pjfanning commented on PR #4578: URL: https://github.com/apache/hadoop/pull/4578#issuecomment-1251577861
Thanks @ashutoshcipher - thanks for looking. Just in case, this is from the issue description. Current version 2.1.1 has no CVEs but all higher versions have CVEs except for the latest release 2.8.0. Still feels like it would be safer to upgrade. The evidence so far appears that there are no breaking changes in commons-configuration2 and commons-text that would make this upgrade problematic. If you think this change is not worth the hassle it may cause to downstream projects, that's ok. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
