Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-2090: LDAP dependencies (3.1.3) #2324

spring-issuemaster opened this Issue Dec 7, 2012 · 2 comments


None yet
1 participant

Flavio Donzé (Migrated from SEC-2090) said:

Trying to update the spring framework and spring security from 3.0.5 to 3.1.3.
I encountered this OSGi problem:

The org.springframework.security.ldap 3.1.3 bundle has the following dependencies:

Well the org.springframework.ldap 1.3.1 bundle than has the following dependencies:
org.springframework.beans [3.0.5.RELEASE, 3.1.0) false
org.springframework.beans.factory [3.0.5.RELEASE, 3.1.0) false
org.springframework.beans.factory.config [3.0.5.RELEASE, 3.1.0) false
org.springframework.context [3.0.5.RELEASE, 3.1.0) true
org.springframework.core [3.0.5.RELEASE, 3.1.0) false
org.springframework.dao [3.0.5.RELEASE, 3.1.0) false
org.springframework.jdbc.datasource [3.0.5.RELEASE, 3.1.0) true
org.springframework.orm.hibernate3 [3.0.5.RELEASE, 3.1.0) true
org.springframework.transaction [3.0.5.RELEASE, 3.1.0) false
org.springframework.transaction.support [3.0.5.RELEASE, 3.1.0) false
org.springframework.util [3.0.5.RELEASE, 3.1.0) false

So I can not update the spring framework and spring security to 3.1.3 since o.s.ldap excludes he 3.1.x releases.

Greg Turnquist said:

https://issuetracker.springsource.com/browse/EBR-881 shows fixes made to the EBR, indicating the version range from Spring LDAP should work correctly now.

Greg Turnquist said:

The fix for this was completed in https://issuetracker.springsource.com/browse/EBR-881. No need to patch Spring Security.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment