Closing with 3 +1 binding votes. Emmanuel, Colm and I. Will move the packages into distribution folders and update the website over the next couple of days.
Thanks — Shawn > On Jul 21, 2022, at 5:06 AM, Colm O hEigeartaigh <[email protected]> wrote: > > Hi Shawn, > > I guess you could override the versions of the following jars to 5.3.22: > > [INFO] | +- org.springframework:spring-aop:jar:5.3.21:compile >> [INFO] | +- org.springframework:spring-beans:jar:5.3.21:compile >> [INFO] | +- org.springframework:spring-context:jar:5.3.21:compile >> [INFO] | +- org.springframework:spring-expression:jar:5.3.21:compile >> [INFO] | \- org.springframework:spring-web:jar:5.3.21:compile > > It's not ideal but otherwise there might be a small risk of > incompatibility between spring-core 5.3.22 and the other 5.3.21 jars. > Anyway I'll leave it up to you, if you're happy with it as it stands I > am +1 on the release. > > Colm. > > On Wed, Jul 20, 2022 at 5:18 PM Shawn McKinney <[email protected]> wrote: >> >> >>> On Jul 20, 2022, at 8:43 AM, Shawn McKinney <[email protected]> wrote: >>> >>> I’d need to be convinced that going with a previous version of spring >>> security to match the core is advisable due to all of the CVE’s. In any >>> case, there isn’t a a 5.3.22 spring core version. >> >> Err, the other way around. … There isn’t a spring security core version that >> matches up with spring core. >> >> Going with a previous spring security release means picking up CVE’s. As >> most of their previous releases are flagged with vulnerabilities: >> >> https://mvnrepository.com/artifact/org.springframework.security/spring-security-core >> >> Meaning we need to use the latest of each. What am I missing here? >> >> Thanks >> >> — >> Shawn >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
