7 Pull requests merged by 1 person

• Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16

  #16366 merged Jan 6, 2025

• Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16

  #16364 merged Jan 6, 2025

• Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16

  #16363 merged Jan 6, 2025

• Bump org.mockito:mockito-bom from 5.14.2 to 5.15.2

  #16360 merged Jan 3, 2025

• Bump org.assertj:assertj-core from 3.27.0 to 3.27.1

  #16357 merged Jan 2, 2025

• Bump com.webauthn4j:webauthn4j-core from 0.28.3.RELEASE to 0.28.4.RELEASE

  #16356 merged Jan 2, 2025

• Bump com.webauthn4j:webauthn4j-core from 0.28.3.RELEASE to 0.28.4.RELEASE

  #16355 merged Jan 2, 2025

5 Pull requests opened by 5 people

• Change deprecated FilterSecurityInterceptor to AuthorizationFilter

  #16352 opened Dec 30, 2024

• Fix missing space in documentation

  #16353 opened Dec 31, 2024

• The selectJwk method of NimbusJwtEncoder class should not throw Exception when jwks size great than one #16170

  #16354 opened Jan 2, 2025

• Polish AbstractHttpConfigurer

  #16362 opened Jan 6, 2025

• Bump org.assertj:assertj-core from 3.27.1 to 3.27.2

  #16365 opened Jan 6, 2025

3 Issues closed by 2 people

• [build] Settings.gradle's logic to handle different buildFile name could result in phantom subproject

  #16322 closed Jan 5, 2025

• RoleHierarchy not automatically inject in overwritten MethodSecurityExpressionHandler bean

  #16307 closed Jan 3, 2025

• WebSessionOAuth2ServerAuthorizationRequestRepository assumes state parameter is url-decoded

  #16359 closed Jan 2, 2025

3 Issues opened by 3 people

• Add a Webauth request URL customization feature.

  #16361 opened Jan 5, 2025

• Add HSTS header also in case of a RequestRejectedException

  #16358 opened Jan 2, 2025

• Spring Security WebAuthn is missing Registration by anonymous user, a use case specified in WebAuthn L2 Subsection 1.3.1

  #16351 opened Dec 30, 2024

6 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Add `OAuth2AuthorizedClientManager` autoconfiguration without `spring-boot-starter-web` dependency

  #15877 commented on Dec 30, 2024 • 0 new comments

• OIDC Back-Channel Logout Support for Clustered Servers

  #16321 commented on Dec 30, 2024 • 0 new comments

• Bean Conflict Between `webSocketAuthorizationManagerPostProcessor` and `objectPostProcessor` in Spring Security Configuration

  #16299 commented on Jan 2, 2025 • 0 new comments

• Allow configuration of OAuth2LoginAuthenticationFilter.authenticationResultConverter

  #16349 commented on Jan 5, 2025 • 0 new comments

• Remove Autowire annotation on the unique constructor in ReactiveAuthorizationManagerMethodSecurityConfiguration

  #16326 commented on Jan 6, 2025 • 0 new comments

• Fix for JdbcOneTimeTokenService cleanupExpiredTokens failing with PostgreSQL

  #16344 commented on Dec 30, 2024 • 0 new comments