[ https://issues.apache.org/jira/browse/TIKA-2536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Jones updated TIKA-2536: -------------------------------- Description: The currently referenced 4.5.5 versions of edu.ucar:grib and edu.ucar:cdm (released in Mar 2015), as well as being branch EOL themselves, depend on many other project/branch/version EOL artifacts for which much later and active versions are often available. The list is as follows: - edu.ucar:grib depends on the project EOL bzip2. Much more recent versions of edu.ucar:grib exist that no longer depend on bzip2 (note: Jbzip2 is hosted on the Google Code site, which was shut down for active development in 2015. The project was never migrated to another site, e.g. Github). - edu.ucar:grib depends on the 2.0.4 EOL version of org.jdom:jdom2 - edu.ucar:cdm depends on the 2.6.2 branch EOL version of net.sf.ehcache:ehcache-core - edu.ucar:cdm depends on the 2.2.0 EOL version of org.quartz-scheduler:quartz for which active versions are available. In turn org.quartz-scheduler:quartz depends on the 0.9.1.1 branch EOL version of c3p0:c3p0. Later versions of quartz have moved to the active com.mchange:c3p0 - edu.ucar:grib depends on the 2.5.0 branch EOL version of com.google.protobuf:protobuf-java for which active versions are available. Request moving to a much later version of edu.ucar, or alternative artifacts to address all the above EOL issues (lack of active support for vulnerabilities and bugs). was: The currently referenced 4.5.5 version of edu.ucar:grib released in Mar 2015 is itself branch EOL and depends on the project EOL'd bzip2. Much more recent versions of edu.ucar:grib exist that do not depend on bzip2. Request moving to a much later version of edu.ucar:grib (e.g. 4.6.10 from Apr 2017) than no longer depends on the EOL'd bzip2 and isn't itself branch/version EOL. (note: Jbzip2 is hosted on the Google Code site, which was shut down for active development in 2015. The project was never migrated to another site, e.g. Github). Additionally the currently referenced 4.5.5 version of edu.ucar:grib depends on the EOL 2.0.4 version of org.jdom:jdom2. Additionally the currently referenced 4.5.5 version of edu.ucar:cdm depends on the branch EOL 2.6.2 version of net.sf.ehcache:ehcache-core. Moving to a much later version of edu.ucar will address all the above EOL issues (lack of active support for vulnerabilities and bugs). > Move to later edu.ucar version to avoid EOL dependencies > -------------------------------------------------------- > > Key: TIKA-2536 > URL: https://issues.apache.org/jira/browse/TIKA-2536 > Project: Tika > Issue Type: Improvement > Components: parser > Affects Versions: 1.16, 1.17 > Environment: All > Reporter: Richard Jones > > The currently referenced 4.5.5 versions of edu.ucar:grib and edu.ucar:cdm > (released in Mar 2015), as well as being branch EOL themselves, depend on > many other project/branch/version EOL artifacts for which much later and > active versions are often available. The list is as follows: > - edu.ucar:grib depends on the project EOL bzip2. Much more recent versions > of edu.ucar:grib exist that no longer depend on bzip2 (note: Jbzip2 is hosted > on the Google Code site, which was shut down for active development in 2015. > The project was never migrated to another site, e.g. Github). > - edu.ucar:grib depends on the 2.0.4 EOL version of org.jdom:jdom2 > - edu.ucar:cdm depends on the 2.6.2 branch EOL version of > net.sf.ehcache:ehcache-core > - edu.ucar:cdm depends on the 2.2.0 EOL version of > org.quartz-scheduler:quartz for which active versions are available. In turn > org.quartz-scheduler:quartz depends on the 0.9.1.1 branch EOL version of > c3p0:c3p0. Later versions of quartz have moved to the active com.mchange:c3p0 > - edu.ucar:grib depends on the 2.5.0 branch EOL version of > com.google.protobuf:protobuf-java for which active versions are available. > Request moving to a much later version of edu.ucar, or alternative artifacts > to address all the above EOL issues (lack of active support for > vulnerabilities and bugs). -- This message was sent by Atlassian JIRA (v6.4.14#64029)