[jira] [Commented] (CASSANDRA-8974) Need to update to latest dependencies

Brandon Williams (JIRA) Mon, 16 Mar 2015 11:07:44 -0700

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-8974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14363622#comment-14363622
 ]


Brandon Williams commented on CASSANDRA-8974:
---------------------------------------------

I am curious what vulnerabilities exist in these deps, searching for them 
didn't reveal much.

> Need to update to latest dependencies
> -------------------------------------
>
>                 Key: CASSANDRA-8974
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8974
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Packaging
>            Reporter: Joe Fasano
>             Fix For: 3.0
>
>
> Open C* 3.0 to deal with upgrading all the dependencies.
> This is a general issue to update all dependencies.  
> Specifically for example, I have been told by my team that some of the 
> cassandra dependencies have some security vulnerabilities and should be 
> upgraded.
> > Joda Time 1.6 should be upgraded to 2.7
> > Jackson 1.9.2 should be upgraded to 1.9.13



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (CASSANDRA-8974) Need to update to latest dependencies

Reply via email to