Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

document how to avoid spring-security-core downgrade #1051

Merged
merged 1 commit into from
Jan 2, 2025
Merged

document how to avoid spring-security-core downgrade #1051

merged 1 commit into from
Jan 2, 2025

Conversation

jamesfredley
Copy link
Contributor

@jamesfredley jamesfredley commented Jan 2, 2025
edited
Loading

latest 6.1.2 build is showing spring security is downgraded,

+--- org.grails.plugins:spring-security-core:6.1.2
|   +--- org.grails:grails-core:6.2.2 (*)
|   +--- org.grails:grails-datastore-core:8.1.2 (*)
|   +--- org.grails:grails-datastore-gorm:8.1.2 (*)
|   +--- org.grails:grails-events-transform:5.0.2
|   +--- org.grails:grails-plugin-mimetypes:6.2.2 (*)
|   +--- org.grails.plugins:async:5.0.2
|   |   +--- org.grails:grails-async:5.0.2
|   |   \--- org.grails.plugins:events:5.0.2
|   |        +--- org.grails:grails-events:5.0.2
|   |        +--- org.grails:grails-events-compat:5.0.2
|   |        \--- org.grails:grails-events-transform:5.0.2
|   +--- org.grails:grails-web-common:6.2.2 (*)
|   +--- org.grails:grails-web-url-mappings:6.2.2 (*)
|   +--- org.springframework:spring-beans:5.3.39 (*)
|   +--- org.springframework:spring-context:5.3.39 (*)
|   +--- org.springframework:spring-expression:5.3.39 (*)
|   +--- org.springframework.security:spring-security-core:5.8.16 -> 5.7.11
|   |   +--- org.springframework.security:spring-security-crypto:5.7.11
|   |   +--- org.springframework:spring-aop:5.3.29 -> 5.3.39 (*)
|   |   +--- org.springframework:spring-beans:5.3.29 -> 5.3.39 (*)
|   |   +--- org.springframework:spring-context:5.3.29 -> 5.3.39 (*)
|   |   +--- org.springframework:spring-core:5.3.29 -> 5.3.39 (*)
|   |   \--- org.springframework:spring-expression:5.3.29 -> 5.3.39 (*)
|   +--- org.springframework.security:spring-security-web:5.8.16 -> 5.7.11
|   |   +--- org.springframework.security:spring-security-core:5.7.11 (*)
|   |   +--- org.springframework:spring-core:5.3.29 -> 5.3.39 (*)
|   |   +--- org.springframework:spring-aop:5.3.29 -> 5.3.39 (*)
|   |   +--- org.springframework:spring-beans:5.3.29 -> 5.3.39 (*)
|   |   +--- org.springframework:spring-context:5.3.29 -> 5.3.39 (*)
|   |   +--- org.springframework:spring-expression:5.3.29 -> 5.3.39 (*)
|   |   \--- org.springframework:spring-web:5.3.29 -> 5.3.39 (*)
|   \--- org.springframework:spring-web:5.3.39 (*)
+--- io.micronaut:micronaut-inject-groovy -> 3.10.4


org.springframework.security:spring-security-core:5.8.16 -> 5.7.11

org.springframework.boot:spring-boot-dependencies:2.7.18 is the cause

@jamesfredley jamesfredley self-assigned this Jan 2, 2025
@matrei
Copy link
Contributor

matrei commented Jan 2, 2025

@jamesfredley You can also set:

ext.set('spring-security.version', '5.8.16')

and then you don't have to define the dependency.

@matrei
Copy link
Contributor

matrei commented Jan 2, 2025

Or

spring-security.version=5.8.16

in gradle.properties

@matrei
Copy link
Contributor

matrei commented Jan 2, 2025

But I guess it is probably easier to get this vital information seamlessly into the current documentation as you have done 👍

@jamesfredley jamesfredley merged commit 820d931 into 6.1.x Jan 2, 2025
13 checks passed
@jamesfredley jamesfredley deleted the prevent-spring-security-core-downgrade branch January 2, 2025 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jdaugherty jdaugherty jdaugherty approved these changes

Assignees

@jamesfredley jamesfredley

Labels
None yet
Projects
Grails 6.2.2
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jamesfredley @matrei @jdaugherty