SEC-2090: LDAP dependencies (3.1.3) #2324

spring-issuemaster opened this Issue Dec 7, 2012 · 2 comments


None yet

1 participant


Flavio Donzé (Migrated from SEC-2090) said:

Trying to update the spring framework and spring security from 3.0.5 to 3.1.3.
I encountered this OSGi problem:

The 3.1.3 bundle has the following dependencies:

Well the org.springframework.ldap 1.3.1 bundle than has the following dependencies:
org.springframework.beans [3.0.5.RELEASE, 3.1.0) false
org.springframework.beans.factory [3.0.5.RELEASE, 3.1.0) false
org.springframework.beans.factory.config [3.0.5.RELEASE, 3.1.0) false
org.springframework.context [3.0.5.RELEASE, 3.1.0) true
org.springframework.core [3.0.5.RELEASE, 3.1.0) false
org.springframework.dao [3.0.5.RELEASE, 3.1.0) false
org.springframework.jdbc.datasource [3.0.5.RELEASE, 3.1.0) true
org.springframework.orm.hibernate3 [3.0.5.RELEASE, 3.1.0) true
org.springframework.transaction [3.0.5.RELEASE, 3.1.0) false [3.0.5.RELEASE, 3.1.0) false
org.springframework.util [3.0.5.RELEASE, 3.1.0) false

So I can not update the spring framework and spring security to 3.1.3 since o.s.ldap excludes he 3.1.x releases.


Greg Turnquist said: shows fixes made to the EBR, indicating the version range from Spring LDAP should work correctly now.


Greg Turnquist said:

The fix for this was completed in No need to patch Spring Security.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment