82 Pull requests merged by 6 people

• Bump org-apache-maven-resolver from 1.9.23 to 1.9.24

  #17426 merged Jul 2, 2025

• Bump io.mockk:mockk from 1.14.2 to 1.14.4

  #17427 merged Jul 2, 2025

• Bump org.hibernate.orm:hibernate-core from 7.0.1.Final to 7.0.4.Final

  #17428 merged Jul 2, 2025

• Bump com.webauthn4j:webauthn4j-core from 0.29.3.RELEASE to 0.29.4.RELEASE

  #17429 merged Jul 2, 2025

• Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.19.1

  #17430 merged Jul 2, 2025

• Bump org-apache-maven-resolver from 1.9.23 to 1.9.24

  #17431 merged Jul 2, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13

  #17432 merged Jul 2, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17433 merged Jul 2, 2025

• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7

  #17434 merged Jul 2, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final

  #17435 merged Jul 2, 2025

• Bump org-apache-maven-resolver from 1.9.23 to 1.9.24

  #17436 merged Jul 2, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17437 merged Jul 2, 2025

• Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21

  #17438 merged Jul 2, 2025

• Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13

  #17439 merged Jul 2, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13

  #17440 merged Jul 2, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17441 merged Jul 2, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13

  #17442 merged Jul 2, 2025

• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7

  #17443 merged Jul 2, 2025

• Bump com.webauthn4j:webauthn4j-core from 0.29.3.RELEASE to 0.29.4.RELEASE

  #17444 merged Jul 2, 2025

• Bump org-apache-maven-resolver from 1.9.23 to 1.9.24

  #17445 merged Jul 2, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17414 merged Jul 1, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17413 merged Jul 1, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17412 merged Jul 1, 2025

• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8

  #17411 merged Jul 1, 2025

• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8

  #17410 merged Jul 1, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final

  #17409 merged Jul 1, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final

  #17408 merged Jul 1, 2025

• Bump io.mockk:mockk from 1.14.2 to 1.14.4

  #17407 merged Jul 1, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13

  #17406 merged Jul 1, 2025

• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7

  #17405 merged Jul 1, 2025

• Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21

  #17415 merged Jul 1, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13

  #17416 merged Jul 1, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13

  #17417 merged Jul 1, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13

  #17418 merged Jul 1, 2025

• Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13

  #17419 merged Jul 1, 2025

• Bump org.hibernate.orm:hibernate-core from 7.0.1.Final to 7.0.4.Final

  #17420 merged Jul 1, 2025

• Bump io.mockk:mockk from 1.14.2 to 1.14.4

  #17421 merged Jul 1, 2025

• Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.19.1

  #17422 merged Jul 1, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17423 merged Jul 1, 2025

• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7

  #17404 merged Jun 30, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final

  #17403 merged Jun 30, 2025

• Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13

  #17386 merged Jun 30, 2025

• Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21

  #17387 merged Jun 30, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13

  #17388 merged Jun 30, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17389 merged Jun 30, 2025

• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7

  #17390 merged Jun 30, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13

  #17391 merged Jun 30, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final

  #17392 merged Jun 30, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17393 merged Jun 30, 2025

• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8

  #17394 merged Jun 30, 2025

• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8

  #17395 merged Jun 30, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17396 merged Jun 30, 2025

• Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.19.1

  #17397 merged Jun 30, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17398 merged Jun 30, 2025

• Bump org.hibernate.orm:hibernate-core from 7.0.1.Final to 7.0.4.Final

  #17399 merged Jun 30, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13

  #17400 merged Jun 30, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13

  #17401 merged Jun 30, 2025

• Bump io.mockk:mockk from 1.14.2 to 1.14.4

  #17402 merged Jun 30, 2025

• Add default authorizationRequestBaseUri to DefaultOAuth2AuthorizationRequestResolver

  #16384 merged Jun 27, 2025

• Don't cache WebSocket request in RequestCache

  #16741 merged Jun 27, 2025

• Removed deprecated Base64 of crypto package

  #17314 merged Jun 27, 2025

• Fixed link to CSRF checks on rubyonrails.org site

  #17319 merged Jun 27, 2025

• Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.19.1

  #17360 merged Jun 27, 2025

• Bump io.mockk:mockk from 1.14.2 to 1.14.4

  #17361 merged Jun 27, 2025

• Bump org.hibernate.orm:hibernate-core from 7.0.1.Final to 7.0.3.Final

  #17362 merged Jun 27, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17363 merged Jun 27, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13

  #17364 merged Jun 27, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17365 merged Jun 27, 2025

• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7

  #17366 merged Jun 27, 2025

• Bump org.springframework.data:spring-data-bom from 2024.0.12 to 2024.0.13

  #17367 merged Jun 27, 2025

• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8

  #17368 merged Jun 27, 2025

• Bump org.springframework:spring-framework-bom from 6.1.20 to 6.1.21

  #17369 merged Jun 27, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17370 merged Jun 27, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13

  #17371 merged Jun 27, 2025

• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13

  #17372 merged Jun 27, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final

  #17373 merged Jun 27, 2025

• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7

  #17374 merged Jun 27, 2025

• Bump io-spring-javaformat from 0.0.46 to 0.0.47

  #17375 merged Jun 27, 2025

• Bump io.mockk:mockk from 1.14.2 to 1.14.4

  #17376 merged Jun 27, 2025

• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final

  #17377 merged Jun 27, 2025

• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8

  #17378 merged Jun 27, 2025

• Update to Kotlin 2.2

  #17380 merged Jun 26, 2025

4 Pull requests opened by 3 people

• Allow multiple ServerLogoutHandler instances in WebFlux

  #17381 opened Jun 27, 2025

• Allow specifying a ServerAuthenticationConverter for x509()

  #17382 opened Jun 27, 2025

• Change `FilterBasedLdapUserSearch` to use `LdapClient`

  #17384 opened Jun 29, 2025

• Improve logging clarity in CsrfFilter

  #17425 opened Jul 1, 2025

3 Issues closed by 1 person

• Kotlin 2.2 Upgrade

  #16884 closed Jul 2, 2025

• DefaultOAuth2AuthorizationRequestResolver default authorizationRequestBaseUri

  #16383 closed Jun 27, 2025

• Remove Base64

  #17300 closed Jun 27, 2025

4 Issues opened by 4 people

• ClientRegistration.Builder.tokenUri() should take a `URI` parameter, not a `String`

  #17424 opened Jul 1, 2025

• Stub the call to OpenID configuration in an `oauth2Client` `@SpringBootTest`

  #17385 opened Jun 30, 2025

• Fail resolve argument CustomUserDetails when I test in only SecurityAutoConfiguration and @WebMvcTest

  #17383 opened Jun 27, 2025

• OAuth2: ServletOAuth2AuthorizedClientExchangeFilterFunction can fail to remove client if webclient receives retryable responses.

  #17379 opened Jun 26, 2025

17 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Add SpEL support for nested username extraction in OAuth2 user info

  #16857 commented on Jul 2, 2025 • 8 new comments

• Add Support SupplierReactiveClientRegistrationRepository

  #16770 commented on Jun 27, 2025 • 5 new comments

• Remove `RequestVariablesExtractor` in favor of `RequestMatcher#matcher`

  #17320 commented on Jul 1, 2025 • 1 new comment

• Remove deprecated classes moved to other packages

  #17330 commented on Jun 28, 2025 • 0 new comments

• Remove RelyingPartyRegistration deprecations

  #17329 commented on Jun 27, 2025 • 0 new comments

• Remove Nimbus(Reactive)OpaqueTokenIntrospector

  #17326 commented on Jun 27, 2025 • 0 new comments

• Improve authoritiesClaimName validation in JwtGrantedAuthoritiesConverter

  #17247 commented on Jun 25, 2025 • 0 new comments

• Ensure ID Token is updated after refresh token (Reactive)

  #17246 commented on Jun 27, 2025 • 0 new comments

• `ServerOAuth2AuthorizedClientExchangeFilterFunction`: scope client credential tokens to the application

  #17218 commented on Jul 2, 2025 • 0 new comments

• NimbusJwtEncoder does not support Edwards Curve signature (EdDSA) family algorithms.

  #17098 commented on Jul 1, 2025 • 0 new comments

• Remove Deprecations

  #13068 commented on Jul 1, 2025 • 0 new comments

• Add `OAuth2AuthorizedClientManager` autoconfiguration without `spring-boot-starter-web` dependency

  #15877 commented on Jul 1, 2025 • 0 new comments

• SAML2 for reactive environment / spring-webflux

  #7954 commented on Jun 30, 2025 • 0 new comments

• One Time Token should not be created if user does not exist

  #16483 commented on Jun 28, 2025 • 0 new comments

• Simplify Configuring Log In using Twitter / X v2 APIs

  #16378 commented on Jun 27, 2025 • 0 new comments

• Add getCreationTime() to SessionInformation for enhanced session lifecycle support

  #17359 commented on Jun 27, 2025 • 0 new comments

• PathPatternRequestMatcher caching leads to unexpected behavior when forwarding

  #17203 commented on Jun 26, 2025 • 0 new comments