The RSocket reference documentation refers to ServerRSocketFactoryProcessor which does not exist anymore.We should updat...

Describe the bugWhen configuring SecurityWebFilterChain with http.logout().disable() the default LogoutPageGeneratingWeb...

SummaryI think it may make sense to provide first class support (or since we haven't hit GA change our current support) ...

Describe the bugWe cannot reach our OP server with Spring Security. We know Spring Security is not the cause of the issu...

BackgroundWhen form login and logout are enabled, the LogoutPageGeneratingWebFilter will create a default logout page at...

Brandon McCulligh (Migrated from SEC-3114) said:I was seeing extremely odd behaviour in one of my applications while add...

Describe the bugI have a Spring application using spring-security-oauth2-client. It authenticates via OAuth2 using Auth...

Ninad Divadkar (Migrated from SEC-3176) said:when I disallow circularReferences in the project, Spring-security throws a...

Describe the bughttps://datatracker.ietf.org/doc/html/rfc8414#section-2 states that authorize_endpoint is required unles...

Describe the bugIt would appear ClientRegistrations.withProviderConfiguration does not yet support urn:ietf:params:oauth...

Describe the bugWhen using the SecurityMockServerConfigurer e.g. to test with an opaque OAuth2 token tests fail due to a...

Now that Github Actions supports Job Outputs, uploading files to communicate state between jobs is unnecessary.The notif...

For example, Spring Security's internal Slack channel for builds reported that the sonar_analysis task failed for https:...

Describe the bugUsing NimbusJwtClientAuthenticationParametersConverter with a resolver reading jwk from a rolling key so...

SummaryI have several static resources served by tomcat servers, these servers are siting behind the Spring Cloud Gatewa...

SummaryI have a problem adding multiple custom filters into SpringSecurityFilterChain using Java configuration because f...

Here i am using spring security 3.x and need to integrate with JA-SIG CAS server, I can login CAS server through https:/...

Expected BehaviorWhen I define a bean of type ReactiveJwtAuthenticationConverter, I would expect it to be considered in ...

Abhijit Sarkar (Migrated from SEC-3008) said:protected final void saveException(HttpServletRequest request, A...

Madis Pärn (Migrated from SEC-3118) said:GenericApplicationContext.setAllowCircularReferences(false) and @EnableWebSecur...