Spring Security
  1. Spring Security
  2. SEC-1686

Upgrade to Spring 3.0.6 for Spring Security 3.0.6

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Complete
    • Affects Version/s: 3.0.5
    • Fix Version/s: 3.0.6
    • Component/s: None
    • Labels:
      None

      Description

      This dependency makes my maven dependency tree considerably larger, as my project then depends on Spring framework 3.0.3 and 3.0.5. The problem is within the spring-security-parent pom.

        Activity

        Jon Travis created issue -
        Hide
        Luke Taylor added a comment -

        You shouldn't end up with two versions of Spring in the same application. If you're using Maven then its dependency mediation should choose the one you specify in preference over a transitive dependency.

        http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Transitive_Dependencies

        Show
        Luke Taylor added a comment - You shouldn't end up with two versions of Spring in the same application. If you're using Maven then its dependency mediation should choose the one you specify in preference over a transitive dependency. http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Transitive_Dependencies
        Hide
        Jon Travis added a comment -

        I don't end up with 2 instances of the framework, however my mvn dependency:list will show me both dependencies. This makes it hard to enumerate the true dependencies I have.

        Show
        Jon Travis added a comment - I don't end up with 2 instances of the framework, however my mvn dependency:list will show me both dependencies. This makes it hard to enumerate the true dependencies I have.
        Hide
        Luke Taylor added a comment - - edited

        Not a bug. There's no guarantee that a minor version of Spring Security will automatically be using the "current" version of Spring. If we released 3.0.6 today with a dependency on Spring 3.0.5 then the same issue would exist if a user chooses to upgrade to Spring 3.0.6 when it is released a couple of weeks from now.

        Show
        Luke Taylor added a comment - - edited Not a bug. There's no guarantee that a minor version of Spring Security will automatically be using the "current" version of Spring. If we released 3.0.6 today with a dependency on Spring 3.0.5 then the same issue would exist if a user chooses to upgrade to Spring 3.0.6 when it is released a couple of weeks from now.
        Luke Taylor made changes -
        Field Original Value New Value
        Issue Type Bug [ 1 ] Improvement [ 4 ]
        Luke Taylor made changes -
        Summary Spring Security 3.0.5 depends on Spring 3.0.3 Upgrade to Spring 3.0.6 for Spring Security 3.0.6
        Hide
        Luke Taylor added a comment -

        I've changed the title to reflect the fact that we will upgrade to the next Spring version for 3.0.6. This may affect some people's builds when upgrading Spring Security.

        Show
        Luke Taylor added a comment - I've changed the title to reflect the fact that we will upgrade to the next Spring version for 3.0.6. This may affect some people's builds when upgrading Spring Security.
        Luke Taylor made changes -
        Assignee Luke Taylor [ luke ]
        Fix Version/s 3.0.6 [ 11761 ]
        Luke Taylor made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Complete [ 8 ]
        Trevor Marshall made changes -
        Workflow jira [ 45686 ] SPR Workflow [ 55377 ]
        Rob Winch made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        175d 22h 42m 1 Luke Taylor 19/Aug/11 10:29 AM
        Resolved Resolved Closed Closed
        302d 6h 1 Rob Winch 16/Jun/12 4:29 PM

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Jon Travis
          • Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: