Announcement Announcement Module
No announcement yet.
Why does Spring Security 3.1.2 depend on Spring-AOP 3.0.7 ? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Why does Spring Security 3.1.2 depend on Spring-AOP 3.0.7 ?


    I notice that some spring-security artifacts with version 3.1.2 depend on spring artifacts in version 3.0.7, in this case, spring-security-core and spring-security-web.

    mvn dependency:tree
    [INFO] +-
    [INFO] |  \- org.springframework:spring-aop:jar:3.0.7.RELEASE:compile
    [INFO] +-
    [INFO] |  \- org.springframework:spring-tx:jar:3.0.7.RELEASE:compile
    Is there a reason to depende on version 3.0.7 instead of 3.1.2 ? I'd rather have them depend on Spring artifacts with the same version, and have a single version for all the Spring and Spring Security artifacts in my stack.

    Of course, I can disable transitive dependencies in Maven and add my preferred versions of those artifacts instead, but I wonder if there is a decision behind this default.

  • #2
    Because Spring Security depends on Spring 3.0 and not 3.1... There is no relation between the spring security version number and spring framework version number...