Dependency regression: cas-client-core 4.1.x in Spring Security 7.1.0 breaks Java 17 baseline compatibility

[jtruffot]

Describe the bug
Spring Security 7.1.0 updated its cas-client-core dependency to version 4.1.x. However, this version of the CAS client introduces a regression regarding the baseline Java version compliance. While Spring Security 7.1.0 targets Java 17+, the pulled cas-client-core 4.1.x artifact contains class files compiled for a higher Java version (or relies on features/bytecode incompatible with a standard Java 17 runtime), breaking compatibility for applications running on the expected Java 17 baseline.

see pr #18974 (commit 45b01bd on java-cas-client project).

To Reproduce

1. Create a Spring Boot application using Spring Security 7.1.0.
2. Configure the application to use CAS authentication, pulling in the transitive cas-client-core:4.1.x dependency.
3. Ensure the project build and runtime environment are strictly set to Java 17.
4. Start the application or run the test suite.
5. The application fails to start, throwing an UnsupportedClassVersionError (e.g., class file version 65.0 or higher detected) or a linkage error related to the CAS client classes.

Expected behavior
Since Spring Security 7.1.0 maintains a Java 17 baseline, all of its required and major transitive dependencies—including cas-client-core—should be fully compatible with Java 17 bytecode and runtimes without requiring a JVM upgrade.