Out of curiosity, what was Pulkit's suggestion? I don't see it in this thread.
On Thu, Apr 5, 2018, 8:32 AM Alexander Murmann <amurm...@pivotal.io> wrote: > I am very much in favor of Pulkit's suggestion. We've previously discussed > using something like > https://github.com/nebula-plugins/gradle-dependency-lock-plugin. This > would > make a process like Pulkit describes very easy. We could easily be on the > latest versions that are known to work and at the same time capture which > dependencies cannot easily be upgraded. This would safe lots of manual work > and also provide greater transparency to us into where actual human effort > is required to get back catch up with latest. > > On Thu, Apr 5, 2018 at 8:12 AM, Anthony Baker <aba...@pivotal.io> wrote: > > > I created https://issues.apache.org/jira/browse/GEODE-5001 for this. > > > > Anthony > > > > > > > On Apr 4, 2018, at 5:39 PM, John Blum <jb...@pivotal.io> wrote: > > > > > > +0 > > > > > > > > > The Apache Geode *Log4j* dependency version *2.8.2* is or will cause > > > significant issues for apps, and in particular *Spring Boot* 2.0 apps. > > > > > > This Geode Log4j version is already quite dated as *Log4j 2.11.0* is > now > > > already available [1] and *Spring Boot* 2.0 pulls in *Log4j 2.10.0* > [2]. > > > > >
