See https://spring.io/blog/2020/10/29/notice-of-permissions-changes-to-repo-spring-io-fall-and-winter-2020Comment From: ...

are partial patches welcome for adding org.springframework.lang.Nullable and org.springframework.lang.NonNull?. If so a...

Our current GitHub actions CI workflow runs at a set time interval and when it detects a new commit.We should add the op...

Which features from OAuth 2.1 will be supported by Spring Security? Is there a roadmap or any documentation on this topi...

Backport of gh-9256Comment From: spring-projects-issuesFixed via 429caeacc905a6fc5c676ecb58a477da0e4e3067Comment From: i...

See https://github.com/spring-projects/spring-security/pull/8996#discussion_r506652742 and https://github.com/spring-pro...

QuestionI'm currently implementing an API Gateway authenticating using spring-security-saml2-service-provider. Looks lik...

Obviously, the schemaLocation Urls required for XML config files were changed to https:// in 5.2.0 and http:// definitio...

Describe the bugWhen using the HTTP-REDIRECT binding the Signature (URL parameters Signature and SigAlg) are not retriev...

First of all, I'm sorry. My English is poor. I may have grammar mistakes. As the title says, configuring maximumSessions...

Expected BehaviorCorsDsl hasvar configurationSource: CorsConfigurationSource? = nullsimilar to ServerCorsDslCurrent Beha...

CsrfWebFilter creates an incorrect message when the expected CsrfToken cannot be found CSRF Token has been associated to...

See https://github.com/spring-projects/spring-security/pull/8996#issuecomment-746312303Comment From: evgeniycheban@jzhea...

Bug descriptionI'm integrating with an external IdP. This IdP wants the AuthnRequest signed and, moreover, needs the Key...

Describe the bugAfter upgrading to Spring Security 5.4.1 my web application throws the following exception:org.springfra...

I'm facing some problems with concurrent session management, in particular when multiple concurrent requests are perform...

I would like to see a Security Scope So that I could register and inject an object that would be cleared automatically u...

Describe the bugThe new SAML implementation is missing a couple validations that were performed on the AuthnResponse in ...

Hello,I am using spring-security 5.0.6 and I want to make max-sessions field configurable from a properties fileSo I did...

Describe the bugWe have a spring security configuration that explicitly calls out to apply the migrateSession() strategy...