Release Notes

See the pac4j release notes as well.

4.0.1:

• Update to pac4j v4.0.1

4.0.0:

• Update to pac4j v4
• Update to Spring Web MVC v5.2

3.3.0:

• Add new constructors for the SecurityInterceptor with Authorizer[] and Matcher[] as inputs
• Upgrade to pac4j v3.6.1

3.2.0:

• Upgrade to pac4j v3.3.0
• The RequireAnyRole and RequireAllRoles annotations can be used to check the user roles
• The WebSecurityHelper and RestSecurityHelper components can be used to get the authenticated user profiles and check the user roles

3.1.0:

• Upgrade to pac4j v3.2.0

3.0.0:

• Upgrade to pac4j v3.0.0
• Callback and logout URLs may be defined via the pac4j.callback.path and pac4j.logout.path properties

2.2.0:

• Upgrade to Spring v5
• Upgrade to pac4j v2.2.1

2.1.0:

• Upgrade to pac4j v2.1

2.0.0:

• Upgrade to pac4j v2.0
• ApplicationLogoutController becomes LogoutController and handles both application and identity provider logouts

1.1.4:

• Upgrade to pac4j v1.9.4 (security fix)

1.1.3:

• Upgrade to pac4j v1.9.3

1.1.2:

• Upgrade to pac4j v1.9.2 (improved CAS, JWT and OpenID Connect supports)
• CallbackController and ApplicationLogoutFilter return void

v1.1.1:

• Upgrade to pac4j v1.9.1

v1.1.0:

• Upgrade to pac4j v1.9
• Upgrade to Java 8, Servlet 3.1
• Multi-profiles support
• Protection against "session fixation" attacks
• RequiresAuthenticationInterceptor becomes SecurityInterceptor
• Updated algorithm for the application logout

v1.0.2:

• Based on pac4j v1.8.4: improved JWT/SAML support

v1.0.1 (based on pac4j v1.8.1):

• More authorizers: IP check, HTTP method check, profile type verification, Spring Security like security filters (cache control, Xframe...)
• Updated CSRF protection support
• new AnonymousClient for advanced use cases
• Updated OAuth, CAS, SAML and OpenID Connect supports
• Customizable callback urls

v1.0.0:

• based on pac4j v1.8.0: authentication and authorization supports...