Spring Security 5.7.0, 5.6.4, 5.5.7 were released to fix CVE-2022-22976: BCrypt skips salt rounds for work factor of 31. Please update as soon as possible.

UPDATES [05-17] Due to a mixup CVE-2022-22975 should have been CVE-2022-22978. The blog has been updated to reflect this correction. Spring Security 5.7.0 (release notes), 5.6.4 (release notes), 5.5.7 (release notes) have been released which fix CVE-2022-22978 CVE-2022-22976. Please update as soon as possible. Project Site | Reference | Help

On behalf of the community, it is my pleasure to announce the general availability of Spring Security 5.6. This release is the result of the work that went into 5.6.0-M1, 5.6.0-M2, 5.6.0-M3, 5.6.0-RC1, and 5.6.0. You can find the highlights of 5.6 in the What’s new section of the Spring Security reference. As always, we look forward to hearing your feedback! Project Site | Reference | Help

On behalf of the community, I’m pleased to announce the release of Spring LDAP 2.3.4! This release fixes including a fix where Spring LDAP breaks on JDK9+. You can find the complete details in the release notes.

On behalf of the community, I’m pleased to announce the release of Spring Security 5.5.0-RC2! After releasing 5.5.0-RC1 we received some feedback on our APIs that required further refinements. This release finalizes the APIs for the 5.5.0 release later this month. You can find the complete details in the release notes.

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.4 (release notes), 5.3.8 (release notes), and 5.2.9 (release notes). These releases deliver bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release. Project Site | Reference | Help NOTE: There was an issue releasing 5.4.3 and 5.3.7 which caused us to need to release 5.4.4 and 5.3.8.

On behalf of the community, I’m pleased to announce the release of Spring Security 5.3.5 (release notes), 5.2.7 (release notes), 5.1.13 (release notes) , 5.0.19 (release notes), 4.2.19 (release notes). These releases deliver bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release. Project Site | Reference | Help

On behalf of the community, I’m pleased to announce the release of Spring Security 5.3.3 (release notes), 5.2.5 (release notes), 5.1.11 (release notes) , 5.0.17 (release notes), 4.2.17 (release notes). These releases deliver bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release. Project Site | Reference | Help

On behalf of the community, I’m pleased to announce the release of Spring Security OAuth2 Auto-config 2.3.0.RC1 (release notes), 2.2.7.RELEASE (release notes), 2.1.14.RELEASE (release notes). The release delivers dependency updates to be compatible with the last versions of Spring Boot. Users are encouraged to update to the latest patch release. Project Site | Reference | Help

UPDATE 2020-05-13: The following versions of Spring Security address CVE-2020-5407 and CVE-2020-5408 On behalf of the community, I’m pleased to announce the release of Spring Security 5.3.2 (release notes), 5.2.4 (release notes), 5.1.10 (release notes) , 5.0.16 (release notes), 4.2.16 (release notes). These releases deliver bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release. Project Site | Reference | Help