On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.M3! You can find the complete details in the changelog and the highlights below:

OAuth 2.0

gh-6727 - Support for Multi-tenancy in Reactive Resource Server

gh-6798 - Support for custom parameters in Opaque Token

gh-6239 - Finer variables for OAuth2 redirectUriTemplate expansion

gh-6863 - OAuth2 login has configurable authentication success handler

gh-6832 & gh-6849 - JWT and opaque token have configurable authentication manager

gh-6634 - Support for mock JWT in tests

Similar to other request post processors, jwt() can be used to establish a SecurityContext with a JwtAuthenticationToken…

On behalf of the team I am pleased to announce Spring Data releases Moore RC1 and Lovelace SR9. The new bits build on the most recent Spring Framework releases and will be picked up by Spring Boot 2.2 M4 and 2.1.6 respectively.

Notable new features amongst others are:

• An EntityCallback API for modifying entities before convert or save.
• Multiple OUT parameters in the stored procedure support of Spring Data JPA.
• Declarative aggregations in Spring Data MongoDB.
• Enhanced SSL support and dynamic client port configuration for Gemfire and Apache Geode.

Please find a high-level overview of what has been added in our release wiki. As always, we’re…

On behalf of the community, I am pleased to announce that the Service Release 4 (SR4) of the Spring Cloud Finchley Release Train is available today. The release can be found in Maven Central. You can check out the Finchley release notes for more information.

Notable Changes in the Finchley Release Train

Spring Cloud Commons

Bug Fixes

Spring Cloud Vault

Bug Fixes

Spring Cloud Config

Bug Fixes

Spring Cloud Gateway

Bug Fixes

Spring Cloud Netflix

Bug Fixes

Spring Cloud Sleuth

Bug Fixes

Spring Cloud Consul

Bug Fixes

Spring Cloud Contract

Bug Fixes

The following modules were updated as part of…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 5.2.0.M3 and 5.1.8 are available now.

The third milestone of Spring Framework 5.2 includes 50 fixes and improvements while Spring Framework 5.1.8 includes 31 fixes and selected improvements.

If you want to give the milestone a try, you can boostrap a new application on start.spring.io once Spring Boot 2.2.0.M4 is released early next week.

Project Page | GitHub | Issues | Documentation

Introduction

On behalf of the community I am happy to announce the release of Java CFEnv 1.1 RC1.

The RC1 release adds the following functionality:

• Checks the classpath to correctly determine setting of MySQL or MariaDB driver class name.

• When using the Boot support, an exception is thrown if the Spring Cloud Connector library is on the classpath. This applies only for the following services: DataSource, RabbitMQ, Cassandra, MongoDB, and Redis. The exception message indicates to set the environment variable JBP_CONFIG_SPRING_AUTO_RECONFIGURATION '{enabled: false}'

• Support for Boot 1.5.x by copying a logging utility class into the project.

…

We are happy to announce today that start.spring.io is now built using React/Gatsby as the front-end framework. We also made UI improvements based on your feedback. Thank you to all those who have contributed to this update and to all the users who continue to tell us how to improve!

React.js

During the previous Web UI modernization (launched on March 5th), we realized that making even small changes to the site had become more time consuming than we anticipated. The architecture was inhibiting our ability to run experiments and move quickly to make small, incremental changes.

As a result, we decided to rewrite the front-end using a modern and popular javascript framework - Gatsby…

Introduction

On behalf of the community I am happy to announce the release of Java CFEnv 1.1 M1.

This release brings in contributions from several teams

• EMC Volume Service

• Pivotal Single Sign-On Service

• Pivotal Redis Service

Support for Volume Services is a new feature. Single Sign-On functionality has been improved to set Spring Security auto-configuration properties for Spring Security 5’s OAuth support. The Redis support has been improved to support auto-configuration of TLS.

The project README has more information.

A release candidate is going out next week, followed quickly by a GA release. Please try it out and give feedback on our github issues…

We have released Spring Security OAuth 2.3.6, 2.2.5, 2.1.5 and 2.0.18 to address CVE-2019-11269: Open Redirector in spring-security-oauth2. Please review the information in the CVE report and upgrade immediately.

For additional changes included in each release, please refer to:

• 2.3.6 changelog

• 2.2.5 changelog

• 2.1.5 changelog

• 2.0.18 changelog

NOTE: For users of Spring Boot 1.5.x and Spring IO Platform Cairo, it is highly recommended to override the spring-security-oauth version to the latest version containing the fix for the CVE. Please see the Mitigation section in the CVE report…

On behalf of the community, I am pleased to announce that the Service Release 6 (SR6) of the Spring Cloud Edgware Release Train is available today. The release can be found in Maven Central. You can check out the Edgware release notes for more information.

Edgware End Of Life Reminder

As a reminder, the Edgware release train will reach EOL status on August 1st, 2019.

Notable Changes in the Edgware Release Train

Spring Cloud Netflix

• Bug Fixes

Spring Cloud Sleuth

• Bug Fixes

Spring Cloud Config

• Bug Fixes

Spring Cloud Commons

• Bug Fixes

Spring Cloud Contract

• Bug Fixes

Spring Cloud Vault

• Upgraded to Vault 1.1.3
…