On 03/13/2015 05:58 PM, Joe Fasano wrote:
I'm not familiar with opening a JIRA, but would be great to open a general
incident for updating all dependencies in 3.0.
Just a quick follow up - a JIRA was opened on the topic:
https://issues.apache.org/jira/browse/CASSANDRA-8974
On Fri, Mar 13, 20
From blogs I read that the estimate for release of 3.0 is April 2015.
I'm not familiar with opening a JIRA, but would be great to open a general
incident for updating all dependencies in 3.0.
joe
On 3/13/2015 3:30 PM, Aleksey Yeschenko wrote:
We don’t upgrade dependencies in minor C* releases
We don’t upgrade dependencies in minor C* releases, so 2.0 and 2.1 will have to
stick to what’s already there.
Feel free to open a JIRA issue for C* 3.0 to deal with upgrading all the
dependencies, though. Just don’t create a PR - we cannot accept them. Just
leave a comment with a link to your
Wow. It would be great if the Jackson dep could move up to 2.x. We'd even
be willing to provide a PR for it.
On Fri, Mar 13, 2015 at 12:22 PM, Joe Fasano
wrote:
> Hello All,
>
> I have been told by my team that some of the cassandra dependencies have
> some vulnerabilities and
> should be upgr
Hello All,
I have been told by my team that some of the cassandra dependencies have some
vulnerabilities and
should be upgraded. Specifically,
Joda Time 1.6 should be upgraded to 2.7
Jackson 1.9.2 should be upgraded to 1.9.13
Is there any schedule or process of getting Cassandra updates to inc
