Context of code snippets can be difficult to figure out. We should have a link from code snippets to complete working sa...

We should use an include for all samples within the documentation. This will allow us to test the sample code to ensure ...

We need to ensure we have any potential breaking changes in for support of 2FAComment From: bensieglerHey @rwinch, the b...

Spring Framework is planning on removing the HandlingMappingIntrospector. We should put the necessary things in place to...

Right now it is simple to prevent a user from authenticating when they have a compromised password. However, we should s...

Currently, there is no easy way to flag a UserDetails object that has its password compromised. There is no first-class ...

I noticed that the sessionIdChanged method in the HttpSessionEventPublisher class does not have a Javadoc comment. In co...

Describe the bugAfter upgrading from Spring Boot 3.3.X to 3.4.0, thus using Spring Security 6.4.0 we encountered the pro...

ERROR***************************APPLICATION FAILED TO START***************************Description:Parameter 0 of method ...

The issue arises because both IDPs have the same entityID in the EntityDescriptor but different ID values within it.I am...

Current BehaviorThe user has a project with Spring Security utilizing Access Decision Manager classes. They have the fol...

Describe the bugThe transports saved with the credential during the registration request are not returned in the transpo...

Describe the bugThe details provided in the spring security page to use Open Saml 5.x has issues:https://docs.spring.io/...

I have a RestController with a org.springframework.web.servlet.mvc.method.annotation.StreamingResponseBody to download a...

Describe the bugCreating a new fresh Spring Boot application with Spring Security and Spring WebFlux leads to have React...

https://github.com/spring-projects/spring-security/blob/6.4.1/docs/modules/ROOT/pages/whats-new.adoc 'select the write' ...

I have a condition in my application where we store certain values specific to the application in the cookies before sen...

Describe the bugThe client_secret parameter in the request body is missing while sending a token request.I'm using https...

By default, a filter chain's securityMatcher defaults to any request:http// .securityMatcher("/**") <-- im...

Hi,Recently i tasked myself with bumping spring boot from 2.7.18 to 3.2.2 and I thought that it is over and it's working...