On behalf of the community, I'm pleased to announce the release of Spring Session 1.2.0.RC2. The release can be found in the Spring Milestone Repository (https://repo.spring.io/milestone/).

This release contains some fixes for the previous release.

Some highlights of the issues in this release include:

• A number of fixes for the JDBC support have been included
• A new Grails 3 Sample

See What's New in 1.2 for more details.

Our Community Support

As always, I'd like to thank our awesome community for their contributions. A very big thanks to those who submitted Pull Requests:

• #436 - Use Flapdoodle Embedded MongoDB for integration tests Thanks Vedran Pavić
• #437 - Externalize H2 database dependency version Thanks Vedran Pavić
• #440 - Fix SessionRepositoryFilter comment typo Thanks Jin Zhang
• #442 - Add Grails 3 Sample Thanks Eric Helgeson
• #444 - Add Dispatcher types to web.xml Thanks moonlight
• #450 - Fix loading of JdbcSession's lastAccessedTime attribute Thanks Vedran Pavić
• #451 - Polish JdbcHttpSessionConfigurationTests Thanks Vedran Pavić
• #454 - Add JDBC Spring Boot sample Thanks Vedran Pavić
• #462 - Update WebSocket sample to use H2 console auto-configuration Thanks …

I’m pleased to announce the release of Spring LDAP 2.1.0.RC1. The highlights of this release include:

• #380 - Support for Spring Data Hopper
• #384 - Early support for Spring IO Platform 2.1
• #351 - Support for commons-pool2
• #370 - Support property placeholders in XML Namespace
• #392 - Document Testing Support
• Migrated from JIRA to GitHub Issues
• Added Gitter Chat

For complete details of 2.1 refer to the changelog

Contributions

Without the community we couldn't be the successful project we are today. I'd like to thank everyone that created issues & provided feedback. A special thanks to the…

On behalf of the community, I'm pleased to announce the release of Spring Security 4.1.0.RC1. This release resolved over 100 tickets. You can find some of the highlights below:

• Path Variables in Web Security Expressions
• Content Security Policy (CSP)
• HTTP Public Key Pinning (HPKP)
• Added ForwardAuthenticationFailureHandler & ForwardAuthenticationSuccessHandler
• SCrypt support with SCryptPasswordEncoder
• Simplified UserDetailsService Java Configuration
• Simplified AuthenticationProvider Java Configuration
• Moved to GitHub issues
• Test Meta Annotations
• Method Security Meta Annotations

Contributions

…

I'm pleased to announce the release of Spring Security SAML 1.0.2. Among other things, this release provides a critical update that resolves Deadlock in MetadataManager. Updating is recommended for everyone.

Project Site | Documentation | Changelog

On behalf of the community, I'm pleased to announce the release of Spring Session 1.2.0.RC1. The release can be found in the Spring Milestone repository (https://repo.spring.io/milestone).

Change Log

This release includes nearly 30 issues with some exciting new features. You can find a complete list of changes in the change log. The highlights can be found in What's New in 1.2

Contributions

I continue to be amazed with the growing Spring Session community. It is because of our community that we were able to do this release within a month of 1.1.0 going GA. A special thank you to all those who…

On behalf of the community, I'm pleased to announce the release of Spring Session 1.1.1.RELEASE. The release can be found in Maven Central.

Change Log

This release includes a number of minor fixes and upgrade is recommended for anyone currently using Spring Session. You can find details of the fixes in the changelog

Site | Documentation | Issues | Help

I'm pleased to announce the release of Spring Security 4.0.4.RELEASE. This release is the fourth maintenance release of the 4.0 line. It provides minor fixes along with a fix for backwards compatibility of Spring Framework 4.1.x. For complete details on the release, refer to the Change Log.

Project Site | Reference | Guides

On behalf of the community, I'm pleased to announce the release of Spring Session 1.1.0.RELEASE. The release can be found in Maven Central.

Change Log

With over 80 issues resolved, there is plenty found in this release. You can find a complete list of changes in the change logs (1.1.0.M1, 1.1.0.RC1, 1.1.0.RELEASE). A summary of the changes can be found below:

• Support for Hazelcast. Thanks @_mark_a and @tommyludwig!
• Support for GemFire Thanks to John Blum!
• Support for search for session by username
• Support Customize Cookie Creation. Thanks to everyone who provided PRs and feedback for this feature!
• Add HttpSessionListener support
• Allow override default RedisSerializer
• Performance improvements
• Allow scoping the session in Redis using redisNamespace. Thanks fstegmann!
• Allow writing to Redis immediately (instead of lazily) using redisFlushMode
• Add ExpiringSession.setLastAccessedTime(long)
…

On behalf of the community, I'm pleased to announce the release of Spring Session 1.1.0.RC1. The release can be found in the Spring Milestone Repository (https://repo.spring.io/milestone/).

This release contains lots of fixes and new features. You can find details in the What's New in 1.1 The highlights of 1.1.0.RC1 have been included below:

• Support for GemFire Thanks to John Blum!
• Allow writing to Redis immediately (instead of lazily) using redisFlushMode

We look forward to your feedback and if all goes well plan to release 1.1.0.RELEASE in the next few weeks.

Site | Documentation | Issues | …

UPDATE: This is a summary of XSS without HTML: Client-Side Template Injection with AngularJS. Previously the citation was in the middle of the document and difficult to find. The goal of the summary is to present the exploit and a fix without all the nuances, not to claim the work as my own.

Introduction

AngularJS is a popular JavaScript framework that allows embedding expressions within double curly braces. For example, the expression 1+2={{1+2}} will render as 1+2=3.

This means that if the server echos out user input that contains double curly braces, the user can perform a XSS exploit using…