By overriding it with 5.2.20, you are swapping out spring-framework-bom 5.2.8 for 5.2.20 which effectively pull most of the spring packages for 5.2. Spring-boot-dependencies is parent of spring-boot-starter-parent (see ).īecause the property is inherited by descendant, you can override its value at the pom of your application. The spring-framework.version property is declared and used to pull the spring-framework-bom in spring-boot-dependencies and inherited by its descendants (see ). The spring-framework-bom at version X is hardcoded to all the spring packages for version X (see ) Largely rebuilt from scratch, it provides world-class support for developing Spring-Boot-based enterprise applications, whether you prefer Eclipse, Visual Studio Code, or Atom IDE. Without the property, spring-framework is 5.2.8, with the property, it is 5.2.20. Spring Tools 4 is the next generation of Spring Boot tooling for your favorite coding enrivonment. I just tried your pom (with and without the spring-framework.version property) on a clean m2 repo. Uses Tomcat as the default embedded container. Įdit after Solution by have additonally an internal lib pom imported in my pom.xml Īnd this internal lib has the spring-boot-dependencies pom directly imported which leads to the fact that spring-framework.version property is ignored: Starter for building web, including RESTful, applications using Spring MVC. If you manually installed the CLI, follow the standard instructions, remembering to update your PATH environment variable to remove any older references. So setting the amework property in maven will have no effect. To upgrade an existing CLI installation, use the appropriate package manager command (for example, brew upgrade ). If you have a look at the spring-boot-starter-webflux-2.3.3.RELEASE.pom which includes the problematic spring-web 5.2.8.RELEASE you will find that the spring version is hardcoded to 5.2.8.RELEASE. | \- :nio-multipart-parser:jar:1.1.0:compile | +- org.springframework:spring-webflux:jar:5.2.8.RELEASE:compile | +- org.springframework:spring-web:jar:5.2.8.RELEASE:compile | | \- :jackson-module-parameter-names:jar:2.11.2:compile | +- :spring-boot-starter-json:jar:2.3.3.RELEASE:compile This is a part of mvn dependency:tree: +- :spring-boot-starter-webflux:jar:2.3.3.RELEASE:compile I also looked up the spring-boot-starter-web-2.3.3.RELEASE.pom and it has the spring-web dependency hardcoded to 5.2.8.RELEASE.Īre there any other ways of upgrading the spring-framework version in spring-boot besides adding all the new versions as dependencies to the dependencyManagement section? I tried overriding the spring-framework.version property from spring-boot-dependencies. ![]() ĭue to the spring4shell CVE I wanted to upgrade the spring-framework to 5.2.20.RELEASE instead of the already included 5.2.8.RELEASE. I am using spring-boot 2.3.3.RELEASE with the according spring-boot-starter-parent in maven.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |