In May 2020, we announced that the Spring Security OAuth (legacy) project will reach end-of-life in May 2022. The same end-of-life timeline applies to the Spring Boot 2 auto-configuration project. We are now 6 months away from the EOL date, and the currently supported version branch is 2.5.x, which is limited to security fixes only. We recently announced the release of Spring Authorization Server 0.2.0, which is the first officially supported production-ready version backed by our new support policy. We encourage users to migrate their applications to Spring Authorization Server 0.2.0, as it…
On behalf of the team and everyone who has contributed, it is my great pleasure to announce the general availability of Spring Authorization Server 0.2.0. This release is the first officially supported production-ready version backed by our new support policy. You can download it from Maven Central by using the module coordinates: See the release notes for complete details. For additional details on this project, see the latest and initial announcement and the project page. To get started using Spring Authorization Server, see the sample to become familiar with setup and configuration. We…
We are very excited to announce that Spring Authorization Server has officially moved out of experimental status and into the Spring project’s portfolio! This move coincides with this week’s 0.2.0 release, which is the first officially supported production-ready version backed by our new support policy. Since announcing the Spring Authorization Server in April 2020, the implemented features provide support for a large portion of the OAuth 2.1 Authorization Framework and modest support for OpenID Connect 1.0. However, as we move onto the next phase of development, our focus changes to advancing…
On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 0.1.2. You can download it from Maven Central by using the module coordinates: For additional details on this new project, see the initial announcement and project page. The main features delivered in this release are: Ability to configure a custom Authorization Consent page (gh-283) JDBC implementation of RegisteredClientRepository (gh-265), OAuth2AuthorizationService (gh-245) and OAuth2AuthorizationConsentService (gh-313) Ability to configure the…
We have released Spring Security 5.5.1, 5.4.7, 5.3.10 and 5.2.11 to address the following CVE report: CVE-2021-22119: Denial-of-Service attack with spring-security-oauth2-client Please review the information in the CVE report and upgrade immediately. Spring Boot users should upgrade to 2.5.2 or 2.4.8.
On behalf of the community, I’m pleased to announce the release of Spring Security 5.5.1 (release notes), 5.4.7 (release notes), 5.3.10 (release notes), and 5.2.11 (release notes). These releases deliver bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release. Project Site | Reference | Help
On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 0.1.1. You can download it from repo.spring.io and Maven Central by using the module coordinates: For additional details on this new project, see the initial announcement and project page. The main features delivered in this release are: OpenID Connect Dynamic Client Registration 1.0 — Client Registration Endpoint OAuth 2.0 Token Introspection OAuth 2.0 Authorization Server Metadata See the release notes for complete details. To get started using Spring…
On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 0.1.0. You can download it from repo.spring.io and Maven Central by using the module coordinates: For additional details on this new project, see the initial announcement and project page. The main features delivered in this release are: OpenID Connect Core 1.0 — Authorization Code Flow OpenID Connect Discovery 1.0 — OpenID Provider Configuration JSON Web Token (JWT) headers and claims customizer See the release notes for complete details. To get started…
On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 0.0.3. You can download it from repo.spring.io and Maven Central by using the module coordinates: For additional details on this new project, see the initial announcement and project page. The main features delivered in this release are: OAuth 2.0 Refresh Token Grant — RFC 6749 OAuth 2.0 Token Revocation — RFC 7009 See the release notes for complete details. To get started using Spring Authorization Server, see the sample to become familiar with setup…
On behalf of the community, I’m pleased to announce the release of Spring Security 5.5.0-M1! You can find the complete details in the release notes and the highlights below: OAuth 2.0 gh-5502 - OAuth2Token interface for AbstractOAuth2Token gh-9070 - Use LobHandler in JdbcOAuth2AuthorizedClientService gh-8765 - Provide a R2dbc implementation of ReactiveOuath2AuthorizedClientService gh-7160 - JwtDecoders and ReactiveJwtDecoders should determine algorithm from JWK Set Endpoint SAML gh-9177 - SAML 2.0 Asserting Party Metadata resolution should read SigningMethod elements gh-913…
