On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 5.7.3 and 5.6.7 are available now. In both cases the releases are largely composed of dependency upgrades and minor fixes. To learn more, please visit the 5.7.3 and 5.6.7 release summaries.

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 5.8.0-M1 and 6.0.0-M6 are available now. This release includes dependency upgrades, bug fixes, and enhancements. Here are a few noteworthy changes: Deferred SecurityContext lookup SecurityContextHolderStrategy Bean lookup AuthorizationManager support SHA-256 RememberMe support Release automation improvements See the 5.8.0-M1 and 6.0.0-M6 release notes for more details. Project Site | Reference | Help

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring LDAP 2.3.6 (release notes) and 2.4.0-M2 (release notes) are available now. Project Page | GitHub | Issues | Documentation

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.10 (release notes), Spring Security 5.3.9 (release notes), and Spring Security 5.4.6 (release notes). These releases delivers bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release. Project Site | Reference | Help

On behalf of the community, I’m pleased to announce the release of Spring Security 5.5.0-RC1! In addition to dependency upgrades, bug fixes, and minor enhancements, the release candidate contains a few noteworthy changes: JWT client authentication support for OAuth 2.0 clients JWT bearer authorization grant support for OAuth 2.0 clients AuthorizationManager, a new authorization API for filter security Kotlin coroutine support for reactive method security OpenSAML 4 support This release candidate is a good opportunity to give feedback before the actual GA release in mid-May. We look forward to…

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.5 (release notes). This release delivers bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release. Project Site | Reference | Help

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.2 (release notes), 5.3.6 (release notes), and 5.2.8 (release notes). These releases deliver bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release. Project Site | Reference | Help

With the recent release of Spring Security 5.4, we’d like to announce that maintenance for Spring Security SAML Extensions 1.x will end on 6 October 2021. SAML 2.0 support has been added to the core Spring Security framework over the last three minor releases. There are two main reasons for this. First, the extension project is based on a version of OpenSAML that the OpenSAML team no longer supports. This version has known CVEs that make it unsafe for use in a production system. Second, moving the support to the core Spring Security framework allowed us to simplify the API, use the latest…

On behalf of the community, it is my pleasure to announce the general availability of Spring Security 5.4. This release is the result of the work that went into 5.4.0-M1, 5.4.0-M2, 5.4.0-RC1, and 5.4.0. In combination, they close 250+ tickets. You can find the highlights of 5.4 in the What’s new section of the Spring Security reference. As always, we look forward to hearing your feedback! Project Site | Reference | Help

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-M2! You can find the complete details in the release notes and the highlights below: OAuth 2.0 gh-8700 - OAuth2AuthorizedClientArgumentResolver picks up OAuth2AuthorizedClientManager bean gh-8730 - Add JWTProcessor Configuration Post-Processor gh-8669 - OAuth2AuthorizedClientArgumentResolver for XML gh-8587 - Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter gh-8603 - oauth2Client Test Support no longer requires an HttpSessionOAuth2AuthorizedClientRepository gh-8501 - Add issuerUri to…