Just a quick note to tell everyone that 1.0.5 is out (has been for a couple of weeks actually). It had a some bug fixes for 1.0.3 and 1.0.4, so upgrade if you can, but there's nothing new. The main change to be aware of is that a potential attack is avoided where a bad guy spoofs a client by using a URL with a different host but whose URL starts with the registered URL (the attack is only possible if redirect URIs are formed of only protocol and host name, and also if the bad guy has the client secret).
Announcement Announcement Module
No announcement yet.
Spring Security OAuth 1.0.5.RELEASE available Page Title Module
Move Remove Collapse
This is a sticky topic.