On behalf of the community I’m pleased to announce the release of Spring Session 2.0.0.M3. This release is focused primarily on ensuring compatibility with Spring Framework 5.0.0.RC3 and Spring Data Kay RC1 which is the minimum Spring version required. This release includes the following new features: Support added for Spring WebFlux Support for WebFlux’s WebSession Added ReactorSessionRepository to support a reactive SessionRepository API. The default implementation provided is MapReactorSessionRepository. We have split Spring Session into modules based upon the repository implementation. You…
On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0 M3. This release includes bug fixes, new features, and is based off of Spring Framework 5.0.0 RC3. The new features included in this milestone are: Support added for JSON Web Token (JWT) and JSON Web Signature (JWS) via the new module spring-security-jwt-jose Integrated the ID Token for OpenID Connect authentication flows Please refer to the change log for further details on this release. Project Site | Reference | Guides | Help
On behalf of the community, I’m pleased to announce the release of Spring Security OAuth 2.2.0.RC1. The 2.2.0.RC1 release includes numerous improvements to the JSON Web Key (JWK) feature contained in JwkTokenStore along with the addition of JwtClaimsSetVerifier that provides the capability of custom JWT Claim(s) verification. See the GitHub Issue for more details. This release also includes a small number of bug fixes and minor enhancements. Project Page | GitHub | Documentation | Help
On behalf of the community, I’m pleased to announce the releases of Spring Security OAuth 2.1.1 and 2.0.14. Both are maintenance releases that primarily include bug fixes and minor improvements. Project Page | GitHub | Documentation | Help
On behalf of the community, I’m pleased to announce the release of Spring Security OAuth 2.1.0 and maintenance release 2.0.13. The 2.1.0 release includes a new feature supporting JSON Web Signature (JWS) verification using JSON Web Key (JWK). This feature provides support for Authorization Servers that have implemented key rollover/rotation. See the GitHub Issue for more details. The 2.0.13 release includes a small number of bug fixes and minor enhancements as well as the JWK feature to support the upcoming Spring Boot 1.5.2 release. Project Page | GitHub | Documentation | Help
On behalf of the community, I’m pleased to announce the release of Spring Security OAuth 2.0.12.RELEASE. The release can be found in our Spring Release repository and Maven Central. This release primarily includes bug fixes and minor enhancements. Contributions Without the community we couldn’t be the successful project we are today. I’d like to thank everyone that created issues & provided feedback. Feedback Please If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues or via the comments section. You can also ping me Joe @joe_grandja, Dave @david…
Issue #808 was recently reported that allowed a user to authenticate as a client and obtain an access token via the client_credentials or password grant flow. This unique scenario occurs when a client and user have the same identifier (clientId and username). The user’s credentials are used for client authentication during a client_credentials or password grant flow and is successful in obtaining an access token with the authorities of the client. The Fix This bug has been fixed in 1ed986a and released in 2.0.11.RELEASE. If you’re using Java-based configuration, please update to 2.0.11.RELEASE…
