On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 1.2.3, 1.1.6 and 1.0.6.

The releases address CVE-2024-22258 for PKCE Downgrade in Spring Authorization Server.

Tanzu Spring Runtime

Commercial customers using Spring Boot 2.7 or 3.0 can make use of the new Spring Boot Hotfix release mechanism, providing versions 2.7.20.2 and 3.0.15.2. Spring Boot Hotfix releases are timely releases that patch dependency management to use the latest Spring artifacts when a CVE fix is released. The hotfix versions released…

Hi, Spring fans! And happy Java 22 release day to those who celebrate! I just put out a huge blog detailing many of the exciting new features in Java 22. Check it out!

As usual, we've got a packed roundup to get through this week so let's dive right into it!

• the Spring Authorization Server 1.3.0-M3 is available!
• the Token Exchange Support in Spring Security 6.3.0-M3
• the Spring Authorization Server 1.2.3, 1.1.6, and 1.0.6 are available now and include fixes for CVE-22258
• Spring for Apache Kafka 3.0.15, 3.1.3, and 3.2.0-M2 are available now
• Spring for Apache Pulsar 1.0.4 are available now
• Spring Security 6.3.0-M3, 6.2.3, 6.1.8, 6.0.10, 5.8.11 and 5.7.12 are now available
• Spring for Apache Pulsar 1.1.0-M2
• Dr. Dave Syer wrote up an amazing look at hypermedia and browser enhancement technologies like HTMX and their relationship to Spring
• …

On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.3.0-M3! The milestone release of Spring Authorization Server contains a few noteworthy new features:

• Add PKI Mutual-TLS client authentication method (tls_client_auth) #1558
• Implement OAuth 2.0 Token Exchange #1525 (see related blog post)

See the 1.3.0-M3 release notes for complete details.

To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration…

update I've since published a Spring Tips video on this very topic! If you'd prefer, you could watch that instead.

Hi, Spring fans! Happy Java 22 release day, to those who celebrate! Did you get the bits already? Go, go, go! Java 22 is a significant improvement that I think is a worthy upgrade for everyone. There are some big, final released features, like Project Panama, and a slew of even-better preview features. I couldn't hope to cover them all, but I did want to touch on a few of my favorites. We're going to touch on a number of features. The code, if you want to follow along at home, is here (https://github.com/spring-tips/java22)…

I'm excited to share that there will be support for the OAuth 2.0 Token Exchange Grant (RFC 8693) in Spring Security 6.3, which is available for preview now in the latest milestone (6.3.0-M3). This support provides the ability to use Token Exchange with OAuth2 Client. Similarly, server-side support is also shipping with Spring Authorization Server in 1.3 and is available for preview now in the latest milestone (1.3.0-M3).

OAuth2 Client features of Spring Security allow us to easily make protected resources requests to an API secured with OAuth2 bearer tokens. Similarly, OAuth2 Resource Server…

On behalf of the team and everyone who has contributed, I am pleased to announce that the third milestone of Spring Security 6.3 is released. This release brings several new features that you can check on the release page or on the What's New section of the 6.3 documentation.

In addition to that, Spring Security 6.2.3, 6.1.8, 6.0.10, 5.8.11 and 5.7.12 have been released as well! These releases are mostly composed of bug fixes, dependency upgrades and documentation improvements.

The releases address CVE-2024-22257 for Possible Broken Access Control in Spring Security With Direct Use of…

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring for Apache Pulsar 1.1.0-M2 has been released and is now available from https://repo.spring.io/milestone.

This release will be included in the upcoming Spring Boot 3.3.0-M3 release.

This release includes numerous enhancements, documentation improvements, bug fixes, and dependency upgrades. Notable new features include:

• New spring-pulsar-test module available w/ testing utilites

Please see the release notes for more details.

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring for Apache Pulsar 1.0.4 has been released and is now available from Maven Central.

This release will be included in the upcoming Spring Boot 3.2.4 release.

This release includes documentation improvements, bug fixes, and dependency upgrades.

Please see the release notes for more details.

Hi, Spring fans! In this week's installment we talk Rob Winch, lead of Spring Security and founder of the exciting new project Spring Boot Testjars.