3. What’s New in Spring Security 4.2

3. What’s New in Spring Security 4.2
Prev	Part I. Preface	Next

There were 50+ M1 issues closed. The overwhelming majority of these features were contributed by the community. Below you can find the highlights of this release.

3.1 Web Improvements

#3812 - Jackson Support
#3938 - Add HTTP response splitting prevention
#3978 - Support for Standford WebAuth and Shibboleth using the newly added RequestAttributeAuthenticationFilter.
#3795 - ConcurrentSessionFilter supports InvalidSessionStrategy
#3904 - Add CompositeLogoutHandler

3.2 Configuration Improvements

#3956 - Central configuration of the default role prefix. See the issue for details.
#3899 - concurrency-control@max-sessions supports unlimited sessions.
#3990 - Support for constructing RoleHierarchy from Map (i.e. yml)
#4062 - Custom cookiePath to CookieCsrfTokenRepository
#3794 - Allow configuration of InvalidSessionStrategy on SessionManagementConfigurer
#4020 - Fix Exposing Beans for defaultMethodExpressionHandler can prevent Method Security

3.3 Miscellaneous

#4018 - Fix after csrf() is invoked, future MockMvc infocations use original CsrfTokenRepository
Version Updates

Prev	Up	Next
2. Introduction	Home	4. Samples and Guides (Start Here)