vorburger commented on a change in pull request #1258:
URL: https://github.com/apache/fineract/pull/1258#discussion_r477153343
##########
File path: fineract-provider/build.gradle
##########
@@ -85,14 +86,15 @@ apply plugin: "org.hidetake.swagger.generator"
dependencyManagement {
imports {
mavenBom 'org.springframework:spring-framework-bom:5.2.6.RELEASE'
+ mavenBom
'org.springframework.security:spring-security-bom:5.3.2.RELEASE'
}
dependencies {
// We use fixed versions, instead of inheriting them from the Spring
BOM, to be able to be on more recent ones.
// We do not use :+ to get the latest available version available on
Maven Central, as that could suddenly break things.
// We use the Renovate Bot to automatically propose Pull Requests
(PRs) when upgrades for all of these versions are available.
- dependency
'org.springframework.security.oauth:spring-security-oauth2:2.5.0.RELEASE'
+ dependency
'org.springframework.security.oauth:spring-security-oauth2:2.3.3.RELEASE'
Review comment:
Yeah, agreed. What I was saying here is that this downgrades
`spring-security-oauth2` from 2.5.0 to 2.3.3 here, which is an even older
version than the 2.3.6 that was originally used in #863 here. I do not
understand how this PR is related to the FINERACT-1012 Spring Security OAuth
2.x to Spring Security 5.2.x upgrade, as the title of this PR claims.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
