[
https://issues.apache.org/jira/browse/CAMEL-20308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17808530#comment-17808530
]
Claus Ibsen edited comment on CAMEL-20308 at 1/25/24 1:22 PM:
--------------------------------------------------------------
[~tcunning] can you send a PR to add a note about this change in the 4.4 guide
https://github.com/apache/camel/blob/main/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_4.adoc
*DONE*
was (Author: davsclaus):
[~tcunning] can you send a PR to add a note about this change in the 4.4 guide
https://github.com/apache/camel/blob/main/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_4.adoc
> Change order of camel-spring-boot-bom and spring-boot-dependencies in
> dependencyManamgent
> -----------------------------------------------------------------------------------------
>
> Key: CAMEL-20308
> URL: https://issues.apache.org/jira/browse/CAMEL-20308
> Project: Camel
> Issue Type: Improvement
> Components: camel-spring-boot
> Affects Versions: 4.4.0
> Reporter: Thomas Cunningham
> Assignee: Thomas Cunningham
> Priority: Major
> Fix For: 4.4.0
>
>
> I'd like to suggest changing the order of camel-spring-boot-bom and
> spring-boot-dependencies in <dependencyManagement/> - currently
> spring-boot-dependencies is listed first, but the camel-parent many times
> contains updated dependencies with CVE fixes. In the event of the two
> BOMs containing a <dependencyManagement> entry for the same artifact, listing
> camel-spring-boot-bom first would mean that the versions from the
> camel-parent take precedence over spring-boot-dependencies versions and may
> mean a safer experience.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
