You can find the release notes here:
http://red.ht/1bAzYgj
We've got some nice improvements to the authentication policies (basic
auth and OAuth2 both). We also have a new Authorization policy that
will let you configure fine-grained authorization rules. The
Authorization policy works together with the Authentication policies -
the latter extracts the authenticated user's roles and passes them
along. The Authorization policy uses these extracted roles to make
access decisions.
Enjoy!
-Eric