Strategy when migrating to Spring 3.2.0

Printable View

Jan 4th, 2013, 08:12 AM
jborrmann

Strategy when migrating to Spring 3.2.0

Hi,

we have been using a combination of Spring 3.0.4.RELEASE and Spring Security 3.0.3.RELEASE so far.

Now we are trying to upgrade to Spring 3.2.0.RELEASE. It seems to us that there is no release version of Spring Security that can be combined with that version of Spring.

We are in an OSGi context so the Manifest metadata of the latest Spring Security 3.1 release specifies an upper version bound for spring package excluding 3.2.0.
https://jira.springsource.org/browse/SEC-2096 fixes this problem for Spring Security 3.2.0.M1.

Is there a recommended way for tackling this issue as long as Spring Security 3.2 has not been released? Is there already a planned release date for Spring Security 3.2?

We thought about manipulating the manifests of the 3.1.3 release of Spring Security allowing import of version 3.2.0 for Spring. Would you expect any problems from doing this?

Any help appreciated!

Best regards,
Jens
Mar 12th, 2013, 12:28 PM
jrudnick

We are also attempting to use Spring framework 3.2.1 release with Spring Security 3.1.3 release in an OSGi environment. Spring Security 3.1.3 only allows spring framework packages to be imported under 3.2.0, thus these versions of framework and security will not play nice together. I have also attempted spring security 3.2.0 M1 with framework 3.2.1 and this gets worse in the milestone...

Has this been filed as an issue in spring Jira?
Mar 12th, 2013, 01:53 PM
jrudnick

Filed an issue at: https://jira.springsource.org/browse/SEC-2149
Mar 13th, 2013, 01:28 AM
jborrmann

Thanks for looking into the details and for filing the issue!