spring-security
spring-security copied to clipboard
spring-projects
Spring Security
Closes: gh-18013
Bumps `org-apache-maven-resolver` from 1.9.24 to 1.9.25. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.24 to 1.9.25 Release notes Sourced from org.apache.maven.resolver:maven-resolver-connector-basic's releases. 1.9.25 🚀 New features and improvements Add scope support for trusted checksums...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.13 to 1.14.14. Release notes Sourced from io.micrometer:micrometer-observation's releases. 1.14.14 :lady_beetle: Bug Fixes Don't filter log events in LogbackMetricsBenchmark #6891 :notebook_with_decorative_cover: Documentation Add link to the latest...
**Describe the bug** WebAuthn persistence only works using in-memory SessionRepository? 1. [PublicKeyCredentialCreationOptions](https://github.com/spring-projects/spring-security/blob/fd267dfb71bfc8e1ab5bcc8270c12fbaad46fddf/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialCreationOptions.java#L35) 2. [PublicKeyCredentialRequestOptions](https://github.com/spring-projects/spring-security/blob/fd267dfb71bfc8e1ab5bcc8270c12fbaad46fddf/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialRequestOptions.java#L35) Persistence doesn't seem to work out-of-the-box (OOTB) if using WebAuthn + Redis. 1. Redis [defaultSerializer](https://github.com/spring-projects/spring-session/blob/a2efffe9bc6122f9f31a1192d704589970a5de84/spring-session-data-redis/src/main/java/org/springframework/session/data/redis/RedisIndexedSessionRepository.java#L324) seems...
**Describe the bug** I'm trying to use Spring Security in combination with ACLs. I use PostgreSQL as my database and have used the schema from the [Spring Security docs](https://docs.spring.io/spring-security/reference/servlet/appendix/database-schema.html#_postgresql). ```sql...
## Summary - Clarifies that the `authenticationProvider()` method adds a provider to the existing list rather than replacing it - Documents that the provider is appended to the internal collection...
Addressing issue I created https://github.com/spring-projects/spring-security/issues/18229. Not sure if this was ever intended to be nullable, but as we throw when token is null it makes sense to me to add...
Updates documentation to reflect that PKCE is now enabled by default for `authorization_code` flows in both authorization server and client. Changes include: - Documenting the default PKCE behavior for authorization...
... when using `ReactiveUserDetailsService` without `ReactiveUserDetailsPasswordService`. The existing test uses a `MapReactiveUserDetailsService` that implements `ReactiveUserDetailsPasswordService`, which does not trigger the error. fixes gh-17986
**Context** Hello, I would like to reach out with a small question. I did ask the same in Stack Overflow, but the question was closed, as they mentioned this is...
