[
https://issues.apache.org/jira/browse/AXIS2-5959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17329356#comment-17329356
]
Robert Lazarski commented on AXIS2-5959:
----------------------------------------
There are no longer any references to commons-httpclient in the git repo for
axis2, including docs and unit tests.
Closing the issue.
We are all volunteers that have day jobs so it's hard to say when there will be
a release. It requires a vote on our dev mailing list. I have a few remaining
tasks assigned to me though they are not big tasks like this one.
> Axis2 has dependency on "Commons HttpClient project", which is now end of
> life, and is no longer being developed.
> ------------------------------------------------------------------------------------------------------------------
>
> Key: AXIS2-5959
> URL: https://issues.apache.org/jira/browse/AXIS2-5959
> Project: Axis2
> Issue Type: Bug
> Reporter: Aman Mishra
> Assignee: Robert Lazarski
> Priority: Critical
> Attachments: pom.xml
>
>
> We are using axis2 version 1.7.8 ( *org.apache.axis2.osgi-1.7.8.jar* ) in our
> project, we can see that in this project pom.xml under <Import-Package>
> section, dependency on "Commons HttpClient project". This dependency is there
> in the form of *"org.apache.commons.httpclient.*,".* The same thing we have
> seen in axis2 latest jar 1.7.9.
> Now as we know this "Commons HttpClient project" is already ended of its life
> long back and its no longer being developed.
> So, please change this package dependency to Apache HttpComponents project in
> its HttpClient [org.apache.httpcomponents:httpclient].
> (httpclient-4.5.9.jar).
> +*Note:*+ Right now we are supplying the dependency
> "*org.apache.commons.httpclient"* to "*org.apache.axis2.osgi-1.7.8.jar"* by
> "com.springsource.org.apache.commons.httpclient-3.1.0.jar". Now in Nexus
> vulnerability report
> "com.springsource.org.apache.commons.httpclient-3.1.0.jar" is showing as
> vulnerable. So we want to remove this jar. But after removing this jar
> "*org.apache.axis2.osgi-1.7.8.jar"* osgi bundle is not up due to unsatisfied
> dependency of package "*org.apache.commons.httpclient".* We have tried to
> provide the dependency by using httpclient-4.5.9.jar but this has different
> package hierarchy as it required in the form
> "*org.apache.commons.httpclient".*
> So please change this dependency according to latest apache jar
> httpclient-4.5.9.jar.
> For Reference: Attaching pom.xml of Axis2 1.7.8 project.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
