Expected BehaviorCurrent BehaviorContextI want to set the same-site attribute for the remember-me cookie. The servlet Co...

Expected BehaviorWhen using the @PreFilter and @PostFilter annotations with Kotlin's Collection and Map, the filtering l...

Describe the bugWhile upgrading from Spring Boot 2.5.6 to 2.7.1 I noticed an issue with MockMvc and method-level @PreAut...

This issue groups together related Kotlin Coroutines issues.Blocking Spring Security- [x] https://github.com/spring-proj...

Describe the bugWorking on a new backend for a product that makes heavy use of Spring with Kotlin, WebFlux, Spring Metho...

Describe the bugUnsure whether or not this is a bug or expected behaviour. When annotating a suspending kotlin function ...

Description of the BugWhen injecting a bean inside the @EnableGlobalMethodSecurity Configuration class, any method marke...

Describe the bug[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource from '...

I have this Spring Security 6 configuration configured to work with Keycloak server:@Configuration@EnableWebSecurity@Ena...

Describe the bugI wondered if OidcIdToken should implement equals. While running some test, I realized that the claims o...

SummaryIn NimbusReactiveJwtDecoder there is ReactiveRemoteJWKSource instance created when used with JWK Set URI. I didn'...

Describe the bugFollowing the update to spring security 6.3.0 we were facing issues with the IpAddressMatcher in our val...

Expected BehaviorThe AccessDeniedHandler should be able to handle all AccessDeniedException.Current BehaviorThe AccessDe...

Expected BehaviorAs the title says ... the NimbusReactiveJwtDecoder is created with default web client initialized stati...

Describe the bugWhen CSRF tokens are modified client-side, resolving token values with the Xor* implementations is not c...

[ ] https://github.com/spring-projects/spring-security/issues/15130Comment From: BingChunMoLicustom AuthorizationRequest...

java.lang.ArrayIndexOutOfBoundsException is thrown in XorCsrfTokenRequestAttributeHandler during attackAffects version s...

code_verifier, code_challenge, and code_challenge_method would be nice.Comment From: jzheauxHey, @xenoterracide, thanks ...

I am using Opensaml4AuthenticationProvider as an authentication provider in saml security filter chain, previously I was...

The EOL SAML version provided a way to sign SP metadata like this: ExtendedMetadata extendedMetadata = generator.generat...