Spring Security OAuth Boot 2 Auto-config 2.0.0 Released

I’m pleased to announce the release of Spring Security OAuth Boot 2 Auto-config 2.0.0.

This project is intended to be used to help users transition between the old Spring Security OAuth 2.x support and the Next Generation OAuth 2.0 Support in Spring Security 5. It provides users of Spring Security OAuth 2.x the same auto-configuration capabilities in a Spring Boot 2.0 based application that is currently available in Spring Boot 1.5.x. For more details please refer to the documentation.


Spring Security SAML and this week's SAML Vulnerability

This week, the software world found out that SAML Vulnerabilities Affecting Multiple Implementations were discovered. If you use Spring Security SAML’s defaults, you are not impacted by this vulnerability.

The underlying implementation that Spring Security SAML uses is Shibboleth’s OpenSAML Java library. The OpenSAML Java implementation was not listed in the libraries that contain the vulnerability (Shibboleth openSAML C++ was vulnerable). However, if the ParserPool has been customized, you may be impacted.


Spring Session Apple SR1 Released

This post was authored by Vedran Pavić

On behalf of the community I’m pleased to announce the release of Spring Session BOM Apple-SR1. With the changes to Spring Session modules described in 2.0.0.RELEASE announcement, the addition of bill of materials (BOM) module was a logical next step.

The originally released Apple-RELEASE contained a glitch in published BOM so make sure you use Apple-SR1.

The BOM provides dependency management for Spring Session core modules (which include Data Redis, Hazelcast and JDBC) and Spring Session Data MongoDB. The following table provides an overview of all the included modules and their respective versions:


Spring Boot 2.0 goes GA

On behalf of the team, it is my very great pleasure to announce that Spring Boot 2.0 is now generally available as 2.0.0.RELEASE from repo.spring.io and Maven Central!

This release is the culmination of 17 months work and over 6800 commits by 215 different individuals. A massive thank you to everyone that has contributed, and to all the early adopters that have been providing vital feedback on the milestones.

This is the first major revision of Spring Boot since 1.0 was released almost 4 years ago. It’s also the first GA version of Spring Boot that provides support for Spring Framework 5.0.