Skip to content

Issues: spring-projects/spring-security

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

898 Open 11,145 Closed
898 Open 11,145 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

HttpSessionSecurityContextRepository used for AbstractPreAuthenticatedProcessingFilter status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15041 opened May 10, 2024 by cristibozga
Spring Security Context Support in Virtual Thread status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15040 opened May 10, 2024 by amrit9326
SessionRegistryImpl leaks principals under high load in: core An issue in spring-security-core status: feedback-provided Feedback has been provided type: bug A general bug
#15036 opened May 9, 2024 by wojtassi
@sjohnr
5
Prevent incorrect merges between branches type: task A general task
#15028 opened May 8, 2024 by marcusdacoregio
1
Add interface IterableRelyingPartyRegistrationRepository or similar in: saml2 An issue in SAML2 modules status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15027 opened May 8, 2024 by OrangeDog
@jzheaux
1
Saml2 Response assertion validation error with error code InvalidSignature - Need to expose createDefaultAssertionSignatureValidator() method in Opensaml4AuthenticationProvider class in: saml2 An issue in SAML2 modules status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15022 opened May 8, 2024 by itsUmashree
@jzheaux
SAML API should accept, adapt, and/or mirror OpenSAML's Credential API in: saml2 An issue in SAML2 modules status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15019 opened May 7, 2024 by OrangeDog
@jzheaux
1
RelyingPartyRegistrations does not verify signatures in: saml2 An issue in SAML2 modules status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15018 opened May 7, 2024 by OrangeDog
@jzheaux
2
RelyingPartyRegistrations typically produces unusable registrationId in: saml2 An issue in SAML2 modules status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15017 opened May 7, 2024 by OrangeDog
@jzheaux
Unintuitive behavior of multiple servlet contexts and HttpSecurity#securityMatcher pattern in: web An issue in web modules (web, webmvc) status: waiting-for-feedback We need additional information before we can continue type: enhancement A general enhancement
#15004 opened May 3, 2024 by arvyy
@sjohnr
1
OIDC Backchannel Logout does not allow logout tokens having typ header of logout+jwt in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15003 opened May 3, 2024 by justin-tay
@jzheaux
5.8.12: @Secured annotation on subclasses is not read by SecuredAuthorizationManager when method in superclass was called status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15002 opened May 2, 2024 by artem103
4
Attach Antora Docs to Pull Requests type: task A general task
#14992 opened Apr 30, 2024 by marcusdacoregio
@marcusdacoregio
Tokens for Client Credentials grant type should be cached only based on clientRegistrationId in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-feedback We need additional information before we can continue type: enhancement A general enhancement
#14991 opened Apr 30, 2024 by pzgadzaj-equinix
@sjohnr
3
Allow customizing AbstractRememberMeServices cookie status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#14990 opened Apr 30, 2024 by ooraini
Minor docs error in AuthenticatedReactiveAuthorizationManager status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#14978 opened Apr 29, 2024 by MrJovanovic13
1
http.authorizeHttpRequests((authorize) -> authorize.requestMatchers( "/websocket/**").permitAll()); Not working status: feedback-reminder We've sent a reminder that we need additional information before we can continue status: waiting-for-feedback We need additional information before we can continue
#14971 opened Apr 26, 2024 by charankavuri
2
AuthorizationManagerAfterMethodInterceptor custom annotations and aspecj support status: feedback-provided Feedback has been provided
#14970 opened Apr 26, 2024 by mira-silhavy
@jzheaux
2
Reactive Security OAuth2 client doesn't propagate traces and baggage's in Spring Boot 3 in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-feedback We need additional information before we can continue type: bug A general bug
#14946 opened Apr 23, 2024 by DaceKonn
@sjohnr
1
Revisit SAML 2.0 Service Provider Documentation
#14944 opened Apr 22, 2024 by jzheaux
@jzheaux
SAML Authentication Issue with Simultaneous User Logins in: saml2 An issue in SAML2 modules status: feedback-provided Feedback has been provided
#14932 opened Apr 19, 2024 by siddharth-78
@jzheaux
3
Support RFC9449 - DPoP Authentication scheme status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#14915 opened Apr 16, 2024 by babisRoutis
LogoutConfigurer forces POST even if CSRF is disabled for /logout status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#14913 opened Apr 15, 2024 by erizzo
DelegatingSecurityContextTaskExecutor / DelegatingSecurityContextRunnable / DelegatingSecurityContextCallable should provide extension points in: core An issue in spring-security-core status: feedback-provided Feedback has been provided
#14911 opened Apr 15, 2024 by tkrah
@jzheaux
7
Add Spring Session support to OIDC Back-Channel Logout in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#14904 opened Apr 13, 2024 by pzgadzaj-equinix
1
ProTip! Updated in the last three days: updated:>2024-05-07.