEC-3133] - Documentation does not match code example for formLogin example
  • [SEC-3135] - authorizeRequests().antMatchers(<any-method>).authenticated() fails

Task

  • [SEC-2235] - Cannot build with OpenJDK 8 (early test)
  • [SEC-3129] - Update to Spring 4.2.2

Improvement

  • [SEC-2521] - Improve StandardPasswordEncoder Performance
  • [SEC-2848] - Cannot set clear authentication to false from builder

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.