Skip to content

Issues: spring-projects/spring-security

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
27 Open 103 Closed
27 Open 103 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Adapt to form data not adding charset if it is UTF-8 in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: breaks-passivity A change that breaks passivity with the previous release
#15275 by marcusdacoregio was closed Jun 18, 2024 6.4.0-M1
@marcusdacoregio
2
Add validation IpAddressMatcher in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#14491 by FdHerrera was merged Jan 31, 2024 Loading… 6.3.0-M2
@jzheaux
3
CsrfAuthenticationStrategy is not consistent with CsrfFilter in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: bug A general bug
#12235 by sjohnr was closed Nov 19, 2022 6.0.0
@sjohnr
Register FilterChainProxy for all dispatcher types in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#12180 by marcusdacoregio was closed Nov 16, 2022 6.0.0
1
@marcusdacoregio
Default to DelegatingSecurityContextRepository in SecurityContextConfigurer in: config An issue in spring-security-config type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#12049 by sjohnr was closed Oct 18, 2022 6.0.0-RC1
@sjohnr
1
Remove OAuth Deprecations in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: breaks-passivity A change that breaks passivity with the previous release
#12022 by jzheaux was closed Oct 13, 2022
18 tasks done
6.0.0-M4
@jgrandja
Remove deprecated CsrfSpec.tokenFromMultipartDataEnabled in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release
#12020 by sjohnr was closed Oct 13, 2022 6.0.0-RC1
@sjohnr
Remove deprecated CsrfWebFilter.setTokenFromMultipartDataEnabled in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release
#12019 by sjohnr was closed Oct 13, 2022 6.0.0-RC1
@sjohnr
Remove deprecated constructors in PasswordEncoders in: crypto An issue in spring-security-crypto type: breaks-passivity A change that breaks passivity with the previous release
#11985 by jgrandja was closed Oct 12, 2022 6.0.0-RC1
@jgrandja
Default X-Xss-Protection header value to "0" in: web An issue in web modules (web, webmvc) status: duplicate A duplicate of another issue type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#11964 by Kehrlann was closed Oct 10, 2022 Loading… 6.0.0-RC1
1
@sjohnr
1
Default to Xor CSRF protection in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release
#11960 by sjohnr was closed Oct 13, 2022 6.0.0-RC1
@sjohnr
RequestMatcherDelegatingAuthorizationManager should deny when no match in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release
#11958 by rwinch was closed Oct 13, 2022 6.0.0-RC1
@jgrandja
2
Use MvcRequestMatcher by default if Spring MVC is present in: config An issue in spring-security-config status: duplicate A duplicate of another issue type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#11950 by marcusdacoregio was merged Oct 6, 2022 Loading… 6.0.0-RC1
1
@rwinch @marcusdacoregio
3
Remove deprecated RequestMatcher methods from Java Configuration in: config An issue in spring-security-config type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#11939 by marcusdacoregio was closed Oct 7, 2022 6.0.0-RC1
@marcusdacoregio
Remove WebSecurityConfigurerAdapter in: config An issue in spring-security-config type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#11923 by marcusdacoregio was merged Oct 4, 2022 Loading… 6.0.0-RC1
1
@marcusdacoregio
4
Make X-Xss-Protection header value configurable in ServerHttpSecurity in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#11908 by Kehrlann was closed Sep 30, 2022 Loading… 5.8.0-RC1
@Kehrlann
8
Use MvcRequestMatcher by default if Spring MVC is present in: config An issue in spring-security-config type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#11899 by marcusdacoregio was closed Oct 6, 2022 6.0.0-RC1
1
@marcusdacoregio
Change default authority for oauth2Login() in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue type: breaks-passivity A change that breaks passivity with the previous release
#11887 by sjohnr was closed Sep 26, 2022 Loading… 6.0.0-RC1
1
@sjohnr
4
Prevent JwtAuthenticationProvider from setting authentication details when jwtAuthenticationConverter returned an authentication instance with non null details in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#11823 by ch4mpy was closed Dec 13, 2022 Loading… 6.1.0-M1
1
@sjohnr
11
Remove Deprecated OpenSAML 3 Support in: saml2 An issue in SAML2 modules type: breaks-passivity A change that breaks passivity with the previous release
#11789 by rwinch was merged Sep 20, 2022 Loading… 6.0.0-RC1
1
@jzheaux
csrfRequestAttributeName = _csrf in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release
#11764 by rwinch was closed Aug 31, 2022 6.0.0-M7
@rwinch
1
Remove Configuration meta-annotation from Enable* annotations in: config An issue in spring-security-config type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#11653 by jsattler was merged Aug 9, 2022 Loading… 6.0.0-M7
1
@rwinch
1
Remove default value for access parameter in: config An issue in spring-security-config status: duplicate A duplicate of another issue type: breaks-passivity A change that breaks passivity with the previous release type: bug A general bug
#11599 by ysavchen was merged Aug 18, 2022 Loading… 6.0.0-M7
1
@marcusdacoregio
1
Remove deprecations in ServerOAuth2AuthorizedClientExchangeFilterFunction in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: breaks-passivity A change that breaks passivity with the previous release
#11589 by jgrandja was closed Jul 15, 2022 6.0.0-M6
@jgrandja
Remove deprecations in ServletOAuth2AuthorizedClientExchangeFilterFunction in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: breaks-passivity A change that breaks passivity with the previous release
#11588 by jgrandja was closed Jul 15, 2022 6.0.0-M6
@jgrandja
ProTip! Find all open issues with in progress development work with linked:pr.