Why does Spring Security 3.1.2 depend on Spring-AOP 3.0.7 ?
I notice that some spring-security artifacts with version 3.1.2 depend on spring artifacts in version 3.0.7, in this case, spring-security-core and spring-security-web.
Is there a reason to depende on version 3.0.7 instead of 3.1.2 ? I'd rather have them depend on Spring artifacts with the same version, and have a single version for all the Spring and Spring Security artifacts in my stack.
[INFO] +- org.springframework.security:spring-security-core:jar:3.1.2.RELEASE:compile
[INFO] | \- org.springframework:spring-aop:jar:3.0.7.RELEASE:compile
[INFO] +- org.springframework.security:spring-security-web:jar:3.1.2.RELEASE:compile
[INFO] | \- org.springframework:spring-tx:jar:3.0.7.RELEASE:compile
Of course, I can disable transitive dependencies in Maven and add my preferred versions of those artifacts instead, but I wonder if there is a decision behind this default.