not sure - this is going to gremlin-core so having a non-standard repo might mess with things like grape/plugins maybe. i wasn't 100% sure we'd use the RedHat thing...i figured it would take a bit of thought/discussion.
of course, without something like the RedHat artifact, the version stays stuck with the security problem along 3.3.x and 3.4.x unless we choose to accept a major breaking change in either of those lines. i still don't know when we want to allow for such things (i.e. take a major breaking change to fix a security problem). i guess it's done on a case-by-case basis perhaps - so, is the seriousness of this commons-configuration issue enough to force us to bump 3.3.x and 3.4.x or can it wait for 3.5.x? [ Full content available at: https://github.com/apache/tinkerpop/pull/1086 ] This message was relayed via gitbox.apache.org for [email protected]
