[
https://issues.apache.org/jira/browse/TIKA-2536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628029#comment-17628029
]
Lewis John McGibbney edited comment on TIKA-2536 at 11/3/22 12:36 AM:
----------------------------------------------------------------------
As of version 5.0, netCDF-Java is released under the [BSD-3
licence|https://github.com/Unidata/netcdf-java/blob/master/LICENSE]
* tika main branch relies on v4.5.5
* current netCDF-java release appears to be 5.5.2
[~nick] I _think_ I used to know the answer to this question but it escapes me
now. What conditions/restrictions result in the following statement "...We can
only depend on versions in maven central, we can't depend on versions hosted
elsewhere"? Please remind me. Thanks
was (Author: lewismc):
As of version 5.0, netCDF-Java is released under the [BSD-3
licence|https://github.com/Unidata/netcdf-java/blob/master/LICENSE]
* tika main branch relies on v4.5.5
* current netCDF-java release appears to be 5.5.2
[~nick] I think I used to know the answer to this question but what
conditions/restriuctions result in the following statement "...We can only
depend on versions in maven central, we can't depend on versions hosted
elsewhere"? Please remind me. Thanks
> Move to later edu.ucar version to avoid EOL dependencies
> --------------------------------------------------------
>
> Key: TIKA-2536
> URL: https://issues.apache.org/jira/browse/TIKA-2536
> Project: Tika
> Issue Type: Improvement
> Components: parser
> Affects Versions: 1.16, 1.17
> Environment: All
> Reporter: Richard Jones
> Priority: Major
> Attachments: screenshot-1.png, screenshot-2.png
>
>
> The currently referenced 4.5.5 versions of edu.ucar:grib and edu.ucar:cdm
> (released in Mar 2015), as well as being branch EOL themselves, depend on
> many other project/branch/version EOL artifacts for which much later and
> active versions are often available. The list is as follows:
> - edu.ucar:grib depends on the project EOL bzip2. Much more recent versions
> of edu.ucar:grib exist that no longer depend on bzip2 (note: Jbzip2 is hosted
> on the Google Code site, which was shut down for active development in 2015.
> The project was never migrated to another site, e.g. Github).
> - edu.ucar:grib depends on the 2.0.4 EOL version of org.jdom:jdom2
> - edu.ucar:cdm depends on the 2.6.2 branch EOL version of
> net.sf.ehcache:ehcache-core
> - edu.ucar:cdm depends on the 2.2.0 EOL version of
> org.quartz-scheduler:quartz for which active versions are available. In turn
> org.quartz-scheduler:quartz depends on the 0.9.1.1 branch EOL version of
> c3p0:c3p0. Later versions of quartz have moved to the active com.mchange:c3p0
> - edu.ucar:grib depends on the 2.5.0 branch EOL version of
> com.google.protobuf:protobuf-java for which active versions are available.
> Request moving to a much later version of edu.ucar, or alternative artifacts
> to address all the above EOL issues (lack of active support for
> vulnerabilities and bugs).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
