Here we are...looking even worse: tomcat-8.5.34/LICENSE.txt: (The Apache Software License, Version 2.0) spring-security-acl (org.springframework.security:spring-security-acl:3.2.3.RELEASE - http://spring.io/spring-security) tomcat-8.5.34/LICENSE.txt: (The Apache Software License, Version 2.0) spring-security-cas (org.springframework.security:spring-security-cas:3.2.3.RELEASE - http://spring.io/spring-security) tomcat-8.5.34/LICENSE.txt: (The Apache Software License, Version 2.0) spring-security-config (org.springframework.security:spring-security-config:3.2.3.RELEASE - http://spring.io/spring-security) tomcat-8.5.34/LICENSE.txt: (The Apache Software License, Version 2.0) spring-security-core (org.springframework.security:spring-security-core:3.2.3.RELEASE - http://spring.io/spring-security) tomcat-8.5.34/LICENSE.txt: (The Apache Software License, Version 2.0) spring-security-ldap (org.springframework.security:spring-security-ldap:3.2.3.RELEASE - http://spring.io/spring-security) tomcat-8.5.34/LICENSE.txt: (The Apache Software License, Version 2.0) spring-security-taglibs (org.springframework.security:spring-security-taglibs:3.2.3.RELEASE - http://spring.io/spring-security) tomcat-8.5.34/LICENSE.txt: (The Apache Software License, Version 2.0) spring-security-web (org.springframework.security:spring-security-web:3.2.3.RELEASE - http://spring.io/spring-security) tomcat-8.5.34/LICENSE.txt: (The Apache Software License, Version 2.0) Spring Security Kerberos Client (org.springframework.security.kerberos:spring-security-kerberos-client:1.0.0.RC2 - http://projects.spring.io/spring-security-kerberos) tomcat-8.5.34/LICENSE.txt: (The Apache Software License, Version 2.0) Spring Security Kerberos Core (org.springframework.security.kerberos:spring-security-kerberos-core:1.0.0.RC2 - http://projects.spring.io/spring-security-kerberos) tomcat-8.5.34/LICENSE.txt: (The Apache Software License, Version 2.0) Spring Security Kerberos Web (org.springframework.security.kerberos:spring-security-kerberos-web:1.0.0.RC2 - http://projects.spring.io/spring-security-kerberos)
"No one involved in this project (except me) cares about security for this project given the fact that the server is on our servers behind VPN and passwords are transmitted over ssl" is a more accurate statement.