[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Dependency version upgrade policy


Yeah sure you can submit a PR to update that.
We generally always want to update to newer patch releases.

On Sat, Mar 24, 2018 at 1:25 AM, Darius Cooper <dariuscooper@xxxxxxxxx> wrote:
> What is Camel's policy on upgrading versions of dependencies used? For
> example, is there any policy that says that dependencies will not be
> upgraded with minor version number increments, or path increments, or some
> such?
> Example:
> Camel 2.20.x uses jackson-databind  2.8.10
> I see a comment in Camel code that jackson-datbind 2.9.x does not work well
> the Camel swagger component.
> Meanwhile, jackson-databind has a , which fixes some reported
> vulnerabilities.
> Would the Camel team be open to going to the latest 2.8.x version of
> jackson-databind?

Claus Ibsen
----------------- @davsclaus
Camel in Action 2: