Robert Scholte wrote: > Hi, > > Right now we change the Maven prerequisite to 2.2.1 and I noticed some new > issues which already want to move it forward to 3.0.4. I wonder why to > move to this version. > > Most (API-)changes have been introduced with the 3.0 alpha and beta > releases. I don't think that the other 3.0.x releases provide that much > more changes. > So I would say that changing the required Maven version would be 3.0. > *If* we want to force users not to use 3.0.4 due to the CVE-2013-0253, we > should say that 3.0.5 is the next required version of Maven. > And I could go one step further: if we want to get rid of the > compatibility overhead for Aether (Sonatype versus Eclipse) we should > change it to 3.1.0 > > So I'd prefer to move forward to 3.0, maybe even to 3.1.0, but not to > 3.0.4 unless there are better reasons then I mentioned above. > > Any other opinions?
That's the point we always feared, because as long MNG-5207 is not solved, Maven 2.2.1 is the last version that produces for us reliable results at all. - Jörg --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
