Among other things, Spring Security 4.2 brings early support for Spring Framework 5. There were 50+ M1 issues and 20+ RC1 issues closed. The overwhelming majority of these features were contributed by the community. Below you can find the highlights of this release.
ConcurrentSessionFilter supports InvalidSessionStrategy
CompositeLogoutHandler
WebSecurityConfigurerAdapter. See Section 5.10, “Custom DSLs”
RoleHierarchy from Map (i.e. yml)
CookieCsrfTokenRepository
InvalidSessionStrategy on SessionManagementConfigurer