The version set for Pac4j was previously ineffective because it was set by spring-security-pac4j first.