I’m pleased to announce the release of Spring Security OAuth 2.5.0.

End-of-Life Notice

The 2.5.0 release is the final minor release. See the announcement for further details.

Project Page | GitHub | Documentation | Help

In January 2018, we announced that the Spring Security OAuth (legacy) project is officially in maintenance mode. Later in November of 2019, we provided an update in the Spring Security OAuth 2.0 Roadmap, stating that the 2.3.x line will reach end-of-life in March 2020.

The currently supported version branches are 2.4.x and 2.5.x, with the 2.5.0 release scheduled for May 2020, which will be the final minor release.

To that end, the plan is to provide patch and security fixes for the 2.4.x and 2.5.x line until May 2021. Additionally, security fixes will be supported for the 2.5.x line until May 2022, at which point the project will have reached end-of-life. The same end-of-life timeline applies to the Spring Boot 2 auto-configuration project…

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.2 (release notes), 5.1.8 (release notes) and 5.0.14 (release notes). These releases deliver bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release.

Project Site | Reference | Help

I’m pleased to announce the releases of Spring Security OAuth 2.4.0 and 2.3.8.

Deprecation Notice

The 2.4.0 release officially deprecates all classes. The latest OAuth 2.0 support is provided by Spring Security. See the announcement for further details.

For a complete list of changes, please refer to:

• 2.4.0 changelog

• 2.3.8 changelog

Project Page | GitHub | Documentation | Help

I’m pleased to announce the releases of Spring Security OAuth 2.3.7, 2.2.6, 2.1.6 and 2.0.19. These maintenance releases primarily deliver bug fixes and minor enhancements.

For a complete list of changes, please refer to:

• 2.3.7 changelog

• 2.2.6 changelog

• 2.1.6 changelog

• 2.0.19 changelog

Project Page | GitHub | Documentation | Help

On behalf of the community I am pleased to announce the release of Spring Security 5.1.5 (changelog), 5.0.12 (changelog), and 4.2.12 (changelog). These releases deliver bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release.

Project Site | Reference | Help

We have released Spring Security OAuth 2.3.5, 2.2.4, 2.1.4 and 2.0.17 to address CVE-2019-3778: Open Redirector in spring-security-oauth2. Please review the information in the CVE report and upgrade immediately.

For additional changes included in each release, please refer to:

• 2.3.5 changelog

• 2.2.4 changelog

• 2.1.4 changelog

• 2.0.17 changelog

NOTE: For users of Spring Boot 1.5.x and Spring IO Platform Cairo, it is highly recommended to override the spring-security-oauth version to the latest version containing the fix for the CVE. Please see the Mitigation section in the CVE report for…

I’m pleased to announce the releases of Spring Security OAuth 2.3.4, 2.2.3, 2.1.3 and 2.0.16. The releases address a vulnerability. Please see this blog post published after the associated Spring Boot 2.0.6 and 1.5.17 releases.

For a list of changes, please refer to:

• 2.3.4 changelog

• 2.2.3 changelog

• 2.1.3 changelog

• 2.0.16 changelog

Project Page | GitHub | Documentation | Help

On behalf of the community, it is my pleasure to announce the general availability of Spring Security 5.1. This release closes off 50+ tickets.

Please check out the What’s New in Spring Security 5.1.

As always, we look forward to hearing your feedback!

Project Site | Reference | Help

I’m pleased to announce the releases of Spring Security OAuth 2.3.3, 2.2.2, 2.1.2 and 2.0.15. These maintenance releases primarily deliver bug fixes.

For a complete list of changes, please refer to:

• 2.3.3 changelog

• 2.2.2 changelog

• 2.1.2 changelog

• 2.0.15 changelog

2018-05-09 Update: The releases address a vulnerability. Please see this blog post published after the associated Spring Boot 1.5.13 release.

Project Page | GitHub | Documentation | Help