On behalf of the community I’m pleased to announce the release of Spring Session Dragonfruit-RELEASE. The Dragonfruit-RELEASE release is based on: Spring Session core modules 2.3.0.RELEASE Spring Session Data Geode 2.3.0.RELEASE Spring Session Data MongoDB 2.3.0.RELEASE Additional details of these releases can be found in the release notes. Project Page | Documentation | Issues | Gitter | Stack Overflow

We have released Spring Security 5.3.2, 5.2.4, 5.1.10, 5.0.16 and 4.2.16 to address the following CVE reports: CVE-2020-5407: Signature Wrapping Vulnerability with spring-security-saml2-service-provider CVE-2020-5408: Dictionary attack with Spring Security queryable text encryptor Please review the information in the CVE report and upgrade immediately. Spring Boot users should upgrade to 2.2.7 or 2.1.14.

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-M1! You can find the complete details in the release notes and the highlights below: OAuth 2.0 gh-8185 - Resource Server configurers pick up a JwtAuthenticationConverter bean gh-8324 - Configure AuthoritiesMapper in Reactive OAuth2Login gh-8324 - Validate ID Token Issuer gh-8337 - Allow custom header during bearer token extraction gh-8332 - Provide possibility to use custom cache to store JWK Set Web gh-8033 - Add server request cache that uses cookie gh-2693 - Transfer session’s max inactive interval in…

On behalf of the community I’m pleased to announce the releases of Spring Session Dragonfruit-RC1, Corn-SR2 and Bean-SR10. Spring Session Dragonfruit-RC1 The Dragonfruit-RC1 release is based on: Spring Session core modules 2.3.0.RC1 Spring Session Data Geode 2.3.0.RC1 Spring Session Data MongoDB 2.3.0.RC1 Additional details of these releases can be found in the changelog. Spring Session Corn-SR2 The Corn-SR2 release is based on: Spring Session core modules 2.2.2.RELEASE Spring Session Data Geode 2.2.3.RELEASE Spring Session Data MongoDB 2.2.3.RELEASE Additional details of these releases can be…

On behalf of the community, I’m pleased to announce the release of Spring Security 5.3.0.RC1! You can find the complete details in the release notes and the highlights below: RSocket gh-7935 - Add RSocket Authentication Extension Support OAuth 2.0 gh-7699 - Introduce Reactive OAuth2Authorization success/failure handlers gh-4886 - Add Jackson support to OAuth2 session related classes Test gh-7828 - Add oauth2Login Reactive Test Support gh-7886 - Add oauth2Client MockMvc Test Support Docs gh-7801 - Modernize Documentation Styling Project Site | Reference | Help

On behalf of the community I’m pleased to announce the releases of Spring Session Dragonfruit-M1, Corn-SR1 and Bean-SR9. Spring Session Dragonfruit-M1 The Dragonfruit-M1 release is based on: Spring Session core modules 2.3.0.M1 Spring Session Data Geode 2.3.0.M1 Spring Session Data MongoDB 2.3.0.M1 Additional details of these releases can be found in the changelog. Spring Session Corn-SR1 The Corn-SR1 release is based on: Spring Session core modules 2.2.1.RELEASE Spring Session Data Geode 2.2.2.RELEASE Spring Session Data MongoDB 2.2.2.RELEASE Additional details of these releases can be found…

On behalf of the community, I’m pleased to announce the release of Spring Security 5.3.0.M1! You can find the complete details in the release notes and the highlights below: SAML gh-7654 - Allow configuration of AuthenticationManager in saml2Login() gh-7681 - Make Saml2Authentication serializable OAuth 2.0 gh-5385 - Resource server support for multiple trusted JWT access token issuers gh-7569 - Reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager gh-7592 - Add OidcIdToken.Builder gh-7593 - Add OidcUserInfo.Builder Core gh-7785 - Idiomatic Kotlin DSL for configuring…

Overview of Lambda DSL The release of Spring Security 5.2 includes enhancements to the DSL, which allow HTTP security to be configured using lambdas. It is important to note that the prior configuration style is still valid and supported. The addition of lambdas is intended to provide more flexibility, but their usage is optional. You may have seen this style of configuration in the Spring Security documentation or samples. Let us take a look at how a lambda configuration of HTTP security compares to the previous configuration style. Configuration using lambdas Equivalent configuration…

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.RC1! You can find the complete details in the release notes and the highlights below: RSocket gh-7360 - Add RSocket Support SAML gh-6019 - Add SAML Service Provider Support OAuth 2.0 Resource server gh-7101 - JwtGrantedAuthoritiesConverter allows configuring the authority prefix gh-7100 - JwtGrantedAuthoritiesConverter allows configuring the authorities claim name gh-7345 - Opaque Token Introspector returns an Authenticated Principal gh-7346 - Add Adapter to Translate Jwt to BearerTokenAuthentication gh…

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.M3! You can find the complete details in the changelog and the highlights below: OAuth 2.0 gh-6727 - Support for Multi-tenancy in Reactive Resource Server gh-6798 - Support for custom parameters in Opaque Token gh-6239 - Finer variables for OAuth2 redirectUriTemplate expansion gh-6863 - OAuth2 login has configurable authentication success handler gh-6832 & gh-6849 - JWT and opaque token have configurable authentication manager gh-6634 - Support for mock JWT in tests Similar to other request post processors…