I'm excited to share that the there will be support for the OAuth 2.0 Token Exchange Grant (RFC 8693) in Spring Security 6.3, which is available for preview now in the latest milestone (6.3.0-M3). This support provides the ability to use Token Exchange with OAuth2 Client. Similarly, server-side support is also shipping with Spring Authorization Server in 1.3 and is available for preview now in the latest milestone (1.3.0-M3).

OAuth2 Client features of Spring Security allow us to easily make protected resources requests to an API secured with OAuth2 bearer tokens. Similarly, OAuth2 Resource…

On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 1.2.3, 1.1.6 and 1.0.6.

The releases address CVE-2024-22258 for PKCE Downgrade in Spring Authorization Server.

Tanzu Spring Runtime

Commercial customers using Spring Boot 2.7 or 3.0 can make use of the new Spring Boot Hotfix release mechanism, providing versions 2.7.20.2 and 3.0.15.2. Spring Boot Hotfix releases are timely releases that patch dependency management to use the latest Spring artifacts when a CVE fix is released. The hotfix versions released…

On behalf of the entire team and everyone in the community who contributed, we are pleased to announce the general availability of Spring for Apache Kafka 3.0.15 and 3.1.3.

Spring for Apache Kafka 3.0.15 includes a few improvements and bug fixes. In addition, this version now supports the ability to call the enforceRebalance on the Kafka consumer. This release will be included as part of the upcoming Spring Boot 3.1.10 release.

Spring for Apache Kafka 3.1.3 ships with some new features, enhancements, bug fixes and documentation improvements. This release will be part of the upcoming Spring Boot 3.2.4 release…

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring for Apache Pulsar 1.0.4 has been released and is now available from Maven Central.

This release will be included in the upcoming Spring Boot 3.2.4 release.

This release includes documentation improvements, bug fixes, and dependency upgrades.

Please see the release notes for more details.

On behalf of the team and everyone who has contributed, I am pleased to announce that the third milestone of Spring Security 6.3 is released. This release brings several new features that you can check on the release page or on the What's New section of the 6.3 documentation.

In addition to that, Spring Security 6.2.3, 6.1.8, 6.0.10, 5.8.11 and 5.7.12 have been released as well! These releases are mostly composed of bug fixes, dependency upgrades and documentation improvements.

The releases address CVE-2024-22257 for Possible Broken Access Control in Spring Security With Direct Use of…

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring for Apache Pulsar 1.1.0-M2 has been released and is now available from https://repo.spring.io/milestone.

This release will be included in the upcoming Spring Boot 3.3.0-M3 release.

This release includes numerous enhancements, documentation improvements, bug fixes, and dependency upgrades. Notable new features include:

• New spring-pulsar-test module available w/ testing utilites

Please see the release notes for more details.

Front end development these days is dominated by large JavaScript client side frameworks. There are plenty of good reasons for that, but it can be very inefficient for many use cases, and the framework engineering has become extremely complex. In this article, I want to explore a different approach, one that is more efficient and more flexible, built from smaller building blocks, and well-suited to server side application frameworks like Spring (or similar tools in a range of server side languages). The idea is to embrace the concept of hypermedia, imagine how a next-generation browser would…

On behalf of the team and everyone who has contributed, I’m pleased to announce the availability of 2023.1.4 and 2023.0.10 service releases. These releases ship with dependency upgrades, fixes for regressions and selected improvements.

The upcoming Spring Boot releases 3.2.4, respective 3.1.10 will pick up the above releases by next week.

2023.1.4

• Spring Data Commons 3.2.4 - Javadoc - Documentation - Changelog
• Spring Data JPA 3.2.4 - Javadoc - Documentation - Changelog
• Spring Data for Apache Cassandra 4.2.4 - Javadoc - Documentation - Changelog
• Spring Data MongoDB 4.2.4 - Javadoc - Documentation - Changelog
• Spring Data KeyValue 3.2.4 - Javadoc - Documentation - Changelog
• Spring Data Neo4j 7.2.4 - Javadoc - Documentation - Changelog
• Spring Data LDAP 3.2.4 - Javadoc - Documentation - Changelog
• Spring Data REST 4.2.4 - Javadoc - Documentation - Changelog
• Spring Data Redis 3.2.4 - Javadoc - Documentation - Changelog
• Spring Data Elasticsearch 5.2.4 - Javadoc - Documentation - …

On behalf of the team and everyone who has contributed, I’m pleased to announce the second milestone 2024.0.0-M2 of the Spring Data 2024.0 release train.

Notable new features include:

• Predicate -based QueryEngine for KeyValue
• Transaction option derivation for MongoDB based on @Transactional labels.

Please see the release notes for more details and upgrade instructions.

Thanks to all those who have contributed with issue reports and pull requests.

Finally, here are the links to the documentation and release notes:

• Spring Data Commons 3.3 M2 - Javadoc - Documentation - Changelog
• Spring Data JPA 3.3 M2 - Javadoc - Documentation - Changelog
• Spring Data for Apache Cassandra 4.3 M2 - Javadoc - Documentation - Changelog
• Spring Data MongoDB 4.3 M2 - Javadoc - Documentation - Changelog
• Spring Data KeyValue 3.3 M2 - Javadoc - Documentation - Changelog
• Spring Data Neo4j 7.3 M2 - Javadoc - Documentation - Changelog
• Spring Data LDAP 3.3 M2 - Javadoc - Documentation - Changelog
• Spring Data REST 4.3 M2 - Javadoc - Documentation - Changelog
• Spring Data Redis 3.3 M2 - Javadoc - Documentation - Changelog
• Spring Data Elasticsearch 5.3 M2 - Javadoc - Documentation - …