-
Notifications
You must be signed in to change notification settings - Fork 6.1k
Insights: spring-projects/spring-security
Overview
Could not load contribution data
Please try again later
3 Releases published by 1 person
192 Pull requests merged by 13 people
-
Remove AbstractConfiguredSecurityBuilder apply method
#17498 merged
Jul 11, 2025 -
Remove EnableWebMvcSecurity
#17311 merged
Jul 7, 2025 -
Remove deprecated elements from DaoAuthenticationProvider
#17315 merged
Jul 7, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17479 merged
Jul 7, 2025 -
Remove deprecated elements of RoleHierarchyImpl
#17313 merged
Jul 7, 2025 -
Use
LdapNameinstead ofDistinguishedName#17325 merged
Jul 7, 2025 -
Update JwtIssuerAuthenticationManagerResolver constructor javadoc
#17486 merged
Jul 7, 2025 -
Remove PrePostTemplateDefaults
#17312 merged
Jul 3, 2025 -
Remove Nimbus(Reactive)OpaqueTokenIntrospector
#17326 merged
Jul 3, 2025 -
Remove RequestVariablesExtractor
#17320 merged
Jul 3, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17452 merged
Jul 3, 2025 -
Remove deprecated elements using AuthorizationDecision
#17322 merged
Jul 3, 2025 -
Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21
#17453 merged
Jul 3, 2025 -
Bump org-apache-maven-resolver from 1.9.23 to 1.9.24
#17451 merged
Jul 3, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13
#17454 merged
Jul 3, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17455 merged
Jul 3, 2025 -
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8
#17461 merged
Jul 3, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17462 merged
Jul 3, 2025 -
Bump org-apache-maven-resolver from 1.9.23 to 1.9.24
#17463 merged
Jul 3, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17464 merged
Jul 3, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final
#17465 merged
Jul 3, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17466 merged
Jul 3, 2025 -
Remove RelyingPartyRegistration deprecations
#17329 merged
Jul 3, 2025 -
Improve logging clarity in CsrfFilter
#17425 merged
Jul 3, 2025 -
Bump io.mockk:mockk from 1.14.2 to 1.14.4
#17467 merged
Jul 3, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17468 merged
Jul 3, 2025 -
Bump org-apache-maven-resolver from 1.9.23 to 1.9.24
#17469 merged
Jul 3, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17470 merged
Jul 3, 2025 -
Remove deprecated classes moved to other packages
#17330 merged
Jul 3, 2025 -
Bump io.mockk:mockk from 1.14.2 to 1.14.4
#17456 merged
Jul 3, 2025 -
Bump org-apache-maven-resolver from 1.9.23 to 1.9.24
#17457 merged
Jul 3, 2025 -
Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.19.1
#17458 merged
Jul 3, 2025 -
Bump org.hibernate.orm:hibernate-core from 7.0.1.Final to 7.0.4.Final
#17459 merged
Jul 3, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17460 merged
Jul 3, 2025 -
Fix equals and hashCode in
PathPatternRequestMatcherto include HTTP method#17337 merged
Jul 2, 2025 -
Bump org-apache-maven-resolver from 1.9.23 to 1.9.24
#17445 merged
Jul 2, 2025 -
Bump com.webauthn4j:webauthn4j-core from 0.29.3.RELEASE to 0.29.4.RELEASE
#17444 merged
Jul 2, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17443 merged
Jul 2, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17442 merged
Jul 2, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17441 merged
Jul 2, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17440 merged
Jul 2, 2025 -
Bump org-apache-maven-resolver from 1.9.23 to 1.9.24
#17426 merged
Jul 2, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13
#17439 merged
Jul 2, 2025 -
Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21
#17438 merged
Jul 2, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17437 merged
Jul 2, 2025 -
Bump org-apache-maven-resolver from 1.9.23 to 1.9.24
#17436 merged
Jul 2, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final
#17435 merged
Jul 2, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17434 merged
Jul 2, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17433 merged
Jul 2, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17432 merged
Jul 2, 2025 -
Bump org-apache-maven-resolver from 1.9.23 to 1.9.24
#17431 merged
Jul 2, 2025 -
Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.19.1
#17430 merged
Jul 2, 2025 -
Bump com.webauthn4j:webauthn4j-core from 0.29.3.RELEASE to 0.29.4.RELEASE
#17429 merged
Jul 2, 2025 -
Bump org.hibernate.orm:hibernate-core from 7.0.1.Final to 7.0.4.Final
#17428 merged
Jul 2, 2025 -
Bump io.mockk:mockk from 1.14.2 to 1.14.4
#17427 merged
Jul 2, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final
#17409 merged
Jul 1, 2025 -
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8
#17410 merged
Jul 1, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final
#17408 merged
Jul 1, 2025 -
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8
#17411 merged
Jul 1, 2025 -
Bump io.mockk:mockk from 1.14.2 to 1.14.4
#17407 merged
Jul 1, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17406 merged
Jul 1, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17405 merged
Jul 1, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17412 merged
Jul 1, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17413 merged
Jul 1, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17414 merged
Jul 1, 2025 -
Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21
#17415 merged
Jul 1, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17416 merged
Jul 1, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17417 merged
Jul 1, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17418 merged
Jul 1, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13
#17419 merged
Jul 1, 2025 -
Bump org.hibernate.orm:hibernate-core from 7.0.1.Final to 7.0.4.Final
#17420 merged
Jul 1, 2025 -
Bump io.mockk:mockk from 1.14.2 to 1.14.4
#17421 merged
Jul 1, 2025 -
Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.19.1
#17422 merged
Jul 1, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17423 merged
Jul 1, 2025 -
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8
#17395 merged
Jun 30, 2025 -
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8
#17394 merged
Jun 30, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17393 merged
Jun 30, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final
#17392 merged
Jun 30, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17391 merged
Jun 30, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17390 merged
Jun 30, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17389 merged
Jun 30, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17388 merged
Jun 30, 2025 -
Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21
#17387 merged
Jun 30, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13
#17386 merged
Jun 30, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17396 merged
Jun 30, 2025 -
Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.19.1
#17397 merged
Jun 30, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17398 merged
Jun 30, 2025 -
Bump org.hibernate.orm:hibernate-core from 7.0.1.Final to 7.0.4.Final
#17399 merged
Jun 30, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17400 merged
Jun 30, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17401 merged
Jun 30, 2025 -
Bump io.mockk:mockk from 1.14.2 to 1.14.4
#17402 merged
Jun 30, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final
#17403 merged
Jun 30, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17404 merged
Jun 30, 2025 -
Add default authorizationRequestBaseUri to DefaultOAuth2AuthorizationRequestResolver
#16384 merged
Jun 27, 2025 -
Don't cache WebSocket request in RequestCache
#16741 merged
Jun 27, 2025 -
Removed deprecated Base64 of crypto package
#17314 merged
Jun 27, 2025 -
Fixed link to CSRF checks on rubyonrails.org site
#17319 merged
Jun 27, 2025 -
Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.19.1
#17360 merged
Jun 27, 2025 -
Bump io.mockk:mockk from 1.14.2 to 1.14.4
#17361 merged
Jun 27, 2025 -
Bump org.hibernate.orm:hibernate-core from 7.0.1.Final to 7.0.3.Final
#17362 merged
Jun 27, 2025 -
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8
#17378 merged
Jun 27, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final
#17377 merged
Jun 27, 2025 -
Bump io.mockk:mockk from 1.14.2 to 1.14.4
#17376 merged
Jun 27, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17375 merged
Jun 27, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17363 merged
Jun 27, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17364 merged
Jun 27, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17365 merged
Jun 27, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17366 merged
Jun 27, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13
#17367 merged
Jun 27, 2025 -
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8
#17368 merged
Jun 27, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17374 merged
Jun 27, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final
#17373 merged
Jun 27, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17372 merged
Jun 27, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17371 merged
Jun 27, 2025 -
Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21
#17369 merged
Jun 27, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17370 merged
Jun 27, 2025 -
Update to Kotlin 2.2
#17380 merged
Jun 26, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17356 merged
Jun 25, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13
#17338 merged
Jun 25, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final
#17339 merged
Jun 25, 2025 -
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8
#17340 merged
Jun 25, 2025 -
Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21
#17341 merged
Jun 25, 2025 -
Bump org.hibernate.orm:hibernate-core from 7.0.1.Final to 7.0.3.Final
#17342 merged
Jun 25, 2025 -
Bump io.mockk:mockk from 1.14.2 to 1.14.4
#17343 merged
Jun 25, 2025 -
Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.19.1
#17344 merged
Jun 25, 2025 -
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8
#17355 merged
Jun 25, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17354 merged
Jun 25, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final
#17353 merged
Jun 25, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17352 merged
Jun 25, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17351 merged
Jun 25, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17345 merged
Jun 25, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17346 merged
Jun 25, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17347 merged
Jun 25, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17348 merged
Jun 25, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17350 merged
Jun 25, 2025 -
Bump io.mockk:mockk from 1.14.2 to 1.14.4
#17349 merged
Jun 25, 2025 -
Remove AbstractSecurityWebSocketMessageBrokerConfigurer
#17328 merged
Jun 24, 2025 -
Remove JwtIssuer(Reactive)AuthenticationManagerResolver deprecations
#17327 merged
Jun 24, 2025 -
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8
#17275 merged
Jun 23, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17276 merged
Jun 23, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17277 merged
Jun 23, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17278 merged
Jun 23, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final
#17279 merged
Jun 23, 2025 -
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8
#17280 merged
Jun 23, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final
#17281 merged
Jun 23, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17283 merged
Jun 23, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17334 merged
Jun 23, 2025 -
Bump io.mockk:mockk from 1.14.2 to 1.14.4
#17333 merged
Jun 23, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17332 merged
Jun 23, 2025 -
Bump org.hibernate.orm:hibernate-core from 7.0.1.Final to 7.0.3.Final
#17331 merged
Jun 23, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17335 merged
Jun 23, 2025 -
Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21
#17284 merged
Jun 23, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13
#17285 merged
Jun 23, 2025 -
Bump io-spring-javaformat from 0.0.46 to 0.0.47
#17336 merged
Jun 23, 2025 -
Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.19.1
#17288 merged
Jun 23, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17282 merged
Jun 23, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17286 merged
Jun 23, 2025 -
OAuth2Login DSL should support post-processing AuthenticationProvider implementations
#17176 merged
Jun 20, 2025 -
Update document regarding Stream usage
#17219 merged
Jun 20, 2025 -
Simplify Websocket Csrf Processor XML Configuration
#17248 merged
Jun 17, 2025 -
NimbusJwtEncoder should simplify constructing with javax.security Keys
#17033 merged
Jun 17, 2025 -
Polish Webauthn4JRelyingPartyOperations
#17224 merged
Jun 17, 2025 -
Add null check for authentication token in JwtAuthenticationProvider
#17251 merged
Jun 17, 2025 -
Update HttpSecurity javadoc to use authorizeHttpRequests
#17225 merged
Jun 17, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17274 merged
Jun 17, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final
#17261 merged
Jun 17, 2025 -
Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.19.1
#17262 merged
Jun 17, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final
#17273 merged
Jun 17, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17272 merged
Jun 17, 2025 -
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8
#17271 merged
Jun 17, 2025 -
Bump org.hibernate.orm:hibernate-core from 7.0.1.Final to 7.0.2.Final
#17269 merged
Jun 17, 2025 -
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8
#17268 merged
Jun 17, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17267 merged
Jun 17, 2025 -
Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21
#17266 merged
Jun 17, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17265 merged
Jun 17, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13
#17263 merged
Jun 17, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17264 merged
Jun 17, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17270 merged
Jun 17, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final
#17253 merged
Jun 16, 2025 -
Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.19.1
#17252 merged
Jun 16, 2025 -
Bump org.hibernate.orm:hibernate-core from 7.0.1.Final to 7.0.2.Final
#17242 merged
Jun 16, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17241 merged
Jun 16, 2025 -
Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21
#17240 merged
Jun 16, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17239 merged
Jun 16, 2025 -
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8
#17238 merged
Jun 16, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17237 merged
Jun 16, 2025 -
Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8
#17236 merged
Jun 16, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17254 merged
Jun 16, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13
#17255 merged
Jun 16, 2025 -
Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final
#17256 merged
Jun 16, 2025 -
Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13
#17243 merged
Jun 16, 2025 -
Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7
#17257 merged
Jun 16, 2025
21 Pull requests opened by 15 people
-
Ensure ID Token is updated after refresh token (Reactive)
#17246 opened
Jun 14, 2025 -
Improve authoritiesClaimName validation in JwtGrantedAuthoritiesConverter
#17247 opened
Jun 14, 2025 -
Polish
#17310 opened
Jun 18, 2025 -
Adjust log message to include guidance for XML users
#17317 opened
Jun 20, 2025 -
Convert to use LdapClient instead of SpringSecurityLdapTemplate in Pa…
#17324 opened
Jun 21, 2025 -
Remove `AllowFromStrategy` in favor of `ContentSecurityPolicy`
#17358 opened
Jun 25, 2025 -
Allow multiple ServerLogoutHandler instances in WebFlux
#17381 opened
Jun 27, 2025 -
Allow specifying a ServerAuthenticationConverter for x509()
#17382 opened
Jun 27, 2025 -
Change `FilterBasedLdapUserSearch` to use `LdapClient`
#17384 opened
Jun 29, 2025 -
Add ExpressionTemplateValueProvider
#17448 opened
Jul 2, 2025 -
Remove ACL access implementations in favor of `AclPermissionEvaluator`
#17475 opened
Jul 3, 2025 -
Update Shibboleth repository URL
#17477 opened
Jul 3, 2025 -
Implement equals and hashCode in `OidcIdToken`
#17485 opened
Jul 4, 2025 -
Fix Error message for unsupported Spring Security XSD versions
#17488 opened
Jul 7, 2025 -
Add lambda DSL method for featurePolicy
#17492 opened
Jul 7, 2025 -
Make stricter IP format check in `IpAddressMatcher`
#17500 opened
Jul 8, 2025 -
Fix securityContextRepository() initialization in oauth2Login() DSL
#17502 opened
Jul 9, 2025 -
Remove shouldFilterAllDispatcherTypes
#17505 opened
Jul 10, 2025 -
Add disable DSL for RequestCache
#17506 opened
Jul 10, 2025 -
PKCE configuration - enabled by default
#17507 opened
Jul 10, 2025 -
Address Incorrect scope map fix in Reactive service
#17511 opened
Jul 11, 2025
58 Issues closed by 4 people
-
Remove AbstractConfiguredSecurityBuilder#apply
#13441 closed
Jul 11, 2025 -
Remove shouldFilterAllDispatcherTypes
#12139 closed
Jul 11, 2025 -
Remove usage of PathMatcher in messaging
#17501 closed
Jul 10, 2025 -
Add 7.0 Migration Steps for Messaging PathPattern Usage
#17509 closed
Jul 10, 2025 -
Websocket XML config should pick up PathPatternMessageMatcher.Builder
#17508 closed
Jul 10, 2025 -
Remove deprecations from CookieCsrfTokenRepository
#14132 closed
Jul 10, 2025 -
Remove `authorizeRequests`
#15174 closed
Jul 9, 2025 -
Simplify Expression Migration for authorizeRequests
#17504 closed
Jul 9, 2025 -
Support Filtering Events in SpringAuthorizationEventPublisher
#17503 closed
Jul 9, 2025 -
Remove no-version Open SAML implementations
#17306 closed
Jul 9, 2025 -
Remove LazyCsrfTokenRepository
#13196 closed
Jul 9, 2025 -
Use UserWebTestClientConfigurer
#17496 closed
Jul 7, 2025 -
Remove ACL access implementations in favor of AclPermissionEvaluator
#17293 closed
Jul 7, 2025 -
Remove EnableWebMvcSecurity
#17294 closed
Jul 7, 2025 -
<websocket-message-broker> should use XorCsrfChannelInterceptor by default
#17260 closed
Jul 7, 2025 -
`<websocket-message-broker>` should pick up a bean named `csrfChannelInterceptor`
#17495 closed
Jul 7, 2025 -
`<websocket-message-broker>` should pick up a bean named `csrfChannelInterceptor`
#17494 closed
Jul 7, 2025 -
`<websocket-message-broker>` should pick up a bean named `csrfChannelInterceptor`
#17493 closed
Jul 7, 2025 -
Remove deprecated elements from DaoAuthenticationProvider
#17298 closed
Jul 3, 2025 -
Remove AllowFromStrategy in favor of ContentSecurityPolicy
#17307 closed
Jul 3, 2025 -
Remove deprecated elements of RoleHierarchyImpl
#17297 closed
Jul 3, 2025 -
Remove PrePostTemplateDefaults
#17296 closed
Jul 3, 2025 -
Remove AssertingPartyDetails from APIs in favor of AssertingPartyMetadata
#17304 closed
Jul 3, 2025 -
Remove RequestVariablesExtractor in favor of RequestMatcher#matcher
#17308 closed
Jul 3, 2025 -
Simplify MvcRequestMatcher construction
#13562 closed
Jul 3, 2025 -
Remove deprecated elements using AuthorizationDecision
#17299 closed
Jul 3, 2025 -
ClientRegistration.Builder.tokenUri() should take a `URI` parameter, not a `String`
#17424 closed
Jul 3, 2025 -
Remove HandlerMappingIntrospector Usage
#16886 closed
Jul 3, 2025 -
We should remove usage of PathMatcher in web modules
#16887 closed
Jul 3, 2025 -
Add PathPatternRequestMatcher static factory shortcuts
#17476 closed
Jul 3, 2025 -
Add TestMockHttpServletRequests
#17450 closed
Jul 3, 2025 -
Standarize Mock Request Paths
#17449 closed
Jul 3, 2025 -
Raise log level from DEBUG to WARN for firewall-rejected requests in HttpStatusExchangeRejectedHandler
#17471 closed
Jul 3, 2025 -
Wrong logging for CsrfFilter in trace level
#17250 closed
Jul 3, 2025 -
Remove deprecated implementations of OAuth2AccessTokenResponseClient
#16909 closed
Jul 3, 2025 -
Remove Resource Owner Password Credentials grant
#17446 closed
Jul 3, 2025 -
Remove Resource Owner Password Credentials grant
#17473 closed
Jul 3, 2025 -
PathPatternRequestMatcher should check method for equals and hashCode
#17180 closed
Jul 2, 2025 -
Kotlin 2.2 Upgrade
#16884 closed
Jul 2, 2025 -
DefaultOAuth2AuthorizationRequestResolver default authorizationRequestBaseUri
#16383 closed
Jun 27, 2025 -
Remove Base64
#17300 closed
Jun 27, 2025 -
Remove AbstractSecurityWebSocketMessageBrokerConfigurer
#17295 closed
Jun 24, 2025 -
Remove DistinguishedName Usage
#17301 closed
Jun 24, 2025 -
Remove Nimbus(Reactive)OpaqueTokenIntrospector
#17302 closed
Jun 24, 2025 -
Remove JwtIssuer(Reactive)AuthenticationManagerResolver deprecations
#17303 closed
Jun 24, 2025 -
Remove RelyingPartyRegistration deprecations
#17305 closed
Jun 24, 2025 -
Remove classes from old locations
#17309 closed
Jun 24, 2025 -
Update Contribution Guidelines regarding Stream usage
#17097 closed
Jun 20, 2025 -
Remove .and() and non lambda methods from DSL
#13067 closed
Jun 20, 2025 -
Remove ApacheDSContainer and related support
#12204 closed
Jun 19, 2025 -
Remove ApacheDS
#13852 closed
Jun 19, 2025 -
NimbusJwtEncoder should simplify constructing with javax.security Keys
#16267 closed
Jun 17, 2025 -
Add OAuth Support for HTTP Interface Client
#16858 closed
Jun 17, 2025 -
OAuth2RestTemplate cannot acquire a new refresh token
#17258 closed
Jun 16, 2025 -
Default Spring Starter Security Basic Authentication Newline Bug
#17245 closed
Jun 13, 2025
18 Issues opened by 15 people
-
IpAddressMatcher allows hostnames
#17499 opened
Jul 8, 2025 -
Allow all HttpSecurity DSL methods to apply Customizer.withDefaults() by default
#17497 opened
Jul 8, 2025 -
@PreAuthorize not working in Spring Security 6+ due to deprecation
#17487 opened
Jul 5, 2025 -
Allow custom conversation for enum values in meta annotation expression templates
#17447 opened
Jul 2, 2025 -
Stub the call to OpenID configuration in an `oauth2Client` `@SpringBootTest`
#17385 opened
Jun 30, 2025 -
Fail resolve argument CustomUserDetails when I test in only SecurityAutoConfiguration and @WebMvcTest
#17383 opened
Jun 27, 2025 -
Add getCreationTime() to SessionInformation for enhanced session lifecycle support
#17359 opened
Jun 25, 2025 -
Oauth2: add ability to decorate AuthenticationProvider when using OAuth2LoginConfigurer
#17357 opened
Jun 24, 2025 -
Add lambda DSL method for featurePolicy
#17321 opened
Jun 20, 2025 -
Configuring RelyingPartyRegistration no longer works with just a metadata uri
#17318 opened
Jun 20, 2025 -
Fix remember me functionality
#17292 opened
Jun 18, 2025 -
Change `ActiveDirectoryLdapAuthenticationProvider` to use `LdapClient`
#17291 opened
Jun 18, 2025 -
Change `FilterBasedLdapUserSearch` to use `LdapClient`
#17290 opened
Jun 18, 2025 -
Change `PasswordComparisonAuthenticator` to use `LdapClient`
#17289 opened
Jun 18, 2025 -
Deprecation warning about authorizeRequests should also contain XML guidance
#17259 opened
Jun 16, 2025 -
JwtDecoderFactory is missing and throws ClassNotFoundException with Bearer token and spring-boot:3.5.0
#17249 opened
Jun 14, 2025 -
Implement OAuth 2.0 Protected Resource Metadata
#17244 opened
Jun 13, 2025
38 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
Add SpEL support for nested username extraction in OAuth2 user info
#16857 commented on
Jul 7, 2025 • 19 new comments -
Add Support SupplierReactiveClientRegistrationRepository
#16770 commented on
Jun 27, 2025 • 5 new comments -
Provided uncached way to use (Reactive)OidcIdTokenDecoderFactory
#16647 commented on
Jun 19, 2025 • 4 new comments -
Fix traceId discrepancy in case error in servlet web
#17134 commented on
Jun 22, 2025 • 1 new comment -
MvcRequestMatcher does not match Servlet from ServletRegistrationBean
#12755 commented on
Jul 3, 2025 • 0 new comments -
NimbusJwtEncoder does not support Edwards Curve signature (EdDSA) family algorithms.
#17098 commented on
Jul 3, 2025 • 0 new comments -
[Azure Oauth2] IllegalArgumentException: Attribute value for "xxx" is null
#16340 commented on
Jul 3, 2025 • 0 new comments -
Cannot add security configurers during builder initialization
#17011 commented on
Jul 7, 2025 • 0 new comments -
`Authentication` in the security context is not updated during the refresh token flow
#15509 commented on
Jul 7, 2025 • 0 new comments -
oauth2Login DSL fails when passing a `SecurityContextRepository`
#16623 commented on
Jul 9, 2025 • 0 new comments -
JwtIssuerValidator default ports not match
#17187 commented on
Jul 10, 2025 • 0 new comments -
WebSecurity.ignoring().anyRequest() no longer works
#17155 commented on
Jul 10, 2025 • 0 new comments -
Consider Enabling PKCE for Authorization Code by Default
#16391 commented on
Jul 10, 2025 • 0 new comments -
Remove Deprecations
#13068 commented on
Jul 11, 2025 • 0 new comments -
Consider handler bean reference for HandleAuthorizationDenied
#16970 commented on
Jun 20, 2025 • 0 new comments -
Document Upgrading Password Encoding
#17120 commented on
Jul 11, 2025 • 0 new comments -
Support custom `OAuth2AuthenticatedPrincipal` in Jwt-based authentication flow
#17191 commented on
Jun 17, 2025 • 0 new comments -
Add Support DPoP Customization
#17202 commented on
Jun 16, 2025 • 0 new comments -
Fix PublicKeyCredentialType.PUBLIC_KEY comparison with Spring Session
#17223 commented on
Jun 17, 2025 • 0 new comments -
Allow AbstractWebClientReactiveOAuth2AccessTokenResponseClient to be extended
#14657 commented on
Jun 12, 2025 • 0 new comments -
Consider making UserInfo request opt-in instead of default in Spring Security 7
#16843 commented on
Jun 12, 2025 • 0 new comments -
Consider removing generics from `AuthorizationRequestRepository`
#15426 commented on
Jun 12, 2025 • 0 new comments -
Consider removing com.nimbusds:oauth2-oidc-sdk dependency
#14245 commented on
Jun 12, 2025 • 0 new comments -
SEC-2379: add support for ACL filtered SQL pagination with Hibernate or JPA
#2601 commented on
Jun 13, 2025 • 0 new comments -
Ensure ID Token is updated after refresh token (Reactive)
#17188 commented on
Jun 16, 2025 • 0 new comments -
Add support dpop customization
#16940 commented on
Jun 16, 2025 • 0 new comments -
Deprecate SpringSecurityLdapTemplate
#17028 commented on
Jun 18, 2025 • 0 new comments -
Post 7.0.0-RC1 Tasks
#17051 commented on
Jun 18, 2025 • 0 new comments -
SEC-2856: Make cookie theft detection in remember-me service configurable because it's seriously broken
#3079 commented on
Jun 19, 2025 • 0 new comments -
Unhandled AuthenticationServiceException in the default exception handing of http filter chain (Resource Server)
#17234 commented on
Jun 23, 2025 • 0 new comments -
Automatically apply Customizer Beans to the Security DSL
#16258 commented on
Jun 24, 2025 • 0 new comments -
PathPatternRequestMatcher caching leads to unexpected behavior when forwarding
#17203 commented on
Jun 26, 2025 • 0 new comments -
Simplify Configuring Log In using Twitter / X v2 APIs
#16378 commented on
Jun 27, 2025 • 0 new comments -
One Time Token should not be created if user does not exist
#16483 commented on
Jun 28, 2025 • 0 new comments -
SAML2 for reactive environment / spring-webflux
#7954 commented on
Jun 30, 2025 • 0 new comments -
Add `OAuth2AuthorizedClientManager` autoconfiguration without `spring-boot-starter-web` dependency
#15877 commented on
Jul 1, 2025 • 0 new comments -
`ServerOAuth2AuthorizedClientExchangeFilterFunction`: scope client credential tokens to the application
#17218 commented on
Jul 3, 2025 • 0 new comments -
Improve CVE-2023-34035 detection
#13568 commented on
Jul 3, 2025 • 0 new comments