Why does Spring Security 3.1.2 depend on Spring-AOP 3.0.7 ?

Hi,

I notice that some spring-security artifacts with version 3.1.2 depend on spring artifacts in version 3.0.7, in this case, spring-security-core and spring-security-web.

Code:

---

mvn dependency:tree

[INFO] +- org.springframework.security:spring-security-core:jar:3.1.2.RELEASE:compile
[INFO] |  \- org.springframework:spring-aop:jar:3.0.7.RELEASE:compile
[INFO] +- org.springframework.security:spring-security-web:jar:3.1.2.RELEASE:compile
[INFO] |  \- org.springframework:spring-tx:jar:3.0.7.RELEASE:compile

---

Is there a reason to depende on version 3.0.7 instead of 3.1.2 ? I'd rather have them depend on Spring artifacts with the same version, and have a single version for all the Spring and Spring Security artifacts in my stack.

Of course, I can disable transitive dependencies in Maven and add my preferred versions of those artifacts instead, but I wonder if there is a decision behind this default.

Because Spring Security depends on Spring 3.0 and not 3.1... There is no relation between the spring security version number and spring framework version number...