securityfilter-1.1 released

securityfilter-1.1 released

NOTES:
The securityfilter-1.1 release adds BASIC authentication support
that was not available in previous (non-beta) releases. A number
of functionality-related bugs have been fixed as well.

This release does not have any major security-vulnerability fixes
in it when compared to securityfilter-1.0.1. There is one minor
fix related to invalidating the session if the user is logged in and
then logs in as a different user in the same session (see
http://sourceforge.net/tracker/index.php?func=detail&aid=824791&group_id=59484&atid=491164\).
If you are happy with the functionality of securityfilter-1.0.1 and
the session invalidation issue is not a problem, there is little
reason to upgrade. Users of previous versions (pre-1.0.1) should
upgrade to securityfilter-1.1 for maximum security, however.

CHANGES:
Release 1.1, 2003-Oct-25
========================
* Session is now invalidated if the user spontaneously logs in
again as a different user. The session is kept if they login as the
same user.
http://sourceforge.net/tracker/index.php?func=detail&aid=824791&group_id=59484&atid=491164

* Query string parameters on <form-login-page> and
<form-error-page> URIs is now supported.
http://sourceforge.net/tracker/index.php?func=detail&aid=783697&group_id=59484&atid=491164

* Fixed classloader issue that was causing problems on Tomcat
+ JBoss 3.x:
http://sourceforge.net/tracker/index.php?func=detail&aid=770075&group_id=59484&atid=491164

Release 1.1-b1, 2003-Jul-15

* Added support for BASIC authentication scheme.

* User is compeletely logged out of the system on a logout
request even when using BASIC Authentication scheme. This
feature has not been implemented in any J2EE Application
server known so far. This feature has been tested on Orion 1.5.2
(which implements "Servlet 2.3 public final draft" but not "Servlet
2.3 specification") and Weblogic 6.1 SP3. This feature is useful
for developers using Orion 1.5.2.