Ask questionsspring-boot-starter-rsocket pom contains security dependencies

It appears that as of spring-boot-starter-rsocket-2.3.0.M1.pom it contains Spring Security dependencies that are being pulled in transitively. The dependencies are in 2.3.0.M2 and the latest 2.3.0.BUILD-SNAPSHOT:


This means that simply adding the spring-boot-starter-rsocket triggers the Spring Boot auto configuration for Security.

This was originally brought to my attention because @joshlong was having difficulties doing a demo and asked for my help. I haven't investigated the scope of the problem, so it would probably be good to check if other dependencies are impacted.


Answer questions rwinch

Thanks for the quick turnaround on this!


Related questions

Dependency resolution fails with Gradle 5.3.x to 5.6.x hot 4
Controller annotated with @Timed and active TimedAspect clashes with WebMvcMetricsFilter hot 2
Source file must be provided failure when running spring-boot:repackage from the command-line hot 2
Actuator: NPE in LongTaskTimingHandlerInterceptor hot 2
ConfigurationProperties with constructor binding cannot be mocked hot 2
NoClassDefFoundError: net/bytebuddy/NamingStrategy$SuffixingRandom$BaseNameResolver hot 2
No bean named &#39;entityManagerFactory&#39; available hot 2
Bug in org.springframework.boot on 2.2.3.RELEASE version hot 2
Deadlock between BackgroundPreinitializer and main thread in Spring Cloud Config Server hot 2
spring boot Servlet.service() for servlet [dispatcherServlet] in context with path threw exception hot 2
Migrating OAuth2 from Spring Boot 1.5 to 2.0 Broken hot 2
Add AutoConfiguration support for spring-security-saml2-service-provider hot 2
Validation api missing in 2.3.0.RELEASE hot 2
Replace deprecated MediaType.APPLICATION_JSON_UTF8 usage hot 2
Classloading problems with Spring Boot, JDK11 and Security Manager hot 1
Github User Rank List