Upgrade com.nimbusds:oauth2-oidc-sdk to 7.0.3 #8007
Comments
spring-projects-issues
added
the
status: waiting-for-triage
jgrandja
added
in: build
|
The fix for the issue I mentioned is only available in the 7.x line as far as I can see. |
spring-projects-issues
added
status: feedback-provided
|
Hi, @jzheaux . You set oauth2-oidc-sdk's version to So can we do like this:
|
|
Hi, @snicoll I see you updated the nimbus-jose-jwt's version to 9.0.1. Could you please use spring-boot-dependencies for spring-security instead of manage by dependency-management.gradle ? So we can have uniformed version for spring apps. |
|
@chenrujun thanks for reaching out and spending some time thinking about this. Since Boot always releases after Security, it would be tricky to base Security's dependency versions on the ones that Boot is using. That said, I agree that it's important that the two products work well together. Note that Spring Security builds with Boot-based samples to verify compatibility. As for your own project, any dependencies Spring Boot manages take precedence in your Spring Boot application, so you should be able to look to spring-boot-dependencies for a definitive answer. That said, note that Spring Security 5.4.0 released with Nimbus is a bit of a special case since they release with each PR merge and don't have a stated support policy for major or minor versions. This is why Spring Security uses |
|
@jzheaux . I got it. Thank you very much for your detailed explanation. |
oauth2-oidc-sdkhas version ranges in the published pom which leads to various issues. This breaks start.spring.io's metadata verification tests so I've reported the problem.It would be nice if Spring Security would upgrade to this version so that we're not affected by the resolution of version ranges anymore.
The text was updated successfully, but these errors were encountered: