AFAIR, it's ok as soon as Maven 3 is used. Can't remember with Maven 2. Well, we could probably do that, but it's more a matter of the user taking care of its computer security. I'm ok to reinforce the level, as soon as it does not prevent contributors to contribute the project.
Jean-Louis -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Thu, Apr 24, 2014 at 11:50 AM, helio frota <[email protected]> wrote: > I think 3.0.5 should by now be the entry level version, especially due to > this - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0253 > > +1 > > And thanks for share this. > > ------------------------------------------- > http://eprogramming.github.io > > > > On Thu, Apr 24, 2014 at 6:21 AM, Andy Gumbrecht <[email protected] > >wrote: > > > While checking out several of the powerful features of the - > > http://mojo.codehaus.org/versions-maven-plugin/ - it was apparent that > > some of the actions require a minimum Maven version in order to be > > effective. > > > > Therfore I am thinking of adding the following to parent poms: > > > > <prerequisites> > > <maven>3.?</maven> > > </prerequisites> > > > > The question is, which Maven version? I am actually using the latest > 3.2.1 > > without issues. > > > > What is your: mvn --version > > > > I think 3.0.5 should by now be the entry level version, especially due to > > this - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0253 > > > > What do you all think? > > > > Andy. > > > > -- > > Andy Gumbrecht > > > > http://www.tomitribe.com > > [email protected] > > https://twitter.com/AndyGeeDe > > > > TomEE treibt Tomitribe! | http://tomee.apache.org > > > > >
