[cas-user] CAS 6.6.x - Override Spring Version

Mon, 03 Apr 2023 12:40:12 -0700 

Hi,

We use the overlay version of CAS 6.6.7 and because of Snyk warnings need 
to override the version of Spring from 5.3.22 to 5.3.26.

I've been back through the log4j remediation stuff and tried to follow 
those guidelines alongside an older requirement to upgrade Spring from 
5.2.0, but am unable to get the generated war file to include the new files 
and exclude the old ones.

I added a bootWar section

bootWar {
entryCompression = ZipEntryCompression.STORED
overlays {
cas {
from 
"org.apereo.cas:cas-server-webapp${project.appServer}:${project.'cas.version'}@war"
provided = false
excludes = ["WEB-INF/lib/spring-*-5.3.22.*.jar"]
}
}
}

and updated the dependencies section with


compileOnly "org.springframework:spring-aop:${springVersion}"
compileOnly "org.springframework:spring-beans:${springVersion}"
compileOnly "org.springframework:spring-context:${springVersion}"
compileOnly "org.springframework:spring-context-support:${springVersion}"
compileOnly "org.springframework:spring-core:${springVersion}"
compileOnly "org.springframework:spring-expression:${springVersion}"
compileOnly "org.springframework:spring-jcl:${springVersion}"
compileOnly "org.springframework:spring-jdbc:${springVersion}"
compileOnly "org.springframework:spring-jms:${springVersion}"
compileOnly "org.springframework:spring-messaging:${springVersion}"
compileOnly "org.springframework:spring-orm:${springVersion}"
compileOnly "org.springframework:spring-oxm:${springVersion}"
compileOnly "org.springframework:spring-tx:${springVersion}"
compileOnly "org.springframework:spring-web:${springVersion}"
compileOnly "org.springframework:spring-webmvc:${springVersion}"

Where springVersion is defined as "5.3.26"

I'm presuming the issue is that Spring is pulled in from multiple projects 
- but do I have to list every single one?

Thanks

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2f93cf5f-d33e-4c89-a455-f1910875c61dn%40apereo.org.

Reply via email to