[
https://issues.apache.org/jira/browse/TIKA-2536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Richard Jones updated TIKA-2536:
--------------------------------
Description:
The currently referenced 4.5.5 versions of edu.ucar:grib and edu.ucar:cdm
(released in Mar 2015), as well as being branch EOL themselves, depend on many
other project/branch/version EOL artifacts for which much later and active
versions are often available. The list is as follows:
- edu.ucar:grib depends on the project EOL bzip2. Much more recent versions of
edu.ucar:grib exist that no longer depend on bzip2 (note: Jbzip2 is hosted on
the Google Code site, which was shut down for active development in 2015. The
project was never migrated to another site, e.g. Github).
- edu.ucar:grib depends on the 2.0.4 EOL version of org.jdom:jdom2
- edu.ucar:cdm depends on the 2.6.2 branch EOL version of
net.sf.ehcache:ehcache-core
- edu.ucar:cdm depends on the 2.2.0 EOL version of org.quartz-scheduler:quartz
for which active versions are available. In turn org.quartz-scheduler:quartz
depends on the 0.9.1.1 branch EOL version of c3p0:c3p0. Later versions of
quartz have moved to the active com.mchange:c3p0
- edu.ucar:grib depends on the 2.5.0 branch EOL version of
com.google.protobuf:protobuf-java for which active versions are available.
Request moving to a much later version of edu.ucar, or alternative artifacts to
address all the above EOL issues (lack of active support for vulnerabilities
and bugs).
was:
The currently referenced 4.5.5 version of edu.ucar:grib released in Mar 2015 is
itself branch EOL and depends on the project EOL'd bzip2. Much more recent
versions of edu.ucar:grib exist that do not depend on bzip2.
Request moving to a much later version of edu.ucar:grib (e.g. 4.6.10 from Apr
2017) than no longer depends on the EOL'd bzip2 and isn't itself branch/version
EOL.
(note: Jbzip2 is hosted on the Google Code site, which was shut down for active
development in 2015. The project was never migrated to another site, e.g.
Github).
Additionally the currently referenced 4.5.5 version of edu.ucar:grib depends on
the EOL 2.0.4 version of org.jdom:jdom2.
Additionally the currently referenced 4.5.5 version of edu.ucar:cdm depends on
the branch EOL 2.6.2 version of net.sf.ehcache:ehcache-core.
Moving to a much later version of edu.ucar will address all the above EOL
issues (lack of active support for vulnerabilities and bugs).
> Move to later edu.ucar version to avoid EOL dependencies
> --------------------------------------------------------
>
> Key: TIKA-2536
> URL: https://issues.apache.org/jira/browse/TIKA-2536
> Project: Tika
> Issue Type: Improvement
> Components: parser
> Affects Versions: 1.16, 1.17
> Environment: All
> Reporter: Richard Jones
>
> The currently referenced 4.5.5 versions of edu.ucar:grib and edu.ucar:cdm
> (released in Mar 2015), as well as being branch EOL themselves, depend on
> many other project/branch/version EOL artifacts for which much later and
> active versions are often available. The list is as follows:
> - edu.ucar:grib depends on the project EOL bzip2. Much more recent versions
> of edu.ucar:grib exist that no longer depend on bzip2 (note: Jbzip2 is hosted
> on the Google Code site, which was shut down for active development in 2015.
> The project was never migrated to another site, e.g. Github).
> - edu.ucar:grib depends on the 2.0.4 EOL version of org.jdom:jdom2
> - edu.ucar:cdm depends on the 2.6.2 branch EOL version of
> net.sf.ehcache:ehcache-core
> - edu.ucar:cdm depends on the 2.2.0 EOL version of
> org.quartz-scheduler:quartz for which active versions are available. In turn
> org.quartz-scheduler:quartz depends on the 0.9.1.1 branch EOL version of
> c3p0:c3p0. Later versions of quartz have moved to the active com.mchange:c3p0
> - edu.ucar:grib depends on the 2.5.0 branch EOL version of
> com.google.protobuf:protobuf-java for which active versions are available.
> Request moving to a much later version of edu.ucar, or alternative artifacts
> to address all the above EOL issues (lack of active support for
> vulnerabilities and bugs).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
