[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

R: Re: Dependency version upgrade policy

Do you mean on 2.20.x? Yeah, upgrade of this kind are welcome

Inviato da Yahoo Mail su Android 
  Il sab, 24 mar, 2018 alle 9:07, Claus Ibsen<claus.ibsen@xxxxxxxxx> ha scritto:   Hi

Yeah sure you can submit a PR to update that.
We generally always want to update to newer patch releases.

On Sat, Mar 24, 2018 at 1:25 AM, Darius Cooper <dariuscooper@xxxxxxxxx> wrote:
> What is Camel's policy on upgrading versions of dependencies used? For
> example, is there any policy that says that dependencies will not be
> upgraded with minor version number increments, or path increments, or some
> such?
> Example:
> Camel 2.20.x uses jackson-databind  2.8.10
> I see a comment in Camel code that jackson-datbind 2.9.x does not work well
> the Camel swagger component.
> Meanwhile, jackson-databind has a , which fixes some reported
> vulnerabilities.
> Would the Camel team be open to going to the latest 2.8.x version of
> jackson-databind?

Claus Ibsen
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2