12 Pull requests merged by 7 people

• Implement providing a custom AuthoritiesPopulator in ADLdapAuthProvider

  #14539 merged Feb 9, 2024

• Typo: Update authorize-http-requests.adoc

  #14563 merged Feb 7, 2024

• Fix security filter sort in javadoc

  #14552 merged Feb 7, 2024

• Bump org.slf4j:slf4j-api from 2.0.11 to 2.0.12

  #14556 merged Feb 6, 2024

• Bump org.slf4j:slf4j-api from 2.0.11 to 2.0.12

  #14554 merged Feb 6, 2024

• Bump org.slf4j:slf4j-api from 2.0.11 to 2.0.12

  #14555 merged Feb 6, 2024

• Saml2 LogoutFilter Should Come Before Common LogoutFilter

  #14549 merged Feb 5, 2024

• Fixes logout link in advanced oauth2 servlet configuration (was point…

  #14523 merged Feb 5, 2024

• Typo: Update anonymous.adoc

  #14541 merged Feb 5, 2024

• Typo: Update rememberme.adoc

  #14542 merged Feb 5, 2024

• Bump org.junit:junit-bom from 5.10.1 to 5.10.2

  #14543 merged Feb 5, 2024

• Bump Gradle Wrapper from 8.5 to 8.6

  #14540 merged Feb 5, 2024

1 Pull request opened by 1 person

• Implement customization of `rolePrefix` in `LdapUserDetailsManager`

  #14574 opened Feb 10, 2024

19 Issues closed by 4 people

• AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc

  #13849 closed Feb 9, 2024

• OAuth2AuthorizationRequestRedirectFilter needs error handling customization

  #14572 closed Feb 9, 2024

• Use actions from `spring-security-release-tools`

  #14570 closed Feb 8, 2024

• "Span wasn't started - an observation must be started (not only created)" (Micrometer) due to observation handling in Spring Security Web?

  #14445 closed Feb 7, 2024

• "Span wasn't started - an observation must be started (not only created)" (Micrometer) due to observation handling in Spring Security Web?

  #14568 closed Feb 7, 2024

• Filter order documentation appears to be inconsistent

  #14566 closed Feb 7, 2024

• Filter order documentation appears to be inconsistent

  #14565 closed Feb 7, 2024

• Filter order documentation appears to be inconsistent

  #14564 closed Feb 7, 2024

• Filter order documentation appears to be inconsistent

  #14531 closed Feb 7, 2024

• Enable Auto Merge Forward for Dependabot Commits

  #14535 closed Feb 6, 2024

• Consider adding more logs to Back-Channel Logout

  #14524 closed Feb 6, 2024

• [Spring Security 6.1] different logic for processing assertions in OpenSaml4AuthenticationProvider.process()

  #13586 closed Feb 6, 2024

• SAML relying party logout filter is always ordered last

  #14551 closed Feb 5, 2024

• SAML relying party logout filter is always ordered last

  #14550 closed Feb 5, 2024

• Add request parameter to SAML request using Spring Security SAML

  #14545 closed Feb 5, 2024

• ActiveDirectoryLdapAuthenticationProvider does not support different AuthoritiesPopulator

  #4490 closed Feb 5, 2024

• SAML relying party logout filter is always ordered last

  #14525 closed Feb 5, 2024

• Bump Gradle Wrapper from 8.5 to 8.6

  #14547 closed Feb 5, 2024

• I'm Getting Errors with Spring Security

  #14522 closed Feb 5, 2024

9 Issues opened by 9 people

• Horizontal tab (0x09) in HTTP header values rejected by StrictHttpFirewall

  #14573 opened Feb 9, 2024

• In-memory (default) implementation of SessionRegistry is not compatible with DefaultOidcUser and DefaultOAuth2User as the principal

  #14571 opened Feb 8, 2024

• Documentation on XML Namespace does not match reality of implementation

  #14569 opened Feb 8, 2024

• ActiveDirectoryLdapAuthenticationProvider doesn't have a spring properties for external configuration

  #14567 opened Feb 7, 2024

• Spring Security 6.2 defaults to InMemoryOidcSessionRegistry causing memory leaks in distributed systems with external session storage

  #14558 opened Feb 6, 2024

• org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler$CachedCsrfTokenSupplier not Serializable

  #14557 opened Feb 6, 2024

• Back-Channel Logout logs a removed session but user remains logged-in (using the wrong hostname for subsequent logout?)

  #14553 opened Feb 6, 2024

• Backport reusable workflows to 5.8.x

  #14548 opened Feb 5, 2024

• Gradle Wrapper Bot should facilitate forward port issues

  #14546 opened Feb 5, 2024

15 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• 404 Errors for SP Metadata and IDP Initiated Login

  #14514 commented on Feb 9, 2024 • 8 new comments

• Add support for requesting protected resources with RestClient

  #13588 commented on Feb 9, 2024 • 7 new comments

• Add OpenFGA Support

  #14121 commented on Feb 9, 2024 • 6 new comments

• Create composite ReactiveAuthenticationManager

  #14521 commented on Feb 9, 2024 • 3 new comments

• Introduce Customizable AuthorizationFailureHandler in OAuth2AuthorizationRequestRedirectFilter

  #14168 commented on Feb 10, 2024 • 2 new comments

• Unsecured Endpoints will always return 403 Forbidden due to errorhandling by /error

  #14481 commented on Feb 3, 2024 • 1 new comment

• mockJwt() WebTestClientConfigurer with MockMvcWebTestClient throws a NullPointerException.

  #9257 commented on Feb 5, 2024 • 1 new comment

• Add Meta-annotation Parameter Support

  #14480 commented on Feb 5, 2024 • 1 new comment

• supported SAML response types

  #14433 commented on Feb 5, 2024 • 1 new comment

• DispatcherServletDelegatingRequestMatcher causes errors when running tests with MockMvc

  #14418 commented on Feb 6, 2024 • 1 new comment

• OIDC UserInfo no longer being fetched when using OidcReactiveOAuth2UserService

  #13259 commented on Feb 7, 2024 • 1 new comment

• Persisting Authentication Documentation for Reactive Applications

  #14478 commented on Feb 7, 2024 • 1 new comment

• Invalid type casting for BasicLookupStrategy

  #14512 commented on Feb 7, 2024 • 1 new comment

• Improve logging in NimbusReactiveJwtDecoder

  #14091 commented on Feb 5, 2024 • 0 new comments

• Improve CVE-2023-34035 detection

  #13568 commented on Feb 9, 2024 • 0 new comments