On behalf of the community I am pleased to announce the release of Spring Security 5.1.5 (changelog), 5.0.12 (changelog), and 4.2.12 (changelog). These releases deliver bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release. Project Site | Reference | Help
We have released Spring Security OAuth 2.3.5, 2.2.4, 2.1.4 and 2.0.17 to address CVE-2019-3778: Open Redirector in spring-security-oauth2. Please review the information in the CVE report and upgrade immediately. For additional changes included in each release, please refer to: 2.3.5 changelog 2.2.4 changelog 2.1.4 changelog 2.0.17 changelog NOTE: For users of Spring Boot 1.5.x and Spring IO Platform Cairo, it is highly recommended to override the spring-security-oauth version to the latest version containing the fix for the CVE. Please see the Mitigation section in the CVE report for detailed…
I’m pleased to announce the releases of Spring Security OAuth 2.3.4, 2.2.3, 2.1.3 and 2.0.16. The releases address a vulnerability. Please see this blog post published after the associated Spring Boot 2.0.6 and 1.5.17 releases. For a list of changes, please refer to: 2.3.4 changelog 2.2.3 changelog 2.1.3 changelog 2.0.16 changelog Project Page | GitHub | Documentation | Help
On behalf of the community, it is my pleasure to announce the general availability of Spring Security 5.1. This release closes off 50+ tickets. Please check out the What’s New in Spring Security 5.1. As always, we look forward to hearing your feedback! Project Site | Reference | Help
I’m pleased to announce the releases of Spring Security OAuth 2.3.3, 2.2.2, 2.1.2 and 2.0.15. These maintenance releases primarily deliver bug fixes. For a complete list of changes, please refer to: 2.3.3 changelog 2.2.2 changelog 2.1.2 changelog 2.0.15 changelog 2018-05-09 Update: The releases address a vulnerability. Please see this blog post published after the associated Spring Boot 1.5.13 release. Project Page | GitHub | Documentation | Help
On behalf of the community, I’m pleased to announce the release of Spring Security OAuth 2.3.2.RELEASE. This release resolves a runtime incompatibility issue with RedisTokenStore and Spring Data Redis 2.0.x. See #1319 and #1335. This release also includes a few minor enhancements and bug fixes. Project Page | GitHub | Documentation | Help
I’m pleased to announce the releases of Spring Security 5.0.4 and 4.2.5. Both releases primarily deliver bug fixes and dependency version updates along with some minor improvements. For a complete list of changes, please refer to the 5.0.4 changelog and 4.2.5 changelog. Project Site | Reference | Help
On behalf of the community, I’m pleased to announce the release of Spring Security OAuth 2.3.0.RELEASE. The 2.3.0 release adds new support for Elliptic Curve signature verification in JwkTokenStore. Thank you Michael Duergner for this contribution! This release also includes a few minor enhancements and bug fixes. Project Page | GitHub | Documentation | Help
I’m pleased to announce the release of Spring Security OAuth Boot 2 Auto-config 2.0.0. This project is intended to be used to help users transition between the old Spring Security OAuth 2.x support and the Next Generation OAuth 2.0 Support in Spring Security 5. It provides users of Spring Security OAuth 2.x the same auto-configuration capabilities in a Spring Boot 2.0 based application that is currently available in Spring Boot 1.5.x. For more details please refer to the documentation. GitHub | Reference | Help
On behalf of the community, I’m pleased to announce the release of Spring Security OAuth 2.3.0.RC1. The 2.3.0.RC1 release adds new support for Elliptic Curve signature verification in JwkTokenStore. This release also includes a few minor enhancements and bug fixes. Project Page | GitHub | Documentation | Help
