- #8559: Added impersonation support on the Servlet security filter.
- #9353: Allow customization of GrantedAuthority string in Spring Security filter and authentication manager.
- #8493: Intermediate security contexts of unfinished Negotiate protocol instances expire after ten seconds.
- #9854: Added support for query strings with multiple parameters to MixedAuthenticator.
- #243081: Filter providers and protocols specified in configuration can be separated by any type of space.
- #11052: Upgraded thirdparty JNA to 3.3.0.
- #11053: Upgraded thirdparty Wix to 3.5.
- #9552: Upgraded thirdparty Tomcat to 6.0.29.
- #8493: Using Guava (Google collections), which requires a new guava-r07.jar in deployment of Java filters and applications.
- #9456: Added Serializable to waffle.jaas.RolePrincipal, UserPrincipal, waffle.servlet.WindowsPrincipal and waffle.windows.Auth.
- #9895: Upgraded Jacob to 1.15M4 and JacobGen to 0.10.
- #10031: Removed waffle.windows.auth.IWindowsSecurityContext null initialize and added targetName to the remaining initialize interface method.
- #9274: Guest WindowsIdentity leaks a handle when guest login disabled.
- #224546: Unable to deploy other Spring-security providers alongside Waffle. Spring Security Filter will now fall through to the remaining filter chain for unsupported security protocols.
- #8965: Anonymous login is not correctly recognized as guest on Windows 7.
- #229310: NegotiateRequestWrapper.isUserInRole(SID) broken. Specifying roleFormat as both and calling isUserInRole with a SID value always incorrectly returns false.
- #9615: waffle-form, waffle-mixed and waffle-form samples fail with 404 instead of 401; html files not packaged in the distribution.
- #9889: WindowsComputerImpl sometimes returned wrong number of groups.
- #9552: NegotiateSecurityFilterProvider leaks a handle with new logons.