[prev in list] [next in list] [prev in thread] [next in thread]
List: axis-dev
Subject: [jira] [Commented] (AXIS2-5959) Axis2 has dependency on "Commons HttpClient project", which is now e
From: "Yurii Demkiv (Jira)" <jira () apache ! org>
Date: 2021-04-23 8:32:00
Message-ID: JIRA.13240121.1560841333000.325872.1619166720474 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/AXIS2-5959?page=com.atlassian.jira.plugin. \
system.issuetabpanels:comment-tabpanel&focusedCommentId=17330179#comment-17330179 ]
Yurii Demkiv commented on AXIS2-5959:
-------------------------------------
[~robertlazarski] - thank you so much for working on this!
From my side - same as [~MuraliC], I am looking forward to the release of the new \
version to take benefit of this fix.
As soon as it's released - will get updated (y)
> Axis2 has dependency on "Commons HttpClient project", which is now end of life, and \
> is no longer being developed.
> ------------------------------------------------------------------------------------------------------------------
>
> Key: AXIS2-5959
> URL: https://issues.apache.org/jira/browse/AXIS2-5959
> Project: Axis2
> Issue Type: Bug
> Reporter: Aman Mishra
> Assignee: Robert Lazarski
> Priority: Critical
> Attachments: pom.xml
>
>
> We are using axis2 version 1.7.8 ( *org.apache.axis2.osgi-1.7.8.jar* ) in our \
> project, we can see that in this project pom.xml under <Import-Package> section, \
> dependency on "Commons HttpClient project". This dependency is there in the form of \
> *"org.apache.commons.httpclient.*,".* The same thing we have seen in axis2 latest \
> jar 1.7.9. Now as we know this "Commons HttpClient project" is already ended of \
> its life long back and its no longer being developed. So, please change this \
> package dependency to Apache HttpComponents project in its HttpClient \
> [org.apache.httpcomponents:httpclient]. (httpclient-4.5.9.jar). +*Note:*+ Right \
> now we are supplying the dependency "*org.apache.commons.httpclient"* to \
> "*org.apache.axis2.osgi-1.7.8.jar"* by \
> "com.springsource.org.apache.commons.httpclient-3.1.0.jar". Now in Nexus \
> vulnerability report "com.springsource.org.apache.commons.httpclient-3.1.0.jar" is \
> showing as vulnerable. So we want to remove this jar. But after removing this jar \
> "*org.apache.axis2.osgi-1.7.8.jar"* osgi bundle is not up due to unsatisfied \
> dependency of package "*org.apache.commons.httpclient".* We have tried to provide \
> the dependency by using httpclient-4.5.9.jar but this has different package \
> hierarchy as it required in the form "*org.apache.commons.httpclient".* So \
> please change this dependency according to latest apache jar httpclient-4.5.9.jar. \
> For Reference: Attaching pom.xml of Axis2 1.7.8 project.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic