This is a continuation of https://github.com/spring-projects/spring-boot/issues/33275As requested there, i will open an ...

Comment From: daixixidaiNo description provided.Hello,I found an error or problem when I used newest Spring Security（6.0...

Similar to gh-9641 we should reject usage of StreamSee gh-7154Comment From: damingerdaiis it necessary to refuse to use ...

Describe the bugAngular compatibility is broken with Spring Boot 3 RC1 and implementation of the XOR token generation.Th...

Since isFullyAuthenticated is a composition of isAnonymous and isRememberMe, a default convenience method can be added:d...

The SAML IDP that we use requires us to follow these rules:When signing metadata, it should contain the element, and it...

Describe the bugI have a Spring boot application that want to secure with Spring Security. I want to use protect-pointcu...

Describe the bugI believe that the fix for CVE-2022-31690 has broken OidUserInfo fetching in some cases.org.springframew...

Describe the bugIn your commit from 28. Oct https://github.com/spring-projects/spring-security/commit/26a51ee1983a70e7db...

Expected BehaviorAllow the order of the filter being added in AbstractAuthenticationFilterConfigurer.configure to be cus...

https://github.com/spring-projects/spring-security/blob/45a963a011f3190ac9870d1c82d39ebe91fa39d3/web/src/main/java/org/s...

Writing an okta OCID/oauth2 integration with our application and I've had to upgrade spring and spring security -springV...

Describe the bugWhen adding the H2 console as an exception (white listing) in the SecurityFilterChain, the /h2-console r...

"Gustavo Fernandes":https://jira.spring.io/secure/ViewProfile.jspa?name=phlox said:I am using CAS provider with a httpin...

While updating our security configurations as part of the Spring Boot 3.0.0 upgrade, I noticed a mismatch between the up...

Describe the bugAfter updating spring-security-test from v5.7.5 to v5.8.0, the application doesn't start anymore. The re...

As per the reactor-core:3.5.0 release notes some deprecated methods were removed.Although it's not yet possible to pass ...

Describe the bugIn #11194, the Mono.subscriberContext() and Flux.subscriberContext() calls were replaced since they were...

In order to support a lazy access of the SecurityContext we should add methods to the SecurityContextHolder that allow s...

Expected BehaviorThere are many places where the stringliteral 'ROLE_' is used.Why not define a public static final cons...