I'm excited to share that there will be support for the OAuth 2.0 Token Exchange Grant (RFC 8693) in Spring Security 6.3, which is available for preview now in the latest milestone (6.3.0-M3). This support provides the ability to use Token Exchange with OAuth2 Client. Similarly, server-side support is also shipping with Spring Authorization Server in 1.3 and is available for preview now in the latest milestone (1.3.0-M3).

OAuth2 Client features of Spring Security allow us to easily make protected resources requests to an API secured with OAuth2 bearer tokens. Similarly, OAuth2 Resource Server…

On behalf of the team and everyone who has contributed, I am pleased to announce that the third milestone of Spring Security 6.3 is released. This release brings several new features that you can check on the release page or on the What's New section of the 6.3 documentation.

In addition to that, Spring Security 6.2.3, 6.1.8, 6.0.10, 5.8.11 and 5.7.12 have been released as well! These releases are mostly composed of bug fixes, dependency upgrades and documentation improvements.

The releases address CVE-2024-22257 for Possible Broken Access Control in Spring Security With Direct Use of…

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring for Apache Pulsar 1.1.0-M2 has been released and is now available from https://repo.spring.io/milestone.

This release will be included in the upcoming Spring Boot 3.3.0-M3 release.

This release includes numerous enhancements, documentation improvements, bug fixes, and dependency upgrades. Notable new features include:

• New spring-pulsar-test module available w/ testing utilites

Please see the release notes for more details.

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring for Apache Pulsar 1.0.4 has been released and is now available from Maven Central.

This release will be included in the upcoming Spring Boot 3.2.4 release.

This release includes documentation improvements, bug fixes, and dependency upgrades.

Please see the release notes for more details.

Hi, Spring fans! In this week's installment we talk Rob Winch, lead of Spring Security and founder of the exciting new project Spring Boot Testjars.

On behalf of the team and everyone who has contributed, I’m pleased to announce the second milestone 2024.0.0-M2 of the Spring Data 2024.0 release train.

Notable new features include:

• Predicate -based QueryEngine for KeyValue
• Transaction option derivation for MongoDB based on @Transactional labels.

Please see the release notes for more details and upgrade instructions.

Thanks to all those who have contributed with issue reports and pull requests.

Finally, here are the links to the documentation and release notes:

• Spring Data Commons 3.3 M2 - Javadoc - Documentation - Changelog
• Spring Data JPA 3.3 M2 - Javadoc - Documentation - Changelog
• Spring Data for Apache Cassandra 4.3 M2 - Javadoc - Documentation - Changelog
• Spring Data MongoDB 4.3 M2 - Javadoc - Documentation - Changelog
• Spring Data KeyValue 3.3 M2 - Javadoc - Documentation - Changelog
• Spring Data Neo4j 7.3 M2 - Javadoc - Documentation - Changelog
• Spring Data LDAP 3.3 M2 - Javadoc - Documentation - Changelog
• Spring Data REST 4.3 M2 - Javadoc - Documentation - Changelog
• Spring Data Redis 3.3 M2 - Javadoc - Documentation - Changelog
• Spring Data Elasticsearch 5.3 M2 - Javadoc - Documentation - …

On behalf of the team and everyone who has contributed, I’m pleased to announce the availability of 2023.1.4 and 2023.0.10 service releases. These releases ship with dependency upgrades, fixes for regressions and selected improvements.

The upcoming Spring Boot releases 3.2.4, respective 3.1.10 will pick up the above releases by next week.

2023.1.4

• Spring Data Commons 3.2.4 - Javadoc - Documentation - Changelog
• Spring Data JPA 3.2.4 - Javadoc - Documentation - Changelog
• Spring Data for Apache Cassandra 4.2.4 - Javadoc - Documentation - Changelog
• Spring Data MongoDB 4.2.4 - Javadoc - Documentation - Changelog
• Spring Data KeyValue 3.2.4 - Javadoc - Documentation - Changelog
• Spring Data Neo4j 7.2.4 - Javadoc - Documentation - Changelog
• Spring Data LDAP 3.2.4 - Javadoc - Documentation - Changelog
• Spring Data REST 4.2.4 - Javadoc - Documentation - Changelog
• Spring Data Redis 3.2.4 - Javadoc - Documentation - Changelog
• Spring Data Elasticsearch 5.2.4 - Javadoc - Documentation - …

Front end development these days is dominated by large JavaScript client side frameworks. There are plenty of good reasons for that, but it can be very inefficient for many use cases, and the framework engineering has become extremely complex. In this article, I want to explore a different approach, one that is more efficient and more flexible, built from smaller building blocks, and well-suited to server side application frameworks like Spring (or similar tools in a range of server side languages). The idea is to embrace the concept of hypermedia, imagine how a next-generation browser would…

I am happy to announce the availability of Spring HATEOAS 2.1.4, 2.2.1 and 2.3 M1. The releases primarily contain bug fixes and dependency upgrades.

For the 2.1.4 and 2.2.1 service releases we have deviated from our usual dependency upgrade policy which only allows bug fix upgrades of dependencies in bug fix releases. These branches had referenced a version of the JSONPath library that has a CVE attached to it which was only fixed in a new minor release. We exceptionally decided to upgrade to that fixed version.

For a full list of changes, refer to the individual change logs of 2.1.4, 2.2.1 and 2.3 M1…