From blogs I read that the estimate for release of 3.0 is April 2015.
I'm not familiar with opening a JIRA, but would be great to open a general
incident for updating all dependencies in 3.0.
joe
On 3/13/2015 3:30 PM, Aleksey Yeschenko wrote:
We don’t upgrade dependencies in minor C* releases, so 2.0 and 2.1 will have to
stick to what’s already there.
Feel free to open a JIRA issue for C* 3.0 to deal with upgrading all the
dependencies, though. Just don’t create a PR - we cannot accept them. Just
leave a comment with a link to your GH branch with the changes in JIRA.
Thanks.
--
AY
On March 13, 2015 at 15:26:47, Paul Brown (paulrbr...@gmail.com) wrote:
Wow. It would be great if the Jackson dep could move up to 2.x. We'd even
be willing to provide a PR for it.
On Fri, Mar 13, 2015 at 12:22 PM, Joe Fasano <joe_fas...@symantec.com>
wrote:
Hello All,
I have been told by my team that some of the cassandra dependencies have
some vulnerabilities and
should be upgraded. Specifically,
Joda Time 1.6 should be upgraded to 2.7
Jackson 1.9.2 should be upgraded to 1.9.13
Is there any schedule or process of getting Cassandra updates to include
updated dependencies?
Thanks,
joe
Joe Fasano
Sr. Development Manager
Symantec Corporation
