reviewing my notes from the time period, it looks like I was attempting to make sure we didn't pull in a commons-collections version with open CVEs.
have we already confirmed that no part of commons-configuration leaks into the public API for 2.0? On Mon, Apr 1, 2019 at 11:22 AM Mike Miller <[email protected]> wrote: > > So I am trying to track down why we upgraded commons config from 1.6 to > 1.10. This upgrade is problematic for a bug fix release for a few > reasons. For one, the changes in 06d80292 > <https://github.com/apache/accumulo/pull/659> break semver by adding new > methods inherited from ClientConfiguration. Then Keith ran into problems > trying to run Map Reduce for continuous ingest. Keith opened an issue here: > https://github.com/apache/accumulo/issues/1065 > > I don't think this change should go in a bug fix release but I think it > would be good to know why this was done in the first place. I am going to > test a branch with this upgrade reverted. -- busbey
