See the pac4j release notes as well.

Version 8.0.1:

• Make the Config injection optional (when using Shiro)

Version 8.0.0:

• Update to pac4j v6 and JDK 17

Version 7.1.0:

• Use a smart builder for SecurityFilter
• Update to pac4j v5.6.0
• Use SessionStoreFactory capability

Version 7.0.0:

• Update to pac4j v5.4 and split into two modules: javaee-pac4j (based on pac4j-javaee) and jakartaee-pac4j(based on pac4j-jakartaee)

Version 6.1.0:

• Update to pac4j v5.2 (pulls pac4j-jee)

Version 6.0.0:

• Update to pac4j v5
• Update to Java 11 and JavaEE 8

Version 5.0.1:

• Update to pac4j v4.0.2

Version 5.0.0:

• Updated to pac4j v4
• Renamed J2E to JEE

Version 4.1.0:

• Upgrade to pac4j v3.3
• Logics defined at the Config level are taken before the filter ones if they exist

Version 4.0.0:

• Upgrade to pac4j v3.0
• the HTTP servlet request is populated with the "pac4j principal"

Version 3.0.0:

• Update to pac4j v2.1
• The FilterHelper can be used to programmatically define filters and mappings
• The WebContext and the ProfileManager are automatically produced by the Pac4jProducer and the HttpServletResponseProducer (based on JSF)
• A new demo (CDI+JSF) is available: j2e-pac4j-cdi-demo

Version 2.1.0:

• Add several constructors to the filters for programmatic definition

Version 2.0.0:

• Upgrade to pac4j v2.0.0
• ApplicationLogoutFilter becomes LogoutFilter and handles both application and identity provider logouts

Version 1.3.3:

• Upgrade to pac4j v1.9.4 (security fix)

Version 1.3.2:

• Upgrade to pac4j v1.9.2 (improved CAS, JWT and OpenID Connect supports)

Version 1.3.1:

• Upgrade to pac4j v1.9.1

Version 1.3.0:

• Upgrade to pac4j v1.9
• Upgrade to Java 8, Servlet 3.1
• Multi-profiles support
• Protection against "session fixation" attacks
• RequiresAuthenticationFilter becomes SecurityFilter
• Updated algorithm for the application logout

Version 1.2.1:

• Update to pac4j v1.8.1: more authorizers: IP check, HTTP method check, profile type verification, Spring Security like security filters (cache control, Xframe...)
• Updated CSRF protection support
• Path exclusions support
• new AnonymousClient for advanced use cases
• Updated OAuth, CAS, SAML and OpenID Connect supports
• new session stores mechanism
• Customizable callback URLs

Version 1.2.0:

• Upgrade to Java 7 / Servlet 3
• Upgrade to pac4j v1.8: REST support (basic auth, header, request parameter, IP), new authentication mechanisms (LDAP, JWT, SQL, MongoDB, Stormpath), authorizations
• Full DI support
• Application logout support
• A specific client can be dynamically selected for authentication

Version 1.1.1:

• Filters can be instantiated by DI (Spring)

Version 1.1.0:

• Handle stateless (REST) calls
• Improve roles management
• Remove Google OpenID support
• Add Strava (OAuth 2) support
• Add OpenID Connect support

Version 1.0.4:

• Update to pac4j 1.6.0 (new Google App Engine module, support for Yahoo with OpenID, Support for ORCiD / OAuth)
• Upgrade to Java 6

Version 1.0.3:

• add Bitbucket support

Version 1.0.2:

• callback URLs can be dynamically computed according to the current host and port
• added PayPal support (OAuth 2.0)
• remove myopenid.com support
• add vk.com support
• add Foursquare support
• add SAML support

Version 1.0.1:

• a previous authentication is not overridden by a new failed one (like Spring Security's behaviour)
• based on pac4j 1.4.1 : new LinkedIn OAuth 2.0 provider and Google OpenID provider

Version 1.0.0:

• This is the first version of the library, based on pac4j 1.4.0 to have OAuth, CAS, OpenID and HTTP supports
• Support of DropBox, Facebook, GitHub, Google, LinkedIn, Twitter, Windows Live, WordPress Yahoo, myopenid.com