I'm pleased to announce the release of Spring Session 1.2.2.RELEASE. This release contains numerous bug fixes and trivial enhancements. Some of the highlights include: Fixes and improvements for supporting multiple sessions in the same browser when working with Tomcat 8.5 #605 #611 #615 Improvements for JDBC support to work with DB2 #600 Unregistered GemFire Instantiator causes deserialization issues on app restarts Project Site | Reference | Help

I’m pleased to announce the release of Spring Security 4.1.3.RELEASE which updates libraries & resolves some minor issues including fixes for the new MvcRequestMatcher. For details refer to the changelog. Contributions Without the community we couldn’t be the successful project we are today. I’d like to thank everyone that created issues & provided feedback. Feedback Please If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via the comments section. You can also ping me @rob_winch or Joe @joe_grandja on Twitter. Of course the best feedback…

It was brought to our attention that the spring-security-saml sample application contained an XML External Entity (XXE) vulnerability. This meant that a malicious user could view any file that the Spring Application’s process had access to. The issue was a direct result of OpenSAML Java ParserPool and Decrypter Vulnerable To XML Attacks. The default behavior of the ParserPool implementations is fixed in OpenSAML 2.6.1+ (which Spring Security SAML uses). However, the vulnerability is still possible if users construct their own ParserPool without the proper settings. Note We did not consider…

I’m pleased to announce the release of Spring Security 4.1.2.RELEASE which resolves some minor issues including fixes for the new MvcRequestMatcher. For details refer to the changelog. Contributions Without the community we couldn’t be the successful project we are today. I’d like to thank everyone that created issues & provided feedback. Feedback Please If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via the comments section. You can also ping me @rob_winch or Joe @joe_grandja on Twitter. Of course the best feedback comes in the form of…

Spring Framework 4.3.1 and Spring Security 4.1.1 provide fixes for CVE-2016-5007 "Spring Security / MVC Path Matching Inconsistency". Applications using Spring Security and Spring MVC should upgrade to Spring Security 4.1.1+ and Spring Framework 4.3.1+ and use the MvcRequestMatcher. Additional details and further mitigations can be found in CVE-2016-5007.

I’m pleased to announce the release of Spring Security 4.1.1.RELEASE which resolves over 50 issues. This release provides mitigation for CVE-2016-5007 There are also lots of bug fixes, but there are also a few notable enhancements. MvcRequestMatcher provides deep integration with Spring MVC to ensure consistent path matching strategies for authorization rules CORS Support that can leverage Spring MVC’s CORS configuration CookieCsrfTokenRepository.withHttpOnlyFalse() for easily integrating with AngularJS applications Contributions Without the community we couldn’t be the successful project we…

I'm pleased to announce the release of Spring Session 1.2.1.RELEASE. This release contains numerous bug fixes and trivial enhancements. Project Site | Reference | Help

On behalf of the community, I'm pleased to announce the release of Spring LDAP 2.1.0.RELEASE. The highlights of this release include: #380 - Support for Spring Data Hopper #384 - Early support for Spring IO Platform 2.1 #351 - Support for commons-pool2 #370 - Support property placeholders in XML Namespace #392 - Document Testing Support Migrated from JIRA to GitHub Issues Added Gitter Chat For complete details of 2.1 refer to the changelog for 2.1.0.RC1 and 2.1.0.RELEASE Feedback Please If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via…

On behalf of the community, I'm pleased to announce the release of Spring Session 1.2.0.RELEASE. This release evolved through 1.2.0 RC1, 1.2.0.RC2, 1.2.0.RC3, and 1.2.0.RELEASE closing over 60 issues. What’s New in Spring Session 1.2.0 You can find highlights of what's new in the What’s New in Spring Session 1.2.0 section of the reference. For details refer to the changlog links above. Contributions Without the community we couldn't be the successful project we are today. I'd like to thank everyone that created issues & provided feedback. Feedback Please If you have feedback on this release, I…

On behalf of the community, I'm pleased to announce the release of Spring Security 4.1.0.RELEASE. This release evolved through 4.1.0 RC1, 4.1.0 RC2, and 4.1.0 closing nearly 200 tickets. What’s New in Spring Security 4.1 You can find highlights of what's new in the What’s New in Spring Security 4.1 section of the reference. For details refer to the changelog links above. Contributions Without the community we couldn't be the successful project we are today. I'd like to thank everyone that created issues & provided feedback. Feedback Please If you have feedback on this release, I encourage you…