Fineract uses versions of spring (including spring security) and spring boot which have approached their EOL and needs to be updated to the latest stable releases.
Spring -> 5.2.x (expected to be released before GSOC starts)
Spring boot -> 2.2.x (expected to be released before GSOC starts)
This upgrade would likely throw up a number of issues which would need to be addressed. Some sample issues would be
- Deprecated methods which have now been removed. Ex: The codebases uses JdbcTemplate.queryForInt which would need to be replaced with queryForObject
- The implementation of custom Filters like TenantAwareBasicAuthenticationFilter would need to change as overridden methods like doFilter in OncePerRequestFilter are final in recent Spring releases