If something like this is used:
http.csrf(csrf -> csrf.ignoringRequestMatchers("/login", "/something/**" ));
An exception triggers: "This method cannot decide whether these patterns are Spring MVC patterns or not..."
I've manage to trace down the change that issues this problem, class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry method public C requestMatchers(HttpMethod method, String... patterns)
Spring Boot 3.1.1 (Before):
Spring Boot 3.1.2 (Now):
Comment From: dreis2211
This is a problem in Spring-Security. See https://github.com/spring-projects/spring-security/issues/13568 if you want to subscribe on the issue. It has been apparently introduced to fix https://spring.io/security/cve-2023-34035 but I'm waiting on an answer there as well.
Comment From: wilkinsona
Thanks, @dreis2211.