Josh Cummings
Josh has been a software engineer for over 15 years building enterprise applications across multiple industries. He has long been passionate about application security and loves opportunities to mentor and to learn from others about security awareness.
When Josh isn't hacking away at code, he is either running, playing basketball, camping, or reading a Brandon Sanderson novel.
Recent Blog posts by Josh Cummings
Spring Security 6.2.2, 6.1.7, and 5.8.10 are now available
On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.2.1, 6.1.6, and 5.8.9 are out! In all cases, the releases are mostly composed of bug fixes, dependency upgrades, and documentation improvements.
To learn more, please visit the 6.2.2, 6.1.7, and 5.8.10 release summaries.
Spring Security 5.8.9, 6.1.6, and 6.2.1 are now available
On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.2.1, 6.1.6, and 5.8.9 are available now. In all cases, the releases are mostly composed of bug fixes, dependency upgrades, and documentation improvements.
To learn more, please visit the 6.2.1, 6.1.6, and 5.8.9 release summaries.
Spring Security 5.6.12, 5.7.10, 5.8.5, 6.0.5, and 6.1.2 are available now, including fixes for CVE-2023-34034 and CVE-2023-34035
On behalf of the team and everyone who has contributed, I am pleased to announce that the Spring Security 5.6.12, 5.7.10, 5.8.5, 6.0.5, and 6.1.2 are available now.
Please refer to the releases page for more detail on what is included in each release.
Those versions fix the following CVEs:
- CVE-2023-34034: WebFlux Security Bypass With Un-Prefixed Double Wildcard Pattern
- CVE-2023-34035: Authorization rules can be misconfigured when using multiple servlets
It is also important to remember that the 5.8 version of Spring Security is a special release designed to help you to migrate to Spring Security 6.0, therefore if you are planning to upgrade your applications, using that version combined with the special migration guide…
Spring LDAP 3.0.4 Released
On behalf of the community, I’m pleased to announce the release of Spring LDAP 3.0.4! This release includes only dependency updates.
You can find the complete details in the release notes.
Spring LDAP 3.1.0 released
On behalf of the team everyone who has contributed, I am pleased to announce that the Spring LDAP 3.1.0 is available now!
Please refer to the releases page for more detail on what is included in this and the preceding milestone releases.
Of note in this release is a new LDAP client that offers a fluent API similar to WebClient as well as first-class Stream support.
Spring Security 6.0.2, 5.8.2, and 5.7.7 available now
On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.0.2, 5.8.2, and 5.7.7 are available now. In all cases, the releases are mostly composed of bug fixes, dependency upgrades, and documentation improvements.
To learn more, please visit the 6.0.2, 5.8.2, and 5.7.7 release summaries.
Spring Security 5.7.3 and 5.6.7 available now
Spring Security 5.8.0-M1 and 6.0.0-M6 are released
On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 5.8.0-M1 and 6.0.0-M6 are available now.
This release includes dependency upgrades, bug fixes, and enhancements. Here are a few noteworthy changes:
See the 5.8.0-M1 and 6.0.0-M6 release notes for more details.
Spring LDAP 2.3.6 and 2.4.0-M2 released
On behalf of the team and everyone who has contributed, I am pleased to announce that Spring LDAP 2.3.6 (release notes) and 2.4.0-M2 (release notes) are available now.
Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreGet support
Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all