You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Josh McKenzie (Jira)" <ji...@apache.org> on 2022/01/04 15:06:00 UTC

[jira] [Commented] (CASSANDRA-17231) Upgrade cassandra-driver-core to 4.X

    [ https://issues.apache.org/jira/browse/CASSANDRA-17231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17468670#comment-17468670 ] 

Josh McKenzie commented on CASSANDRA-17231:
-------------------------------------------

The 4.x driver has (as I understand it second hand) API breaking changes in it that have sweeping consequences for many things written to the 3.x driver.

Perhaps we should first look to an update to the deps in the bundled driver to a non-vulnerable version of the jackson-databind lib.

> Upgrade cassandra-driver-core to 4.X
> ------------------------------------
>
>                 Key: CASSANDRA-17231
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17231
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Dependencies
>            Reporter: Phyllis Li
>            Assignee: Phyllis Li
>            Priority: Normal
>              Labels: security
>             Fix For: 4.x
>
>
> The current Cassandra driver version is 3.11.0, which uses a vulnerable version of jackson-databind.
> We may want to switch to the re-branded com.datastax.oss:java-driver-core 4.13.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org