On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.2.8 and 6.3.5 are out! In all cases, the releases are mostly composed of bug fixes, dependency upgrades, and documentation improvements. Importantly, these releases address CVE-2024-38827. To learn more, please visit the 6.2.8 and 6.3.5 release summaries. Commercial customers using Spring Boot 2.7, 3.0, or 3.1 can update to Spring Boot 2.7.22.5, 3.0.17.5, or 3.1.13.5 respectively to receive the corresponding Security releases 5.7.14, 6.0.14, and 6.1.12. These hotfix versions are available…

On behalf of the team and everyone who has contributed, I am pleased to announce that the release candidate of Spring Security 6.3 is released. The 6.3 release brings several compelling features including Long-term JDK serialization backward compatibility New method security annotations and capabilities Compromised password checking, and OAuth 2.0 Token Exchange support You can read more about each of these in the What's New section of the 6.3 documentation and also see the exhaustive list of of features across the 6.3 release in the release pages for 6.3.0-M1, 6.3.0-M2, 6.3.0-M3, and 6.3.0-RC…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.2.4, 6.1.9, and 5.8.12 are available now. In all cases, the releases are mostly composed of bug fixes, dependency upgrades, and documentation improvements. To learn more, please visit the 6.2.4, 6.1.9, and 5.8.12 release summaries. Project Site | Reference | Help

On behalf of the community, I’m pleased to announce the release of Spring LDAP 3.1.4 and 3.2.2! These releases include dependency updates and minor bug fixes. You can find the complete details in the 3.1.4 and 3.2.2 release notes.

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.2.1, 6.1.6, and 5.8.9 are out! In all cases, the releases are mostly composed of bug fixes, dependency upgrades, and documentation improvements. To learn more, please visit the 6.2.2, 6.1.7, and 5.8.10 release summaries. Project Site | Reference | Help

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.2.1, 6.1.6, and 5.8.9 are available now. In all cases, the releases are mostly composed of bug fixes, dependency upgrades, and documentation improvements. To learn more, please visit the 6.2.1, 6.1.6, and 5.8.9 release summaries. Project Site | Reference | Help

On behalf of the team and everyone who has contributed, I am pleased to announce that the Spring Security 5.6.12, 5.7.10, 5.8.5, 6.0.5, and 6.1.2 are available now. Please refer to the releases page for more detail on what is included in each release. Those versions fix the following CVEs: CVE-2023-34034: WebFlux Security Bypass With Un-Prefixed Double Wildcard Pattern CVE-2023-34035: Authorization rules can be misconfigured when using multiple servlets It is also important to remember that the 5.8 version of Spring Security is a special release designed to help you to migrate to Spring…

On behalf of the community, I’m pleased to announce the release of Spring LDAP 3.0.4! This release includes only dependency updates. You can find the complete details in the release notes.

On behalf of the team everyone who has contributed, I am pleased to announce that the Spring LDAP 3.1.0 is available now! Please refer to the releases page for more detail on what is included in this and the preceding milestone releases. Of note in this release is a new LDAP client that offers a fluent API similar to WebClient as well as first-class Stream support. Project Page | GitHub | Issues | Documentation

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.0.2, 5.8.2, and 5.7.7 are available now. In all cases, the releases are mostly composed of bug fixes, dependency upgrades, and documentation improvements. To learn more, please visit the 6.0.2, 5.8.2, and 5.7.7 release summaries. Project Site | Reference | Help