Release Notes

See the pac4j release notes as well.

8.0.0:

• Update to pac4j v6

7.0.0:

• Upgrade to JDK 17 and Spring 6

6.2.0:

• Improve the smart builder for the "SecurityInterceptor"

6.1.0:

• Advanced builder for the "SecurityInterceptor"
• Use SessionStoreFactory capability

6.0.3:

• Upgrade to pac4j v5.4.3 and Spring 5.3.19 (https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement)

6.0.2:

• Upgrade to pac4j v5.4.2 and Spring 5.3.18 (https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement)

6.0.0:

• Update to pac4j v5.4 (pulls pac4j-javaee)

5.1.0:

• Update to pac4j v5.2 (pulls pac4j-jee)

5.0.0:

• Update to pac4j v5
• Update to Java 11
• Update to Spring Web MVC 5.3
• Merged the *.annotation.ui.RequireX and *.annotation.ws.RequireX annotations into the ``*.annotation.RequireX` annotations

4.0.1:

• Update to pac4j v4.0.1
• Can build a custom WebContext via a specific WebContextFactory

4.0.0:

• Update to pac4j v4
• Update to Spring Web MVC v5.2

3.3.0:

• Add new constructors for the SecurityInterceptor with Authorizer[] and Matcher[] as inputs
• Upgrade to pac4j v3.6.1

3.2.0:

• Upgrade to pac4j v3.3.0
• The RequireAnyRole and RequireAllRoles annotations can be used to check the user roles
• The WebSecurityHelper and RestSecurityHelper components can be used to get the authenticated user profiles and check the user roles

3.1.0:

• Upgrade to pac4j v3.2.0

3.0.0:

• Upgrade to pac4j v3.0.0
• Callback and logout URLs may be defined via the pac4j.callback.path and pac4j.logout.path properties

2.2.0:

• Upgrade to Spring v5
• Upgrade to pac4j v2.2.1

2.1.0:

• Upgrade to pac4j v2.1

2.0.0:

• Upgrade to pac4j v2.0
• ApplicationLogoutController becomes LogoutController and handles both application and identity provider logouts

1.1.4:

• Upgrade to pac4j v1.9.4 (security fix)

1.1.3:

• Upgrade to pac4j v1.9.3

1.1.2:

• Upgrade to pac4j v1.9.2 (improved CAS, JWT and OpenID Connect supports)
• CallbackController and ApplicationLogoutFilter return void

v1.1.1:

• Upgrade to pac4j v1.9.1

v1.1.0:

• Upgrade to pac4j v1.9
• Upgrade to Java 8, Servlet 3.1
• Multi-profiles support
• Protection against "session fixation" attacks
• RequiresAuthenticationInterceptor becomes SecurityInterceptor
• Updated algorithm for the application logout

v1.0.2:

• Based on pac4j v1.8.4: improved JWT/SAML support

v1.0.1 (based on pac4j v1.8.1):

• More authorizers: IP check, HTTP method check, profile type verification, Spring Security like security filters (cache control, Xframe...)
• Updated CSRF protection support
• new AnonymousClient for advanced use cases
• Updated OAuth, CAS, SAML and OpenID Connect supports
• Customizable callback urls

v1.0.0:

• based on pac4j v1.8.0: authentication and authorization supports...