Hi! I'm working on building the Phoenix uberjars with newer Hadoop versions by default to improve its CVE stance, and I realized that HBase itself does not use the latest releases.
branch-2.5 defaults to 3.2.4 branch-2.6 and later defaults to 3.3.5 I can kind of understand that we don't want to bump the minor version for branch-2.5 from the one it was released with. However, I don't see the rationale for not upgrading branch-2.6 to at least 3.3.6, and the unreleased branches (branch-2, branch-3, master) to 3.4.0. I found a mention of wanting to stay off the latest patch release HBASE-27931, but I could not figure if it has a technical reason, or if this is a written (or unwritten) policy. best regards Istvan
