Hi Yeah sure you can submit a PR to update that. We generally always want to update to newer patch releases.
On Sat, Mar 24, 2018 at 1:25 AM, Darius Cooper <dariuscoo...@gmail.com> wrote: > What is Camel's policy on upgrading versions of dependencies used? For > example, is there any policy that says that dependencies will not be > upgraded with minor version number increments, or path increments, or some > such? > > Example: > Camel 2.20.x uses jackson-databind 2.8.10 > > I see a comment in Camel code that jackson-datbind 2.9.x does not work well > the Camel swagger component. > > Meanwhile, jackson-databind has a 2.8.11.1 , which fixes some reported > vulnerabilities. > > Would the Camel team be open to going to the latest 2.8.x version of > jackson-databind? -- Claus Ibsen ----------------- http://davsclaus.com @davsclaus Camel in Action 2: https://www.manning.com/ibsen2
