3 Releases published by 1 person

• 7.0.0-M1

  published Jul 21, 2025

• 6.5.2

  published Jul 21, 2025

• 6.4.8

  published Jul 21, 2025

111 Pull requests merged by 10 people

• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final

  #17685 merged Aug 11, 2025

• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE

  #17684 merged Aug 11, 2025

• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4

  #17683 merged Aug 11, 2025

• Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8

  #17682 merged Aug 11, 2025

• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE

  #17681 merged Aug 11, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final

  #17680 merged Aug 11, 2025

• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4

  #17679 merged Aug 11, 2025

• Bump org.hibernate.orm:hibernate-core from 7.0.8.Final to 7.0.10.Final

  #17678 merged Aug 11, 2025

• Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8

  #17642 merged Aug 8, 2025

• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE

  #17657 merged Aug 8, 2025

• Bump org.hibernate.orm:hibernate-core from 7.0.8.Final to 7.0.9.Final

  #17658 merged Aug 8, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final

  #17659 merged Aug 8, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final

  #17660 merged Aug 8, 2025

• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE

  #17661 merged Aug 8, 2025

• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4

  #17670 merged Aug 8, 2025

• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4

  #17671 merged Aug 8, 2025

• Add ExpressionTemplateValueProvider

  #17448 merged Aug 5, 2025

• Polish document

  #17654 merged Aug 4, 2025

• Clarify instructional nature when when withDefaultPasswordEncoder is used in documentation

  #17624 merged Jul 31, 2025

• Apply missing diamond operators

  #17310 merged Jul 31, 2025

• Bump com.nimbusds:oauth2-oidc-sdk from 11.26 to 11.26.1

  #17644 merged Jul 31, 2025

• Simplify error message for unsupported Security XSD versions

  #17488 merged Jul 31, 2025

• Make stricter IP format check in IpAddressMatcher

  #17500 merged Jul 31, 2025

• Update Angular documentation links in csrf.adoc

  #17532 merged Jul 31, 2025

• Correct @NonNull and @Nullable package name

  #17512 merged Jul 31, 2025

• Use final values in equals and hashCode

  #17621 merged Jul 31, 2025

• Bump org.gretty:gretty from 4.1.6 to 4.1.7

  #17592 merged Jul 31, 2025

• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10

  #17593 merged Jul 31, 2025

• Bump org.gretty:gretty from 4.1.6 to 4.1.7

  #17641 merged Jul 31, 2025

• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24

  #17643 merged Jul 31, 2025

• Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8

  #17645 merged Jul 31, 2025

• Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.1 to 0.0.2

  #17591 merged Jul 31, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final

  #17646 merged Jul 31, 2025

• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24

  #17647 merged Jul 31, 2025

• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2

  #17648 merged Jul 31, 2025

• Bump org.hibernate.orm:hibernate-core from 7.0.6.Final to 7.0.8.Final

  #17649 merged Jul 31, 2025

• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2

  #17650 merged Jul 31, 2025

• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9

  #17651 merged Jul 31, 2025

• Bump io.mockk:mockk from 1.14.4 to 1.14.5

  #17614 merged Jul 30, 2025

• Bump @springio/antora-extensions from 1.14.6 to 1.14.7 in /docs

  #17564 merged Jul 30, 2025

• Bump @springio/antora-extensions from 1.14.6 to 1.14.7 in /docs

  #17566 merged Jul 30, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17594 merged Jul 30, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17607 merged Jul 30, 2025

• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10

  #17609 merged Jul 30, 2025

• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9

  #17610 merged Jul 30, 2025

• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9

  #17611 merged Jul 30, 2025

• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10

  #17612 merged Jul 30, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17613 merged Jul 30, 2025

• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9

  #17615 merged Jul 30, 2025

• Bump org.gretty:gretty from 4.1.6 to 4.1.7

  #17616 merged Jul 30, 2025

• Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2

  #17617 merged Jul 30, 2025

• Bump org.gretty:gretty from 4.1.6 to 4.1.7

  #17618 merged Jul 30, 2025

• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24

  #17619 merged Jul 30, 2025

• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10

  #17620 merged Jul 30, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final

  #17630 merged Jul 30, 2025

• Update Shibboleth Repository URL

  #17477 merged Jul 29, 2025

• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9

  #17604 merged Jul 23, 2025

• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10

  #17603 merged Jul 23, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17602 merged Jul 23, 2025

• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9

  #17601 merged Jul 23, 2025

• Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8

  #17600 merged Jul 23, 2025

• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9

  #17599 merged Jul 23, 2025

• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10

  #17598 merged Jul 23, 2025

• Bump org.gretty:gretty from 4.1.6 to 4.1.7

  #17597 merged Jul 23, 2025

• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9

  #17596 merged Jul 23, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17595 merged Jul 23, 2025

• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24

  #17590 merged Jul 23, 2025

• Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2

  #17589 merged Jul 23, 2025

• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10

  #17588 merged Jul 23, 2025

• Bump org.gretty:gretty from 4.1.6 to 4.1.7

  #17587 merged Jul 23, 2025

• Support add nested security configurers during builder initialization

  #17020 merged Jul 21, 2025

• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9

  #17578 merged Jul 21, 2025

• Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8

  #17577 merged Jul 21, 2025

• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9

  #17576 merged Jul 21, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final

  #17575 merged Jul 21, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17574 merged Jul 21, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17573 merged Jul 21, 2025

• Bump io.mockk:mockk from 1.14.4 to 1.14.5

  #17572 merged Jul 21, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final

  #17571 merged Jul 21, 2025

• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9

  #17570 merged Jul 21, 2025

• Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2

  #17567 merged Jul 21, 2025

• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9

  #17568 merged Jul 21, 2025

• Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8

  #17569 merged Jul 21, 2025

• Bump @springio/antora-extensions from 1.14.6 to 1.14.7

  #17565 merged Jul 21, 2025

• Bump @springio/antora-extensions from 1.14.4 to 1.14.6 in /docs

  #17515 merged Jul 18, 2025

• Bump @springio/antora-extensions from 1.14.4 to 1.14.6 in /docs

  #17516 merged Jul 18, 2025

• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9

  #17553 merged Jul 18, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.21.Final

  #17552 merged Jul 18, 2025

• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9

  #17548 merged Jul 18, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17551 merged Jul 18, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.21.Final

  #17550 merged Jul 18, 2025

• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9

  #17549 merged Jul 18, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17547 merged Jul 18, 2025

• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9

  #17554 merged Jul 18, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17555 merged Jul 18, 2025

• Bump io.mockk:mockk from 1.14.4 to 1.14.5

  #17556 merged Jul 18, 2025

• Bump io.projectreactor:reactor-bom from 2025.0.0-M4 to 2025.0.0-M5

  #17526 merged Jul 17, 2025

• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9

  #17517 merged Jul 17, 2025

• Bump org.hibernate.orm:hibernate-core from 7.0.5.Final to 7.0.6.Final

  #17518 merged Jul 17, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17527 merged Jul 17, 2025

• Bump io.mockk:mockk from 1.14.4 to 1.14.5

  #17538 merged Jul 17, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17529 merged Jul 17, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17528 merged Jul 17, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.21.Final

  #17522 merged Jul 17, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.21.Final

  #17521 merged Jul 17, 2025

• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9

  #17520 merged Jul 17, 2025

• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9

  #17519 merged Jul 17, 2025

• Bump io.mockk:mockk from 1.14.4 to 1.14.5

  #17539 merged Jul 17, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17530 merged Jul 17, 2025

• Remove shouldFilterAllDispatcherTypes

  #17505 merged Jul 14, 2025

• Bump @springio/antora-extensions from 1.14.4 to 1.14.6

  #17514 merged Jul 14, 2025

14 Pull requests opened by 9 people

• Add `createdTime` field to `SessionInformation`

  #17513 opened Jul 13, 2025

• Remove PortResolver

  #17524 opened Jul 14, 2025

• Add Referrer-Policy header to default security headers

  #17606 opened Jul 23, 2025

• Validate account status in OneTimeTokenAuthenticationProvider

  #17656 opened Aug 2, 2025

• Warning when EnableTransactionManagement has lower precedence than EnableMethodSecurity

  #17665 opened Aug 5, 2025

• Polish javadoc

  #17666 opened Aug 6, 2025

• Fix `ChannelProcessingFilter` to skip decision if response already committed

  #17668 opened Aug 7, 2025

• Add timeout parameter to critical remote http call in mutex section

  #17669 opened Aug 7, 2025

• Change @Bean method signature to return RsaKeyConversionServicePostProcessor instead of BeanFactoryPostProcessor

  #17672 opened Aug 8, 2025

• Add AuthorizationManagerFactory

  #17673 opened Aug 8, 2025

• Fix OAuth2 client-secret encoding with Base64 padding

  #17674 opened Aug 9, 2025

• Allow authenticationManagerResolver to take precedence over jwt/opaqueToken

  #17676 opened Aug 10, 2025

• Prevent caching of non-document requests in HttpSessionRequestCache

  #17687 opened Aug 11, 2025

• Remove shameless coverage code from SecurityNamespaceHandlerTests

  #17689 opened Aug 12, 2025

44 Issues closed by 8 people

• AuthorizationManager null safety annotation on generic type is incorrectly specified

  #17667 closed Aug 11, 2025

• Remove usage of `SpringSecurityCoreVersion.SERIAL_VERSION_UID`

  #17623 closed Aug 7, 2025

• @PreAuthorize not working in Spring Security 6+ due to deprecation

  #17487 closed Aug 6, 2025

• Error message with Spring Security 7.0.0-M1: required a bean of type `ReactiveJwtDecoder' could not be found.

  #17662 closed Aug 6, 2025

• Allow custom conversation for enum values in meta annotation expression templates

  #17447 closed Aug 5, 2025

• Ability to disable anonymous authentication in RSocketSecurity

  #17132 closed Aug 1, 2025

• When updating to 6.5, BeanDefinitionParsingException is referring to old versions

  #17153 closed Jul 31, 2025

• IpAddressMatcher allows hostnames

  #17499 closed Jul 31, 2025

• Update Angular documentation links in csrf.adoc

  #17653 closed Jul 31, 2025

• Update Angular documentation links in csrf.adoc

  #17652 closed Jul 31, 2025

• Use final fields in equals and hashCode of PathPatternRequestMatcher

  #17584 closed Jul 31, 2025

• Add META-INF/LICENSE.txt to published jars

  #17640 closed Jul 29, 2025

• Add META-INF/LICENSE.txt to published jars

  #17639 closed Jul 29, 2025

• Add META-INF/LICENSE.txt to published jars

  #17638 closed Jul 29, 2025

• Update Shibboleth Repository URL

  #17637 closed Jul 29, 2025

• Update Shibboleth Repository URL

  #17636 closed Jul 29, 2025

• Use 2004-present Copyright

  #17635 closed Jul 29, 2025

• Use 2004-present Copyright

  #17634 closed Jul 29, 2025

• Use 2004-present Copyright

  #17633 closed Jul 29, 2025

• Add OAuth2User to OidcUser Conversion Params

  #17626 closed Jul 25, 2025

• Configuring RelyingPartyRegistration no longer works with just a metadata uri

  #17318 closed Jul 23, 2025

• Back‑port CVE‑2025‑53864 fix (nimbus‑jose‑jwt) to Spring Security 6.5.x

  #17583 closed Jul 23, 2025

• Extract spring-security-webauthn

  #17586 closed Jul 22, 2025

• Enable Null checking in spring-security-core via JSpecify

  #17534 closed Jul 22, 2025

• Enable Null checking in spring-security-crypto via JSpecify

  #17533 closed Jul 22, 2025

• Clarify/Enhance `@PermitAll` Behavior When Used with `requestMatchers().authenticated()`

  #17562 closed Jul 22, 2025

• Update What's New in Spring Security 7

  #17582 closed Jul 21, 2025

• Cannot add security configurers during builder initialization

  #17581 closed Jul 21, 2025

• Cannot add security configurers during builder initialization

  #17580 closed Jul 21, 2025

• Cannot add security configurers during builder initialization

  #17011 closed Jul 21, 2025

• UnboundIdContainer fails with TestContext

  #17543 closed Jul 21, 2025

• Add basePath to PathPatternParserRequestMatcherBuilderFactoryBean

  #17579 closed Jul 21, 2025

• DataTargetVisitor should be package private to support AOT

  #17561 closed Jul 18, 2025

• Update to Spring Data 2025.1.0-M4

  #17560 closed Jul 18, 2025

• Update to Spring Framework 7.0.0-M7

  #17559 closed Jul 18, 2025

• Force Snapshot Build is separate workflow

  #17558 closed Jul 18, 2025

• oauth2Login DSL fails when passing a `SecurityContextRepository`

  #16623 closed Jul 18, 2025

• Fix securityContextRepository() initialization in oauth2Login() DSL

  #17557 closed Jul 18, 2025

• EnableReactiveMethodSecurity should not import Servlet configuration

  #17545 closed Jul 18, 2025

• Upgrade nimbus-jose-jwt to 10.0.2

  #17525 closed Jul 17, 2025

• Update com.nimbusds dependencies

  #17542 closed Jul 17, 2025

• Upgrade nimbus-jose-jwt:jar to 9.37.3 in Spring Security 5.8.x

  #15951 closed Jul 16, 2025

• Add type-safe `getPrincipal(Class<T>)` method to Authentication

  #17523 closed Jul 16, 2025

• JwtIssuerValidator default ports not match

  #17187 closed Jul 15, 2025

21 Issues opened by 14 people

• Enabling CSRF in cloud gateway webflux will eventually lead to cloud gateway sending correct requests downstream

  #17688 opened Aug 11, 2025

• The browser accesses a nonexistent resource during login, leading to /error after login

  #17686 opened Aug 11, 2025

• Log on OpenID connect fallback

  #17677 opened Aug 10, 2025

• add filter before or after multiple existing filters

  #17664 opened Aug 5, 2025

• OAuth2LoginAuthenticationFilter not getting associated to redirect-uri attribute value

  #17663 opened Aug 5, 2025

• OneTimeTokenAuthenticationProvider should validate UserDetails account status like DaoAuthenticationProvider

  #17655 opened Aug 2, 2025

• @PreAuthorize perform the paramter binding on implementor only

  #17632 opened Jul 28, 2025

• Valid InResponseTo was not available from the validation context, unable to evaluate SubjectConfirmationData@InResponseTo

  #17631 opened Jul 28, 2025

• OIDC token-request client-secret %3D instead of = for padding

  #17629 opened Jul 25, 2025

• Default `OidcUser` conversion may return mismatch between `OAuth2User.getName()` and `OidcUser.getName()`

  #17628 opened Jul 25, 2025

• Oidc(ReactiveOAuth2)UserService uses userNameAttributeName when user info endpoint not invoked

  #17627 opened Jul 25, 2025

• Default retrieveUserInfo for OidcUserService & OidcReactiveOAuth2UserService are inconsistent

  #17625 opened Jul 25, 2025

• java.io.NotSerializableException: org.opensaml.saml.saml2.metadata.impl.EntityDescriptorImpl after upgrading from 6.4 to 6.5

  #17622 opened Jul 24, 2025

• SAML Signature Certificate Rollover

  #17605 opened Jul 23, 2025

• Add AuthorizationManagerFactory

  #17585 opened Jul 22, 2025

• API key authentication support

  #17563 opened Jul 20, 2025

• Consider warning when EnableTransactionManagement has lower precedence than EnableMethodSecurity

  #17544 opened Jul 17, 2025

• Revisit AuthorizationManager generics and nullability

  #17537 opened Jul 16, 2025

• Should AuthorizationManager.authorize prohibit null

  #17536 opened Jul 16, 2025

• Enable Null checking in spring-security-web via JSpecify

  #17535 opened Jul 16, 2025

• [OAuth2 Client] cannot access org.springframework.web.reactive.function.client.ExchangeFilterFunction

  #17531 opened Jul 16, 2025

42 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Support custom `OAuth2AuthenticatedPrincipal` in Jwt-based authentication flow

  #17191 commented on Aug 1, 2025 • 6 new comments

• Add option to disable anonymous authentication in `RSocketSecurity`

  #17159 commented on Aug 5, 2025 • 3 new comments

• Allow multiple ServerLogoutHandler instances in ServerHttpSecurity

  #17381 commented on Jul 31, 2025 • 2 new comments

• Improve authoritiesClaimName validation in JwtGrantedAuthoritiesConverter

  #17247 commented on Aug 10, 2025 • 2 new comments

• Programmatic way to use expression-based authorization manager for websockets

  #12650 commented on Aug 2, 2025 • 0 new comments

• Consider adding dependency convergence detection

  #13990 commented on Aug 4, 2025 • 0 new comments

• Deprecation warning about authorizeRequests should also contain XML guidance

  #17259 commented on Aug 4, 2025 • 0 new comments

• ChannelProcessingFilter misuse of 'committed'

  #6721 commented on Aug 7, 2025 • 0 new comments

• org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers assertion issue

  #17127 commented on Aug 7, 2025 • 0 new comments

• Oauth2: Lookup from oauth2 well-known endpoint fails, if lookup of the oidc well-known endpoint errors

  #17036 commented on Aug 8, 2025 • 0 new comments

• OAuth2ResourceServerConfigurer#authenticationManagerResolver should override #jwt

  #16406 commented on Aug 10, 2025 • 0 new comments

• Add Cookie-based Bearer Token support

  #9230 commented on Aug 11, 2025 • 0 new comments

• A way to re-enable CSRF for OAuth2 bearer token requests

  #8668 commented on Aug 11, 2025 • 0 new comments

• Implement Serial for PublicKeyCredentialCreationOptions

  #16455 commented on Jul 25, 2025 • 0 new comments

• Add SpEL support for nested username extraction in OAuth2 user info

  #16857 commented on Aug 11, 2025 • 0 new comments

• Add Password Advice Support

  #17118 commented on Aug 8, 2025 • 0 new comments

• Document Upgrading Password Encoding

  #17120 commented on Aug 1, 2025 • 0 new comments

• Fix traceId discrepancy in case error in servlet web

  #17134 commented on Jul 23, 2025 • 0 new comments

• Fix PublicKeyCredentialType.PUBLIC_KEY comparison with Spring Session

  #17223 commented on Jul 21, 2025 • 0 new comments

• Remove ACL access implementations in favor of `AclPermissionEvaluator`

  #17475 commented on Jul 23, 2025 • 0 new comments

• PKCE configuration - enabled by default

  #17507 commented on Jul 19, 2025 • 0 new comments

• Change `ActiveDirectoryLdapAuthenticationProvider` to use `LdapClient`

  #17291 commented on Jul 15, 2025 • 0 new comments

• Add getCreationTime() to SessionInformation for enhanced session lifecycle support

  #17359 commented on Jul 15, 2025 • 0 new comments

• Remove SecurityContextPersistenceFilter in Favor of Explicit Saves

  #9634 commented on Jul 21, 2025 • 0 new comments

• Remove authorizeRequests

  #11954 commented on Jul 21, 2025 • 0 new comments

• Restructure AuthenticationServiceException handling

  #12134 commented on Jul 21, 2025 • 0 new comments

• Remove Deprecations

  #13068 commented on Jul 21, 2025 • 0 new comments

• Support UnboundID LDAP SDK 7.0

  #14772 commented on Jul 21, 2025 • 0 new comments

• Default Servlet Headers Should Include Referrer-Policy

  #13567 commented on Jul 21, 2025 • 0 new comments

• Should OidcIdToken implement equals?

  #15156 commented on Jul 21, 2025 • 0 new comments

• Consider Signing Metadata by Default

  #15182 commented on Jul 21, 2025 • 0 new comments

• Remove PortResolver

  #15971 commented on Jul 21, 2025 • 0 new comments

• Favor Relative Redirects by Default

  #16300 commented on Jul 21, 2025 • 0 new comments

• Consider Enabling PKCE for Authorization Code by Default

  #16391 commented on Jul 21, 2025 • 0 new comments

• Consider making UserInfo request opt-in instead of default in Spring Security 7

  #16843 commented on Jul 21, 2025 • 0 new comments

• JwtDecoderFactory is missing and throws ClassNotFoundException with Bearer token and spring-boot:3.5.0

  #17249 commented on Jul 21, 2025 • 0 new comments

• Null safety via JSpecify

  #16882 commented on Jul 22, 2025 • 0 new comments

• OpenID Connect Oauth2 Logout Token not using custom jwt alg

  #15273 commented on Jul 23, 2025 • 0 new comments

• WebAuthn: credential registration fails with an unknown credential type error

  #17164 commented on Jul 23, 2025 • 0 new comments

• Consider removing com.nimbusds:oauth2-oidc-sdk dependency

  #14245 commented on Jul 24, 2025 • 0 new comments

• Unhandled AuthenticationServiceException in the default exception handing of http filter chain (Resource Server)

  #17234 commented on Jul 28, 2025 • 0 new comments

• Consider warning users if securityMatchers do not match some filter in the chain

  #14096 commented on Aug 1, 2025 • 0 new comments