Romain Manni-Bucau created TOMEE-3742:
-----------------------------------------
Summary: Drop patched dependencies
Key: TOMEE-3742
URL: https://issues.apache.org/jira/browse/TOMEE-3742
Project: TomEE
Issue Type: Bug
Reporter: Romain Manni-Bucau
Fix For: 8.0.7
Last tomee releases use a lot of patch dependencies.
Most of them - not to say all ;) - are not needed but this way of doing broke a
lot of applications. Just to give a few examples:
# it breaks distro scanning (jar are unknown and CVE are missed which is
super important for anyone have some security policy in companies) since jars
are "corrupted" (from a scanning point of view)
# it broke some features (default json providers can't be disabled as before
breaking applications)
# it makes it random to update backward compatible dependencies
# it makes embedded mode quite random and behaving unexpectedly when not
using the fork
This ticket is about dropping all forks ensuring 1 and 4 are trivially solved
by doing (back) nothing and if possible try to fix 2 (the json setup is just
about reverting or integrating more with bus providers in cxf for ex).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
