Skip to content

spring-security-core depends on spring-security-crypto #9767

New issue
New issue
Closed
Closed
spring-security-core depends on spring-security-crypto#9767
Assignees
rwinch
Labels
in: buildAn issue in the buildstatus: backportedAn issue that has been backported to maintenance branchestype: breaks-passivityA change that breaks passivity with the previous releasetype: bugA general bug
Milestone
5.6.0-M1
@wilkinsona

Description

@wilkinsona
wilkinsona
opened on May 18, 2021

Update Rather than embedding spring-security-crypto, spirng-security-core should just depend on it to avoid this scenario. This breaks passivity for applications that do not leverage transitive dependencies, but it should not impact a majority of users. Users that don't leverage transitive dependencies will need to explicitly add the spring-security-crypto jar to their classpath.

In 5.5.0, spring-security-core has started declaring a dependency on spring-security-crypto in addition to embedding spring-security-crypto's classes. This resulted in a number of Spring Boot's starters containing duplicates of the crypto classes. We've worked around it by excluding spring-security-crypto.

Metadata

Metadata

Assignees

Labels

in: buildAn issue in the buildstatus: backportedAn issue that has been backported to maintenance branchestype: breaks-passivityA change that breaks passivity with the previous releasetype: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions