[
https://issues.apache.org/jira/browse/FINERACT-1012?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17292493#comment-17292493
]
Aleksandar Vidakovic commented on FINERACT-1012:
------------------------------------------------
[~BLasan] would you let me know what the current status of this issue is? Just
to know if we can include in the upcoming 1.5.0 release or if we need to move
it to the next one. Thanks.
> Spring Security OAuth 2.x to Spring Security 5.2.x
> --------------------------------------------------
>
> Key: FINERACT-1012
> URL: https://issues.apache.org/jira/browse/FINERACT-1012
> Project: Apache Fineract
> Issue Type: Bug
> Components: Security
> Affects Versions: 1.4.0
> Reporter: Michael Vorburger
> Assignee: Benura Abeywardena
> Priority: Critical
> Labels: beginner
> Fix For: 1.5.0
>
>
> The bump of spring-security-oauth2 from 2.3.6.RELEASE to 2.4.1.RELEASE in
> https://github.com/apache/fineract/pull/863 as part of FINERACT-963
> introduced usage of {{@Deprecated}} code, which we are trying to avoid (and
> which since FINERACT-959 we're intentionally making the build fail).
> I'm going to use a {{@SuppressWarnings("deprecation")}} to be able to do the
> upgrade anyway, because upgrading a security related library to its latest
> version seems like a sensible thing to do, but we really should remove the
> suppression and switch to using Spring's newer APIs.
> https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide
> affects {{UserDetailsApiResource}} and
> {{TwoFactorAuthenticationFilter.createUpdatedAuthentication()}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
