Use https://spring.io/security-policy to provide a layer of abstraction for Spring's Security policy to make it easier to update