Spring Tips: Spring Security 5 OAuth Clients
speaker: Josh Long
Hi Spring fans! In this installment we'll look at the new OAuth client support in Spring Security 5.
Spring Project Vulnerability Reports Published
The following CVEs have been published today:
- CVE-2018-1257 for Spring Framework 5.0.6, 4.3.17.
- CVE-2018-1258 for Spring Security 5.0.5.
- CVE-2018-1259 for Spring Data Ingalls SR12, Kay SR7.
- CVE-2018-1260 for Spring Security OAuth 2.3.3, 2.2.2, 2.1.2, 2.0.15.
- CVE-2018-1261 for Spring Integration “Zip” extension 1.0.1.
Please, review the information in the CVE reports and upgrade immediately.
Spring Boot Users: Spring Boot 2.0.2 and 1.5.13, released earlier today, contain the fixes for the above vulnerabilities.
Spring Cloud Data Flow 1.5 RC1 released
The Spring Cloud Data Flow team is pleased to announce the release of 1.5.0 RC1. Follow the Getting Started guides for Local Server, Cloud Foundry, and Kubernetes.
Here are the highlights:
General Improvements
-
Switch to Hikari connection pool and restructure code to use fewer connections.
-
Several bug fixes in underling deployer libraries.
Dashboard
-
Editing a created/deployed stream is now possible from the Stream Builder. The application and deployment properties can be edited and re-deployed. The App version can be switched, too.
-
A new paginator component is added to all the list page. Switching from a list of 20, 30, 50, or 100 items per page is possible. This further simplifies the bulk operation workflows.
-
Introduction of end-to-end testing via Selenium and SauceLabs.
…
Spring Framework 4.3.17 and 5.0.6 available now
It is my pleasure to announce that Spring Framework 4.3.17 and 5.0.6 have been released and are available now from repo.spring.io and Maven Central.
Spring Framework 4.3.17 includes 15 fixes and a selection of improvements. Spring Framework 5.0.6 contains over 40 fixes and improvements. Those maintenance releases will be used for the upcoming Spring Boot 1.5.13 and 2.0.2 releases coming up later this week.
2018-05-09 Update: The releases address a vulnerability. Please see this blog post published after the associated Spring Boot 2.0.2 and 1.5.13 releases.
Project Page | GitHub | Issues | …
Spring Data Ingalls SR12 and Kay SR7 released
On behalf of the Spring Data team, I'd like to announce the availability of the Ingalls SR12 and Kay SR7 service releases. Both releases pick up the just-released Spring Framework versions 4.3.17 and 5.0.6, respectively. The upcoming Spring Boot 1.5.13 will pick up Ingalls SR12, and Spring Boot 2.0.2 picks up Kay SR7 for your convenience.
Both releases ship with over 100 tickets fixed in total and are recommended upgrades to all users of the Ingalls and Kay release trains. You can find all the details within the linked changelogs.
2018-05-09 Update: The releases address a vulnerability. Please see this blog post published after the associated Spring Boot 2.0.2 and 1.5.13…
This Week in Spring - May 8th, 2018
Hi Spring fans! Welcome to another installment of This Week in Spring! This week I'm in Manchester, UK, for an appearance at the Manchester JUG and then it's off to London, UK, for some customer visits and the epic Devoxx UK event. This time next week I'll be in Denver, USA, for the SpringOne Tour event. If you're in any of these places, as usual, don't hesitate to reach out and say hi (@starbuxman)
- Missed an installment of This Week in Spring? Well, have no fear there's now a monthly aggregation of the weekly aggregation! Here's the April edition
- Dormain Drewitz swoops in for the kill with this epic announcement: Pivotal and Confluent are teaming up to make Pivotal's Kubernetes environment, PKS, the best place to run Confluent Kafka
- Spring Framework luminary Stéphane Nicoll just announced Spring Framework .3.17 and 5.0.6
- Spring Data legend Mark Paluch just announced the release of Spring Data Ingalls SR12 and Kay SR7. These releases are, as usual, packed with new releases!
- Spring Batch and Spring Cloud Task lead Michael Minella has just announced Spring Cloud Task 2.0.0.RELEASE…
Spring Security 5.0.5 Released
2018-05-09 Update: The releases address a vulnerability. Please see this blog post published after the associated Spring Boot 2.0.2 releases.
I'm pleased to announce the release of Spring Security 5.0.5. The release primarily delivers bug fixes and dependency version updates along with some minor improvements.
For a complete list of changes, please refer to the 5.0.5 changelog.
Spring Security 4.2.6 Released
I'm pleased to announce the release of Spring Security 4.2.6. The release primarily delivers bug fixes and dependency version updates along with some minor improvements.
For a complete list of changes, please refer to the 4.2.6 changelog.
Spring Session Apple SR2
On behalf of the community I’m pleased to announce the release of Spring Session BOM Apple-SR2. This release includes an update to the core modules and adds support for Spring Session for Apache Geode. You can use the BOM
With Maven:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-bom</artifactId>
<version>Apple-SR2</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.session</groupId…Spring Security OAuth 2.3.3, 2.2.2, 2.1.2, 2.0.15 Released
I’m pleased to announce the releases of Spring Security OAuth 2.3.3, 2.2.2, 2.1.2 and 2.0.15. These maintenance releases primarily deliver bug fixes.
For a complete list of changes, please refer to:
2018-05-09 Update: The releases address a vulnerability. Please see this blog post published after the associated Spring Boot 1.5.13 release.
Project Page | GitHub | Documentation | Help
Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreGet support
Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all