AclAuthorizationStrategyImpl does not check reachable granted authorities when checking principal's authorities to deter...

Similar to https://github.com/spring-projects/spring-security/issues/13416Update SecurityNamespaceHandler to require 6.3...

For the 5.8.x branch, using the --scan attribute does not work per the following from Gradle:Gradle versions older than ...

Expected BehaviorUsually term baseUri means an URI prefix. E.g. in oauth2Login.authorizationEndpoint configurer there is...

Expected BehaviorJwtIssuerReactiveAuthenticationManagerResolver internally uses TrustedIssuerJwtAuthenticationManagerRes...

Herehttps://docs.spring.io/spring-security/reference/servlet/authentication/rememberme.html#remember-me-persistent-token...

SummaryOur project will include the spring-security-oauth2-core and client libraries, which causes the OAuth2WebSecurity...

I think we should not use HttpSessionSecurityContextRepository as default repository mainly if the security filter chai...

Describe the bugWhen OidcClientInitiatedServerLogoutSuccessHandler is configured, the redirect logout is not initiated i...

Forward port of issue #15045 to 6.3.x.Comment From: marcusdacoregioClosed via https://github.com/spring-projects/spring-...

Describe the bugIn the method-security document, the Enabling Certain Annotations, should use AuthorizationManagerAfter...

Describe the bugThe decodeCookie method in AbstractRememberMeServices attempts to pad the cookie value for Base64 decodi...

SummaryImplemented Spring security oauth2 and getting an access token and refresh token from Azure AD into my oauthToken...

Release automation configured via springRelease { ... } in build.gradle is using an incorrect URL for the API docs. It s...

In the Spring Security official documentation, there is an example code snippet under the "Spring Boot Security Auto Con...

Describe the bugJdbcOAuth2AuthorizedClientService doesn't have a way to specify the table name.Projects often need to cu...

Describe the bugThe current version of Reactive OAuth Security doesn't follow all Observability documentation recommenda...

Describe the bugWhen I POST to the SAML logoutUrl, a 401 response is returned.To Reproduce.logout(logout -> logout.in...

Related gh-15020See also release notes on gradle-enterprise-conventions@v0.0.17.

Rob (Migrated from SEC-2824) said:I've started putting together a plugin to add one-time password functionality (for 2-f...