[
https://issues.apache.org/jira/browse/ACCUMULO-4703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16174870#comment-16174870
]
Michael Miller commented on ACCUMULO-4703:
------------------------------------------
I thought there might be a reason for keeping it at that version but the
comment mentioned maven release plugin. I went with the version required by
versions-maven-plugin. I thought 3.2.5 was a good compromise from going all
the way to the latest, 3.5.0. Thankfully it looks like 3.0.5 is the oldest
recommended version: https://maven.apache.org/security.html I can revert it
and add a comment.
> Attempt to pull all dependencies to latest version
> --------------------------------------------------
>
> Key: ACCUMULO-4703
> URL: https://issues.apache.org/jira/browse/ACCUMULO-4703
> Project: Accumulo
> Issue Type: Task
> Reporter: Keith Turner
> Assignee: Michael Miller
> Priority: Blocker
> Fix For: 2.0.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> This is issue is motivated by discussion in ACCUMULO-4701. For 2.0.0 we
> should attempt to use the latest version of any direct dependencies. Not
> doing so may force user to use older versions of dependencies with bugs and
> security problems.
> ACCUMULO-4701 provides an example of this where Accumulo using methods that
> exist in an older version of Guava but are dropped in a new version prevent a
> user from using newer Guava.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
