accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Miller (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-4703) Attempt to pull all dependencies to latest version
Date Thu, 21 Sep 2017 14:43:02 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-4703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16174870#comment-16174870
] 

Michael Miller commented on ACCUMULO-4703:
------------------------------------------

I thought there might be a reason for keeping it at that version but the comment mentioned
maven release plugin.  I went with the version required by versions-maven-plugin.  I thought
3.2.5 was a good compromise from going all the way to the latest, 3.5.0.  Thankfully it looks
like 3.0.5 is the oldest recommended version: https://maven.apache.org/security.html  I can
revert it and add a comment.



> Attempt to pull all dependencies to latest version
> --------------------------------------------------
>
>                 Key: ACCUMULO-4703
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-4703
>             Project: Accumulo
>          Issue Type: Task
>            Reporter: Keith Turner
>            Assignee: Michael Miller
>            Priority: Blocker
>             Fix For: 2.0.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> This is issue is motivated by discussion in ACCUMULO-4701.   For 2.0.0 we should attempt
to use the latest version of any direct dependencies.   Not doing so may force user to use
older versions of dependencies with bugs and security problems. 
> ACCUMULO-4701 provides an example of this where Accumulo using methods that exist in
an older version of Guava but are dropped in a new version prevent a user from using newer
Guava.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message