Hi there,
I noticed after upgrading to Spring Boot 2.7.10, the jar file spring-security-oauth2-client-5.7.3.jar was still included, whereas the other Spring Security Jars were correctly resolved to 5.7.7.
This issue can easily be inspected when generating the effective POM for any project that has Spring Boot Starter Parent 2.7.10 as its parent.
The generated effective POM looks like this:
Given the position in this effective POM, I suspect the bad version number has something to do with the old org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure above it.
Thanks in advance for looking into it and kind regards, Philipp
Comment From: snicoll
@philippn unfortunately, sharing a screenshot is not helpful.
This issue can easily be inspected when generating the effective POM for any project that has Spring Boot Starter Parent 2.7.10 as its parent.
I am afraid it can't. The effective pom is correct and a maven project created from start.spring.io with Spring Boot 2.7.10 resolves org.springframework.security:spring-security-oauth2-client to 5.7.7 as expected.
If you want support, please share a minimal project that reproduces what you've described.
Comment From: philippn
Hello @snicoll
Thanks for your quick reply. You are right, it wasn't happening with the plain example as I suspected. I beg your pardon.
In fact it seems to happen when importing the dependency management of Spring Cloud.
I have uploaded an example POM as a Gist: pom.xml
Hope that helps!
Thanks and kind regards, Philipp
Comment From: snicoll
Thanks but a problem in Spring Cloud's dependency management should not be reported here. I did reproduce the problem and looked at the Spring Cloud org and couldn't manage to find out the root cause of the problem. I've also noticed that using 2021.0.7-SNAPSHOT does not exhibit the issue.
At this point, I can't justify spending more time on this. Feel free to report it to Spring Cloud: https://github.com/spring-cloud/spring-cloud-release
Comment From: snicoll
I've managed to track it down. This is a duplicate of https://github.com/spring-cloud/spring-cloud-openfeign/issues/786