This post was authored by Vedran Pavić On behalf of the community I’m pleased to announce the release of Spring Session 1.3.2.RELEASE. This maintenance release contains numerous bug fixes and improvements. Some of the highlights include: #951 - SessionRepositoryFilter#changeSessionId does not copy the previous maxInactiveInterval into the new session #983 - Optimize HazelcastSessionRepository write operations #984 - Improve session event handling You can find the complete details of the release in the changelog. Feedback Please If you have feedback on this release, I encourage you to reach out…

We have released Spring Security 5.0.1, 4.2.4, and 4.1.5 to address CVE-2018-1199: Security bypass with static resources Users are encouraged to update immediately. One of the changes introduced for this CVE was setting StrictHttpFirewall as the default HttpFirewall. User’s can refer to the Javadoc and reference for additional information on how to configure it. Project Site | Reference | Help

This post was authored by Vedran Pavić On behalf of the community I’m pleased to announce the release of Spring Session 2.0.1.RELEASE. This maintenance release is focused primarily on addressing a classloading related regression when using a Redis backed session store in combination with Spring Boot’s DevTools. You can find the complete details of the release in the changelog. Feedback Please If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via the comments section. You can also ping Rob @rob_winch, Joe @joe_grandja, or me @vedran_pavic on…

This post was authored by Vedran Pavić On behalf of the community I’m pleased to announce the release of Spring Session 2.0.0.RELEASE. This release evolved through 2.0.0.M1, 2.0.0.M2, 2.0.0.M3, 2.0.0.M4, 2.0.0.M5, 2.0.0.RC1, 2.0.0.RC2 and 2.0.0.RELEASE, closing over 130 issues and pull requests in total. What’s New in Spring Session 2.0 You can find highlights of what’s new in the What’s New 2.0 section of the reference. For details refer to the changelog links above. Requirements This release moves to Java 8 and Spring Framework 5.0 as baseline requirements. Entire codebase is based on Java…

On behalf of the community, I’m pleased to announce the release of Spring Security SAML 1.0.3.RELEASE which makes some minor changes to work with Spring Framework 5.0.0+ while keeping backward compatibility. Project Site | Documentation | Changelog

On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0.RELEASE. This release resolves 400+ tickets. For highlights and details about the release, refer to the What’s New in Spring Security 5.0 section. We hope to see you at SpringOne Platform next week. It will be packed with many Spring talks, opportunities to learn about the latest and greatest features and of course some previews about what we’re planning to do next. Project Site | Reference | Help

On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0.RC1. This release resolves 150+ issues. Below are the highlights of this release: WebFlux Security Highlights ReactiveSecurityContextHolder Reactive CSRF Support added OAuth 2.0 Highlights OAuth 2.0 Client Support OAuth2AuthorizedClient / Service What’s Up Next with OAuth 2.0 Support? Core Highlights Password Storage Updated Add UnboundId LDAP inmemory support Allow use of non-numeric (e.g. UUID) values for ObjectIdentity.getIdentifier() ReactiveSecurityContextHolder Previously, Spring Security used the…

On behalf of the community I’m pleased to announce the release of Spring Session 2.0.0.RC1. This release puts some final touches to preparing for 2.0.0.RELEASE. You can find the complete changelog in github, with the highlights below: #906 Simplified integration with the Servlet APIs. With this simplification, we have removed the support for supporting multiple sessions for a single user. We plan on looking into other ways to bring this feature back. #907 Support for configuring Redis session cleanup cron Project Site | Reference | Help

On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0 M5. This release includes bug fixes & new features. The primary focus is being based off of Spring Framework 5.0.0.RELEASE, Reactor Bismuth-RELEASE, and Spring Data Kay-RELEASE. This release also lays the foundation for Reactive and OAuth2 auto configuration in Spring Boot 2.0.0.M5 You can find complete details in the changelog. Get Involved! If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via the comments section. You can also ping me @rob_winch or…

On behalf of the community I’m pleased to announce the release of Spring Session 2.0.0.M5. This release brings a Redis ReactiveSessionRepository implementation. The webflux sample has been updated to demonstrate its use. You can find the complete details of the release in the changelog Project Site | Reference | Help