Blog post Authors
Rob Winch

Rob Winch

Rob Winch is employed by VMware as the project lead of security related projects within Spring. He is also a committer on the core Spring Framework and co-author for Spring Security LiveLessons and a Spring Security book. In the past he has worked in the health care industry, bioinformatics research, high performance computing, and as a web consultant. When he is not sitting in front of a computer he enjoys cycling with his friends.

Recent Blog posts by Rob Winch

Spring LDAP 2.0.3 Released

Releases | April 30, 2015 | ...

I’m pleased to announce the release of Spring LDAP 2.0.3.RELEASE. The highlights of this release include:

  • LDAP-330 - Support for Spring Data Commons 1.10 (Spring Data Fowler)
  • LDAP-304 - NullPointerException DirContextAdapter.collectModifications
  • LDAP-314 - repository methods ignoring @Entity(base=)
  • LDAP-317 - ldap:context-source/url not parsing properties #{}
  • LDAP-321 - IllegalStateException: No value for key PoolingContextSource

For additional information on the release, refer to the changelog.

Project Site | Reference | Issues

Read more

Spring Session 1.0.1 Released

Releases | April 16, 2015 | ...

I'm pleased to announce the release of Spring Session 1.0.1.RELEASE. You can find the release in Maven Central.

This release fixes 30+ tickets. You can find the highlights below:

Highlights

The highlights of Spring Session 1.0.1 are available below:

  • Support for AWS ElastiCache #124
  • Servlet 3.1 fixes #152. This resolves issues when running Spring Security and Spring Boot 1.2
  • Servlet 2.5 fixes #111 #182
  • Added Servlet 2.5 & XML based configuration sample and guide
  • Embedded Redis used in Samples now works on Windows 64 bit #174
  • New Spring Session Logo #130

Site | Documentation | Javadoc | Issues | Help | Source |

Read more

Spring Security Kerberos 1.0.0.RC2 Released

Releases | April 02, 2015 | ...

On behalf of the Spring Security Kerberos team, I'm pleased to announce the release of Spring Security Kerberos 1.0.0.RC2. This release brings a number of changes. The highlights can be found below:

  • Added support LdapContextSource. Special thanks to Nelson Rodrigues for this contribution!
  • Repackaging for better management of dependencies
    • Specific implementations are moved to their own packages to signal additional optional dependencies
    • spring-security-kerberos-web now contains all of the web related dependencies (i.e. servlet dependencies)
  • Bug fixes

We’d love to hear back what people think by participating in a project or simply creating issues or feature requests at GitHub

Read more

Spring Security 4.0.0 Released

Releases | March 26, 2015 | ...

I'm pleased to announce the release of Spring Security 4.0.0.RELEASE which closes over 175+ tickets. You can find the highlights below:

WebSocket Support

Spring Security 4 added WebSocket Support. It is now possible to use Spring Security with Spring's WebSocket support.

Spring Data Integration

Spring Security 4 added Spring Data Integration. It is now possible to refer to Spring Security's user within Spring Data queries using SpEL.

Test Support

Spring Security 4 has added Test Support. It is now much easier to write tests with Spring Security applications.

More Secure by Default

As exploits…

Read more

Spring Security 4.0.0.RC2 Released

Engineering | February 26, 2015 | ...

We are please to announce the release of Spring Security 4.0.0.RC2.

We were very keen on doing a GA release, but due to community feedback we decided that another RC was necessary. Ultimately, this release resolved nearly 50 tickets.

A summary of changes can be seen below:

Assuming everything goes smoothly, the plan is to do a GA release in approximately two weeks. In the meantime, make sure to try…

Read more

Spring Session 1.0.0.RELEASE

Releases | January 08, 2015 | ...

I'm pleased to announce the release of Spring Session 1.0.0.RELEASE. You can find the release in Maven Central.

Features

Spring Session provides the following features:

  • API and implementations (i.e. Redis) for managing a user's session
  • HttpSession - allows replacing the HttpSession in an application container (i.e. Tomcat) neutral way. Additional features include:
    • Clustered Sessions - Spring Session makes it trivial to support clustered sessions without being tied to an application container specific solution.
    • Multiple Browser Sessions - Spring Session supports managing multiple users' sessions in a single browser instance (i.e. multiple authenticated accounts similar to Google).
    • RESTful APIs - Spring Session allows providing session ids in headers to work with RESTful APIs
Read more

Spring Security 4.0.0.RC1 Released

Releases | December 11, 2014 | ...

We are please to announce the release of Spring Security 4.0.0.RC1. This release resolved 40 tickets. You can find a highlight of the changes below.

  • Updated Defaults - As security evolves, so does Spring Security. We took this opportunity to ensure that the defaults were more secure. For example, the XML Namespace support now enables CSRF protection by default.
  • Polish WebSocket Security - We received very valuable feedback from the community which allowed us to polish the WebSocket security. We also added XML Namespace configuration support for WebSocket security. Details can be found on the update blog Preview Spring Security WebSocket Support
  • Minimum Dependency Versions - The minimum dependency…
Read more

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all