On behalf of the Spring Security team and everyone who contributed to this release, I am delighted to announce the general availability of Spring Security 6.4.0 from Maven Central!

The 6.4 release brings several compelling features including:

• Support for Passkeys and One-Time Tokens
• Simplified OAuth 2.0 Configuration
• Refreshable SAML 2.0 Asserting Parties, and
• New method security annotations and capabilities

To find out more about what’s new, see the what's new section of the documentation.

This release will be included in the upcoming Spring Boot 3.4 GA release. We'd like to hear from you…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring LDAP 2.4.4 and 3.2.8 are out! In both cases, the releases are mostly composed of bug fixes and dependency upgrades.

Importantly, these release addresses CVE-2024-38829.

To learn more, please visit the 2.4.4 and 3.2.8 release summaries.

Commercial customers using Spring Boot 2.7, 3.0, or 3.1 can update to Spring Boot 2.7.22.5, 3.0.17.5, or 3.1.13.5 respectively to receive the corresponding LDAP releases 2.4.4, 3.0.10, and 3.1.8. These hotfix versions are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.2.8 and 6.3.5 are out! In all cases, the releases are mostly composed of bug fixes, dependency upgrades, and documentation improvements.

Importantly, these releases address CVE-2024-38827.

To learn more, please visit the 6.2.8 and 6.3.5 release summaries.

Commercial customers using Spring Boot 2.7, 3.0, or 3.1 can update to Spring Boot 2.7.22.5, 3.0.17.5, or 3.1.13.5 respectively to receive the corresponding Security releases 5.7.14, 6.0.14, and 6.1.12. These hotfix versions are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription…

On behalf of the team and everyone who has contributed, I am pleased to announce that the release candidate of Spring Security 6.3 is released.

The 6.3 release brings several compelling features including

• Long-term JDK serialization backward compatibility
• New method security annotations and capabilities
• Compromised password checking, and
• OAuth 2.0 Token Exchange support

You can read more about each of these in the What's New section of the 6.3 documentation and also see the exhaustive list of of features across the 6.3 release in the release pages for 6.3.0-M1, 6.3.0-M2, 6.3.0-M3, and 6.3.0-RC1…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.2.4, 6.1.9, and 5.8.12 are available now. In all cases, the releases are mostly composed of bug fixes, dependency upgrades, and documentation improvements.

To learn more, please visit the 6.2.4, 6.1.9, and 5.8.12 release summaries.

Project Site | Reference | Help

On behalf of the community, I’m pleased to announce the release of Spring LDAP 3.1.4 and 3.2.2! These releases include dependency updates and minor bug fixes.

You can find the complete details in the 3.1.4 and 3.2.2 release notes.

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.2.1, 6.1.6, and 5.8.9 are out! In all cases, the releases are mostly composed of bug fixes, dependency upgrades, and documentation improvements.

To learn more, please visit the 6.2.2, 6.1.7, and 5.8.10 release summaries.

Project Site | Reference | Help

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.2.1, 6.1.6, and 5.8.9 are available now. In all cases, the releases are mostly composed of bug fixes, dependency upgrades, and documentation improvements.

To learn more, please visit the 6.2.1, 6.1.6, and 5.8.9 release summaries.

Project Site | Reference | Help

On behalf of the team and everyone who has contributed, I am pleased to announce that the Spring Security 5.6.12, 5.7.10, 5.8.5, 6.0.5, and 6.1.2 are available now.

Please refer to the releases page for more detail on what is included in each release.

Those versions fix the following CVEs:

• CVE-2023-34034: WebFlux Security Bypass With Un-Prefixed Double Wildcard Pattern
• CVE-2023-34035: Authorization rules can be misconfigured when using multiple servlets

It is also important to remember that the 5.8 version of Spring Security is a special release designed to help you to migrate to Spring Security 6.0, therefore if you are planning to upgrade your applications, using that version combined with the special migration guide…

On behalf of the community, I’m pleased to announce the release of Spring LDAP 3.0.4! This release includes only dependency updates.

You can find the complete details in the release notes.