Skip to content

Issues: spring-projects/spring-security

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
61 Open 105 Closed
61 Open 105 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Improve the BasicAuthenticationFilter to allow callbacks for both successful and failed authentication events. in: web An issue in web modules (web, webmvc) status: feedback-provided Feedback has been provided type: enhancement A general enhancement
#16281 opened Dec 13, 2024 by pongdangx2
@jzheaux
2
Request for exception approval for CVE-2024-38819 [Spring Framework Path Traversal Vulnerability status: feedback-provided Feedback has been provided type: bug A general bug
#16265 opened Dec 12, 2024 by AshishJogiAcc
3
Passkey Endpoints do not Honor .permitAll() in: web An issue in web modules (web, webmvc) status: feedback-provided Feedback has been provided type: bug A general bug
#16070 opened Nov 12, 2024 by Jyosua
@rwinch
5
Upgrade nimbus-jose-jwt:jar to 9.37.3 in Spring Security 5.8.x in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: feedback-provided Feedback has been provided type: dependency-upgrade A dependency upgrade
#15951 opened Oct 18, 2024 by blackat
@jzheaux
3
Possible bug in AbstractRequestMatcherRegistry#requireOnlyPathMappedDispatcherServlet? (DispatcherServlet not found when resolving request matcher) for: stackoverflow A question that's better suited to stackoverflow.com status: feedback-provided Feedback has been provided
#15684 opened Aug 23, 2024 by mauromol
5
Illegal group reference in: crypto An issue in spring-security-crypto status: feedback-provided Feedback has been provided
#15458 opened Jul 22, 2024 by itl-coder
3
Consider allowing to hide UserNotFoundException in PreAuthenticatedAuthenticationProvider in: core An issue in spring-security-core status: feedback-provided Feedback has been provided type: enhancement A general enhancement
#15450 opened Jul 22, 2024 by b1ueskydragon
@jzheaux
5
PreAuthorize not working on Services with an Interface, and also still not working on Kotlin Co-routines in: core An issue in spring-security-core status: feedback-provided Feedback has been provided type: bug A general bug
#15367 opened Jul 5, 2024 by dreamstar-enterprises
@jzheaux
3
Spring Webflex - reactor core exception - accessing endpoint with http: basic auth in: web An issue in web modules (web, webmvc) status: feedback-provided Feedback has been provided
#15348 opened Jul 2, 2024 by dreamstar-enterprises
2
add more constants to OAuth2ParameterNames in: docs An issue in Documentation or samples status: feedback-provided Feedback has been provided type: enhancement A general enhancement
#15130 opened May 22, 2024 by xenoterracide
@jzheaux
4
Add support OAuth 2.0 Step-up Authentication Challenge Protocol in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: feedback-provided Feedback has been provided type: enhancement A general enhancement
#15091 opened May 17, 2024 by franticticktick
1
@sjohnr
4
AuthorizationManagerAfterMethodInterceptor custom annotations and aspecj support status: feedback-provided Feedback has been provided
#14970 opened Apr 26, 2024 by mira-silhavy
@jzheaux
3
LogoutConfigurer forces POST even if CSRF is disabled for /logout in: config An issue in spring-security-config status: feedback-provided Feedback has been provided type: enhancement A general enhancement
#14913 opened Apr 15, 2024 by erizzo
@sjohnr
3
DelegatingSecurityContextTaskExecutor / DelegatingSecurityContextRunnable / DelegatingSecurityContextCallable should provide extension points in: core An issue in spring-security-core status: feedback-provided Feedback has been provided
#14911 opened Apr 15, 2024 by tkrah
@jzheaux
7
Signature of Assertion from issuer was not valid and invalid destination for SAML response by multiple simultaneous login status: feedback-provided Feedback has been provided
#14885 opened Apr 11, 2024 by nojanbakh
@jzheaux
4
Websocket XHR fallbacks get IllegalStateException: Cannot create a session after the response has been committed upgrading to Boot 3.2.7 in: saml2 An issue in SAML2 modules status: feedback-provided Feedback has been provided
#14864 opened Apr 8, 2024 by stnor
@jzheaux
7
Send saml logout response even when validation errors happen in: saml2 An issue in SAML2 modules status: feedback-provided Feedback has been provided type: enhancement A general enhancement
#14676 opened Mar 3, 2024 by 1livv Loading…
@jzheaux
16
Session Management filter does not seem to honor the require explicit save option -> securityContext .requireExplicitSave(true) status: feedback-provided Feedback has been provided
#14675 opened Mar 2, 2024 by srividhyakk
3
Allow AbstractWebClientReactiveOAuth2AccessTokenResponseClient to be extended in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: feedback-provided Feedback has been provided type: enhancement A general enhancement
#14657 opened Feb 28, 2024 by kkondratov
1
@sjohnr
6
Format check fails on fresh repo checkout status: feedback-provided Feedback has been provided type: bug A general bug
#14575 opened Feb 10, 2024 by willemvd
6
404 Errors for SP Metadata and IDP Initiated Login in: saml2 An issue in SAML2 modules status: feedback-provided Feedback has been provided type: bug A general bug
#14514 opened Jan 31, 2024 by siddharth-78
13
InMemoryClientRegistrationRepository should accept an empty set of registrations in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: feedback-provided Feedback has been provided type: enhancement A general enhancement
#14508 opened Jan 30, 2024 by espenhw
@jzheaux
2
Access to accessToken in GrantedAuthoritiesMapper in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: feedback-provided Feedback has been provided type: enhancement A general enhancement
#14461 opened Jan 15, 2024 by Xyaren
2
EnableWebSocketSecurity is not 1:1 replacement for AbstractSecurityWebSocketMessageBrokerConfigurer status: feedback-provided Feedback has been provided type: bug A general bug
#13640 opened Aug 9, 2023 by filiphr
@sjohnr
11
Deprecation of AbstractSecurityInterceptor in: core An issue in spring-security-core status: feedback-provided Feedback has been provided
#13444 opened Jul 2, 2023 by jvmlet
@jzheaux
2
ProTip! Mix and match filters to narrow down what you’re looking for.