diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutHandler.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutHandler.java
index 505b354ea85..91c1ba403be 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutHandler.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutHandler.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -117,7 +117,7 @@ private void eachLogout(HttpServletRequest request, OidcBackChannelLogoutAuthent
 		}
 		headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
 		String logout = computeLogoutEndpoint(request, token);
-		MultiValueMap<String, String> body = new LinkedMultiValueMap();
+		MultiValueMap<String, String> body = new LinkedMultiValueMap<>();
 		body.add("logout_token", token.getPrincipal().getTokenValue());
 		body.add("_spring_security_internal_logout", "true");
 		HttpEntity<?> entity = new HttpEntity<>(body, headers);
diff --git a/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
index 9cb3cd712b7..af22f36d98b 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -64,7 +64,7 @@ public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder holder, Par
 			}
 			BeanDefinition matcher = matcherType.createMatcher(parserContext, path, null);
 			if (filters.equals(HttpSecurityBeanDefinitionParser.OPT_FILTERS_NONE)) {
-				securityFilterChains.add(createSecurityFilterChain(matcher, new ManagedList(0)));
+				securityFilterChains.add(createSecurityFilterChain(matcher, new ManagedList<>(0)));
 			}
 			else {
 				String[] filterBeanNames = StringUtils.tokenizeToStringArray(filters, ",");
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
index ca4a2c8b0d6..7c16767fa79 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
@@ -370,7 +370,7 @@ static void registerFilterChainProxyIfNecessary(ParserContext pc, Element elemen
 		// Not already registered, so register the list of filter chains and the
 		// FilterChainProxy
 		BeanDefinition listFactoryBean = new RootBeanDefinition(ListFactoryBean.class);
-		listFactoryBean.getPropertyValues().add("sourceList", new ManagedList());
+		listFactoryBean.getPropertyValues().add("sourceList", new ManagedList<>());
 		pc.registerBeanComponent(new BeanComponentDefinition(listFactoryBean, BeanIds.FILTER_CHAINS));
 		BeanDefinitionBuilder fcpBldr = BeanDefinitionBuilder.rootBeanDefinition(FilterChainProxy.class);
 		fcpBldr.getRawBeanDefinition().setSource(source);
diff --git a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
index 2c903ce5270..48333c98970 100644
--- a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -361,7 +361,7 @@ else if (CSRF_HANDSHAKE_HANDLER_CLASSES.contains(beanClassName)) {
 			if (!registry.containsBeanDefinition(CLIENT_INBOUND_CHANNEL_BEAN_ID)) {
 				return;
 			}
-			ManagedList<Object> interceptors = new ManagedList();
+			ManagedList<Object> interceptors = new ManagedList<>();
 			interceptors.add(new RootBeanDefinition(SecurityContextChannelInterceptor.class));
 			if (!this.sameOriginDisabled) {
 				interceptors.add(new RootBeanDefinition(CsrfChannelInterceptor.class));
diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
index 2ee3810cd25..e88b6d4ce0a 100644
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -91,8 +91,8 @@ void serializeAndDeserializeAreEqual(Class<?> clazz) throws Exception {
 				Object deserialized = objectInputStream.readObject();
 				// Ignore transient fields Event classes extend from EventObject which has
 				// transient source property
-				Set<String> transientFieldNames = new HashSet();
-				Set<Class<?>> visitedClasses = new HashSet();
+				Set<String> transientFieldNames = new HashSet<>();
+				Set<Class<?>> visitedClasses = new HashSet<>();
 				collectTransientFieldNames(transientFieldNames, visitedClasses, clazz);
 				assertThat(deserialized).usingRecursiveComparison()
 					.ignoringFields(transientFieldNames.toArray(new String[0]))
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
index 2c41d1a3688..8a40a5e1e3b 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -152,7 +152,7 @@ public void requestWhenHeadersElementUsedThenResponseContainsAllSecureHeaders()
 
 	@Test
 	public void requestWhenFrameOptionsConfiguredThenIncludesHeader() throws Exception {
-		Map<String, String> headers = new HashMap(defaultHeaders);
+		Map<String, String> headers = new HashMap<>(defaultHeaders);
 		headers.put("X-Frame-Options", "SAMEORIGIN");
 		this.spring.configLocations(this.xml("WithFrameOptions")).autowire();
 		// @formatter:off