Hi, Given feedback, the *pac4j-config* module will be removed in pac4j v7 only. Thanks. Best regards, Jérôme
Le jeu. 2 avr. 2026 à 07:57, Jérôme LELEU <[email protected]> a écrit : > Hi, > > Given the latest security vulnerabilities ( > https://www.pac4j.org/blog/security-advisory-pac4j-jwt-jwtauthenticator.html > + https://www.pac4j.org/blog/security-advisory-pac4j-core-and-ldap.html), > I am increasingly inclined to minimize the attack surface and ultimately > remove the pac4j-config module in version 6.5.0... > Thanks. > Best regards, > Jérôme > > > Le lun. 23 mars 2026 à 08:52, Jérôme LELEU <[email protected]> a écrit : > >> Hi, >> >> I'm Jérôme LELEU, the creator of pac4j, the framework you use for >> security. >> >> At the beginning of April, I will release the new version 6.4.0 which >> supports the OpenID Federation protocol. It brings many more configuration >> options which won't be available via properties. In addition, the >> `pac4j-config` module is deprecated as pac4j configurations should be >> defined programmatically (more comprehensive and easier configuration). >> >> In your case, it means that the existing properties should be replaced by >> a new one to define the configuration factory class whole role is to build >> the pac4j configuration: >> https://github.com/pac4j/pac4j/blob/master/pac4j-core/src/main/java/org/pac4j/core/config/ConfigFactory.java >> >> What do you think? >> >> Thanks. >> Best regards, >> Jérôme >> >>
