axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aman Mishra (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AXIS2-5959) Axis2 has dependency on "Commons HttpClient project", which is now end of life, and is no longer being developed.
Date Tue, 18 Jun 2019 07:03:00 GMT
Aman Mishra created AXIS2-5959:
----------------------------------

             Summary: Axis2 has dependency on "Commons HttpClient project", which is now end
of life, and is no longer being developed. 
                 Key: AXIS2-5959
                 URL: https://issues.apache.org/jira/browse/AXIS2-5959
             Project: Axis2
          Issue Type: Bug
            Reporter: Aman Mishra
         Attachments: pom.xml

We are using axis2 version 1.7.8 ( *org.apache.axis2.osgi-1.7.8.jar* ) in our project, we
can see that in this project pom.xml under <Import-Package> section, dependency on "Commons
HttpClient project". This dependency is there in the form of *"org.apache.commons.httpclient.*,".* The
same thing we have seen in axis2 latest jar 1.7.9. 

Now as we know this "Commons HttpClient project" is already ended of its life long back and
its no longer being developed. 

So, please change this package dependency to Apache HttpComponents project in its HttpClient [org.apache.httpcomponents:httpclient].
(httpclient-4.5.9.jar). 

+*Note:*+ Right now we are supplying the dependency "*org.apache.commons.httpclient"* to
"*org.apache.axis2.osgi-1.7.8.jar"* by "com.springsource.org.apache.commons.httpclient-3.1.0.jar".
Now in Nexus vulnerability report "com.springsource.org.apache.commons.httpclient-3.1.0.jar"
is showing as vulnerable. So we want to remove this jar. But after removing this jar "*org.apache.axis2.osgi-1.7.8.jar"* osgi
bundle is not up due to unsatisfied dependency of package "*org.apache.commons.httpclient".* We
have tried to provide the dependency by using httpclient-4.5.9.jar but this has different
package hierarchy as it required in the form "*org.apache.commons.httpclient".* 

So please change this dependency according to latest apache jar httpclient-4.5.9.jar.

For Reference: Attaching pom.xml of Axis2 1.7.8 project.

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message