rmannibucau commented on pull request #462: URL: https://github.com/apache/maven/pull/462#issuecomment-812537590
@aheritier external:* was my first try but has too much side effects and does not fulfill the same goal, this is why i went with this option. At that time i thought we should have enabled external:pattern:xxx instead of hardcode it but for now i'm just trying to drop some blocker. @slachiewicz IMHO a security fix is *not* a new feature as justifying a N+1 but something required in the affected version branch as discussed on the list. 3.8.1 was a core dev choice, not an user one IMHO and I'm just trying to catch up here. @michael-o i reviewed the changelog and most of the changes are dead changes for the resolver so think it is fine to use the 1.6, there are other more impacting bumps in patch versions in general. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org