The answer is Yes, we should update. Jira ticket assigned to the next release should be enough in my view.
D. On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov <akuznet...@apache.org> wrote: > Hi, All! > > Do we have any policy for updating third-party dependencies? > > For example, I found that we are using very old Apache Common codec v.1.6 > (released in 2011) > And latest is Apache Common codec v.1.10 > > Do we need to update to new versions from time to time? > And how? > > Just create JIRA issue, update pom.xml and run all tests on TC - will be > enough? > > -- > Alexey Kuznetsov >
