SEC-1688 requires that core depends on crypto which is counterintuitive. It would make more sense to move the crypto classes into core, even if we continue to supply the latter as a separate library.
Please remove the dependency from core to crypto in core's pom.xml. It causes duplicate classes on the classpath. You can see the crypto dependency here:
@David See SEC-1907
This issue has been migrated to https://github.com/spring-projects/spring-security/issues/1927