I'd report it for a 1.7.1 since it is very risky - we sometimes rely on some particular versions regarding the behavior for advanced cases - and 1.7.0 is really expected.
>From what I saw (quickly) ehcache, slf4j, geronimo_javamail, [lang3], [fileupload] can be updated almost blindy (I mean if build passes that's ok). Others looks too dangerous at this moment for me. Wdyt? Romain Manni-Bucau Twitter: @rmannibucau Blog: http://rmannibucau.wordpress.com/ LinkedIn: http://fr.linkedin.com/in/rmannibucau Github: https://github.com/rmannibucau 2014-05-01 11:19 GMT+02:00 Andy Gumbrecht <[email protected]>: > The buildbot is up and there are a few 'minor' fails. > I'd like to get as many minor version lib updates into 1.7.0 as possible > before release: > > mvn org.codehaus.mojo:versions-maven-plugin:2.1:display-dependency-updates = > Quite a lot of updates to test against... > > > On 01/05/2014 10:46, Romain Manni-Bucau wrote: >> >> seems consistent >> >> side note: we should release 1.7.0 too - it is due for weeks - not >> sure the status on openjpa side. >> >> >> Romain Manni-Bucau >> Twitter: @rmannibucau >> Blog: http://rmannibucau.wordpress.com/ >> LinkedIn: http://fr.linkedin.com/in/rmannibucau >> Github: https://github.com/rmannibucau >> >> >> 2014-05-01 10:38 GMT+02:00 Andy Gumbrecht <[email protected]>: >>> >>> +1 >>> >>> Andy. >>> >>> >>> On 30/04/2014 23:19, Jean-Louis Monteiro wrote: >>>> >>>> Hello guys, >>>> >>>> Please check this page >>>> http://cxf.apache.org/security-advisories.html >>>> >>>> The 4 latest ones have been discovered recently, so we should plan a >>>> 1.6.0.2 soon if we are also using CXF vulnerable binaries, isn't it? >>>> >>>> -- >>>> Jean-Louis Monteiro >>>> http://twitter.com/jlouismonteiro >>>> http://www.tomitribe.com >>>> >>> -- >>> Andy Gumbrecht >>> >>> http://www.tomitribe.com >>> [email protected] >>> https://twitter.com/AndyGeeDe >>> >>> TomEE treibt Tomitribe! | http://tomee.apache.org >>> >> > > -- > Andy Gumbrecht > > http://www.tomitribe.com > [email protected] > https://twitter.com/AndyGeeDe > > TomEE treibt Tomitribe! | http://tomee.apache.org >
