I have an existing spring mvc project where I'm using spring 4.3.23.RELEASE version with spring security 4.2.13.RELEASE.
Now I want to upgrade the spring version 5.2.8.RELEASE. I don't identify which spring-security version is compatible with Spring 5.2.8.RELEASE version?
Generally speaking, the Spring Security Reference manual will answer this. For example, the manual for the Spring Security 5.2.5 RELEASE says:
Spring Security builds against Spring Framework 5.2.6.RELEASE but should generally work with any newer version of Spring Framework 5.x.
(The next release of Spring Security after 5.2.5 is 5.3.0.)
So I would expect Spring Security 5.2.5 would work with Spring Framework 5.2.8.
The Spring Security Reference manual also advises you to use "spring-framework-bom" to simplify dependency management. The idea is that you select a specific "bom" version and that gives you a set of compatible versions numbers for any of the Spring components that you use.
Spring documentation is the best source, but in case you are still unclear then the following approach can be taken.
As Spring Security depends on Spring Framework, one can look at the dependency tree of Spring Security to identify the compatible version of Spring Framework.
Now this can take some iterations but in the end one would get an accurate result.
Refer to the compile dependencies section in the maven repository page
Related
I'm using Spring Boot 2.6 and Spring Cloud Sleuth 3.1.4
Whenever I run the app I'm getting this:
Your project setup is incompatible with our requirements due to following reasons:
- Spring Boot [2.6.0] is not compatible with this Spring Cloud release train
Action:
Consider applying the following actions:
- Change Spring Boot version to one of the following versions [2.4.x, 2.5.x] .
You can find the latest Spring Boot versions here [https://spring.io/projects/spring-boot#learn].
If you want to learn more about the Spring Cloud Release train compatibility, you can visit this page [https://spring.io/projects/spring-cloud#overview] and check the [Release Trains] section.
If you want to disable this check, just set the property [spring.cloud.compatibility-verifier.enabled=false]
According to release train 2021.0.x should be compatible with Spring boot 2.6 and sleuth 3.1.4 is a part of it.
Am I missing something here?
In the compatibility matrix, as listed here: https://spring.io/projects/spring-cloud, under 'Release Train' section, this should work.
But, I would recommend you to lower the spring cloud version to 3.1.3 to begin with. If you still get the same error, try with version 3.1.0. as in my project I had no problems using spring-cloud-starter-sleuth 3.1.0 with Spring Boot 2.6.x.
Best regards,
Filip
EDIT: With spring sleuth 3.1.4 you should use spring-cloud-dependencies of version 2021.0.4. Maybe here you got the problem.
I was tasked to assign to modify an application with RBAC(Role Based access control) for a project which uses an older spring mvc version 3.0.5.
We plan to integrate spring security for this task.
The question is, are there any older version of spring security we can use
that is compatible with the spring mvc we have?
Last Spring Security-3.1.0 supports spring 3.0.6. This version of spring security should work fine for your project.
Although your version should work fine with this version of spring security if you want you can do a minor version upgrade of spring. You can find the changelogs here https://spring.io/blog/2011/08/24/spring-3-0-6-is-now-available
And documentation for this version of the library can be found at this link spring-security-3.0.7-docs
But, please be cautious, it's not recommended to use older versions of security-related libraries since they might have known vulnerabilities.
On my current project we are using Spring 4.2 (core, aop, beans, web , webmvc, etc).
What are the major problems we could encounter when upgrading from Spring 4.2 to Spring 5.0.5? How backward compatible would Spring Security 4.2 be with Spring 5.0.5?
Thank you for your time.
It's hard to tell without knowing which functionalities and features of Spring your project relies on.
I'd suggest to start by reviewing official changelogs and release notes to determine the affected parts of your project.
What's New in Spring Framework 5.x might be a good starting point.
Especially watch out for removed features and APIs.
There also is a Spring Integration 4.3 to 5.0 Migration Guide.
while upgrading to Spring 4.2.7 i faced below two issues
Get and Delete requests containing ";" and "%" character will fail with 500 response because of the HttpFirewall restrictions. You can refer to below link for solution.
Getting 500 response in Spring 5 when url contains semicolon
Spring 5 needs default password encoder otherwise it will throw below exception
java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null
You can refer to below link for solution.
Spring Security 5 : There is no PasswordEncoder mapped for the id "null"
I have a fully developed spring project, I am using spring security version 3.2.10 it is working fine with thymeleaf 2, I want to know whether thymeleaf 3.0.6 supports or fully compatible with spring security 3.2.10 version.
I googled so much but I didn't got answer for my doubt.Please someone help me whether thymeleaf 3.0.6 completely compatible with spring security 3.2.10 and I don't want to change or upgrade the spring security 3.2.10 version.
When I include spring-boot in my project, it has predefined versions of other spring components. eg: spring-boot 1.3.5 with spring-boot-starter-web automatically includes spring-mvc 4.2.6. if I want to use some features from webmvc 4.3, how can i know they are compatible? is there any compatibility matrix? or should i just treat it as a single release and never change versions?
Spring Boot will work the best for you if you don't try to resist defaults (of course change them only if necessary). You can include Spring 4.3 into Spring boot 1.3.x project, but I guess you will encounter various issues.
Version 1.4.0 will include Spring 4.3. Spring Boot 1.4.0 is on Milestone 3 currently.
BTW,
compatibility version for spring boot
1.5x: https://docs.spring.io/spring-boot/docs/1.5.x/reference/html/appendix-dependency-versions.html
and for spring boot 2.0x:
https://docs.spring.io/spring-boot/docs/2.0.x/reference/html/appendix-dependency-versions.html