Please what is the compatible release version for Spring Security for Spring 3.2.8 release ?
There is little dependancy between Spring Security versions and Spring Framework versions. I have already used Spring Security 3.1.x with Spring Framework 3.1.x and 3.2.x.
If you have no reason to do differently (portability of code) you should choose the more recent General Available version that is compatible with your other components.
Doc for latest GA (4.0.1) says that it builds against Spring Framework 4.1.6.RELEASE, but should work with 4.0.x => no good.
Doc for previous GA (3.2.7) says that is builds against Spring Framework 3.2.13.RELEASE, but is also tested against Spring Framework 4.1.6.RELEASE
It would be my first choice, but if you use maven, you will have to control what is actually imported via transitive dependancy and eventually force 3.2.8 versions for all used Spring Framework components to avoid mixing different versions, or better upgrade to 3.2.13 since it is only a patch level different version.
Of course, you can also make use of the fact that previous Spring Security version (3.2.6) explicitely builds against Spring Framework 3.2.8.RELEASE, as said by #zeisi
According to the Docs it would be 3.2.6, see Spring Security Docs
Related
There is a vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-22047) discovered in spring-data-rest-webmvc which is only fixed in versions 3.4.14 and 3.5.6. Spring Boot 2.3.12 uses the version 3.3.9. Migrating to spring boot 2.4.x or above is not an option for us.
We would like to use spring-data-rest-webmvc:3.4.14, but we are not sure if it's compatible with spring boot 2.3.x.
Can we use them together?
Spring Data Rest version 3.4 and up use Spring Framework version 5.3.x.
Spring Boot 2.3 is build with Spring Framework 5.2.x.
Will it work, probably, but there are no garanties that it will keep working or work at all. Most like it will fail with some NoSuchMethodError or ClassNotFOundExceptions or other exotic expetions one gets when mixing modules/jars from different versions of a framework.
Currently, I am using
<springFramework.version>3.2.3.RELEASE</springFramework.version>
<springFrameworkSecurity.version>3.1.4.RELEASE</springFrameworkSecurity.version>
I want to move to
<springFramework.version>5.3.4.RELEASE</springFramework.version>
<springFrameworkSecurity.version> ? </springFrameworkSecurity.version>
According to the documentation for the latest Spring Security:
Since Spring Security makes breaking changes only in major releases, it is safe to use a newer version of Spring Security with Spring Boot.
The Spring Framework version you're moving to is 5.3.4, so I would assume that any 5.X.X version of Spring Security should work.
If that works, let us know by marking the answer as solved! If not, leave a comment.
I have tried to figure out which version of spring-data-jdbc to use with Spring Boot 1.5.20.RELEASE (= Spring Framework 4.3.23.RELEASE) - but I can't find that info anywhere.
Is it because spring-data-jdbc only work with Spring Boot 2.x / Spring Framework 5.x?
Specifically I want to use #Query, #EnableJdbcRepositories, etc.
When I look at the release notes for Spring Data Ingalls SR20 (the release train that matches Boot 1.5.20.RELEASE / Framework 4.3.23.RELEASE) it looks like spring-data-jdbc is only supported in Lovelace (Boot 2.x and Framework 5.x): https://spring.io/blog/2019/04/10/spring-data-lovelace-sr6-kay-sr14-ingalls-sr20-released
EDIT & ANSWER: As per comment from #JensSchauder: spring-data-jdbc is a (fairly) new project created from scratch. There is no way to use it with Spring Framework 4.
If you look at the spring-data-jdbc pom.xml it uses spring-data-parent to manage Spring Framework version by defining and applying spring.version property. You must ensure that this Spring Framework version is compatible with whatever version you are using.
The first available spring-data-jdbc:1.0.0.RELEASE version uses spring-data-parent:2.1.0.RELEASE parent which requires Spring Framework 5.1:
<spring>5.1.0.RELEASE</spring>
It's not be recommended to use spring-data-jdbc with lower Spring Framework version. Since Spring Boot 1.5.X uses Spring Framework 4.X the answer would be no.
Is there any Spring 5.0.6.RELEASE osgified version patch available? We have to to do quick release so need to upgrade older spring but currently our framework uses OSGI based container, though spring has officially stopped supported OSGI. Is it possible to have patched version of latest Spring framework?
Though I know it's better to convert to Spring based container but since time doesn't allow I'm in search of any osgified version of Spring jars.
Apache Servicemix produces osgified versions of a lot of well known libraries, Spring included: https://github.com/apache/servicemix-bundles
Currently the latest osgfied version of Spring is "5.0.5.RELEASE", with "5.0.6.RELEASE" probably due to come in the near future. Otherwise, getting servicemix pom.xml for 5.0.5.RELEASE and manually changing Spring version should work (from 5.0.5 to 5.0.6 there should be just internal implementation changes).
Please what is the compatible release version for Spring Security for Spring 3.2.8 release ?
There is little dependancy between Spring Security versions and Spring Framework versions. I have already used Spring Security 3.1.x with Spring Framework 3.1.x and 3.2.x.
If you have no reason to do differently (portability of code) you should choose the more recent General Available version that is compatible with your other components.
Doc for latest GA (4.0.1) says that it builds against Spring Framework 4.1.6.RELEASE, but should work with 4.0.x => no good.
Doc for previous GA (3.2.7) says that is builds against Spring Framework 3.2.13.RELEASE, but is also tested against Spring Framework 4.1.6.RELEASE
It would be my first choice, but if you use maven, you will have to control what is actually imported via transitive dependancy and eventually force 3.2.8 versions for all used Spring Framework components to avoid mixing different versions, or better upgrade to 3.2.13 since it is only a patch level different version.
Of course, you can also make use of the fact that previous Spring Security version (3.2.6) explicitely builds against Spring Framework 3.2.8.RELEASE, as said by #zeisi
According to the Docs it would be 3.2.6, see Spring Security Docs