I am trying to assign custom-filters to specific security-chains in spring-security 6.1 which works but the request-matc...

Describe the bugWhen 2 or more threads (or in a distributed environment - 2 or more instances) are invoking the JdbcMuta...

Please modify the method and timing of setting basename in this class.Because calling setBasename() will cause basenameS...

Forward port of #13970Comment From: marcusdacoregioClosed via https://github.com/spring-projects/spring-security/commit/...

Per the Spring Boot team, the following error occurs when using the latest 6.2.0-SNAPSHOT (762319b6bea04027ee83208f9e660...

We should adapt the recommendations and examples in the blog article Spring Security without the WebSecurityConfigurerAd...

Comment From: sjohnrIssue50Tests fail with the following error:java.lang.IllegalStateException: Failed to load Applicati...

Forward port of issue #13596 to 6.2.x.Comment From: sjohnrI believe this was closed with 6ee4bbcc13ff6edec6358dcec3e692b...

Describe the bugSpring Security uses RequestAttributeSecurityContextRepository instead of the NullSecurityContextReposit...

Comment From: sjohnrAfter some research, it turns out secrets cannot be used in conditionals in GitHub Actions. However,...

Expected BehaviorPresently in version 6.2.0-M3, there is no possibility to customize the authenticationConverter that is...

Expected BehaviorDocumentation can state that if you have a multi-page app like one that mounts React components where t...

Recently I was upgrading a spring-boot app from 2.x to 3.x. This app has also a dependency on spring-cloud, so I'm not a...

Expected BehaviorNo timeout.Current BehaviorCaused by: java.lang.IllegalStateException: com.nimbusds.jose.RemoteKeySourc...

SummaryOpen ID Connect Core 1.0 specification does not mandate invocation of UserInfo Endpoint and set of Standard Claim...

We should investigate why com.nimbusds:nimbus-jose-jwt:9.31 is downgraded to 9.24.4 when dependencies are updated (via ....

Describe the bugI can't be 100% sure, but it seems to be a bug or misconfiguration to me. I can work to try to have a re...

Describe the bugWhen RefreshTokenOAuth2AuthorizedClientProvider is not registered, but PasswordOAuth2AuthorizedClientPro...

Describe the bugAuthorizeHttpRequests is allowing calls with unauthorized access when triggered in parallel (approx 20 p...

We should have something automated that updates the Gradle Wrapperhttps://github.com/gradle/wrapper-upgrade-gradle-plugi...