Across 5.5.1 Release notes

5.5.1 upgrades Spring Framework and Spring Security to the very last (public) 5.y.z releases. The Foreach Common Java Libraries are upgraded to 2.0.0.

Upgrades

Spring Framework: from 5.3.34 to 5.3.39.

Spring Security: from 5.8.12 to 5.8.14

These are the very last (OSS) 5.x releases:

• https://spring.io/blog/2024/08/14/spring-framework-6-1-12-6-0-23-and-5-3-39-available-now

• https://spring.io/blog/2024/08/20/spring-security-5-8-14-6-2-6-and-6-3-2-are-available-now

Tomcat: from 9.0.87 to 9.0.94.

The Foreach Common Java Libraries (FCJL) have been upgraded from 1.1 to 2.0.0. All details about that upgrade, including the rationale behind the 2.0.0, can be found in the 2.0.0 release notes. Despite the major version change, there should be no impact on Across nor on any Across applications.

No <repositories> anymore in the Across pom.xml files

Previously the Across pom.xml files that were published to the internal Nexus and to Maven Central contained repositories that pointed to our internal Nexus server like this:

<repositories>
	<repository>
		<id>across</id>
		<name>Across Repository</name>
		<url>https://repository.antwerpen.io-external.com/nexus/repository/public/</url>
	</repository>
</repositories>

This inadvertently caused application builds to also consult those internal repositories, which sometimes causes very hard to debug build issues. This has been considered a bad practice for over 15 years:

https://www.sonatype.com/blog/2009/02/why-putting-repositories-in-your-poms-is-a-bad-idea

Also consider the following documentation when setting up your repository configuration:

• https://maven.apache.org/guides/mini/guide-multiple-repositories.html

• https://maven.apache.org/guides/mini/guide-mirror-settings.html