Re: Re: Dependency version upgrade policy
Yes, I was thinking about 2.20.x
But, I thought the same could be done in the ongoing master, since that
uses 2.8.10 of jackson-databind at this point?
On Sat, Mar 24, 2018 at 5:10 AM, Andrea Cosentino <
> Do you mean on 2.20.x? Yeah, upgrade of this kind are welcome
> Inviato da Yahoo Mail su Android
> Il sab, 24 mar, 2018 alle 9:07, Claus Ibsen<claus.ibsen@xxxxxxxxx> ha
> scritto: Hi
> Yeah sure you can submit a PR to update that.
> We generally always want to update to newer patch releases.
> On Sat, Mar 24, 2018 at 1:25 AM, Darius Cooper <dariuscooper@xxxxxxxxx>
> > What is Camel's policy on upgrading versions of dependencies used? For
> > example, is there any policy that says that dependencies will not be
> > upgraded with minor version number increments, or path increments, or
> > such?
> > Example:
> > Camel 2.20.x uses jackson-databind 2.8.10
> > I see a comment in Camel code that jackson-datbind 2.9.x does not work
> > the Camel swagger component.
> > Meanwhile, jackson-databind has a 126.96.36.199 , which fixes some reported
> > vulnerabilities.
> > Would the Camel team be open to going to the latest 2.8.x version of
> > jackson-databind?
> Claus Ibsen
> http://davsclaus.com @davsclaus
> Camel in Action 2: https://www.manning.com/ibsen2