Skip to content

Issues: spring-projects/spring-security

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
159 Open 4,043 Closed
159 Open 4,043 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Sorting RememberMeAuthenticationFilter status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16346 opened Dec 26, 2024 by daromnik
2
[Azure Oauth2] IllegalArgumentException: Attribute value for "xxx" is null status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16340 opened Dec 24, 2024 by jloisel
Incorrect kotlin webauthn configuration status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16338 opened Dec 23, 2024 by franticticktick
1
Spring Security IPv6 issue - is there a global config setting? status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16337 opened Dec 23, 2024 by dreamstar-enterprises
5
Multiple /authorize requests in the same session are not supported. Why? status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16336 opened Dec 23, 2024 by pujachowdhary27
WebAuthn + Redis doesn't work; Redis defaults to JdkSerializationRedisSerializer, WebAuthn classes lack Serializable interface, WebAuthn mixins missing for GenericJackson2JsonRedisSerializer status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16328 opened Dec 23, 2024 by justincranford
2
Inconsistent constructor declaration on bean with name '_reactiveMethodSecurityConfiguration' status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16325 opened Dec 22, 2024 by eugeniudedin
1
relying-party-registration doesn't resolve placeholders in xml status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16308 opened Dec 19, 2024 by rvervaek
3
Bean Conflict Between webSocketAuthorizationManagerPostProcessor and objectPostProcessor in Spring Security Configuration status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16299 opened Dec 18, 2024 by waileong
3
UniqueSecurityAnnotationScanner should consider annotation on target class level as fallback status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16295 opened Dec 17, 2024 by quaff
1
Make Saml2AuthenticationToken Serializable in: saml2 An issue in SAML2 modules type: bug A general bug
#16287 opened Dec 15, 2024 by ngocnhan-tran1996 Loading… 6.4.3
1
@jzheaux
8
Make Saml2AuthenticationToken Serializable in: saml2 An issue in SAML2 modules type: bug A general bug
#16286 opened Dec 13, 2024 by jzheaux 6.4.x
1
Ensure Serializable Security Components declare serialVersionUID in: core An issue in spring-security-core type: bug A general bug
#16276 opened Dec 13, 2024 by jzheaux 100+ 6.4.x
@jzheaux
1
Make WebAuthnAuthentication Serializable in: web An issue in web modules (web, webmvc) type: bug A general bug
#16273 opened Dec 12, 2024 by jzheaux 6.4.x
1
1
Request for exception approval for CVE-2024-38819 [Spring Framework Path Traversal Vulnerability status: feedback-provided Feedback has been provided type: bug A general bug
#16265 opened Dec 12, 2024 by AshishJogiAcc
3
acl - Unable to obtain the class id type - column name class_id_type was not found status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16230 opened Dec 7, 2024 by zemirco
Spring Security's Filters and WebFilters Automatically Registered by Spring Boot in: web An issue in web modules (web, webmvc) type: bug A general bug
#16222 opened Dec 5, 2024 by rwinch 6.5.x
@rwinch
4
Saml response verfication inside Controller status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16160 opened Nov 25, 2024 by sasirekha98
[OAuth2] Misconfigured OAuth2LoginAuthenticationFilter when combining OAuth2 login and OAuth2 client configuration in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16105 opened Nov 15, 2024 by BWohlbrecht 6.3.x
@sjohnr
2
Getting error as The response contained an InResponseTo attribute [] but no saved authentication request was found in saml2 in: saml2 An issue in SAML2 modules status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16091 opened Nov 14, 2024 by sasirekha98
@jzheaux
OidcBackChannelLogoutWebFilter returns an error for unauthenticated ajax requests in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16073 opened Nov 12, 2024 by katya-tis
@jzheaux
1
Passkey Endpoints do not Honor .permitAll() in: web An issue in web modules (web, webmvc) status: feedback-provided Feedback has been provided type: bug A general bug
#16070 opened Nov 12, 2024 by Jyosua
@rwinch
5
Do not validate parameters in ServerBearerTokenAuthenticationConverter and DefaultBearerTokenResolver if not enabled in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug
#16039 opened Nov 5, 2024 by jonah1und1 Loading…
@sjohnr
8
ServerBearerTokenAuthenticationConverter validates parameters when not enabled in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug
#16038 opened Nov 4, 2024 by sjohnr 6.2.x
@jonah1und1
1
Encode clientId and clientSecret for OpaqueTokenIntrospector and ReactiveOpaqueTokenIntrospector in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: blocked An issue that's blocked on an external project change type: bug A general bug
#16008 opened Oct 29, 2024 by ngocnhan-tran1996 Loading… 6.5.0-M1
1
@jzheaux
10
ProTip! no:milestone will show everything without a milestone.