7 Pull requests merged by 4 people

• Remove AbstractConfiguredSecurityBuilder apply method

  #17498 merged Jul 11, 2025

• Remove EnableWebMvcSecurity

  #17311 merged Jul 7, 2025

• Remove deprecated elements from DaoAuthenticationProvider

  #17315 merged Jul 7, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17479 merged Jul 7, 2025

• Remove deprecated elements of RoleHierarchyImpl

  #17313 merged Jul 7, 2025

• Use LdapName instead of DistinguishedName

  #17325 merged Jul 7, 2025

• Update JwtIssuerAuthenticationManagerResolver constructor javadoc

  #17486 merged Jul 7, 2025

8 Pull requests opened by 7 people

• Fix Error message for unsupported Spring Security XSD versions

  #17488 opened Jul 7, 2025

• Add lambda DSL method for featurePolicy

  #17492 opened Jul 7, 2025

• Make stricter IP format check in `IpAddressMatcher`

  #17500 opened Jul 8, 2025

• Fix securityContextRepository() initialization in oauth2Login() DSL

  #17502 opened Jul 9, 2025

• Remove shouldFilterAllDispatcherTypes

  #17505 opened Jul 10, 2025

• Add disable DSL for RequestCache

  #17506 opened Jul 10, 2025

• PKCE configuration - enabled by default

  #17507 opened Jul 10, 2025

• Address Incorrect scope map fix in Reactive service

  #17511 opened Jul 11, 2025

19 Issues closed by 2 people

• Remove AbstractConfiguredSecurityBuilder#apply

  #13441 closed Jul 11, 2025

• Remove shouldFilterAllDispatcherTypes

  #12139 closed Jul 11, 2025

• Remove usage of PathMatcher in messaging

  #17501 closed Jul 10, 2025

• Add 7.0 Migration Steps for Messaging PathPattern Usage

  #17509 closed Jul 10, 2025

• Websocket XML config should pick up PathPatternMessageMatcher.Builder

  #17508 closed Jul 10, 2025

• Remove deprecations from CookieCsrfTokenRepository

  #14132 closed Jul 10, 2025

• Remove `authorizeRequests`

  #15174 closed Jul 9, 2025

• Simplify Expression Migration for authorizeRequests

  #17504 closed Jul 9, 2025

• Support Filtering Events in SpringAuthorizationEventPublisher

  #17503 closed Jul 9, 2025

• Remove no-version Open SAML implementations

  #17306 closed Jul 9, 2025

• Remove LazyCsrfTokenRepository

  #13196 closed Jul 9, 2025

• Use UserWebTestClientConfigurer

  #17496 closed Jul 7, 2025

• Remove ACL access implementations in favor of AclPermissionEvaluator

  #17293 closed Jul 7, 2025

• Remove EnableWebMvcSecurity

  #17294 closed Jul 7, 2025

• <websocket-message-broker> should use XorCsrfChannelInterceptor by default

  #17260 closed Jul 7, 2025

• `<websocket-message-broker>` should pick up a bean named `csrfChannelInterceptor`

  #17495 closed Jul 7, 2025

• `<websocket-message-broker>` should pick up a bean named `csrfChannelInterceptor`

  #17494 closed Jul 7, 2025

• `<websocket-message-broker>` should pick up a bean named `csrfChannelInterceptor`

  #17493 closed Jul 7, 2025

• HttpSecurity.build() in a bean method that defines a security filter chain triggers a BeanCurrentlyInCreationException

  #17484 closed Jul 7, 2025

3 Issues opened by 3 people

• IpAddressMatcher allows hostnames

  #17499 opened Jul 8, 2025

• Allow all HttpSecurity DSL methods to apply Customizer.withDefaults() by default

  #17497 opened Jul 8, 2025

• @PreAuthorize not working in Spring Security 6+ due to deprecation

  #17487 opened Jul 5, 2025

12 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Implement equals and hashCode in `OidcIdToken`

  #17485 commented on Jul 5, 2025 • 2 new comments

• Add lambda DSL method for featurePolicy

  #17321 commented on Jul 5, 2025 • 0 new comments

• Cannot add security configurers during builder initialization

  #17011 commented on Jul 7, 2025 • 0 new comments

• `Authentication` in the security context is not updated during the refresh token flow

  #15509 commented on Jul 7, 2025 • 0 new comments

• oauth2Login DSL fails when passing a `SecurityContextRepository`

  #16623 commented on Jul 9, 2025 • 0 new comments

• JwtIssuerValidator default ports not match

  #17187 commented on Jul 10, 2025 • 0 new comments

• WebSecurity.ignoring().anyRequest() no longer works

  #17155 commented on Jul 10, 2025 • 0 new comments

• Consider Enabling PKCE for Authorization Code by Default

  #16391 commented on Jul 10, 2025 • 0 new comments

• Remove Deprecations

  #13068 commented on Jul 11, 2025 • 0 new comments

• Add SpEL support for nested username extraction in OAuth2 user info

  #16857 commented on Jul 7, 2025 • 0 new comments

• Document Upgrading Password Encoding

  #17120 commented on Jul 11, 2025 • 0 new comments

• Improve authoritiesClaimName validation in JwtGrantedAuthoritiesConverter

  #17247 commented on Jul 8, 2025 • 0 new comments