See the pac4j release notes as well.

Version 10.0.0:

• Update to pac4j v6

Version 9.0.0:

• Upgrade to JDK 17 and Spring 6

Version 8.0.0:

• spring-security-pac4j is now only a bridge which must be used with a pac4j security library (for example: javaee-pac4j)
• Support for Spring Security reactive

Version 7.0.3:

• Upgrade to pac4j v5.4.3 and Spring v5.3.19 (https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement)

Version 7.0.2:

• Upgrade to pac4j v5.4.2 and Spring v5.3.18 (https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement)

Version 7.0.0:

• Update to pac4j v5.4 (pulls pac4j-javaee)

Version 6.2.0:

• Update to pac4j v5.3

Version 6.1.0:

• Update to pac4j v5.2 (pulls pac4j-jee)

Version 6.0.0:

• Update to pac4j v5
• Update to Java 11

Version 5.1.0:

• The CallbackFilter may call the Spring Security filters
• Fix back-channel logout calls
• Clear the Spring Security context when clearing the pac4j context (remove method in the SpringSecurityProfileManager)
• Update to pac4j v4.0.1

Version 5.0.0:

• Update to pac4j v4
• Upgrade to Spring Security v5.3

Version 4.1.0:

• Upgrade to pac4j v3.3
• The LogoutFilter may only apply for a specific path suffix
• Upgrade to Spring Security v5.1

Version 4.0.0:

• Upgrade to pac4j v3

Version 3.1.0:

• Upgrade to Spring (Security) v5
• Upgrade to pac4j v2.3.1

Version 3.0.0:

• Upgrade to pac4j v2.1.0
• Use the new LogoutFilter to handle both local and identity server logout mechanisms

Version 2.1.2:

• authentication.name and authentication.principal return relevant values

Version 2.1.1:

• Upgrade to pac4j v1.9.4 (security fix)

Version 2.1.0:

• The CallbackFilter applies on a /callback URL by default
• The Pac4jEntryPoint can be defined with the config and clientName parameters to redirect to an identity provider for login

Version 2.0.1:

• Upgrade to pac4j v1.9.2 (improved CAS, JWT and OpenID Connect supports)
• Replace SpringSecurityContext by SpringSecurityProfileManager

Version 2.0.0:

• Based on pac4j v1.9.1 (Java 8, Spring Security 4.1, Servlet 3.1...)
• Using all pac4j capabilities: clients, authorizers, matchers, SecurityFilter, CallbackFilter
• Multi-profiles support

Version 1.4.3:

• Based on pac4j v1.8.8

Version 1.4.2:

• Based on pac4j v1.8.7
• Pass a web context to the authentication provider (for the getUserProfile method)

Version 1.4.1:

• Upgrade to pac4j v1.8.2 (improved JWT support)
• Use the current failure handler (instead of the success handler) when no credentials are returned by the identity provider

Version 1.4.0:

• Upgrade to pac4j v1.8.1 (Updated OAuth, CAS, SAML, OpenID Connect supports + customizable callback urls)

Version 1.3.0:

• Credentials can now be erased by the ProviderManager
• Upgrade to Spring Security 4
• Upgrade to Java 7
• Upgrade to Servlet 3.0.1
• Callback endpoint is /callback (instead of /j_spring_pac4j_security_check) by default

Version 1.2.5:

• Update to pac4j v1.7
• OpenID Connect protocol support
• Strava OAuth identity provider support

Version 1.2.4:

• Update to pac4j 1.6.0 (new Google App Engine module, support for Yahoo with OpenID, Support for ORCiD / OAuth)
• Upgrade to Java 6

Version 1.2.3:

• Upgrade to Spring Security 3.2.2
• add Bitbucket support

Version 1.2.2:

• Update to pac4j 1.5.0 : new PayPal OAuth 2.0 support
• remove myopenid.com support
• add vk.com support
• add Foursquare support
• add SAML support

Version 1.2.1:

• Update to pac4j 1.4.1 : new LinkedIn OAuth 2.0 and Google OpenID providers

Version 1.2.0:

• Switch to pac4j 1.4.0 : add CAS, OpenID and HTTP supports

Version 1.1.0:

• All providers have a CommonProfile
• Multiple providers can be gathered in a ProvidersDefinition and share the same OAuth callback url

Version 1.0.0:

• This is the first version of the library
• Support of DropBox, Facebook, GitHub, Google, LinkedIn, Twitter, Windows Live, WordPress and Yahoo