Spring Team
Rob Winch

Rob Winch

Spring Security, Session, & LDAP project lead

Rob Winch is employed by Pivotal as the project lead of security related projects within Spring. He is also a committer on the core Spring Framework and co-author of the Spring Security 3.1 book. In the past he has worked in the health care industry, bioinformatics research, high performance computing, and as a web consultant. When he is not sitting in front of a computer he enjoys playing the guitar.
Blog Posts by Rob Winch

Spring Security SAML Roadmap

The Spring Security SAML project has been an integral part of the Spring ecosystem since its inception nearly 9 years ago. This critically important project was born through the incredible effort and contributions of Vladimír Schäfer. I’d like to take the time to personally thank Vladimír and our fantastic community for their tireless work. Without all of their efforts, this project would not be what it is today.

Vladimír, our amazing community, and the Spring engineering team are planning to team up to enhance Spring Security SAML to achieve the following primary goals:

Read more...

Spring Security SAML and this week's SAML Vulnerability

This week, the software world found out that SAML Vulnerabilities Affecting Multiple Implementations were discovered. If you use Spring Security SAML’s defaults, you are not impacted by this vulnerability.

The underlying implementation that Spring Security SAML uses is Shibboleth’s OpenSAML Java library. The OpenSAML Java implementation was not listed in the libraries that contain the vulnerability (Shibboleth openSAML C++ was vulnerable). However, if the ParserPool has been customized, you may be impacted.

Read more...

Spring Session Apple SR1 Released

This post was authored by Vedran Pavić

On behalf of the community I’m pleased to announce the release of Spring Session BOM Apple-SR1. With the changes to Spring Session modules described in 2.0.0.RELEASE announcement, the addition of bill of materials (BOM) module was a logical next step.

Note
The originally released Apple-RELEASE contained a glitch in published BOM so make sure you use Apple-SR1.

The BOM provides dependency management for Spring Session core modules (which include Data Redis, Hazelcast and JDBC) and Spring Session Data MongoDB. The following table provides an overview of all the included modules and their respective versions:

Read more...

Spring Session 1.3.2 Released

This post was authored by Vedran Pavić

On behalf of the community I’m pleased to announce the release of Spring Session 1.3.2.RELEASE. This maintenance release contains numerous bug fixes and improvements.

Some of the highlights include:

  • #951 - SessionRepositoryFilter#changeSessionId does not copy the previous maxInactiveInterval into the new session

  • #983 - Optimize HazelcastSessionRepository write operations

  • #984 - Improve session event handling

You can find the complete details of the release in the changelog.

Read more...

Spring Session 2.0.1 Released

This post was authored by Vedran Pavić

On behalf of the community I’m pleased to announce the release of Spring Session 2.0.1.RELEASE. This maintenance release is focused primarily on addressing a classloading related regression when using a Redis backed session store in combination with Spring Boot’s DevTools.

You can find the complete details of the release in the changelog.

Feedback Please

If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via the comments section. You can also ping Rob @rob_winch, Joe @joe_grandja, or me @vedran_pavic on Twitter.

Read more...

Spring Session 2.0.0 Released

This post was authored by Vedran Pavić

On behalf of the community I’m pleased to announce the release of Spring Session 2.0.0.RELEASE. This release evolved through 2.0.0.M1, 2.0.0.M2, 2.0.0.M3, 2.0.0.M4, 2.0.0.M5, 2.0.0.RC1, 2.0.0.RC2 and 2.0.0.RELEASE, closing over 130 issues and pull requests in total.

What’s New in Spring Session 2.0

You can find highlights of what’s new in the What’s New 2.0 section of the reference. For details refer to the changelog links above.

Requirements

This release moves to Java 8 and Spring Framework 5.0 as baseline requirements. Entire codebase is based on Java 8 source code level now.

Read more...