Visit NES for Apache Grails Home Page
NES for Apache Grails 6.2.x Managed Dependency Versions
NES for Apache Grails 6.2.x managed dependency versions
Overview
The NES Grails BOM (com.herodevs.nes:grails-nes-bom:6.2.3) pins every Spring Boot, Spring Framework, Spring Security, Spring Data, Spring Session and Hibernate ORM artifact used by Grails 6.2.x to its HeroDevs NES version. Grails core and its plugins stay on their canonical OSS versions because no known CVEs exist in them so far.
NES-pinned artifacts
The BOM pins the following components to their HeroDevs NES versions:
| Component | OSS base | NES version |
|---|---|---|
| Spring Boot | 2.7.18 | 2.7.38 |
| Spring Framework | 5.3.39 | 5.3.51 |
| Spring Security | 5.7.14 | 5.7.23 |
| Spring Data (BOM) | 2021.2.18 | 2021.2.26 |
| Spring Session (BOM) | 2021.2.3 | 2021.2.11 |
| Hibernate ORM | 5.6.15 | 5.6.17 |
Resolved artifacts carry the dual-version suffix, e.g. spring-core-5.3.39-spring-framework-5.3.51.jar, spring-boot-2.7.18-spring-boot-2.7.38.jar, hibernate-core-5.6.15-hibernate-orm-5.6.17.jar.
OSS components (no NES override)
The following are pinned by the BOM at their canonical OSS versions — no known CVEs apply:
| Component | Version |
|---|---|
| Grails core | 6.2.3 |
| Grails Gradle plugin | 6.2.4 |
| Grails GSP | 6.2.4 |
| Grails Views (JSON / Markup) | 3.2.3 |
| Grails Async / Events | 5.0.2 |
| Grails Testing Support | 3.2.2 |
| Grails Spring Security Core plugin | 6.0.3 |
| Grails Database Migration plugin | 4.2.1 |
| Groovy | 3.0.25 |
| Embedded Tomcat | 9.0.118 |
| Jackson | 2.15.4 |