close

Eleftheria Stein-Kousathana

Eleftheria Stein-Kousathana

Spring Security committer

Berlin, Germany

Blog Posts by Eleftheria Stein-Kousathana

Spring Security 5.5.0-M3 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.5.0-M3! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8975 - Add BearerTokenAuthenticationConverter

SAML

gh-9317 - Add setMetadataFilename method to Saml2MetadataFilter
gh-9310 - Throw Saml2AuthenticationException in Saml2AuthenticationTokenConverter on deflation or decoding error

ACL

gh-9425 - Allow ACL to be owned by GrantedAuthoritySid

Kotlin

gh-9319 - Kotlin DSL extension for rememberMe
Read more...

Spring Security 5.4.0-RC1 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-RC1! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8903 - Allow for custom ClientRegistration.clientAuthenticationMethod
gh-6489 - Simplify retrieving Introspection-specific attributes

Web

gh-8804 - Remove need for WebSecurityConfigurerAdapter
gh-8599 - Reactive SwitchUserWebFilter for user impersonation
gh-8854 - Add AuthenticationConverterServerWebExchangeMatcher
Read more...

Spring Security 5.4.0-M1 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-M1! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8185 - Resource Server configurers pick up a JwtAuthenticationConverter bean
gh-8324 - Configure AuthoritiesMapper in Reactive OAuth2Login
gh-8324 - Validate ID Token Issuer
gh-8337 - Allow custom header during bearer token extraction
gh-8332 - Provide possibility to use custom cache to store JWK Set

Web

gh-2693 - Transfer session’s max inactive interval in SessionFixationProtectionStrategy
gh-4183 - SwitchUserFilter vulnerable to CSRF
Read more...

Spring Session Dragonfruit-RC1, Corn-SR2 and Bean-SR10 Released

On behalf of the community I’m pleased to announce the releases of Spring Session Dragonfruit-RC1, Corn-SR2 and Bean-SR10.

Spring Session Dragonfruit-RC1

The Dragonfruit-RC1 release is based on:

  • Spring Session core modules 2.3.0.RC1

  • Spring Session Data Geode 2.3.0.RC1

  • Spring Session Data MongoDB 2.3.0.RC1

Additional details of these releases can be found in the changelog.

Spring Session Corn-SR2

The Corn-SR2 release is based on:

  • Spring Session core modules 2.2.2.RELEASE

  • Spring Session Data Geode 2.2.3.RELEASE

  • Spring Session Data MongoDB 2.2.3.RELEASE

Additional details of these releases can be found in the changelog.

Read more...

Spring Security 5.3.0.RC1 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.3.0.RC1! You can find the complete details in the release notes and the highlights below:

RSocket

gh-7935 - Add RSocket Authentication Extension Support

OAuth 2.0

gh-7699 - Introduce Reactive OAuth2Authorization success/failure handlers

Test

gh-7828 - Add oauth2Login Reactive Test Support
gh-7886 - Add oauth2Client MockMvc Test Support

Docs

gh-7801 - Modernize Documentation Styling
Read more...

Spring Session Dragonfruit-M1, Corn-SR1 and Bean-SR9 Released

On behalf of the community I’m pleased to announce the releases of Spring Session Dragonfruit-M1, Corn-SR1 and Bean-SR9.

Spring Session Dragonfruit-M1

The Dragonfruit-M1 release is based on:

  • Spring Session core modules 2.3.0.M1

  • Spring Session Data Geode 2.3.0.M1

  • Spring Session Data MongoDB 2.3.0.M1

Additional details of these releases can be found in the changelog.

Spring Session Corn-SR1

The Corn-SR1 release is based on:

  • Spring Session core modules 2.2.1.RELEASE

  • Spring Session Data Geode 2.2.2.RELEASE

  • Spring Session Data MongoDB 2.2.2.RELEASE

Additional details of these releases can be found in the changelog.

Read more...

Spring Security 5.3.0.M1 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.3.0.M1! You can find the complete details in the release notes and the highlights below:

SAML

gh-7654 - Allow configuration of AuthenticationManager in saml2Login()
gh-7681 - Make Saml2Authentication serializable

OAuth 2.0

gh-5385 - Resource server support for multiple trusted JWT access token issuers
gh-7569 - Reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager
gh-7592 - Add OidcIdToken.Builder
gh-7593 - Add OidcUserInfo.Builder
Read more...