tinkerpop-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From spmallette (GitHub) <git...@apache.org>
Subject [GitHub] [tinkerpop] spmallette commented on issue #1086: TINKERPOP-2185 bump commons-configuration to 1.10.0.redhat-1
Date Tue, 02 Apr 2019 18:44:15 GMT
not sure - this is going to gremlin-core so having a non-standard repo might mess with things
like grape/plugins maybe. i wasn't 100% sure we'd use the RedHat thing...i figured it would
take a bit of thought/discussion. 

of course, without something like the RedHat artifact, the version stays stuck with the security
problem along 3.3.x and 3.4.x unless we choose to accept a major breaking change in either
of those lines. i still don't know when we want to allow for such things (i.e. take a major
breaking change to fix a security problem). i guess it's done on a case-by-case basis perhaps
- so, is the seriousness of this commons-configuration issue enough to force us to bump 3.3.x
and 3.4.x or can it wait for 3.5.x?

[ Full content available at: https://github.com/apache/tinkerpop/pull/1086 ]
This message was relayed via gitbox.apache.org for dev@tinkerpop.apache.org

  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message