> On Jul 20, 2022, at 2:53 AM, Colm O hEigeartaigh <[email protected]> wrote: > > I noticed in the rest project that there are two Spring versions: > > [INFO] +- org.springframework:spring-core:jar:5.3.22:compile > [INFO] | \- org.springframework:spring-jcl:jar:5.3.22:compile > [INFO] +- org.springframework.security:spring-security-web:jar:5.7.2:compile > [INFO] | +- > org.springframework.security:spring-security-core:jar:5.7.2:compile > [INFO] | | \- > org.springframework.security:spring-security-crypto:jar:5.7.2:compile > [INFO] | +- org.springframework:spring-aop:jar:5.3.21:compile > [INFO] | +- org.springframework:spring-beans:jar:5.3.21:compile > [INFO] | +- org.springframework:spring-context:jar:5.3.21:compile > [INFO] | +- org.springframework:spring-expression:jar:5.3.21:compile > [INFO] | \- org.springframework:spring-web:jar:5.3.21:compile > > Not sure if it's worth aligning these to 5.3.22?
Colm, Those are the latest dependencies for each. I’d need to be convinced that going with a previous version of spring security to match the core is advisable due to all of the CVE’s. In any case, there isn’t a a 5.3.22 spring core version. Or, did I misunderstand your intent here? Please advise. In any case, part of the release process is to upgrade all dependencies to latest, which has been done here. > Also I noticed all > the repos have a NOTICE with a date range ending in 2018: > > Apache Fortress Rest > Copyright 2003-2018 The Apache Software Foundation Good catch. It’s been updated in the source repo. — Shawn --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
