22 Pull requests merged by 8 people

• Add ExpressionTemplateValueProvider

  #17448 merged Aug 5, 2025

• Polish document

  #17654 merged Aug 4, 2025

• Clarify instructional nature when when withDefaultPasswordEncoder is used in documentation

  #17624 merged Jul 31, 2025

• Apply missing diamond operators

  #17310 merged Jul 31, 2025

• Bump com.nimbusds:oauth2-oidc-sdk from 11.26 to 11.26.1

  #17644 merged Jul 31, 2025

• Simplify error message for unsupported Security XSD versions

  #17488 merged Jul 31, 2025

• Make stricter IP format check in IpAddressMatcher

  #17500 merged Jul 31, 2025

• Update Angular documentation links in csrf.adoc

  #17532 merged Jul 31, 2025

• Correct @NonNull and @Nullable package name

  #17512 merged Jul 31, 2025

• Use final values in equals and hashCode

  #17621 merged Jul 31, 2025

• Bump org.gretty:gretty from 4.1.6 to 4.1.7

  #17592 merged Jul 31, 2025

• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10

  #17593 merged Jul 31, 2025

• Bump org.gretty:gretty from 4.1.6 to 4.1.7

  #17641 merged Jul 31, 2025

• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24

  #17643 merged Jul 31, 2025

• Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8

  #17645 merged Jul 31, 2025

• Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.1 to 0.0.2

  #17591 merged Jul 31, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final

  #17646 merged Jul 31, 2025

• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24

  #17647 merged Jul 31, 2025

• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2

  #17648 merged Jul 31, 2025

• Bump org.hibernate.orm:hibernate-core from 7.0.6.Final to 7.0.8.Final

  #17649 merged Jul 31, 2025

• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2

  #17650 merged Jul 31, 2025

• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9

  #17651 merged Jul 31, 2025

10 Pull requests opened by 5 people

• Validate account status in OneTimeTokenAuthenticationProvider

  #17656 opened Aug 2, 2025

• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE

  #17657 opened Aug 4, 2025

• Bump org.hibernate.orm:hibernate-core from 7.0.8.Final to 7.0.9.Final

  #17658 opened Aug 4, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final

  #17659 opened Aug 4, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final

  #17660 opened Aug 4, 2025

• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE

  #17661 opened Aug 4, 2025

• Warning when EnableTransactionManagement has lower precedence than EnableMethodSecurity

  #17665 opened Aug 5, 2025

• Polish javadoc

  #17666 opened Aug 6, 2025

• Fix `ChannelProcessingFilter` to skip decision if response already committed

  #17668 opened Aug 7, 2025

• Add timeout parameter to critical remote http call in mutex section

  #17669 opened Aug 7, 2025

9 Issues closed by 3 people

• @PreAuthorize not working in Spring Security 6+ due to deprecation

  #17487 closed Aug 6, 2025

• Error message with Spring Security 7.0.0-M1: required a bean of type `ReactiveJwtDecoder' could not be found.

  #17662 closed Aug 6, 2025

• Allow custom conversation for enum values in meta annotation expression templates

  #17447 closed Aug 5, 2025

• Ability to disable anonymous authentication in RSocketSecurity

  #17132 closed Aug 1, 2025

• When updating to 6.5, BeanDefinitionParsingException is referring to old versions

  #17153 closed Jul 31, 2025

• IpAddressMatcher allows hostnames

  #17499 closed Jul 31, 2025

• Update Angular documentation links in csrf.adoc

  #17653 closed Jul 31, 2025

• Update Angular documentation links in csrf.adoc

  #17652 closed Jul 31, 2025

• Use final fields in equals and hashCode of PathPatternRequestMatcher

  #17584 closed Jul 31, 2025

4 Issues opened by 4 people

• AuthorizationManager null safety annotation on generic type is incorrectly specified

  #17667 opened Aug 6, 2025

• add filter before or after multiple existing filters

  #17664 opened Aug 5, 2025

• OAuth2LoginAuthenticationFilter not getting associated to redirect-uri attribute value

  #17663 opened Aug 5, 2025

• OneTimeTokenAuthenticationProvider should validate UserDetails account status like DaoAuthenticationProvider

  #17655 opened Aug 2, 2025

16 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Add option to disable anonymous authentication in `RSocketSecurity`

  #17159 commented on Aug 5, 2025 • 3 new comments

• Support custom `OAuth2AuthenticatedPrincipal` in Jwt-based authentication flow

  #17191 commented on Aug 1, 2025 • 2 new comments

• Valid InResponseTo was not available from the validation context, unable to evaluate SubjectConfirmationData@InResponseTo

  #17631 commented on Aug 1, 2025 • 0 new comments

• Consider warning users if securityMatchers do not match some filter in the chain

  #14096 commented on Aug 1, 2025 • 0 new comments

• Programmatic way to use expression-based authorization manager for websockets

  #12650 commented on Aug 2, 2025 • 0 new comments

• Remove usage of `SpringSecurityCoreVersion.SERIAL_VERSION_UID`

  #17623 commented on Aug 3, 2025 • 0 new comments

• Consider adding dependency convergence detection

  #13990 commented on Aug 4, 2025 • 0 new comments

• Deprecation warning about authorizeRequests should also contain XML guidance

  #17259 commented on Aug 4, 2025 • 0 new comments

• Should AuthorizationManager.authorize prohibit null

  #17536 commented on Aug 6, 2025 • 0 new comments

• Add AuthorizationManagerFactory

  #17585 commented on Aug 6, 2025 • 0 new comments

• Oauth2: Lookup from oauth2 well-known endpoint fails, if lookup of the oidc well-known endpoint errors

  #17036 commented on Aug 7, 2025 • 0 new comments

• ChannelProcessingFilter misuse of 'committed'

  #6721 commented on Aug 7, 2025 • 0 new comments

• Add Password Advice Support

  #17118 commented on Aug 1, 2025 • 0 new comments

• Document Upgrading Password Encoding

  #17120 commented on Aug 1, 2025 • 0 new comments

• Allow multiple ServerLogoutHandler instances in ServerHttpSecurity

  #17381 commented on Jul 31, 2025 • 0 new comments

• Remove PortResolver

  #17524 commented on Aug 4, 2025 • 0 new comments