Aman Mishra created AXIS2-5959:
----------------------------------
Summary: Axis2 has dependency on "Commons HttpClient project",
which is now end of life, and is no longer being developed.
Key: AXIS2-5959
URL: https://issues.apache.org/jira/browse/AXIS2-5959
Project: Axis2
Issue Type: Bug
Reporter: Aman Mishra
Attachments: pom.xml
We are using axis2 version 1.7.8 ( *org.apache.axis2.osgi-1.7.8.jar* ) in our
project, we can see that in this project pom.xml under <Import-Package>
section, dependency on "Commons HttpClient project". This dependency is there
in the form of *"org.apache.commons.httpclient.*,".* The same thing we have
seen in axis2 latest jar 1.7.9.
Now as we know this "Commons HttpClient project" is already ended of its life
long back and its no longer being developed.
So, please change this package dependency to Apache HttpComponents project in
its HttpClient [org.apache.httpcomponents:httpclient]. (httpclient-4.5.9.jar).
+*Note:*+ Right now we are supplying the dependency
"*org.apache.commons.httpclient"* to "*org.apache.axis2.osgi-1.7.8.jar"* by
"com.springsource.org.apache.commons.httpclient-3.1.0.jar". Now in Nexus
vulnerability report "com.springsource.org.apache.commons.httpclient-3.1.0.jar"
is showing as vulnerable. So we want to remove this jar. But after removing
this jar "*org.apache.axis2.osgi-1.7.8.jar"* osgi bundle is not up due to
unsatisfied dependency of package "*org.apache.commons.httpclient".* We have
tried to provide the dependency by using httpclient-4.5.9.jar but this has
different package hierarchy as it required in the form
"*org.apache.commons.httpclient".*
So please change this dependency according to latest apache jar
httpclient-4.5.9.jar.
For Reference: Attaching pom.xml of Axis2 1.7.8 project.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
