Release Notes - Spring Security - Version 3.1.3 - HTML format


  • [SEC-1939] - SwitchUserFilter is outputting false error logging.
  • [SEC-2025] - HttpSessionSecurityContextRepository restores authentication to the new session if session is invalidated from another thread
  • [SEC-2031] - PreInvocationAuthorizationAdviceVoter checks in support(Class<?>) for super and not for child class
  • [SEC-2035] - spring-security-crypto does not have manifest entries
  • [SEC-2036] - CookieClearingLogoutHandler doesn't work with IE for default context
  • [SEC-2038] - initFilterBean() is not called within AbstractPreAuthenticatedProcessingFilter
  • [SEC-2045] - AbstractAuthorizeTag cannot specify which WebInvocationPrivilegeEvaluator
  • [SEC-2055] - SaveContextServletOutputStream should delegate flush and close methods to wrapped ServletOutputStream
  • [SEC-2056] - CVE-2012-5055 DaoAuthenticationProvider can reveal which usernames are valid
  • [SEC-2057] - ConcurrentSessionFilter documentation incorrectly states it doesn't rely on SecurityContextHolder, results in null to all logout handlers Authentication object
  • [SEC-2061] - Incorrect Value in


  • [SEC-2041] - Consider Delegating all methods of Wrapped ServletOutputStream and PrintWriter
  • [SEC-2058] - Remove mavenLocal() from buildSrc
  • [SEC-2060] - Add another constructor to PreAuthenticatedCredentialsNotFoundException

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.