Release Notes - Spring Security - Version 3.1.2 - HTML format

Bug

  • [SEC-1850] - ConcurrentSessionFilter should be by default injected with the same logout handlers as LogoutFilter when using namespace config
  • [SEC-1905] - DigestAuthenticationFilter documentation is misleading
  • [SEC-1919] - AuthenticationServiceException logged on DEBUG level
  • [SEC-1940] - ProviderManager does not publish AccountStatusException
  • [SEC-1949] - ProviderManager should not query additional authentication providers when a BadCredentialsException is thrown
  • [SEC-1964] - PersistentTokenBasedRememberMeServices provides improper error message with non existent series
  • [SEC-1967] - AbstractSecurityInterceptor subclasses do not restore original SecurityContext when using RunAsManager and an Exception is thrown
  • [SEC-1975] - AuthenticationSimpleHttpInvokerRequestExecutor and AnonymousAuthenticationToken
  • [SEC-1976] - spring-security-aspects should contain *.aj files
  • [SEC-1980] - Misleading warning about incorrect redirect URL
  • [SEC-1994] - Spring security 3.1.1.RELEASE is not JDK 1.5 compatible
  • [SEC-1999] - Package org.springframework.context.* is imported with wrong versionrange
  • [SEC-2005] - SecurityContext should be persisted immediately when the response is committed
  • [SEC-2010] - Hierarchical Roles section of the reference documentation is missing <value> tag
  • [SEC-2011] - SessionFixationProtectionStrategy Javadoc states to inject SessionRegistry but does not contain that field
  • [SEC-2012] - Javadoc for UserDetails.getPassword() says that the password is never null; however it may be
  • [SEC-2016] - LDAP-based unit tests for spring-security-config project fail
  • [SEC-2017] - ActiveDirectoryLdapAuthenticationProvider.doAuthentication() does not catch IncorrectResultSizeException
  • [SEC-2020] - Using http@authentication-manager-ref prevents authentication-manager@erase-credential from working
  • [SEC-2022] - sec:accesscontrollist hasPermission no longer supports list of values
  • [SEC-2023] - sec:accesscontrollist hasPermission no longer supports integer bitmasks
  • [SEC-2027] - FilterChainProxy clearing context causes forwards to clear authentication from the session

Defect

  • [SEC-2013] - AbstractAuthenticationProcessingFilter is missing space in log message

Improvement

  • [SEC-1938] - Allow access to original AD error code for ActiveDirectoryLdapAuthenticationProvider
  • [SEC-1995] - Setup CI to be able to perform the release
  • [SEC-1996] - Update javadoc to work with JDK 1.5 javadoc bug
  • [SEC-2009] - Support ./gradlew eclipse
  • [SEC-2018] - Remove mavenLocal() from gradle build

Task

  • [SEC-1909] - Spring Security Namespace Uses Deprecated APIs
  • [SEC-1988] - Create Contributors Guide
  • [SEC-2000] - Update Spring Dependency to 3.1.2

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.