Yes, I was thinking about 2.20.x But, I thought the same could be done in the ongoing master, since that uses 2.8.10 of jackson-databind at this point?
On Sat, Mar 24, 2018 at 5:10 AM, Andrea Cosentino < ancosen1...@yahoo.com.invalid> wrote: > Do you mean on 2.20.x? Yeah, upgrade of this kind are welcome > > Inviato da Yahoo Mail su Android > > Il sab, 24 mar, 2018 alle 9:07, Claus Ibsen<claus.ib...@gmail.com> ha > scritto: Hi > > Yeah sure you can submit a PR to update that. > We generally always want to update to newer patch releases. > > > On Sat, Mar 24, 2018 at 1:25 AM, Darius Cooper <dariuscoo...@gmail.com> > wrote: > > What is Camel's policy on upgrading versions of dependencies used? For > > example, is there any policy that says that dependencies will not be > > upgraded with minor version number increments, or path increments, or > some > > such? > > > > Example: > > Camel 2.20.x uses jackson-databind 2.8.10 > > > > I see a comment in Camel code that jackson-datbind 2.9.x does not work > well > > the Camel swagger component. > > > > Meanwhile, jackson-databind has a 2.8.11.1 , which fixes some reported > > vulnerabilities. > > > > Would the Camel team be open to going to the latest 2.8.x version of > > jackson-databind? > > > > -- > Claus Ibsen > ----------------- > http://davsclaus.com @davsclaus > Camel in Action 2: https://www.manning.com/ibsen2 > >