Skip to content

Issues: spring-projects/spring-security

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
31 Open 103 Closed
31 Open 103 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Remove deprecated implementations of OAuth2AccessTokenResponseClient in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#16909 opened Apr 8, 2025 by sjohnr
4 tasks
7.0.0-M1
7
Remove HandlerMappingIntrospector Usage type: breaks-passivity A change that breaks passivity with the previous release type: task A general task type: theme An issue that describes a theme for a release
#16886 opened Apr 4, 2025 by rwinch 7.0.x
ServerCsrfTokenRequestHandler should return reactive types in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#16869 opened Apr 2, 2025 by jzheaux 7.0.x
Consider making UserInfo request opt-in instead of default in Spring Security 7 in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#16843 opened Mar 28, 2025 by sjohnr 7.0.0-M1
Favor Relative Redirects by Default in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#16300 opened Dec 18, 2024 by jzheaux 7.0.0-M1
Leave Filter Chain Observations Off By Default in: config An issue in spring-security-config type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#15858 opened Sep 26, 2024 by jzheaux 7.0.x
@jzheaux
Consider favoring ObjectProvider#getIfAvailable in: config An issue in spring-security-config type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#15821 opened Sep 17, 2024 by jzheaux 7.0.x
Consider removing generics from AuthorizationRequestRepository in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#15426 opened Jul 15, 2024 by sjohnr 7.0.x
1
2
Consider Signing Metadata by Default in: saml2 An issue in SAML2 modules type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#15182 opened May 31, 2024 by jzheaux 7.0.0-M1
@jzheaux
Remove authorizeRequests from Kotlin DSL in: config An issue in spring-security-config type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#15174 opened May 27, 2024 by marcusdacoregio 7.0.0-M1
Should OidcIdToken implement equals? in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#15156 opened May 24, 2024 by MatthiasWinzeler 7.0.0-M1
5
Improve JdbcUserDetailsManager.userExists method in: core An issue in spring-security-core type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#14649 opened Feb 24, 2024 by Shenker93 Loading… 7.0.0-M1
1
Remove deprecated methods from CookieServerCsrfTokenRepository in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#14139 opened Nov 14, 2023 by milaneuh Loading… 7.0.0-M1
5
Remove deprecations from CookieCsrfTokenRepository in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#14132 opened Nov 13, 2023 by marcusdacoregio 7.0.0-M1
Remove ApacheDS in: ldap An issue in spring-security-ldap type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#13852 opened Sep 20, 2023 by marcusdacoregio 7.0.0-M1
Default Servlet Headers Should Include Referrer-Policy in: config An issue in spring-security-config type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#13567 opened Jul 20, 2023 by marcusdacoregio 7.0.0-M1
Remove AbstractConfiguredSecurityBuilder#apply in: config An issue in spring-security-config type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#13441 opened Jun 30, 2023 by marcusdacoregio 7.0.0-M1
Consider removing underused modules and APIs theme: partner-use-cases Use cases we identified with a partner (an established contributor) type: breaks-passivity A change that breaks passivity with the previous release
#13272 opened Jun 2, 2023 by jgrandja
Consider removing XML configuration support theme: partner-use-cases Use cases we identified with a partner (an established contributor) type: breaks-passivity A change that breaks passivity with the previous release
#13271 opened Jun 2, 2023 by jgrandja
1
Remove LazyCsrfTokenRepository in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#13196 opened May 18, 2023 by jzheaux
1
Align Return Types of no-arg and Customizer arg Configuration Methods in: config An issue in spring-security-config type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#13093 opened Apr 25, 2023 by marcusdacoregio
2
Make DefaultRequestRejectedHandler Return HTTP 400 by default in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#13081 opened Apr 24, 2023 by NathanD001
2
Remove .and() and non lambda methods from DSL in: config An issue in spring-security-config type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#13067 opened Apr 18, 2023 by marcusdacoregio 7.0.0-M1
Saml2LogoutRequest constructor should check for null values in: saml2 An issue in SAML2 modules type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#12775 opened Feb 23, 2023 by marcusdacoregio
1
3
Remove ApacheDSContainer and related support in: ldap An issue in spring-security-ldap type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#12204 opened Nov 14, 2022 by jzheaux 7.0.0-M1
ProTip! What’s not been updated in a month: updated:<2025-03-19.