Madhura Bhave

/cc @rwinch - [x] https://github.com/spring-projects/spring-security/issues/11466 - [x] https://github.com/spring-projects/spring-security/issues/11467 - [ ] https://github.com/spring-projects/spring-security/issues/11623

Possible misconfiguration of SecurityContextRepository

1

The default `SecurityContextRepository` for stateless applications is now `RequestAttributeSecurityContextRepository`. However, `SecurityContextConfigurer` sets the `SecurityContextRepository` to `HttpSessionSecurityContextRepository` if it isn't already set as a shared object. This results in the context...

Fail hard if a CorsFilter cannot be configured when cors() is called

1

For Webflux applications, if the security configuration is configured with `.cors()` and there is no bean of type `CorsConfigurationSource`, a `CorsFilter` is silently not added. It would be better to...

Any `configtree:` location that ends with `/*/` will import all immediate children as config trees. It is worth stating explicitly that any directories nested more than one level deep become...

With the Redis license changes, this statement is no longer accurate `Redis is an open source, BSD-licensed, key-value data store that also comes with a messaging system.` I think we...

The guide says `Download the resulting ZIP file, which is an archive of a web application that is configured with your choices.` but this is not a web application.

The guide says `Download the resulting ZIP file, which is an archive of a web application that is configured with your choices.` but this is not a web application.

The guide says `Download the resulting ZIP file, which is an archive of a web application that is configured with your choices.` but this is not a web application.

Update minimum required version of Java to 17

1

The guide is on Spring Boot 3.2