Reactor Bismuth-SR5 is out!

Improvements, new features, and fixes have landed in a Maven Central mirror near you under Bismuth-SR5 Bill Of Material. This version is now used by Spring Framework 5.0.3 and the upcoming Spring Boot 2.0.RC1! Our site projectreactor.io has been updated with the latest versions.

Reactor-Core 3.1.3

release notes

A quality update including more than a dozen fixes and just a couple new features: new Flux#delaySequence and Signal#getContext access to the current flow Context.

reactor-test also welcomed new features including Context verification facilities and a StepVerifier#toString implementation.

Read more...

Next Generation OAuth 2.0 Support with Spring Security

Current State

The current state of OAuth 2.0 Support, within the Spring projects portfolio, is spread out between Spring Security OAuth, Spring Cloud Security, Spring Boot 1.5.x, and the new support introduced in Spring Security 5. As a user of OAuth, you may be asking, "Which project(s) do I use? And why has Spring Security 5 introduced new support into the mix?"

To put it simply, there was a need to unify the OAuth 2.0 support into one project in order to provide a clear choice to the user and to avoid any potential confusion. In addition, the OAuth 2.0 support needed to take the next level and provide more extensive support for OAuth 2.0 and OpenID Connect 1.0. Also, based on community feedback, documentation needed to be re-vamped in order to allow for ease of use and promote developer productivity. Based on all these factors, we decided to start afresh and build the next generation of OAuth 2.0 support in Spring Security 5.

Read more...

CVE-2018-1199: Spring Security 5.0.1, 4.2.4, 4.1.5 Released

We have released Spring Security 5.0.1, 4.2.4, and 4.1.5 to address CVE-2018-1199: Security bypass with static resources Users are encouraged to update immediately.

One of the changes introduced for this CVE was setting StrictHttpFirewall as the default HttpFirewall. User’s can refer to the Javadoc and reference for additional information on how to configure it.

Read more...