Spring Team
Filip Hanik

Filip Hanik

Spring Security Committer

Vancouver, WA

Blog Posts by Filip Hanik

Spring Security 5.2 goes GA

On behalf of the community, it is my pleasure to announce the general availability of Spring Security 5.2. This release is the result of the work that went into 5.2.0.M1, 5.2.0.M2, 5.2.0.M3, 5.2.0.M4, 5.2.0.RC1, and 5.2.0.RELEASE. In combination it closes 675+ tickets.

You can find the highlights of 5.2 in the What’s new section of the Spring Security reference.

As always, we look forward to hearing your feedback!

Read more...

Spring Security 5.2.0.M4 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.M4! You can find the complete details in the changelog and the highlights below:

OAuth 2.0

gh-6811 for Servlets - Introduce OAuth2AuthorizedClient Manager/Provider
gh-6886 - OpenID Connect Userinfo not fetched for custom claims
gh-7033 - Add Resource Server JWE Sample
gh-7034 - Nimbus Jwt decoders should not force SignedJWT

Core

gh-5300 - Allow configuration of SessionAuthenticationStrategy for CSRF
gh-5557 - DSL nested builder for HTTP security
gh-7082 - Add Chinese Traditional localized messages
gh-7042 - Allow upgrading between different BCrypt encodings
gh-7057 - Allow upgrading between different SCrypt encodings
From previous, 5.2.0.M3, release - Add nohttp to build

For more information about the nohttp project see this blog post.

Read more...

Spring Security SAML DSL 1.0.5.RELEASE

The Spring Security team is proud to announce our latest 1.0.5.RELEASE of our SAML DSL project. This release works against Spring Security SAML 1.0.4.RELEASE.

This release adds a simple Java configuration option to your existing Spring Boot applications

This release requires an additional Maven repository to download the latest version of the not-yet-commons-ssl dependency.

Available on Maven Central

Feedback and contributions are always appreciated. Stay tuned.

Read more...

Spring Security SAML 1.0.4 Released

The Spring Security SAML project team is proud to announce our latest 1.0.4.RELEASE. This maintenance release pushes its dependencies to the latest known working version while staying backwards compatible.

This release requires an additional Maven repository to download the latest version of the not-yet-commons-ssl dependency.

Moving forward we will be working on our 2.0.0 release. This release aims to provide an easy upgrade path for users of the 1.0.x releases while modernizing the underlying dependencies for easy up keep.

Read more...