'[jira] [Commented] (AXIS2-5959) Axis2 has dependency on "Commons HttpClient project", which is now e'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       axis-dev
Subject:    [jira] [Commented] (AXIS2-5959) Axis2 has dependency on "Commons HttpClient project", which is now e
From:       "Yurii Demkiv (Jira)" <jira () apache ! org>
Date:       2021-04-23 8:32:00
Message-ID: JIRA.13240121.1560841333000.325872.1619166720474 () Atlassian ! JIRA
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/AXIS2-5959?page=com.atlassian.jira.plugin. \
system.issuetabpanels:comment-tabpanel&focusedCommentId=17330179#comment-17330179 ] 

Yurii Demkiv commented on AXIS2-5959:
-------------------------------------

[~robertlazarski]  - thank you so much for working on this!
From my side - same as [~MuraliC], I am looking forward to the release of the new \
version to take benefit of this fix.

  

As soon as it's released - will get updated  (y)

> Axis2 has dependency on "Commons HttpClient project", which is now end of life, and \
>                 is no longer being developed. 
> ------------------------------------------------------------------------------------------------------------------
>  
> Key: AXIS2-5959
> URL: https://issues.apache.org/jira/browse/AXIS2-5959
> Project: Axis2
> Issue Type: Bug
> Reporter: Aman Mishra
> Assignee: Robert Lazarski
> Priority: Critical
> Attachments: pom.xml
> 
> 
> We are using axis2 version 1.7.8 ( *org.apache.axis2.osgi-1.7.8.jar* ) in our \
> project, we can see that in this project pom.xml under <Import-Package> section, \
> dependency on "Commons HttpClient project". This dependency is there in the form of \
> *"org.apache.commons.httpclient.*,".*  The same thing we have seen in axis2 latest \
> jar 1.7.9.   Now as we know this  "Commons HttpClient project" is already ended of \
> its life long back and its no longer being developed.   So, please change this \
> package dependency to  Apache HttpComponents project in its HttpClient  \
> [org.apache.httpcomponents:httpclient]. (httpclient-4.5.9.jar).   +*Note:*+ Right \
> now we are supplying the dependency "*org.apache.commons.httpclient"*  to \
> "*org.apache.axis2.osgi-1.7.8.jar"*  by \
> "com.springsource.org.apache.commons.httpclient-3.1.0.jar". Now in Nexus \
> vulnerability report "com.springsource.org.apache.commons.httpclient-3.1.0.jar" is \
> showing as vulnerable. So we want to remove this jar. But after removing this jar \
> "*org.apache.axis2.osgi-1.7.8.jar"*  osgi bundle is not up due to unsatisfied \
> dependency of package  "*org.apache.commons.httpclient".*  We have tried to provide \
> the dependency by using httpclient-4.5.9.jar but this has different package \
> hierarchy as it required in the form  "*org.apache.commons.httpclient".*   So \
> please change this dependency according to latest apache jar httpclient-4.5.9.jar. \
> For Reference: Attaching pom.xml of Axis2 1.7.8 project. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic