16 Pull requests merged by 4 people

• Bump io.micrometer:micrometer-observation from 1.14.5 to 1.14.6

  #16938 merged Apr 15, 2025

• Bump io.micrometer:micrometer-observation from 1.14.5 to 1.14.6

  #16933 merged Apr 14, 2025

• Bump org.junit:junit-bom from 5.12.1 to 5.12.2

  #16929 merged Apr 14, 2025

• Bump org-aspectj from 1.9.22.1 to 1.9.24

  #16931 merged Apr 14, 2025

• Bump io.micrometer:context-propagation from 1.1.2 to 1.1.3

  #16932 merged Apr 14, 2025

• Bump com.google.code.gson:gson from 2.12.1 to 2.13.0

  #16930 merged Apr 14, 2025

• Bump org-aspectj from 1.9.22.1 to 1.9.24

  #16928 merged Apr 14, 2025

• Bump org-aspectj from 1.9.22.1 to 1.9.24

  #16927 merged Apr 14, 2025

• Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4

  #16919 merged Apr 10, 2025

• Bump io.mockk:mockk from 1.13.17 to 1.14.0

  #16917 merged Apr 10, 2025

• Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4

  #16918 merged Apr 10, 2025

• Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4

  #16916 merged Apr 10, 2025

• Jackson deserialization of ClientAuthenticationMethods should recognize all values

  #16826 merged Apr 9, 2025

• Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.10.1 to 1.10.2

  #16910 merged Apr 9, 2025

• Update kotlin.adoc to add required spread operator(*)

  #16859 merged Apr 8, 2025

• Polish javadoc

  #16908 merged Apr 8, 2025

5 Pull requests opened by 4 people

• Set PublicKeyCredentialRequestOptionsRepository by DSL or Bean

  #16911 opened Apr 9, 2025

• Fix `HttpSessionRequestCache#getMatchingRequest` query string parsing

  #16914 opened Apr 9, 2025

• Polish javadoc

  #16924 opened Apr 11, 2025

• Polish PublicKeyCredentialCreationOptionsFilter

  #16934 opened Apr 14, 2025

• Remove unused classes

  #16935 opened Apr 14, 2025

12 Issues closed by 4 people

• Prevent downgraded usage of DPoP-bound access tokens

  #16937 closed Apr 14, 2025

• OAuth2 Client Authentication section of docs uses deprecated classes

  #16925 closed Apr 11, 2025

• AuthorizeReturnObject should target the authorized object within MVC return values

  #16059 closed Apr 10, 2025

• Configure AuthorizationAdvisoryProxyFactory Immutably

  #16922 closed Apr 10, 2025

• AuthorizationAdvisoryProxyFactory configuration should pick up TargetVisitor beans

  #16923 closed Apr 10, 2025

• Make DPoP IatClaimValidator public to allow configuring clock and clockSkew

  #16921 closed Apr 10, 2025

• Simplify Response Validation in OpenSaml5AuthenticationProvider

  #16915 closed Apr 9, 2025

• Allow retrieving username from SAML Assertion Attributes

  #12136 closed Apr 9, 2025

• Not all OAuth2 ClientAuthenticationMethods are supported in Jackson2 converters

  #16825 closed Apr 9, 2025

• Update DeferredCsrfToken to implement Supplier

  #16870 closed Apr 9, 2025

• Prepare oauth2-client deprecations for removal in Spring Security 7

  #16913 closed Apr 9, 2025

• Incorrect documentation for OpaqueTokenIntrospector

  #16903 closed Apr 8, 2025

6 Issues opened by 4 people

• Add support dpop customization

  #16940 opened Apr 15, 2025

• Add support one-time token value customization

  #16939 opened Apr 15, 2025

• Replace check calls with authorize

  #16936 opened Apr 14, 2025

• Improve documentation of WebFlux Username/Password login, WebSession persistence.

  #16926 opened Apr 12, 2025

• Support custom CAs in oauth login

  #16920 opened Apr 10, 2025

• Reactive implementation for DPoPAuthenticationProvider & related classes

  #16912 opened Apr 9, 2025

18 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Add BearerTokenAuthenticationConverter

  #14791 commented on Apr 11, 2025 • 2 new comments

• Implement UserDetailsPasswordService in JdbcUserDetailsManager #16863

  #16881 commented on Apr 8, 2025 • 1 new comment

• Provided uncached way to use (Reactive)OidcIdTokenDecoderFactory

  #16647 commented on Apr 11, 2025 • 1 new comment

• Add Equals and HashCode methods for better comparison.

  #16842 commented on Apr 9, 2025 • 0 new comments

• Added a mapping for DPOP TokenType in DefaultMapOAuth2AccessTokenResponseConverter

  #16806 commented on Apr 9, 2025 • 0 new comments

• Spring Security Interface Based Rest Clients

  #16858 commented on Apr 15, 2025 • 0 new comments

• Bcrypt fix breaks existing client credential flows

  #16802 commented on Apr 15, 2025 • 0 new comments

• NimbusJwtEncoder should simplify constructing with javax.security Keys

  #16267 commented on Apr 14, 2025 • 0 new comments

• Multiple traces are generated for failing requests

  #12610 commented on Apr 12, 2025 • 0 new comments

• Remove deprecated implementations of OAuth2AccessTokenResponseClient

  #16909 commented on Apr 11, 2025 • 0 new comments

• OidcIdTokenDecoderFactory caches JwtDecoders and ignores ClientRegistration updates

  #16655 commented on Apr 11, 2025 • 0 new comments

• Improve Integration between Authorized Objects and Spring MVC

  #16057 commented on Apr 10, 2025 • 0 new comments

• Pass Http Request to OAuth2AuthorizationRequestResolver#authorizationRequestCustomizer

  #16306 commented on Apr 10, 2025 • 0 new comments

• HttpSessionRequestCache#getMatchingRequest passes decoded Request URL to UriComponentsBuilder

  #16656 commented on Apr 9, 2025 • 0 new comments

• OAuth2 RefreshTokenAuthenticationConverter fails to refresh token in Spring Security OAuth2 Authorization Server 1.4.2

  #16855 commented on Apr 9, 2025 • 0 new comments

• Add CIBA support

  #14725 commented on Apr 9, 2025 • 0 new comments

• JdbcUserDetailsManager.setEnableUpdatePassword

  #16863 commented on Apr 8, 2025 • 0 new comments

• Consider using Bouncy Castle BCrypt implementation

  #16880 commented on Apr 8, 2025 • 0 new comments