[jira] [Commented] (JCRVLT-156) Review dependencies

Konrad Windszus (Jira) Thu, 20 May 2021 03:57:04 -0700


    [ 
https://issues.apache.org/jira/browse/JCRVLT-156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17348295#comment-17348295
 ]


Konrad Windszus commented on JCRVLT-156:
----------------------------------------

Now there should only be references to stable version. For the FileVault Core 
bundle we reference the minimum version we are compatible with (as the 
dependency version is not used at run time).

> Review dependencies
> -------------------
>
>                 Key: JCRVLT-156
>                 URL: https://issues.apache.org/jira/browse/JCRVLT-156
>             Project: Jackrabbit FileVault
>          Issue Type: Task
>    Affects Versions: 3.1.40
>            Reporter: Julian Reschke
>            Priority: Major
>
> The pom currently references unstable releases of Jackrabbit and Oak. Is this 
> necessary?
> Also, other dependencies should be reviewed as well. For instance, 
> commons-collections should be updated to 3.2.2 (see 
> https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-32731/version_id-187982/Apache-Commons-Collections-3.2.1.html)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (JCRVLT-156) Review dependencies

Reply via email to