Release Notes - Spring Security - Version 3.2.1 - HTML format

Bug

  • [SEC-2166] - JdbcUserDetailsManager populates old password when changing a password
  • [SEC-2392] - Unexpectedly long key created by KeyBasedPersistenceTokenService.allocateToken()
  • [SEC-2455] - [email protected] and [email protected] produce warnings
  • [SEC-2461] - Multiple WebSecurityConfiguration instances cause null springSecurityFilterChain
  • [SEC-2463] - CSRF documentation should explain EnableWebMvcSecurity
  • [SEC-2466] - CSRF MultipartFilter documentation should use <url-pattern>
  • [SEC-2467] - Invalid markup in itest-web's jsps
  • [SEC-2477] - Autowired AuthenticationManagerBuilder causes ordering issues
  • [SEC-2479] - GlobalMethodSecurityConfiguration should search parent ApplicationContext for AuthenticationManager
  • [SEC-2492] - ExpressionUrlAuthorizationConfigurer.interceptUrl Javadoc incorrect

Task

  • [SEC-2473] - Update to Spring 3.2.7
  • [SEC-2474] - Update tests against Spring 4.0.1
  • [SEC-2485] - Update tests against Spring 4.0.2
  • [SEC-2486] - Update tests to Spring LDAP 2.0.1
  • [SEC-2487] - Update to Spring 3.2.8

Improvement

  • [SEC-2469] - Support Spring LDAP 2.x
  • [SEC-2490] - Restriction on LdapAuthenticationProviderConfigurer with DefaultLdapAuthoritiesPopulator

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.