cassandra-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aleksey Yeschenko <alek...@apache.org>
Subject Re: Question on updating Cassandra dependencies
Date Fri, 13 Mar 2015 22:30:05 GMT
We don’t upgrade dependencies in minor C* releases, so 2.0 and 2.1 will have to stick to
what’s already there.

Feel free to open a JIRA issue for C* 3.0 to deal with upgrading all the dependencies, though.
Just don’t create a PR - we cannot accept them. Just leave a comment with a link to your
GH branch with the changes in JIRA.

Thanks.

-- 
AY

On March 13, 2015 at 15:26:47, Paul Brown (paulrbrown@gmail.com) wrote:

Wow. It would be great if the Jackson dep could move up to 2.x. We'd even  
be willing to provide a PR for it.  

On Fri, Mar 13, 2015 at 12:22 PM, Joe Fasano <joe_fasano@symantec.com>  
wrote:  

> Hello All,  
>  
> I have been told by my team that some of the cassandra dependencies have  
> some vulnerabilities and  
> should be upgraded. Specifically,  
> Joda Time 1.6 should be upgraded to 2.7  
> Jackson 1.9.2 should be upgraded to 1.9.13  
>  
> Is there any schedule or process of getting Cassandra updates to include  
> updated dependencies?  
>  
>  
> Thanks,  
> joe  
>  
>  
> Joe Fasano  
> Sr. Development Manager  
> Symantec Corporation  
>  
>  
>  

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message