On behalf of the team, I’m pleased to announce the release of Spring Session 2021.2.0-RC1, 2021.1.3 and 2021.0.6. The 2021.2.0 release train is entering the RC phase. If you haven’t done so yet, please give it a try! The 2021.1.3 and 2021.0.6 releases deliver bug fixes and dependency upgrades. For your convenience, Spring Boot will pick up these artifacts with its upcoming releases.

The following modules were updated as part of 2021.2.0-RC1:

• Spring Session Core 2.7.0-RC1 - release notes
• Spring Session Data Redis 2.7.0-RC1 - release notes
• Spring Session JDBC 2.7.0-RC1 - release notes
• Spring Session Hazelcast 2.7.0-RC1 - release notes
• Spring Session MongoDB 2.7.0-RC1 - release notes
• Spring Session for Apache Geode 2.7.0-RC1
…

On behalf of the team, I’m pleased to announce the release of Spring Session 2021.0.5 and 2021.1.2. These releases deliver bug fixes and dependency upgrades. For your convenience, Spring Boot will pick up these artifacts with its upcoming releases.

The following modules were updated as part of 2021.0.5:

• Spring Session Core 2.5.5 - release notes
• Spring Session Data Redis 2.5.5 - release notes
• Spring Session JDBC 2.5.5 - release notes
• Spring Session Hazelcast 2.5.5 - release notes

The following modules were updated as part of 2021.1.2:

• Spring Session Core 2.6.2 - release notes
• Spring Session Data Redis 2.6.2 - release notes
• Spring Session JDBC 2.6.2 - release notes
• Spring Session Hazelcast 2.6.2 - release notes
• Spring Session MongoDB 2.6.2 - release notes
…

On behalf of the team and everyone who has contributed, I am pleased to announce the release of Spring Security 5.7.0-M2.

You can find the complete list of dependency updates, bug fixes and enhancements in the release notes.

Among the enhancements you will find we have deprecated the WebSecurityConfigurerAdapter. For additional details you can check out this blog post on the future of Spring Security without the WebSecurityConfigurerAdapter.

We look forward to hearing your feedback.

Project Site | Reference | Help

On behalf of the community, I’m pleased to announce the release of Spring Security 5.5.5 (release notes) and Spring Security 5.6.2 (release notes). These releases deliver bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release.

Project Site | Reference | Help

In Spring Security 5.7.0-M2 we deprecated the WebSecurityConfigurerAdapter, as we encourage users to move towards a component-based security configuration.

To assist with the transition to this new style of configuration, we have compiled a list of common use-cases and the suggested alternatives going forward.

In the examples below we follow best practice by using the Spring Security lambda DSL and the method HttpSecurity#authorizeHttpRequests to define our authorization rules. If you are new to the lambda DSL you can read about it in this blog post. If you would like to learn more about why we choose to use HttpSecurity#authorizeHttpRequests you can check out the reference documentation…

On behalf of the community, I’m pleased to announce the release of Spring Security 5.6.0-M1!

In addition to dependency upgrades, bug fixes, and minor enhancements, the milestone contains a few noteworthy changes:

• An AuthorizationManager for method security

• Support for any data type in Access Token Response

• A separate repository for Spring Security samples

You can find the complete details in the release notes.

On behalf of the community, it is my pleasure to announce the general availability of Spring Security 5.5. This release is the result of the work that went into 5.5.0-M1, 5.5.0-M2, 5.5.0-M3, 5.5.0-RC1, 5.5.0-RC2 and 5.5.0. In combination, they close 250+ tickets.

You can find the highlights of 5.5 in the What’s new section of the Spring Security reference.

As always, we look forward to hearing your feedback!

Project Site | Reference | Help

On behalf of the community, I’m pleased to announce the release of Spring Security 5.5.0-M3! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8975 - Add BearerTokenAuthenticationConverter

SAML

gh-9317 - Add setMetadataFilename method to Saml2MetadataFilter

gh-9310 - Throw Saml2AuthenticationException in Saml2AuthenticationTokenConverter on deflation or decoding error

ACL

gh-9425 - Allow ACL to be owned by GrantedAuthoritySid

Kotlin

gh-9319 - Kotlin DSL extension for rememberMe

Web

gh-9387 - Improve HttpSessionSecurityContextRepository performance

Project Site | Reference | …

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-RC1! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8903 - Allow for custom ClientRegistration.clientAuthenticationMethod

gh-6489 - Simplify retrieving Introspection-specific attributes

Web

gh-8804 - Remove need for WebSecurityConfigurerAdapter

gh-8599 - Reactive SwitchUserWebFilter for user impersonation

gh-8854 - Add AuthenticationConverterServerWebExchangeMatcher

Kotlin

gh-8783 - Support custom filter in Server Kotlin DSL

SAML 2.0

gh-8887 - Add…

On behalf of the community, I’m pleased to announce the release of Spring Security 5.3.4 (release notes), 5.2.6 (release notes), 5.1.12 (release notes) , 5.0.18 (release notes), 4.2.18 (release notes). These releases deliver bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release.

Project Site | Reference | Help