Overview

1 Pull request merged by 1 person

• Align NimbusJwtDecoder HTTP timeout defaults with Nimbus by setting to 500ms

  #17669 merged Sep 2, 2025

8 Pull requests opened by 5 people

• Remove redundant code in document

  #17813 opened Aug 29, 2025

• Add Password4jPasswordEncoder for enhanced password hashing support

  #17825 opened Aug 30, 2025

• Add Jackson 3 support and deprecate Jackson 2 one

  #17832 opened Sep 1, 2025

• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE

  #17834 opened Sep 2, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final

  #17835 opened Sep 2, 2025

• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE

  #17836 opened Sep 2, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final

  #17837 opened Sep 3, 2025

• Support @ClientRegistrationId at Class Level

  #17838 opened Sep 3, 2025

6 Issues closed by 1 person

• Enable Null checking in spring-security-taglibs via JSpecify

  #17828 closed Aug 31, 2025

• Enable Null checking in spring-security-rsocket via JSpecify

  #17827 closed Aug 31, 2025

• Enable Null checking in spring-security-cas via JSpecify

  #17826 closed Aug 31, 2025

• Enable Null checking in spring-security-messaging via JSpecify

  #17817 closed Aug 29, 2025

• Enable Null checking in spring-security-web via JSpecify

  #17535 closed Aug 29, 2025

• APIs should Use `Supplier<? extends @Nullable Authentication>`

  #17814 closed Aug 29, 2025

15 Issues opened by 6 people

• Document Importing into VS Code and Eclipse

  #17833 opened Sep 2, 2025

• Ability to configure `authenticationDetailsSource` in `AnonymousConfigurer`

  #17831 opened Sep 1, 2025

• Login fails when using char[] instead of String for password credentials

  #17830 opened Sep 1, 2025

• As a developer, I want test OAuth2ResourceServer-based authorization without authentication

  #17829 opened Aug 31, 2025

• [spring-security/crypto/bcrypt] [performance] SecureRandom created every for single password encode

  #17824 opened Aug 30, 2025

• Enable Null checking in spring-security-saml2-service-provider via JSpecify

  #17823 opened Aug 29, 2025

• Enable Null checking in spring-security-oauth2-resource-server via JSpecify

  #17822 opened Aug 29, 2025

• Enable Null checking in spring-security-oauth2-jose via JSpecify

  #17821 opened Aug 29, 2025

• Enable Null checking in spring-security-oauth2-core via JSpecify

  #17820 opened Aug 29, 2025

• Enable Null checking in spring-security-oauth2-client via JSpecify

  #17819 opened Aug 29, 2025

• Enable Null checking in spring-security-ldap via JSpecify

  #17818 opened Aug 29, 2025

• Remove null checks to work around setBeanResolver(BeanResolver)

  #17816 opened Aug 29, 2025

• Remove `@NullUnmarked` from observability web classes

  #17815 opened Aug 29, 2025

• PathPatternRequestMatcherBuilder should not create a double-slash URI with a root base path

  #17812 opened Aug 27, 2025

• Add Instructions Detailing Servlet Path Declaration in Migration Guides

  #17811 opened Aug 27, 2025

14 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Propagate Authorities From Previous Factors

  #17790 commented on Sep 2, 2025 • 6 new comments

• Allow multiple ServerLogoutHandler instances in ServerHttpSecurity

  #17381 commented on Sep 3, 2025 • 1 new comment

• OAuth2Login behaves differently in MVC and Reactive

  #16941 commented on Aug 27, 2025 • 0 new comments

• PathPatternRequestMatcher is not a suitable replacement for the deprecated MvcRequestMatcher

  #17808 commented on Aug 27, 2025 • 0 new comments

• Consider preventing null `defaultRolePrefix` in `SecurityExpressionRoot`

  #17782 commented on Aug 28, 2025 • 0 new comments

• Fix remember me functionality

  #17292 commented on Aug 29, 2025 • 0 new comments

• Add password4j implementation of PasswordEncoder

  #17706 commented on Aug 30, 2025 • 0 new comments

• Null safety via JSpecify

  #16882 commented on Aug 31, 2025 • 0 new comments

• SEC-2856: Make cookie theft detection in remember-me service configurable because it's seriously broken

  #3079 commented on Sep 2, 2025 • 0 new comments

• Support @ClientRegistrationId at Class Level

  #17806 commented on Sep 3, 2025 • 0 new comments

• Fix PublicKeyCredentialType.PUBLIC_KEY comparison with Spring Session

  #17223 commented on Aug 29, 2025 • 0 new comments

• PKCE configuration - enabled by default

  #17507 commented on Sep 2, 2025 • 0 new comments

• Remove PortResolver

  #17524 commented on Sep 1, 2025 • 0 new comments

• Add AuthorizationManagerFactory

  #17673 commented on Sep 2, 2025 • 0 new comments