Issues: spring-projects/spring-security
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler$CachedCsrfTokenSupplier not Serializable
in: web
An issue in web modules (web, webmvc)
status: feedback-provided
Feedback has been provided
type: bug
A general bug
#14557
opened Feb 6, 2024 by
TomBenjamins
Consider a An issue in web modules (web, webmvc)
type: enhancement
A general enhancement
ReactiveMaximumSessionExceededHandler
that performs POST /logout
in: web
#14510
opened Jan 30, 2024 by
marcusdacoregio
Publish Authorization Events on WebFlux
in: web
An issue in web modules (web, webmvc)
type: enhancement
A general enhancement
#14361
opened Dec 21, 2023 by
marcusdacoregio
•
Draft
springsecurity configudes the AuthenticationEntryPoint, but it is involved in handling other exceptions
in: web
An issue in web modules (web, webmvc)
status: feedback-provided
Feedback has been provided
#14340
opened Dec 17, 2023 by
zhangyuanlin666
Improve Single-Sign-On Redirect for SameSite=Lax and SameSite=Strict
in: web
An issue in web modules (web, webmvc)
type: enhancement
A general enhancement
#14297
opened Dec 13, 2023 by
jzheaux
Simplify CSRF Configuration for SPAs
in: web
An issue in web modules (web, webmvc)
type: enhancement
A general enhancement
#14149
opened Nov 15, 2023 by
jzheaux
Remove deprecated methods from CookieServerCsrfTokenRepository
in: web
An issue in web modules (web, webmvc)
type: breaks-passivity
A change that breaks passivity with the previous release
type: enhancement
A general enhancement
Remove deprecations from CookieCsrfTokenRepository
in: web
An issue in web modules (web, webmvc)
type: breaks-passivity
A change that breaks passivity with the previous release
type: enhancement
A general enhancement
ConcurrentSessionFilter breaks permitAll endpoint on session expiration
in: web
An issue in web modules (web, webmvc)
type: enhancement
A general enhancement
#14077
opened Oct 31, 2023 by
arvyy
Consider CSRF protection with a fixed custom header
in: web
An issue in web modules (web, webmvc)
type: enhancement
A general enhancement
#13717
opened Aug 20, 2023 by
SentretC
StrictHttpFirewall#setAllowedHeaderNames
should augment with existing Predicate
in: web
#13639
opened Aug 9, 2023 by
gourav
Add logging to CsrfTokenRequestHandler implementations
in: web
An issue in web modules (web, webmvc)
type: enhancement
A general enhancement
#13626
opened Aug 7, 2023 by
jzheaux
Switching users creates user sessions
in: web
An issue in web modules (web, webmvc)
status: feedback-provided
Feedback has been provided
type: bug
A general bug
#13435
opened Jun 28, 2023 by
filiphr
Add Support for Passkeys
in: web
An issue in web modules (web, webmvc)
theme: mfa
Related to multi-factor authentication, & building blocks for MFA (such as WebAuthN & passkeys)
type: enhancement
A general enhancement
#13305
opened Jun 11, 2023 by
asaikali
Simplify Content-Security-Policy Configuration
in: web
An issue in web modules (web, webmvc)
type: enhancement
A general enhancement
#13241
opened May 26, 2023 by
jzheaux
3 tasks
Remove LazyCsrfTokenRepository
in: web
An issue in web modules (web, webmvc)
type: breaks-passivity
A change that breaks passivity with the previous release
type: enhancement
A general enhancement
#13196
opened May 18, 2023 by
jzheaux
Reintroduce expressions for http security
in: web
An issue in web modules (web, webmvc)
type: enhancement
A general enhancement
#13184
opened May 16, 2023 by
puskaiz
org.springframework.security.web.savedrequest.DefaultSavedRequest ignores HTTP method when matching current request to saved request
in: web
An issue in web modules (web, webmvc)
status: waiting-for-triage
An issue we've not yet triaged
#13140
opened May 8, 2023 by
astr2k
Make DefaultRequestRejectedHandler Return HTTP 400 by default
in: web
An issue in web modules (web, webmvc)
type: breaks-passivity
A change that breaks passivity with the previous release
type: enhancement
A general enhancement
#13081
opened Apr 24, 2023 by
NathanD001
Add request to Observation Context at creation to enable filtering by the request
in: web
An issue in web modules (web, webmvc)
type: enhancement
A general enhancement
#12854
opened Mar 8, 2023 by
jonatan-ivanov
Observation(Web)FilterChainDecorator conventions should be configurable
in: web
An issue in web modules (web, webmvc)
type: enhancement
A general enhancement
#12838
opened Mar 7, 2023 by
jzheaux
Extract SessionManagementFilter into different components
in: web
An issue in web modules (web, webmvc)
type: enhancement
A general enhancement
#12612
opened Feb 1, 2023 by
marcusdacoregio
CsrfRequestDataValueProcessor uses a different attribute name then the rest of the CSRF parts.
in: web
An issue in web modules (web, webmvc)
status: feedback-provided
Feedback has been provided
type: enhancement
A general enhancement
#12443
opened Dec 21, 2022 by
mdeinum
Restructure DefaultSecurityFilterChain logs
in: web
An issue in web modules (web, webmvc)
type: enhancement
A general enhancement
#12218
opened Nov 16, 2022 by
jzheaux
StrictHttpFirewall: throw specialized exceptions for specific types of rejections
in: web
An issue in web modules (web, webmvc)
status: waiting-for-triage
An issue we've not yet triaged
type: enhancement
A general enhancement
#12191
opened Nov 10, 2022 by
brandon1024
Previous Next
ProTip!
Follow long discussions with comments:>50.