[SHA-2363] Upgrade to Spring 5.2 Created: 10-Dec-19  Updated: 29-Mar-20

Status: Verify
Project: Share Application
Component/s: Share Application
Affects Version/s: None
Fix Version/s: None

Type: Story
Reporter: Cristian Turlica Assignee: Share Team
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: 0 minutes
Time Spent: Not Specified
Original Estimate: 0 minutes

Issue Links:
relates to REPO-4751 Upgrade to Spring 5.2 Done
Sprint: Repo vulnerabilities sprint 2
Delivery Team: Customer Excellence
Story Points: 13


As a developer I would like to have a supported Spring 5.2.N version used in the project.

Spring Framework 5.1 will be EOL in 2020 according to this https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Versions.

Acceptance criteria:

  • Spring updated to the 5.2 line (at least Spring framework 5.2.2 and Spring Security 5.2.1)
  • Documentation issues raised to reflect this change (e.g. changes to samples)


  • Repository part was already updated to use Spring framework 5.2.2 and Spring Security 5.2.1 in it's next to be release version (e.g. 6.3)
  • For update details and documentation please see comment from REPO-4751

Comment by John Iball [ 27-Jan-20 ]


Comment by Mykhail Diachenko [X] (Inactive) [ 11-Feb-20 ]

Alexandru Balmus

There are a lot of places where Spring dependency comes from with different versions. So bumping version requires upgrading related modules such as  for example org.alfresco.surf:spring-surf (and others). In its turn it uses alfresco-core and surf-webscripts old version with old spring.

Also these modules are compiled using java 11 while share use java 8. 
It seems no compilation errors and no errors in unit tests using:

alfresco-repository:8.102 (now 7.11)
alfresco-core: 8.21 (now 6.4)
spring-webscripts: 8.1 (now 7.11)
spring-surf-core-configservice 8.1 (now 7.11)
spring-surf-core 8.1 (now 7.11)
spring-webscripts-api: 8.1 (now 7.11)

Another option just to add dependency management in share-parent to force using spring v 5.2.3

Comment by Mykhail Diachenko [X] (Inactive) [ 12-Feb-20 ]

Thanks Alexandru Balmus. It is just to be sure that dependent projects also are to be upgraded

Comment by Mykhail Diachenko [X] (Inactive) [ 20-Feb-20 ]

Spring upgraded  to version 5.2.3.RELEASE
Merged on master

Generated at Tue Aug 11 23:06:52 BST 2020 using Jira 7.13.15#713015-sha1:7c5ddd2c3e1709974ae9c48c17df8edd3919fe2c.