Release Notes - Spring Security - Version 3.2.0.RC1 - HTML format

Sub-task

  • [SEC-2046] - Cache Control
  • [SEC-2098] - X-Frame-Options to defend against clickjacking
  • [SEC-2099] - X-XSS-Protection Header Support
  • [SEC-2116] - Add Support for the Strict Transport Security header
  • [SEC-2206] - Use Propdeps plugin
  • [SEC-2207] - Update Gradle to 1.6
  • [SEC-2208] - Use Docbook Plugin
  • [SEC-2209] - Generate pom.xml
  • [SEC-2210] - Add Tomcat7 Gradle for samples
  • [SEC-2211] - gradlew build should build everything (including itests)
  • [SEC-2212] - remove configure() blocks from gradle/*.gradle
  • [SEC-2213] - Update to Groovy 2.x
  • [SEC-2214] - Update Spring Dependencies
  • [SEC-2217] - Sonar Runner
  • [SEC-2231] - Access-Control-Allow-*
  • [SEC-2232] - Headers JavaConfig Support
  • [SEC-2233] - Polish pull request
  • [SEC-2234] - DelegatingHeaderWriter with RequestMatcher
  • [SEC-2251] - Create Hello World Java Configuration Guide
  • [SEC-2252] - Create Form Login Java Configuration Guide
  • [SEC-2255] - Update to Gradle 1.7

Bug

  • [SEC-2137] - Session fixation protection cannot be disabled when concurrent session control is enabled
  • [SEC-2187] - OpenIDAuthenticationFilter should encode URL parameters
  • [SEC-2191] - AuthenticationManagerBuilder requires a ObjectPostProcessor
  • [SEC-2198] - http.httpBasic() does not properly default the AuthenticationEntryPoint
  • [SEC-2203] - Add Java Config Samples
  • [SEC-2205] - Create UserDetailsServiceDelegator
  • [SEC-2215] - Injecting AuthenticationManager to SecurityContextHolderAwareRequestFilter
  • [SEC-2222] - Javadoc error - WebSecurityConfigurerAdapter.registerAuthentication & EnableWebSecurity refer to wrong parameter
  • [SEC-2223] - FirewallRequest#reset() has incomplete javadoc
  • [SEC-2230] - Support for Security Headers
  • [SEC-2242] - Typo in technical overview with "source source"
  • [SEC-2257] - Remove HttpSecurityBuilder#getAuthenticationManager()

New Feature

  • [SEC-1574] - CSRF Protection
  • [SEC-2238] - JavaConfig for WebAsynchFilter
  • [SEC-2239] - Remove Duplicate SessionCreationPolicy

Task

  • [SEC-2194] - Migrate Java Config Samples into Spring Security
  • [SEC-2244] - Defaults for /login /login?error and /login?success based upon loginUrl

Improvement

  • [SEC-2042] - AbstractAuthenticationProcessingFilter should support RequestMatcher
  • [SEC-2097] - Clean up Gradle build
  • [SEC-2135] - Support Servlet 3.1's HttpServletRequest#changeSessionId() as alternate session fixation protection strategy
  • [SEC-2156] - Provide a way to cofigure HttpSession tracking mode with Spring Security
  • [SEC-2192] - Create AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME
  • [SEC-2197] - Allow Multiple invocations on HttpSecurity
  • [SEC-2199] - Handling Multiple AuthenticationEntryPoint defaults
  • [SEC-2202] - http.authorizeUrls() to http.authorizeRequests()
  • [SEC-2221] - MediaTypeRequestMatcher - support for match based upon MediaType
  • [SEC-2245] - Make MethodSecurityExpressionRoot easier to override
  • [SEC-2249] - AbstractSecurityWebApplicationInitializer should allow registration of Java Config
  • [SEC-2260] - update cas client library

Refactoring

  • [SEC-2216] - SecurityConfigurerAdapter.addObjectPostProcessor return this

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.