Skip to content

Issues: spring-projects/spring-security

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

897 Open 11,162 Closed
897 Open 11,162 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Support Remember-Me for OAuth2 login status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15078 opened May 16, 2024 by gotson
DefaultRedirectStrategy includes firewalled semicolon jsessionid in url status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15077 opened May 15, 2024 by xenoterracide
OAuth with Concurrent Session Management on Spring Webflux in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
#15071 opened May 14, 2024 by jsantana3c
@marcusdacoregio
spring-security/docs/modules/ROOT/pages/servlet/authorization /method-security in: docs An issue in Documentation or samples type: bug A general bug
#15045 opened May 11, 2024 by douxiaofeng99
@sjohnr
1
FilterInvocation should support getDispatcherType() in: web An issue in web modules (web, webmvc) status: waiting-for-feedback We need additional information before we can continue type: bug A general bug
#15042 opened May 10, 2024 by chrylis
@marcusdacoregio
2
HttpSessionSecurityContextRepository used for AbstractPreAuthenticatedProcessingFilter status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15041 opened May 10, 2024 by cristibozga
SessionRegistryImpl leaks principals under high load in: core An issue in spring-security-core status: feedback-provided Feedback has been provided type: bug A general bug
#15036 opened May 9, 2024 by wojtassi
@sjohnr
5
Prevent incorrect merges between branches type: task A general task
#15028 opened May 8, 2024 by marcusdacoregio
1
Add interface IterableRelyingPartyRegistrationRepository or similar in: saml2 An issue in SAML2 modules status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15027 opened May 8, 2024 by OrangeDog
@jzheaux
1
Saml2 Response assertion validation error with error code InvalidSignature - Need to expose createDefaultAssertionSignatureValidator() method in Opensaml4AuthenticationProvider class in: saml2 An issue in SAML2 modules status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15022 opened May 8, 2024 by itsUmashree
@jzheaux
SAML API should accept, adapt, and/or mirror OpenSAML's Credential API in: saml2 An issue in SAML2 modules status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15019 opened May 7, 2024 by OrangeDog
@jzheaux
1
RelyingPartyRegistrations does not verify signatures in: saml2 An issue in SAML2 modules status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15018 opened May 7, 2024 by OrangeDog
@jzheaux
3
RelyingPartyRegistrations typically produces unusable registrationId in: saml2 An issue in SAML2 modules status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15017 opened May 7, 2024 by OrangeDog
@jzheaux
Unintuitive behavior of multiple servlet contexts and HttpSecurity#securityMatcher pattern in: web An issue in web modules (web, webmvc) status: feedback-provided Feedback has been provided type: enhancement A general enhancement
#15004 opened May 3, 2024 by arvyy
@sjohnr
3
OIDC Backchannel Logout does not allow logout tokens having typ header of logout+jwt in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15003 opened May 3, 2024 by justin-tay
@jzheaux
5.8.12: @Secured annotation on subclasses is not read by SecuredAuthorizationManager when method in superclass was called status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15002 opened May 2, 2024 by artem103
4
Allow customizing AbstractRememberMeServices cookie status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#14990 opened Apr 30, 2024 by ooraini
AuthorizationManagerAfterMethodInterceptor custom annotations and aspecj support status: feedback-provided Feedback has been provided
#14970 opened Apr 26, 2024 by mira-silhavy
@jzheaux
3
Reactive Security OAuth2 client doesn't propagate traces and baggage's in Spring Boot 3 in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: feedback-provided Feedback has been provided type: bug A general bug
#14946 opened Apr 23, 2024 by DaceKonn
@sjohnr
2
Revisit SAML 2.0 Service Provider Documentation
#14944 opened Apr 22, 2024 by jzheaux
@jzheaux
Support RFC9449 - DPoP Authentication scheme status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#14915 opened Apr 16, 2024 by babisRoutis
LogoutConfigurer forces POST even if CSRF is disabled for /logout status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#14913 opened Apr 15, 2024 by erizzo
DelegatingSecurityContextTaskExecutor / DelegatingSecurityContextRunnable / DelegatingSecurityContextCallable should provide extension points in: core An issue in spring-security-core status: feedback-provided Feedback has been provided
#14911 opened Apr 15, 2024 by tkrah
@jzheaux
7
Add Spring Session support to OIDC Back-Channel Logout in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#14904 opened Apr 13, 2024 by pzgadzaj-equinix
1
Support Certificate-Bound (POP) Opaque Access Token Validation in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#14888 opened Apr 11, 2024 by jgrandja
6
ProTip! no:milestone will show everything without a milestone.