On Thursday, September 08, 2011 12:31:33 PM Andreas Pieber wrote: > I've though we've settled with staying with Spring 3.0.6.RELEASE and > cxf/camel upgrade?
+1 The 3.0.6 changelog includes a couple security vulnerabilities (including an XSS one) . There aren't any details in the changelog, but I'm very uncomfortable shipping things with known public security issues. Since it's a patch, I see no issue with it. It should be less of an issue than upgrading from Jetty 7.3.x to 7.4.x that was done in Karaf 2.2.1. Dan > > On Thu, Sep 8, 2011 at 11:07, Jean-Baptiste Onofré <[email protected]> wrote: > > Hi all, > > > > following our previous discussion around Camel and CXF, I would like: > > > > - to rollback to Spring 3.0.5.RELEASE on karaf-2.2.x branch > > - release Karaf 2.2.4 or maybe override the Karaf 2.2.3 with Spring > > 3.0.5.RELEASE > > - let the Spring 3.0.6.RELEASE upgrade to Karaf 3.0.x > > > > WDYT ? > > > > Regards > > JB > > -- > > Jean-Baptiste Onofré > > [email protected] > > http://blog.nanthrax.net > > Talend - http://www.talend.com -- Daniel Kulp [email protected] http://dankulp.com/blog Talend - http://www.talend.com
