camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: business case for migration
Date Mon, 24 Sep 2012 21:13:52 GMT

Related to #2 in Christian's list are bugs and issues in some of the third party dependencies.
 If you need fixes in things like CXF or ActiveMQ or similar, you may need to move to the
latest Camel releases to be able to use those fixes.

As a concrete example, if you are using camel-cxf with Camel 2.5.0, you are vulnerable to
several security vulnerabilities:
http://cxf.apache.org/security-advisories.html

However, to get fixes for some of the vulnerabilities, you would need to move up to the latest
Camel releases that will work with the latest CXF releases.

In general, if you can keep your business close to "up to date", if a security vulnerability
is discovered, it's a LOT quicker and easier to upgrade to the fixed versions.    Jumping
up several versions in a timely manner to address a security issue can be challenge.   Updating
just a patch can be significantly quicker and cheaper.


Dan



On Sep 24, 2012, at 4:30 PM, Christian Müller <christian.mueller@gmail.com> wrote:

> 1) You have to pay to get support for older version or you have to do it by
> your own. Both cases has costs...
> 
> 2) If you check our issue tracker [1] you will see we fixed 720 issues
> which are considered as bug starting with Camel 2.5.0 to 2.10.1 (the latest
> version).
> 2293 issues in total, by the way...
> It's likely you will hit a few of them if you use a very old version. To
> find the issue and fix it (by your own) or find a workaround also has
> costs...
> 
> 3) If you violate your SLA because of an issues, you may have to pay
> penalty. More important, you will lose confidence... At the end, it's
> money...
> 
> Hope this will help...
> 
> [1] https://issues.apache.org/jira/browse/CAMEL
> 
> Best,
> Christian
> 
> On Mon, Sep 24, 2012 at 8:16 PM, anoordover <anoordover@live.nl> wrote:
> 
>> As a java-developer I think it is very important to migrate when new
>> versions
>> are released.
>> Currently we are running camel 2.4.2.
>> I think that we should migrate to 2.9 or 2.10, but I find it hard to define
>> a business-case for this.
>> So "sell" that migration is neccesary.
>> How should I support it that this is really needed.
>> Any ideas?
>> 
>> 
>> 
>> --
>> View this message in context:
>> http://camel.465427.n5.nabble.com/business-case-for-migration-tp5719868.html
>> Sent from the Camel - Users mailing list archive at Nabble.com.
>> 
> 
> 
> 
> --

-- 
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com


Mime
View raw message