SummaryI have a Spring Cloud Gateway application which uses Spring Security to provide CSRF protection. The gateway has ...

When running the security sample in spring-native, it fails with the following error:org.springframework.beans.factory.B...

We have to add native hints in order to make spring-security-ldap work in native applications. It would look something l...

There may be some value in introducing PermissionAuthorizationManager to allow a programmatic equivalent to hasPermissio...

The maven pom files of the spring security modules in Version 5.5.1 do not contain third party dependencies. This can ca...

SummaryAuthenticationEntryPoint commence method Why is it executed twiceActual Behaviorthrow new UsernameNotFoundExcept...

Expected Behavior"CookieCsrfTokenRepository" does allow you to set the cookies "maxAge" value, therefore it seems like i...

Describe the bugThis bug is described here "Regression with URL encode client credentials #10018", it was fixed in 5.5....

Describe the bugWe are using Spring Security SAML2 SSO and SLO.If I execute single logout from any other app or the IDP ...

Clark Duplichien (Migrated from SEC-2026) said:Similar to SEC-1691, except don't need to specify as part of config... ju...

Spring v2.1.4.RELEASECookieCsrfTokenRepository is a dedicated class to make CSRF integration with AngularJS work out of ...

How to solve CVE-2022-22978 on version 4.x ?Comment From: d-kreysame question for spring-boot-starter-security-2.7.0.jar...

Describe the bugI use org.springframework.security.core.session.SessionRegistry to store the sessions of 2 tomcat instan...

We need to setup JDK 17 for Antora Generate workflow so the :spring-security-docs:generateAntora task workshttps://githu...

From spring boot 2.5.24 to last release 2.7.x, i face a strange behavior : i've got a postMethod in a controller annotat...

This PR introduced the Gradle Toolchain in order to ensure that our build in the 5.x line compiles with Java 8.From vers...

Since we will drop the EhCache2 support in 6.0, we should add support for JCache which EhCache3 is fully compliantCommen...

Our RELEASE Update Dependencies section states:Review the rules in build.gradle to ensure the rules make sense. For exam...

The documentation should state that saganCreateRelease saganDeleteRelease from Update version on project page require th...

SummaryModule: spring-security-oauth2-joseVersion: 5.4.0-M2Thanks to this PR, we are now able to pass our own custom cac...