Spring Team
Rob Winch

Rob Winch

Spring Security, Session, & LDAP project lead

Rob Winch is employed by Pivotal as the project lead of security related projects within Spring. He is also a committer on the core Spring Framework and co-author of the Spring Security 3.1 book. In the past he has worked in the health care industry, bioinformatics research, high performance computing, and as a web consultant. When he is not sitting in front of a computer he enjoys playing the guitar.
Blog Posts by Rob Winch

Spring Security 5.0.0 M2 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0 M2. This release includes bug fixes, new features, and is based off of Spring Framework 5.0.0 RC2.

A complete example of using Spring Security to secure a Spring WebFlux application can be found in the Spring Security samples at hellowebflux and hellowebfluxfn.

The highlights of the release include:

Simplified Reactive Security Configuration

It is now very easy to setup a minimal Reactive Security Configuration. Add @EnableWebFluxSecurity and provide a UserDetailsRepository

Read more...

Spring Session 2.0.0 M2 Released

On behalf of the community I’m pleased to announce the release of Spring Session 2.0.0.M2. This release is focused primarily on ensuring compatibility with Spring Framework 5.0.0.RC2 and Spring Data Kay-M4 which is the minimum Spring version required.

We expect that Spring Session 2.0.0.M3 will have a new Java 8 friendly API along with Support for Spring WebFlux.

Supported Data Stores

As an update to our new story for supported repositories, we now have sub projects for Spring Session Geode (GemFire) and Spring Session MongoDB. You can find the Spring Session MongoDB release announcement here.

Read more...

Spring Security 5.0.0 M1

On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0 M1. This release includes bug fixes, new features, and is based off of Spring Framework 5.0.0 RC1. The highlights of the release include:

Initial Support for Reactive Web Applications

Following one of the primary themes of Spring Framework 5.0, Spring Security 5.0 will add support for Reactive applications by building on top of Spring’s reactive support. The first milestone focused on getting primary infrastructure in place.

Read more...

Spring Session 2.0.0 M1 Released

On behalf of the community I’m pleased to announce the release of Spring Session 2.0.0.M1. This release is focused primarily on ensuring compatability with Spring Framework 5 which is the minimum Spring version required.

Supported Data Stores

We have also removed some of the Spring Session implementations from the main repository. The goal is to allow the core Spring Session team to focus on delivering new features rather than needing to know the ins and outs of every data store. This will allow development of other modules to be done without the overhead of reviews from the Spring Session team.

Read more...

Spring Session 1.3.1 Released

On behalf of the community, I’m pleased to announce the release of Spring Session 1.3.1.RELEASE. This release contains numerous bug fixes. A special thanks to Vedran Pavić and John Blum for all their hard work!

Some of the highlights include:

  • #756 - Usage of Spring Data Redis 1.7.1 which has critical bug
  • #757 - Restore proper behavior of HttpSession created events in GemFire
  • #755 - Improve GemFire SessionRepository, (HTTP) Session copy logic

Project Site | Reference | Help

Read more...

Spring LDAP 2.3.1 Released

On behalf of the community, I’m pleased to announce the release of Spring LDAP 2.3.1!

This release brings in a new era for Spring Data compatibility. Integration for Spring LDAP and Spring Data has been moved to spring-data-ldap so that it can partake in the Spring Data release train and ensure compatibility with the latest and greatest Spring Data code base.

The release also brings read only attribute support.

Note
We did an immediate release of Spring LDAP 2.3.1 due to an issue with the Spring LDAP 2.3.0 release.
Read more...

CVE-2016-9879: Spring Security 3.2.10, 4.1.4, 4.2.1 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 3.2.10, 4.1.4, and 4.2.1 which fix CVE-2016-9879. Users are encouraged to update immediately.

It is important to note that Spring Framework 3.2.x has reached EOL. As with Spring Framework, we expect all users to upgrade to 4.2.1+ for further support. Detailed instructions (including samples) on migrating both XML and Java Config based projects can be found in the reference appendix

Read more...

Spring LDAP 2.2.1 & 2.3 RC1 Released

On behalf of the community, I’m pleased to announce the release of Spring LDAP 2.2.1 and 2.3 RC1.

A special thanks to Mark Paluch for getting spring-data-ldap aligned on the Spring Data side!

Spring LDAP 2.3 RC1

This release brings in a new era for Spring Data compatibility. Integration for Spring LDAP and Spring Data has been moved to spring-data-ldap so that it can partake in the Spring Data release train and ensure compatibility with the latest and greatest Spring Data code base. For additional details refer to the changelog

Read more...