Strategy when migrating to Spring 3.2.0

[jborrmann]

Hi,

we have been using a combination of Spring 3.0.4.RELEASE and Spring Security 3.0.3.RELEASE so far.

Now we are trying to upgrade to Spring 3.2.0.RELEASE. It seems to us that there is no release version of Spring Security that can be combined with that version of Spring.

We are in an OSGi context so the Manifest metadata of the latest Spring Security 3.1 release specifies an upper version bound for spring package excluding 3.2.0.
https://jira.springsource.org/browse/SEC-2096 fixes this problem for Spring Security 3.2.0.M1.

Is there a recommended way for tackling this issue as long as Spring Security 3.2 has not been released? Is there already a planned release date for Spring Security 3.2?

We thought about manipulating the manifests of the 3.1.3 release of Spring Security allowing import of version 3.2.0 for Spring. Would you expect any problems from doing this?

Any help appreciated!

Best regards,
Jens

[jrudnick]

We are also attempting to use Spring framework 3.2.1 release with Spring Security 3.1.3 release in an OSGi environment. Spring Security 3.1.3 only allows spring framework packages to be imported under 3.2.0, thus these versions of framework and security will not play nice together. I have also attempted spring security 3.2.0 M1 with framework 3.2.1 and this gets worse in the milestone...

Has this been filed as an issue in spring Jira?

[jrudnick]

Filed an issue at: https://jira.springsource.org/browse/SEC-2149

[jborrmann]

Thanks for looking into the details and for filing the issue!