- [SEC-1939] - SwitchUserFilter is outputting false error logging.
- [SEC-2025] - HttpSessionSecurityContextRepository restores authentication to the new session if session is invalidated from another thread
- [SEC-2031] - PreInvocationAuthorizationAdviceVoter checks in support(Class<?>) for super and not for child class
- [SEC-2035] - spring-security-crypto does not have manifest entries
- [SEC-2036] - CookieClearingLogoutHandler doesn't work with IE for default context
- [SEC-2038] - initFilterBean() is not called within AbstractPreAuthenticatedProcessingFilter
- [SEC-2045] - AbstractAuthorizeTag cannot specify which WebInvocationPrivilegeEvaluator
- [SEC-2055] - SaveContextServletOutputStream should delegate flush and close methods to wrapped ServletOutputStream
- [SEC-2056] - CVE-2012-5055 DaoAuthenticationProvider can reveal which usernames are valid
- [SEC-2057] - ConcurrentSessionFilter documentation incorrectly states it doesn't rely on SecurityContextHolder, results in null to all logout handlers Authentication object
- [SEC-2061] - Incorrect Value in messages.properties
- [SEC-2041] - Consider Delegating all methods of Wrapped ServletOutputStream and PrintWriter
- [SEC-2058] - Remove mavenLocal() from buildSrc
- [SEC-2060] - Add another constructor to PreAuthenticatedCredentialsNotFoundException
Edit/Copy Release Notes
The text area below allows the project release notes to be edited and copied to another document.