17 Pull requests merged by 1 person

• Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6

  #16959 merged Apr 18, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12

  #16960 merged Apr 18, 2025

• Bump org.springframework:spring-framework-bom from 6.1.18 to 6.1.19

  #16958 merged Apr 18, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12

  #16957 merged Apr 18, 2025

• Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6

  #16955 merged Apr 18, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12

  #16956 merged Apr 18, 2025

• Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17

  #16944 merged Apr 16, 2025

• Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17

  #16943 merged Apr 16, 2025

• Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17

  #16942 merged Apr 16, 2025

• Bump io.micrometer:micrometer-observation from 1.14.5 to 1.14.6

  #16938 merged Apr 15, 2025

• Bump io.micrometer:micrometer-observation from 1.14.5 to 1.14.6

  #16933 merged Apr 14, 2025

• Bump org.junit:junit-bom from 5.12.1 to 5.12.2

  #16929 merged Apr 14, 2025

• Bump org-aspectj from 1.9.22.1 to 1.9.24

  #16931 merged Apr 14, 2025

• Bump io.micrometer:context-propagation from 1.1.2 to 1.1.3

  #16932 merged Apr 14, 2025

• Bump com.google.code.gson:gson from 2.12.1 to 2.13.0

  #16930 merged Apr 14, 2025

• Bump org-aspectj from 1.9.22.1 to 1.9.24

  #16928 merged Apr 14, 2025

• Bump org-aspectj from 1.9.22.1 to 1.9.24

  #16927 merged Apr 14, 2025

11 Pull requests opened by 4 people

• Polish PublicKeyCredentialCreationOptionsFilter

  #16934 opened Apr 14, 2025

• Remove unused classes

  #16935 opened Apr 14, 2025

• Add support one-time token value customization

  #16946 opened Apr 16, 2025

• Add FunctionalInterface To X509PrincipalExtractor

  #16952 opened Apr 17, 2025

• Consider supporting Spring Data container types for AuthorizeReturnObject

  #16953 opened Apr 17, 2025

• Consider customization of Saml2LogoutRequestValidatorParametersResolver

  #16954 opened Apr 18, 2025

• Revise document to replace outdated NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector

  #16962 opened Apr 18, 2025

• Improve OAuth2ResourceServerConfigurer to eliminate deprecated operations

  #16963 opened Apr 18, 2025

• Replace deprecated NimbusReactiveOpaqueTokenIntrospector with SpringReactiveOpaqueTokenIntrospector

  #16964 opened Apr 18, 2025

• Replace deprecated #check calls with #authorize

  #16965 opened Apr 18, 2025

• Create CsrfCustomizer for SPA configuration (#14149)

  #16966 opened Apr 18, 2025

5 Issues closed by 2 people

• Improve documentation of WebFlux Username/Password login, WebSession persistence.

  #16926 closed Apr 19, 2025

• Regression with Bcrypt max password length

  #16802 closed Apr 17, 2025

• Regression with Bcrypt max password length

  #16951 closed Apr 17, 2025

• Add request_uri in OAuth2ParameterNames

  #16947 closed Apr 16, 2025

• Prevent downgraded usage of DPoP-bound access tokens

  #16937 closed Apr 14, 2025

12 Issues opened by 10 people

• SecurityContext saved to WebSessionServerSecurityContextRepository is not found.

  #16969 opened Apr 19, 2025

• HttpsRedirectWebFilter can redirect to `https:/`

  #16968 opened Apr 18, 2025

• Method security annotations, like `PreAuthorize`, not working on private methods after upgrade to 6.4

  #16967 opened Apr 18, 2025

• Duplicate pre-auth Session Id same as of already logged in user

  #16961 opened Apr 18, 2025

• Support nested attributes for userNameAttributeName in OAuth2 UserInfo response

  #16950 opened Apr 17, 2025

• X509PrincipalExtractor is missing FunctionalInterface annotation

  #16949 opened Apr 16, 2025

• IllegalArgumentException when trying to clear out all site data when logging out.

  #16948 opened Apr 16, 2025

• Issue of private_key_jwt authentication type token issuance (JwtClientAssertionAuthenticationConverter)

  #16945 opened Apr 16, 2025

• OAuth2Login behaves differently in MVC and Reactive

  #16941 opened Apr 15, 2025

• Add support dpop customization

  #16940 opened Apr 15, 2025

• Add support one-time token value customization

  #16939 opened Apr 15, 2025

• Replace check calls with authorize

  #16936 opened Apr 14, 2025

11 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• NimbusJwtEncoder should simplify constructing with javax.security Keys

  #16267 commented on Apr 14, 2025 • 0 new comments

• Reactive implementation for DPoPAuthenticationProvider & related classes

  #16912 commented on Apr 14, 2025 • 0 new comments

• Spring Security Interface Based Rest Clients

  #16858 commented on Apr 15, 2025 • 0 new comments

• Consider using Bouncy Castle BCrypt implementation

  #16880 commented on Apr 16, 2025 • 0 new comments

• Consider changing default encoder in PasswordEncoderFactories

  #16879 commented on Apr 16, 2025 • 0 new comments

• mockJwt() WebTestClientConfigurer with MockMvcWebTestClient throws a NullPointerException.

  #9257 commented on Apr 17, 2025 • 0 new comments

• Remove deprecated implementations of OAuth2AccessTokenResponseClient

  #16909 commented on Apr 17, 2025 • 0 new comments

• AuthorizeReturnObject should target the authorized object within Spring Data components

  #15994 commented on Apr 17, 2025 • 0 new comments

• Simplify CSRF Configuration for SPAs

  #14149 commented on Apr 18, 2025 • 0 new comments

• Add "Best Match" based Web Authorization Rules

  #16249 commented on Apr 18, 2025 • 0 new comments

• Added a mapping for DPOP TokenType in DefaultMapOAuth2AccessTokenResponseConverter

  #16806 commented on Apr 18, 2025 • 0 new comments