39 Pull requests merged by 8 people

• Polish document

  #17654 merged Aug 4, 2025

• Clarify instructional nature when when withDefaultPasswordEncoder is used in documentation

  #17624 merged Jul 31, 2025

• Apply missing diamond operators

  #17310 merged Jul 31, 2025

• Bump com.nimbusds:oauth2-oidc-sdk from 11.26 to 11.26.1

  #17644 merged Jul 31, 2025

• Simplify error message for unsupported Security XSD versions

  #17488 merged Jul 31, 2025

• Make stricter IP format check in IpAddressMatcher

  #17500 merged Jul 31, 2025

• Update Angular documentation links in csrf.adoc

  #17532 merged Jul 31, 2025

• Correct @NonNull and @Nullable package name

  #17512 merged Jul 31, 2025

• Use final values in equals and hashCode

  #17621 merged Jul 31, 2025

• Bump org.gretty:gretty from 4.1.6 to 4.1.7

  #17592 merged Jul 31, 2025

• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10

  #17593 merged Jul 31, 2025

• Bump org.gretty:gretty from 4.1.6 to 4.1.7

  #17641 merged Jul 31, 2025

• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24

  #17643 merged Jul 31, 2025

• Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8

  #17645 merged Jul 31, 2025

• Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.1 to 0.0.2

  #17591 merged Jul 31, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final

  #17646 merged Jul 31, 2025

• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24

  #17647 merged Jul 31, 2025

• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2

  #17648 merged Jul 31, 2025

• Bump org.hibernate.orm:hibernate-core from 7.0.6.Final to 7.0.8.Final

  #17649 merged Jul 31, 2025

• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2

  #17650 merged Jul 31, 2025

• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9

  #17651 merged Jul 31, 2025

• Bump io.mockk:mockk from 1.14.4 to 1.14.5

  #17614 merged Jul 30, 2025

• Bump @springio/antora-extensions from 1.14.6 to 1.14.7 in /docs

  #17564 merged Jul 30, 2025

• Bump @springio/antora-extensions from 1.14.6 to 1.14.7 in /docs

  #17566 merged Jul 30, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17594 merged Jul 30, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17607 merged Jul 30, 2025

• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10

  #17609 merged Jul 30, 2025

• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9

  #17610 merged Jul 30, 2025

• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9

  #17611 merged Jul 30, 2025

• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10

  #17612 merged Jul 30, 2025

• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11

  #17613 merged Jul 30, 2025

• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9

  #17615 merged Jul 30, 2025

• Bump org.gretty:gretty from 4.1.6 to 4.1.7

  #17616 merged Jul 30, 2025

• Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2

  #17617 merged Jul 30, 2025

• Bump org.gretty:gretty from 4.1.6 to 4.1.7

  #17618 merged Jul 30, 2025

• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24

  #17619 merged Jul 30, 2025

• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10

  #17620 merged Jul 30, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final

  #17630 merged Jul 30, 2025

• Update Shibboleth Repository URL

  #17477 merged Jul 29, 2025

7 Pull requests opened by 2 people

• Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8

  #17642 opened Jul 31, 2025

• Validate account status in OneTimeTokenAuthenticationProvider

  #17656 opened Aug 2, 2025

• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE

  #17657 opened Aug 4, 2025

• Bump org.hibernate.orm:hibernate-core from 7.0.8.Final to 7.0.9.Final

  #17658 opened Aug 4, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final

  #17659 opened Aug 4, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final

  #17660 opened Aug 4, 2025

• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE

  #17661 opened Aug 4, 2025

14 Issues closed by 2 people

• Ability to disable anonymous authentication in RSocketSecurity

  #17132 closed Aug 1, 2025

• When updating to 6.5, BeanDefinitionParsingException is referring to old versions

  #17153 closed Jul 31, 2025

• IpAddressMatcher allows hostnames

  #17499 closed Jul 31, 2025

• Update Angular documentation links in csrf.adoc

  #17653 closed Jul 31, 2025

• Update Angular documentation links in csrf.adoc

  #17652 closed Jul 31, 2025

• Use final fields in equals and hashCode of PathPatternRequestMatcher

  #17584 closed Jul 31, 2025

• Add META-INF/LICENSE.txt to published jars

  #17640 closed Jul 29, 2025

• Add META-INF/LICENSE.txt to published jars

  #17638 closed Jul 29, 2025

• Add META-INF/LICENSE.txt to published jars

  #17639 closed Jul 29, 2025

• Update Shibboleth Repository URL

  #17637 closed Jul 29, 2025

• Update Shibboleth Repository URL

  #17636 closed Jul 29, 2025

• Use 2004-present Copyright

  #17634 closed Jul 29, 2025

• Use 2004-present Copyright

  #17635 closed Jul 29, 2025

• Use 2004-present Copyright

  #17633 closed Jul 29, 2025

3 Issues opened by 3 people

• OAuth2LoginAuthenticationFilter not getting associated to redirect-uri attribute value

  #17663 opened Aug 5, 2025

• Error message with Spring Security 7.0.0-M1: required a bean of type `ReactiveJwtDecoder' could not be found.

  #17662 opened Aug 4, 2025

• OneTimeTokenAuthenticationProvider should validate UserDetails account status like DaoAuthenticationProvider

  #17655 opened Aug 2, 2025

16 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Support custom `OAuth2AuthenticatedPrincipal` in Jwt-based authentication flow

  #17191 commented on Aug 1, 2025 • 6 new comments

• Add ExpressionTemplateValueProvider

  #17448 commented on Aug 4, 2025 • 5 new comments

• Add option to disable anonymous authentication in `RSocketSecurity`

  #17159 commented on Aug 4, 2025 • 2 new comments

• Improve authoritiesClaimName validation in JwtGrantedAuthoritiesConverter

  #17247 commented on Jul 29, 2025 • 1 new comment

• @PreAuthorize perform the paramter binding on implementor only

  #17632 commented on Jul 30, 2025 • 0 new comments

• @PreAuthorize not working in Spring Security 6+ due to deprecation

  #17487 commented on Jul 30, 2025 • 0 new comments

• Valid InResponseTo was not available from the validation context, unable to evaluate SubjectConfirmationData@InResponseTo

  #17631 commented on Aug 1, 2025 • 0 new comments

• Consider warning users if securityMatchers do not match some filter in the chain

  #14096 commented on Aug 1, 2025 • 0 new comments

• Programmatic way to use expression-based authorization manager for websockets

  #12650 commented on Aug 2, 2025 • 0 new comments

• Remove usage of `SpringSecurityCoreVersion.SERIAL_VERSION_UID`

  #17623 commented on Aug 3, 2025 • 0 new comments

• Consider adding dependency convergence detection

  #13990 commented on Aug 4, 2025 • 0 new comments

• Deprecation warning about authorizeRequests should also contain XML guidance

  #17259 commented on Aug 4, 2025 • 0 new comments

• Add Password Advice Support

  #17118 commented on Aug 1, 2025 • 0 new comments

• Document Upgrading Password Encoding

  #17120 commented on Aug 1, 2025 • 0 new comments

• Allow multiple ServerLogoutHandler instances in ServerHttpSecurity

  #17381 commented on Jul 31, 2025 • 0 new comments

• Remove PortResolver

  #17524 commented on Aug 4, 2025 • 0 new comments