On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 1.0.0-M1.

You can download it from repo.spring.io milestone repository by using the module coordinates:

implementation 'org.springframework.security:spring-security-oauth2-authorization-server:1.0.0-M1'

See the release notes for complete details.

To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.

We would love to gather your…

We are excited to announce that we’ve started preparing for Spring Authorization Server 1.0 with plans to release the GA version in November 2022. It has been just over two years since we initially announced this new project, and we have come a long way since its initial development. The project has a full feature set, and the APIs have stabilized and matured over this time. A lot of effort and care was put into this project to ensure that it can grow and adapt over the next few years.

Spring Authorization Server 1.0 will be based on Spring Security 6.0, which will be based off of Spring Framework 6.0 and will require a minimum of Java 17 at runtime, as well as a minimum of Tomcat 10 or Jetty 11 (for Jakarta EE 9 compatibility). This major release will inherit the VMware Tanzu OSS support policy. Commercial support…

On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 0.3.1.

You can download it from Maven Central by using the module coordinates:

implementation 'org.springframework.security:spring-security-oauth2-authorization-server:0.3.1'

See the release notes for complete details.

This release includes downgrading to JDK 1.8 baseline along with some minor enhancements and bug fixes.

To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 5.7.2 and 5.6.6 are available now.

You can find more details about the respective releases here and here.

The Spring Security OAuth and Spring Security OAuth Boot 2 auto-configuration projects have reached end of life.

The Spring Security OAuth project has been replaced by the Client and Resource Server support provided by Spring Security and the Authorization Server support provided by Spring Authorization Server.

We have released Spring Security OAuth 2.5.2 to address the following CVE report.

• CVE-2022-22969: Denial-of-Service (DoS) in spring-security-oauth2

This vulnerability exposes OAuth 2.0 Client applications only.

Please review the information in the CVE report and upgrade immediately.

On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 0.2.3.

You can download it from Maven Central by using the module coordinates:

compile 'org.springframework.security:spring-security-oauth2-authorization-server:0.2.3'

See the release notes for complete details.

To get started using Spring Authorization Server, see the sample to become familiar with setup and configuration.

We would love to gather your feedback as we strive to improve and build upon this release.

Project Page | GitHub Issues | ZenHub…

On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 0.2.2.

You can download it from Maven Central by using the module coordinates:

compile 'org.springframework.security:spring-security-oauth2-authorization-server:0.2.2'

See the release notes for complete details.

To get started using Spring Authorization Server, see the sample to become familiar with setup and configuration.

We would love to gather your feedback as we strive to improve and build upon this release.

Project Page | GitHub Issues | ZenHub…

On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 0.2.1.

You can download it from Maven Central by using the module coordinates:

compile 'org.springframework.security:spring-security-oauth2-authorization-server:0.2.1'

See the release notes for complete details.

To get started using Spring Authorization Server, see the sample to become familiar with setup and configuration.

We would love to gather your feedback as we strive to improve and build upon this release.

Project Page | GitHub Issues | ZenHub…

In May 2020, we announced that the Spring Security OAuth (legacy) project will reach end-of-life in May 2022. The same end-of-life timeline applies to the Spring Boot 2 auto-configuration project.

We are now 6 months away from the EOL date, and the currently supported version branch is 2.5.x, which is limited to security fixes only.

We recently announced the release of Spring Authorization Server 0.2.0, which is the first officially supported production-ready version backed by our new support policy.

We encourage users to migrate their applications to Spring Authorization Server 0.2.0, as it…