On behalf of the community I’m pleased to announce the release of Spring Session Dragonfruit-RELEASE.

The Dragonfruit-RELEASE release is based on:

• Spring Session core modules 2.3.0.RELEASE

• Spring Session Data Geode 2.3.0.RELEASE

• Spring Session Data MongoDB 2.3.0.RELEASE

Additional details of these releases can be found in the release notes.

Project Page | Documentation | Issues | Gitter | Stack Overflow

We have released Spring Security 5.3.2, 5.2.4, 5.1.10, 5.0.16 and 4.2.16 to address the following CVE reports:

• CVE-2020-5407: Signature Wrapping Vulnerability with spring-security-saml2-service-provider
• CVE-2020-5408: Dictionary attack with Spring Security queryable text encryptor

Please review the information in the CVE report and upgrade immediately.

Spring Boot users should upgrade to 2.2.7 or 2.1.14.

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-M1! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8185 - Resource Server configurers pick up a JwtAuthenticationConverter bean

gh-8324 - Configure AuthoritiesMapper in Reactive OAuth2Login

gh-8324 - Validate ID Token Issuer

gh-8337 - Allow custom header during bearer token extraction

gh-8332 - Provide possibility to use custom cache to store JWK Set

Web

gh-8033 - Add server request cache that uses cookie

gh-2693 - Transfer session’s max inactive interval in…

On behalf of the community I’m pleased to announce the releases of Spring Session Dragonfruit-RC1, Corn-SR2 and Bean-SR10.

Spring Session Dragonfruit-RC1

The Dragonfruit-RC1 release is based on:

• Spring Session core modules 2.3.0.RC1

• Spring Session Data Geode 2.3.0.RC1

• Spring Session Data MongoDB 2.3.0.RC1

Additional details of these releases can be found in the changelog.

Spring Session Corn-SR2

The Corn-SR2 release is based on:

• Spring Session core modules 2.2.2.RELEASE

• Spring Session Data Geode 2.2.3.RELEASE

• Spring Session Data MongoDB 2.2.3.RELEASE

Additional details of these releases can be found in the changelog…

On behalf of the community, I’m pleased to announce the release of Spring Security 5.3.0.RC1! You can find the complete details in the release notes and the highlights below:

RSocket

gh-7935 - Add RSocket Authentication Extension Support

OAuth 2.0

gh-7699 - Introduce Reactive OAuth2Authorization success/failure handlers

gh-4886 - Add Jackson support to OAuth2 session related classes

Test

gh-7828 - Add oauth2Login Reactive Test Support

gh-7886 - Add oauth2Client MockMvc Test Support

Docs

gh-7801 - Modernize Documentation Styling

Project Site | Reference | Help

On behalf of the community I’m pleased to announce the releases of Spring Session Dragonfruit-M1, Corn-SR1 and Bean-SR9.

Spring Session Dragonfruit-M1

The Dragonfruit-M1 release is based on:

• Spring Session core modules 2.3.0.M1

• Spring Session Data Geode 2.3.0.M1

• Spring Session Data MongoDB 2.3.0.M1

Additional details of these releases can be found in the changelog.

Spring Session Corn-SR1

The Corn-SR1 release is based on:

• Spring Session core modules 2.2.1.RELEASE

• Spring Session Data Geode 2.2.2.RELEASE

• Spring Session Data MongoDB 2.2.2.RELEASE

Additional details of these releases can be found in the changelog…

On behalf of the community, I’m pleased to announce the release of Spring Security 5.3.0.M1! You can find the complete details in the release notes and the highlights below:

SAML

gh-7654 - Allow configuration of AuthenticationManager in saml2Login()

gh-7681 - Make Saml2Authentication serializable

OAuth 2.0

gh-5385 - Resource server support for multiple trusted JWT access token issuers

gh-7569 - Reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager

gh-7592 - Add OidcIdToken.Builder

gh-7593 - Add OidcUserInfo.Builder

Core

gh-7785 - Idiomatic Kotlin DSL for configuring…

Overview of Lambda DSL

The release of Spring Security 5.2 includes enhancements to the DSL, which allow HTTP security to be configured using lambdas.

It is important to note that the prior configuration style is still valid and supported. The addition of lambdas is intended to provide more flexibility, but their usage is optional.

You may have seen this style of configuration in the Spring Security documentation or samples. Let us take a look at how a lambda configuration of HTTP security compares to the previous configuration style.

Configuration using lambdas

@EnableWebSecurity
public…

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.RC1! You can find the complete details in the release notes and the highlights below:

RSocket

gh-7360 - Add RSocket Support

SAML

gh-6019 - Add SAML Service Provider Support

OAuth 2.0

Resource server

gh-7101 - JwtGrantedAuthoritiesConverter allows configuring the authority prefix

gh-7100 - JwtGrantedAuthoritiesConverter allows configuring the authorities claim name

gh-7345 - Opaque Token Introspector returns an Authenticated Principal

gh-7346 - Add Adapter to Translate Jwt to BearerTokenAuthentication

gh-5334 and gh-7284 - Resource Server supports WebClient Bearer…

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.M3! You can find the complete details in the changelog and the highlights below:

OAuth 2.0

gh-6727 - Support for Multi-tenancy in Reactive Resource Server

gh-6798 - Support for custom parameters in Opaque Token

gh-6239 - Finer variables for OAuth2 redirectUriTemplate expansion

gh-6863 - OAuth2 login has configurable authentication success handler

gh-6832 & gh-6849 - JWT and opaque token have configurable authentication manager

gh-6634 - Support for mock JWT in tests

Similar to other request post processors, jwt() can be used to establish a SecurityContext with a JwtAuthenticationToken…