On 03/13/2015 05:58 PM, Joe Fasano wrote:
I'm not familiar with opening a JIRA, but would be great to open a general
incident for updating all dependencies in 3.0.
Just a quick follow up - a JIRA was opened on the topic:
https://issues.apache.org/jira/browse/CASSANDRA-8974
On Fri, Mar 13, 2015 at 12:22 PM, Joe Fasano <joe_fas...@symantec.com>
wrote:
I have been told by my team that some of the cassandra dependencies have
some vulnerabilities and
should be upgraded. Specifically,
Joda Time 1.6 should be upgraded to 2.7
Jackson 1.9.2 should be upgraded to 1.9.13
As requested on JIRA, please comment on that JIRA ticket with the
vulnerability details. I also tried to dig around the changelogs of joda
and jackson and was unable to see what the above statement might refer to.
--
Kind regards,
Michael
