You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "Uwe Schindler (Jira)" <ji...@apache.org> on 2021/12/22 19:35:00 UTC
[jira] [Comment Edited] (SOLR-9459) Upgrade dependencies
[ https://issues.apache.org/jira/browse/SOLR-9459?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17464017#comment-17464017 ]
Uwe Schindler edited comment on SOLR-9459 at 12/22/21, 7:34 PM:
----------------------------------------------------------------
In the case of gorbiddenapis you have to shade as for example ASM is incompatible to each oder and for example Gradle ships with its own outdated versions.
Forbiddenapis is my responsibility and I can decide if and what I'd like to shade.
Generally the recent log4j discussion and organizations like Adobe (see mailing list) or governmental organizations enforcing all product upgrades just because there's a jar file will force for sure application providers to go over and shade more libs than in the past to actually hide what they use. That's bad! This should be told to those stupid, stupid people without any technical knowledge at e.g. Adobe (yes I mean you Adobe!), That they will bring that problem to all of us.
If we say: "Solr is safe" they should accept that or simply stop using it. Period. Man man, I will take a shotgun and kill the next one who asks me to update the library without reason.
Please keep this statement public, I stand to it.
was (Author: thetaphi):
In the case of gorbiddenapis you have to shade as for example ASM is incompatible to each oder and for example Gradle ships with its own outdated versions.
Forbiddenapis is my responsibility and I can decide if and what I'd like to shade.
Generally the recent log4j discussion and organizations like Adobe (see mailing list) or governmental organizations enforcing all product upgrades just because there's a jar file will force for sure force application providers to go over and shade more in the past to actually hide what they use. That's bad. This should be told to those stupid, stupid people without any technical knowledge at e.g. Adobe (yes I mean you Adobe!), That they will bring that problem to all of us.
If we say: "Solr is safe" they should accept that or simply stop using it. Period. Man man, I will take a shotgun and kill the next one who asks me to update the library without reason.
Please keep this statement public, I stand to it.
> Upgrade dependencies
> --------------------
>
> Key: SOLR-9459
> URL: https://issues.apache.org/jira/browse/SOLR-9459
> Project: Solr
> Issue Type: Improvement
> Reporter: Petar Tahchiev
> Priority: Major
> Attachments: commons-lang3.patch
>
>
> Hello,
> my project has more than 400 dependencies and I'm trying to ban the usage of {{commons-collecrtions}} and {{commons-lang}} in favor of {{org.apache.commons:commons-collection4}} and {{org.apache.commons:commons-lang3}}. Unfortunately out of the 400 dependencies *only* solr is still using the old {{collections}} and {{lang}} dependencies which are more than 6 years old.
> Is there a specific reason for that? Can you please update to the latest versions:
> http://repo1.maven.org/maven2/org/apache/commons/commons-lang3/
> http://repo1.maven.org/maven2/org/apache/commons/commons-collections4/
> http://repo1.maven.org/maven2/org/apache/commons/commons-configuration2/
> http://repo1.maven.org/maven2/org/apache/commons/commons-io/
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org