Josh has been a software engineer for over 15 years building enterprise applications across multiple industries. He has long been passionate about application security and loves opportunities to mentor and to learn from others about security awareness.
When Josh isn't hacking away at code, he is either running, playing basketball, camping, or reading a Brandon Sanderson novel.
On behalf of the team and everyone who has contributed, I am pleased to announce the availability of Spring Security 6.4.8 and 6.5.2.
Spring Security 6.4.8 ships with 3 fixes and several dependency upgrades. This version will be shipped next week with Spring Boot 3.4.8.
Spring Security 6.5.2 ships with 7 fixes and several dependency upgrades. This version will be shipped next week with Spring Boot 3.5.4.
On behalf of the team and everyone who has contributed, I am pleased to announce a new milestone for the next Spring Security generation. We encourage you to review the Spring Security 6 to 7 migration guide to gauge your preparedness for the release. Please also check out the main feature set in our What's New in Spring Security 7 page. Finally, for a detailed view of all changes, please see the Spring Security 7.0.0-M1 release notes.
7.0.0-M1 is now available from Maven Central.
On behalf of the team and everyone who has contributed, I am pleased to announce the availability of Spring Security 6.3.10.
Please check the changelog for more details.
On behalf of the team and everyone who has contributed, I am pleased to announce the availability of Spring Security 6.4.6.
Please check the changelog for more details. Note that this release contains the fix for CVE-2025-41232.
On behalf of the team and everyone who has contributed, I am pleased to announce the general availability of the final Spring Security 6 minor release, 6.5.0!
To see all the new features, please take a look at What's New in Spring Security 6.5 in the reference.
Also, since this is the target release for migrating from 6.x to 7.x, please also begin reviewing the migration guide.
Please check the release changelog as well as the previous changelogs for 6.5.0-M1, 6.5.0-M2, 6.5.0-M3, and 6.5.0-RC1 for more details.
On behalf of the team and everyone who has contributed, I am pleased to announce the release candidate milestone for the final Spring Security 6 minor release.
Among a number of feature enhancements, there are some that we'd love your attention on as we prepare them for general availability:
ConfigAttribute, SecurityConfig, and other Access API components.Specifically, please speak up if you are using any of the ACL Access components that were deprecated.
On behalf of the team and everyone who has contributed, I am pleased to announce the third milestone of the next Spring Security 6 minor release.
Among a number of feature enhancements, there are some that we'd love your attention on as we prepare them for general availability:
ConfigAttribute deprecation, including the addition of redirectToHttps - #16667SecurityContext Reactive Context Propagation - #16665Please check the changelog for more details.
On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.3.8 and 6.4.4 are out! In all cases, the releases are mostly composed of bug fixes, dependency upgrades, and documentation improvements.
Importantly, these releases address CVE-2025-22223 and CVE-2025-22228.
To learn more, please visit the 6.3.8 and 6.4.4 release summaries.
Commercial customers using Spring Boot 2.7, 3.0, 3.1, or 3.2 will be able to update to Spring Boot 2.7.24.1, 3.0.19.1, 3.1.15.1, or 3.2.13.1 respectively to receive the corresponding Security releases 5.7.16, 6.0.16, 6.1.14, and 6.2.10. These Security versions are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription…
On behalf of the team and everyone who has contributed, I am pleased to announce the second milestone of the next Spring Security 6 minor release.
Among a number of feature enhancements, there are some that we'd love your attention on as we prepare them for general availability:
Please check the changelog for more details.
On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.3.7 and 6.4.3 are out! In all cases, the releases are mostly composed of bug fixes, dependency upgrades, and documentation improvements.
To learn more, please visit the 6.3.7 and 6.4.3 release summaries.
Commercial customers using Spring Boot 2.7, 3.0, 3.1, or 3.2 will be able to update to Spring Boot 2.7.24, 3.0.19, 3.1.15, or 3.2.13 respectively to receive the corresponding Security releases 5.7.15, 6.0.15, 6.1.13, and 6.2.9. These Security versions are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription…
VMware offers training and certification to turbo-charge your progress.
Learn moreTanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreCheck out all the upcoming events in the Spring community.
View all