Skip to content

Issues: spring-projects/spring-security

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

939 Open 11,420 Closed
939 Open 11,420 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Spring security 6.1 : CVE-2024-29857, CVE-2024-34447 org.bouncycastle.bcpkix.jdk15on:1.70 status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15780 opened Sep 10, 2024 by gaetan-deltombe
Where should i config OAuth2LoginAuthenticationFilter with property authenticationResultConverter? status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15778 opened Sep 10, 2024 by mengxzh
1
Request to make ReactiveJwtDecoders.java return implementations rather than interfaces so we can use it to provide functionality from non-accessible JwtDecoderProviderConfigurationUtils class status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15773 opened Sep 9, 2024 by rhanton
Add API for Registering Security Hints in: core An issue in spring-security-core type: enhancement A general enhancement
#15772 opened Sep 9, 2024 by jzheaux 6.4.0-M4
@jzheaux
OidcBackChannelLogoutTokenValidator should not throw an NPE when issuer is missing in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: bug A general bug
#15771 opened Sep 9, 2024 by jzheaux 6.2.x
Remove 5.8.x from Auto Merge Forward Dependabot PRs type: task A general task
#15770 opened Sep 9, 2024 by marcusdacoregio 5.8.15
@marcusdacoregio
CORS example from the documentation does not work since Spring Security 6.2.6 / 6.3.3 in: docs An issue in Documentation or samples type: bug A general bug
#15769 opened Sep 9, 2024 by mgocd 6.2.7
@jzheaux
1
Spring OAuth2 Client + native does not work out of the box. Should be easy to fix status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15764 opened Sep 9, 2024 by rcomblen
Spring Security - Attaching TTL limits to Indexed Sessions? status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15754 opened Sep 8, 2024 by dreamstar-enterprises
CSRF disable not working - getting error "Could not verify the provided CSRF token because no token was found to compare" in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-feedback We need additional information before we can continue
#15752 opened Sep 6, 2024 by rajcreddy
@jzheaux
4
InitializeUserDetailsBeanManagerConfigurer does configure a DaoAuthenticationProvider without Encoder although there are encoders found status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15751 opened Sep 6, 2024 by tkrah
Improve Integration between Authorized Objects and Spring Data in: core An issue in spring-security-core type: enhancement A general enhancement
#15746 opened Sep 5, 2024 by jzheaux 6.4.x
@jzheaux
Include Compromised Password Information in UserDetails in: core An issue in spring-security-core type: enhancement A general enhancement
#15745 opened Sep 5, 2024 by marcusdacoregio
@marcusdacoregio
Consider allowing oneTimeTokenLogin() to authenticate different devices in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
#15744 opened Sep 5, 2024 by marcusdacoregio
1
how about adding query string back to form login url in LoginUrlAuthenticationEntryPoint.java status: waiting-for-triage An issue we've not yet triaged
#15742 opened Sep 5, 2024 by travisbikkle
consider adding query string to login url in LoginUrlAuthenticationEntryPoint status: waiting-for-triage An issue we've not yet triaged
#15741 opened Sep 5, 2024 by travisbikkle
Unable to get RefreshToken expiraration from OAuth2AccessTokenResponse status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15739 opened Sep 5, 2024 by bostandyksoft
Webservice returns invalid response containing Empty Headers (":") (2) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15738 opened Sep 5, 2024 by david0
Deprecate default OAuth2AccessTokenResponseClients in favor of RestClient-based ones in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15737 opened Sep 4, 2024 by sjohnr 6.4.x
@sjohnr
Consider adding OneTimeTokenService for a clustered environment status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15735 opened Sep 4, 2024 by CrazyParanoid
1
Invalid CSRF token when Eureka client register to server status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15726 opened Sep 3, 2024 by weiro-9-w7
Documentation ReactiveOidcSessionStrategy should be ReactiveOidcSessionRegistry status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15724 opened Sep 2, 2024 by dreamstar-enterprises
2
Consider deprecating Global Authentication status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15722 opened Sep 2, 2024 by Kehrlann
Provide Runtime Hints for objects authorized by @AuthorizeReturnObject in: core An issue in spring-security-core type: enhancement A general enhancement
#15709 opened Aug 29, 2024 by jzheaux
3 tasks
6.4.x
@jzheaux
Provide a way to customize the default RequestCache without replacing the entire implementation in: config An issue in spring-security-config type: enhancement A general enhancement
#15707 opened Aug 28, 2024 by eric-creekside
@marcusdacoregio
3
ProTip! no:milestone will show everything without a milestone.