[ https://issues.apache.org/jira/browse/CASSANDRA-9384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16773315#comment-16773315 ]
Dinesh Joshi commented on CASSANDRA-9384: ----------------------------------------- [~jjirsa] I assume that people actually test new versions of C* before they deploy them in prod. With my approach, the newly updated instance will fail to come up with the bad setting. Hopefully the bounce will stop before it takes down the whole cluster. This is how I would expect bounces to behave. At this point I'd expect the operator to look into why C* failed to start and notice the error message and do a deeper investigation to fix their issue or add the override and move on. This should happen in a dev or test environment. Not prod. Consider the alternative where someone misses the warning message and doesn't read CHANGES.txt. They might get exploited because these messages went unnoticed. There is a higher chance of this making it into production without an incident. As an operator I would like security vulnerabilities fixed with a new releases and not just some log messages warning me that it exists. We can go with [~spo...@gmail.com]'s approach but I feel subtle failure is worse than explicit failure at start time. > Update jBCrypt dependency to version 0.4 > ---------------------------------------- > > Key: CASSANDRA-9384 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9384 > Project: Cassandra > Issue Type: Bug > Reporter: Sam Tunnicliffe > Assignee: Dinesh Joshi > Priority: Major > Fix For: 2.1.x, 2.2.x, 3.0.x, 3.11.x > > > https://bugzilla.mindrot.org/show_bug.cgi?id=2097 > Although the bug tracker lists it as NEW/OPEN, the release notes for 0.4 > indicate that this is now fixed, so we should update. > Thanks to [~Bereng] for identifying the issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org