Since it's transparent for the users, we should use always try to keep up to date. No Maven 2 please. :) The version 2 already haunt me enough in my day time job.
[]s, Thiago. On Mon, Apr 28, 2014 at 5:45 AM, Romain Manni-Bucau <[email protected]>wrote: > well not sure we are really affected but update should be hurtless. > > > > Romain Manni-Bucau > Twitter: @rmannibucau > Blog: http://rmannibucau.wordpress.com/ > LinkedIn: http://fr.linkedin.com/in/rmannibucau > Github: https://github.com/rmannibucau > > > 2014-04-28 11:36 GMT+02:00 Jean-Louis Monteiro <[email protected]>: > > AFAIR, it's ok as soon as Maven 3 is used. > > Can't remember with Maven 2. > > > > Well, we could probably do that, but it's more a matter of the user > taking > > care of its computer security. > > I'm ok to reinforce the level, as soon as it does not prevent > contributors > > to contribute the project. > > > > Jean-Louis > > > > -- > > Jean-Louis Monteiro > > http://twitter.com/jlouismonteiro > > http://www.tomitribe.com > > > > > > On Thu, Apr 24, 2014 at 11:50 AM, helio frota <[email protected]> wrote: > > > >> I think 3.0.5 should by now be the entry level version, especially due > to > >> this - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0253 > >> > >> +1 > >> > >> And thanks for share this. > >> > >> ------------------------------------------- > >> http://eprogramming.github.io > >> > >> > >> > >> On Thu, Apr 24, 2014 at 6:21 AM, Andy Gumbrecht < > [email protected] > >> >wrote: > >> > >> > While checking out several of the powerful features of the - > >> > http://mojo.codehaus.org/versions-maven-plugin/ - it was apparent > that > >> > some of the actions require a minimum Maven version in order to be > >> > effective. > >> > > >> > Therfore I am thinking of adding the following to parent poms: > >> > > >> > <prerequisites> > >> > <maven>3.?</maven> > >> > </prerequisites> > >> > > >> > The question is, which Maven version? I am actually using the latest > >> 3.2.1 > >> > without issues. > >> > > >> > What is your: mvn --version > >> > > >> > I think 3.0.5 should by now be the entry level version, especially > due to > >> > this - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0253 > >> > > >> > What do you all think? > >> > > >> > Andy. > >> > > >> > -- > >> > Andy Gumbrecht > >> > > >> > http://www.tomitribe.com > >> > [email protected] > >> > https://twitter.com/AndyGeeDe > >> > > >> > TomEE treibt Tomitribe! | http://tomee.apache.org > >> > > >> > > >> >
