On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Session 3.3.0-M3! The milestone release of Spring Session contains a few noteworthy new features:

• Add Spring Session Backed implementation of ReactiveSessionRegistry #2824
• Allow PlatformTransactionManager to be specified using @SpringSessionTransactionManager #2821

See the 3.3.0-M3 release notes for complete details.

Project Page | GitHub Issues

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Session 3.2.2 and 3.1.5 are available now. These releases are mostly composed of bug fixes, dependency upgrades and documentation improvements.

To learn more, please visit the releases page for 3.2.2 and 3.1.5.

Dear Spring community,

On behalf of Spring Integration team, it is my pleasure to announce 6.3.0-M2 version of the project which is available from Spring Milestone Repository.

In addition, bug fixes versions 6.1.7 & 6.2.3 have been released as well into Maven Central.

The notable changes in 6.3:

• Kotlin DSL is compatible now with upcoming Kotlin 2.0

• The spring-integration-security module has been removed altogether in favor of SecurityContextChannelInterceptor & SecurityContextPropagationChannelInterceptor from the spring-security-messaging module of Spring Security project

• The ObservationPropagationChannelInterceptor is deprecated since it does not carry out a proper observation state between threads or even persistent store.

…

On behalf of the entire team and everyone in the community who contributed, we are pleased to announce the general availability of Spring for Apache Kafka 3.0.15 and 3.1.3.

Spring for Apache Kafka 3.0.15 includes a few improvements and bug fixes. In addition, this version now supports the ability to call the enforceRebalance on the Kafka consumer. This release will be included as part of the upcoming Spring Boot 3.1.10 release.

Spring for Apache Kafka 3.1.3 ships with some new features, enhancements, bug fixes and documentation improvements. This release will be part of the upcoming Spring Boot 3.2.4 release…

On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 1.2.3, 1.1.6 and 1.0.6.

The releases address CVE-2024-22258 for PKCE Downgrade in Spring Authorization Server.

Tanzu Spring Runtime

Commercial customers using Spring Boot 2.7 or 3.0 can make use of the new Spring Boot Hotfix release mechanism, providing versions 2.7.20.2 and 3.0.15.2. Spring Boot Hotfix releases are timely releases that patch dependency management to use the latest Spring artifacts when a CVE fix is released. The hotfix versions released…

Hi, Spring fans! And happy Java 22 release day to those who celebrate! I just put out a huge blog detailing many of the exciting new features in Java 22. Check it out!

As usual, we've got a packed roundup to get through this week so let's dive right into it!

• the Spring Authorization Server 1.3.0-M3 is available!
• the Token Exchange Support in Spring Security 6.3.0-M3
• the Spring Authorization Server 1.2.3, 1.1.6, and 1.0.6 are available now and include fixes for CVE-22258
• Spring for Apache Kafka 3.0.15, 3.1.3, and 3.2.0-M2 are available now
• Spring for Apache Pulsar 1.0.4 are available now
• Spring Security 6.3.0-M3, 6.2.3, 6.1.8, 6.0.10, 5.8.11 and 5.7.12 are now available
• Spring for Apache Pulsar 1.1.0-M2
• Dr. Dave Syer wrote up an amazing look at hypermedia and browser enhancement technologies like HTMX and their relationship to Spring
• …

On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.3.0-M3! The milestone release of Spring Authorization Server contains a few noteworthy new features:

• Add PKI Mutual-TLS client authentication method (tls_client_auth) #1558
• Implement OAuth 2.0 Token Exchange #1525 (see related blog post)

See the 1.3.0-M3 release notes for complete details.

To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration…

update I've since published a Spring Tips video on this very topic! If you'd prefer, you could watch that instead.

Hi, Spring fans! Happy Java 22 release day, to those who celebrate! Did you get the bits already? Go, go, go! Java 22 is a significant improvement that I think is a worthy upgrade for everyone. There are some big, final released features, like Project Panama, and a slew of even-better preview features. I couldn't hope to cover them all, but I did want to touch on a few of my favorites. We're going to touch on a number of features. The code, if you want to follow along at home, is here (https://github.com/spring-tips/java22)…

I'm excited to share that there will be support for the OAuth 2.0 Token Exchange Grant (RFC 8693) in Spring Security 6.3, which is available for preview now in the latest milestone (6.3.0-M3). This support provides the ability to use Token Exchange with OAuth2 Client. Similarly, server-side support is also shipping with Spring Authorization Server in 1.3 and is available for preview now in the latest milestone (1.3.0-M3).

OAuth2 Client features of Spring Security allow us to easily make protected resources requests to an API secured with OAuth2 bearer tokens. Similarly, OAuth2 Resource Server…