spring-security

spring-security copied to clipboard

Closes [gh-17259](https://github.com/spring-projects/spring-security/issues/17259)

x7Git

Deprecation warning about authorizeRequests should also contain XML guidance

2

After upgrading Spring Security from version 6.4.4 to 6.5.0, our application consistently logs the following warning: > [DefaultFilterChainValidator.checkAuthorizationFilters:128] Usage of authorizeRequests is deprecated. Please use authorizeHttpRequests in the configuration Our...

x7Git

Change `PasswordComparisonAuthenticator` to use `LdapClient`

2

jzheaux

Provided uncached way to use (Reactive)OidcIdTokenDecoderFactory

3

Hello. Sorry for ignoring issue creating. If ClientRegistration is managed by db, it's unreal to update jwsAlgorithm or jwksUri without restarting the app. So I added possibility not to use...

iigolovko

This PR includes - Add diamond operator

ngocnhan-tran1996

SEC-2856: Make cookie theft detection in remember-me service configurable because it's seriously broken

13

[Jean-Pierre Bergamin](https://jira.spring.io/secure/ViewProfile.jspa?name=ractive) (Migrated from [SEC-2856](https://jira.spring.io/browse/SEC-2856?redirect=false)) said: After enabling remember-me authentication for our SSO portal, people were complaining about errors they got while logging in. Those errors turned out to be...

spring-projects-issues

- [ ] Update Dependabot to ignore minor version upgrades

jzheaux

Change `FilterBasedLdapUserSearch` to use `LdapClient`

2

jzheaux

jzheaux

jzheaux