You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@arrow.apache.org by "Wes McKinney (JIRA)" <ji...@apache.org> on 2017/08/08 02:58:00 UTC

[jira] [Commented] (ARROW-1243) [Java] security: upgrade all libraries to latest stable versions

    [ https://issues.apache.org/jira/browse/ARROW-1243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16117771#comment-16117771 ] 

Wes McKinney commented on ARROW-1243:
-------------------------------------

Since the 0.6.0 release timeline became compressed with the Plasma IP clearance, we have not gotten enough feedback yet on the patch. Accordingly (and in case that doesn't change in the next 24 hours), I moved this to 0.7.0, which should give enough time for downstream users to give feedback on the dependency upgrades

> [Java] security: upgrade all libraries to latest stable versions
> ----------------------------------------------------------------
>
>                 Key: ARROW-1243
>                 URL: https://issues.apache.org/jira/browse/ARROW-1243
>             Project: Apache Arrow
>          Issue Type: Improvement
>          Components: Java - Memory, Java - Vectors
>    Affects Versions: 0.4.1
>            Reporter: Matt Darwin
>             Fix For: 0.7.0
>
>
> Some of the java libraries used are very old - e.g. commons-cli dates from 2009.
> Rather than (or as well as) reacting to security vulnerabilities when they are discovered, we should pro-actively update all our libraries to the latest versions.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)