Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

commons-logging:commons-logging is a transitive dependency of some modules #10499

Closed
wilkinsona opened this issue Nov 12, 2021 · 1 comment
Closed

commons-logging:commons-logging is a transitive dependency of some modules #10499

wilkinsona opened this issue Nov 12, 2021 · 1 comment
Assignees
@rwinch
Labels
in: build An issue in the build status: backported An issue that has been backported to maintenance branches type: bug A general bug
Milestone
6.0.0-M2

Comments

@wilkinsona
Copy link
Member

Describe the bug

Spring projects should use Spring Framework's spring-jcl module in place of commons-logging:commons-logging, however some Spring Security modules pull in commons-logging:commons-logging as a transitive dependency. spring-security-openid in 5.5.x is one example. spring-security-saml2-service-provider in 5.4.x is another.

To Reproduce

Looking at build scans on ge.spring.io is one way to observe the problem for 5.5.x at least (I couldn't find any scans tagged with 5.4.x). You can also see commons-logging:commons-logging leaking into Spring Boot's build via Spring Security (and many other dependencies) in Boot's build scans such as this one.

Expected behavior

commons-logging is not a direct or transitive dependency of any Spring Security module.

Sample

N/A.
@wilkinsona wilkinsona added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Nov 12, 2021
@jzheaux
Copy link
Contributor

jzheaux commented Dec 10, 2021

I'm taking a look at spring-security-saml2-service-provider.

jzheaux added a commit that referenced this issue Dec 16, 2021
@jzheaux
Remove commons-logging from saml2
cbf0e1d 
Issue gh-10499
@rwinch rwinch removed the status: waiting-for-triage An issue we've not yet triaged label Jan 13, 2022
rwinch added a commit that referenced this issue Jan 19, 2022
@rwinch
Add CheckClasspathForProhibitedDependencies
d146bcb 
Issues gh-10499 gh-10501
rwinch added a commit that referenced this issue Jan 19, 2022
@rwinch
Remove commons-logging
3c641de 
Closes gh-10499
rwinch added a commit that referenced this issue Jan 19, 2022
@rwinch
Remove jcl-over-slf4j
f8e1468 
Issue gh-10499
rwinch added a commit that referenced this issue Jan 19, 2022
@rwinch
Add CheckClasspathForProhibitedDependencies
fbc6854 
Issues gh-10499 gh-10501
@rwinch rwinch closed this as completed in 95b4a37 Jan 19, 2022
rwinch added a commit that referenced this issue Jan 19, 2022
@rwinch
Remove jcl-over-slf4j
44bc953 
Issue gh-10499
rwinch added a commit that referenced this issue Jan 19, 2022
@rwinch
Add CheckClasspathForProhibitedDependencies
2a60776 
Issues gh-10499 gh-10501
rwinch added a commit that referenced this issue Jan 19, 2022
@rwinch
Remove commons-logging
62449d6 
Closes gh-10499
rwinch added a commit that referenced this issue Jan 19, 2022
@rwinch
Remove jcl-over-slf4j
5902b46 
Issue gh-10499

# Conflicts:
#	dependencies/spring-security-dependencies.gradle
@rwinch rwinch modified the milestones: 5.7.0-M2, 6.0.0-M2 Jan 19, 2022
This was referenced Jan 19, 2022
Closed
Closed
@rwinch rwinch added in: build An issue in the build status: backported An issue that has been backported to maintenance branches labels Jan 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: build An issue in the build status: backported An issue that has been backported to maintenance branches type: bug A general bug
Projects
None yet
Milestone
6.0.0-M2
Development

No branches or pull requests
3 participants
@rwinch @wilkinsona @jzheaux