Describe the bugHello,Unfortunately @PreAuthorize does not work for me after upgrading to spring 6.0.11 with spring-secu...

References to the webflux sections don't link to them: https://docs.spring.io/spring-security/reference/features/authent...

Authorization is missing from the Features section in the docs. https://docs.spring.io/spring-security/reference/feature...

Forward port of #14101 into mainComment From: marcusdacoregioClosed via https://github.com/spring-projects/spring-securi...

Forward port of https://github.com/spring-projects/spring-security/pull/14098 into 6.1.xComment From: marcusdacoregioClo...

I've been looking into adding instrumentation to OpenTelemetry to capture the enduser.id, enduser.role, and enduser.scop...

Quoting wilkinsona's comment at https://github.com/spring-projects/spring-boot/issues/38185#issuecomment-1792128910:Than...

Running ./gradlew build --warning-mode all gives us the output below. We should remove those deprecations warnings by ap...

After UnboundIdContainer#stop is called, UnboundIdContainer#isRunning returns true when it should return false. The resu...

Expected Behaviororg.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider should no...

According to MDN we can set the CSP protection via HTML like so.<meta http-equiv="Content-Security-Policy"...

Expected Behaviorhttp .redirectStrategy(ForwardHeadersRedirectStrategy())Current BehaviorI basically have to recreate t...

Current BehaviorI am just learning Spring Security and method security and reading about @PreAuthorize and @PostAuthoriz...

Describe the bugBugs occur when roles and authorities are built at the same time.The content is overwritten by the latte...

Expected BehaviorI should be able to reopen the issue if I feel there was no response that solves the issue or reaches a...

Jeff Martin (Migrated from SEC-1709) said:Similar to SEC-338, org.springframework.security.authentication.AbstractAuthen...

In circumstances where Spring MVC is deployed only to the root servlet (/), then there is no information lost when a pat...

Expected BehaviorIt should not be surprising when a link in the docs navigates to an external resource.Current BehaviorI...

The "Api Doc" links on https://spring.io/projects/spring-security#learn are broken for all versions except "6.2.0-SNAPSH...

SummaryWe are getting 500 from spring security jar if we use // in URL, ideally it should give 400 bad request.Ex. - htt...