Skip to content

commons-logging:commons-logging is a transitive dependency of some modules #10499

New issue
New issue
Closed
Closed
commons-logging:commons-logging is a transitive dependency of some modules#10499
Assignees
rwinch
Labels
in: buildAn issue in the buildstatus: backportedAn issue that has been backported to maintenance branchestype: bugA general bug
Milestone
6.0.0-M2
@wilkinsona

Description

@wilkinsona
wilkinsona
opened on Nov 12, 2021

Describe the bug

Spring projects should use Spring Framework's spring-jcl module in place of commons-logging:commons-logging, however some Spring Security modules pull in commons-logging:commons-logging as a transitive dependency. spring-security-openid in 5.5.x is one example. spring-security-saml2-service-provider in 5.4.x is another.

To Reproduce

Looking at build scans on ge.spring.io is one way to observe the problem for 5.5.x at least (I couldn't find any scans tagged with 5.4.x). You can also see commons-logging:commons-logging leaking into Spring Boot's build via Spring Security (and many other dependencies) in Boot's build scans such as this one.

Expected behavior

commons-logging is not a direct or transitive dependency of any Spring Security module.

Sample

N/A.

Metadata

Metadata

Assignees

Labels

in: buildAn issue in the buildstatus: backportedAn issue that has been backported to maintenance branchestype: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions