Search results

Allow OAuth2 Authorization Server to provide JWT scope claim aligned with OAuth2 Spec (space delimited)

status: waiting-for-triageAn issue we've not yet triagedAn issue we've not yet triaged

type: enhancementA general enhancementA general enhancement

Status: Open.

#19392 In spring-projects/spring-security;

· david-lynn-BR-DGE opened on Jun 26, 2026

TokenType reference comparison is used in BearerTokenAuthentication

status: waiting-for-triageAn issue we've not yet triagedAn issue we've not yet triaged

type: bugA general bugA general bug

Status: Open.

#19377 In spring-projects/spring-security;

· norbert-kiss-99 opened on Jun 24, 2026

Error on Spring Authorization server when issuing Id token after migrating from Spring boot 4.0.5 -> 4.0.7

status: waiting-for-triageAn issue we've not yet triagedAn issue we've not yet triaged

type: bugA general bugA general bug

Status: Open.

#19371 In spring-projects/spring-security;

· pzgadzaj opened on Jun 23, 2026

InetOrgPerson uid should not be a mandatory field - may cause regression as of version 7.1.0

status: waiting-for-triageAn issue we've not yet triagedAn issue we've not yet triaged

type: bugA general bugA general bug

Status: Open.

#19370 In spring-projects/spring-security;

· in-fke opened on Jun 23, 2026

credentials validation in CasAuthenticationToken.Builder uses Assert.notNull on a boolean instead of Assert.isTrue

status: waiting-for-triageAn issue we've not yet triagedAn issue we've not yet triaged

Status: Open.

#19368 In spring-projects/spring-security;

· big-cir opened on Jun 22, 2026

NullPointerException during WebAuthn registration when authenticator transport is unknown (e.g. "cable")

status: waiting-for-triageAn issue we've not yet triagedAn issue we've not yet triaged

type: bugA general bugA general bug

Status: Open.

#19366 In spring-projects/spring-security;

· alsha opened on Jun 22, 2026

Update to OpenSAML 5.2

status: waiting-for-triageAn issue we've not yet triagedAn issue we've not yet triaged

type: enhancementA general enhancementA general enhancement

Status: Open.

#19349 In spring-projects/spring-security;

· OrangeDog opened on Jun 18, 2026

with spring-security-oatuh2-jose-7.1.0 a jwt with loa value null always returns an error

status: waiting-for-triageAn issue we've not yet triagedAn issue we've not yet triaged

type: bugA general bugA general bug

Status: Open.

#19346 In spring-projects/spring-security;

· kostja86 opened on Jun 17, 2026

OidcProviderConfigurationEndpointFilter (multi-issuer) only matches the path-append discovery location, not path-insertion — asymmetric with OAuth2AuthorizationServerMetadataEndpointFilter and breaks MCP discovery priority #2

status: waiting-for-triageAn issue we've not yet triagedAn issue we've not yet triaged

type: bugA general bugA general bug

Status: Open.

#19342 In spring-projects/spring-security;

· sandipchitale opened on Jun 14, 2026

InMemoryReactiveSessionRegistry can lose a session under concurrent save/remove

status: waiting-for-triageAn issue we've not yet triagedAn issue we've not yet triaged

Status: Open.

#19338 In spring-projects/spring-security;

· junhyeong9812 opened on Jun 14, 2026

InMemoryUserDetailsManager.changePassword fails for non-lowercase usernames

status: waiting-for-triageAn issue we've not yet triagedAn issue we've not yet triaged

Status: Open.

#19336 In spring-projects/spring-security;

· junhyeong9812 opened on Jun 14, 2026

DefaultAuthorizationManagerFactory.anonymous() applies additionalAuthorization

status: waiting-for-triageAn issue we've not yet triagedAn issue we've not yet triaged

Status: Open.

#19334 In spring-projects/spring-security;

· junhyeong9812 opened on Jun 14, 2026