Re: UIMA-AS latest version security issues

[Richard Eckart de Castilho]

Hi Jerry,

On 17. Jun 2021, at 19:11, Jaroslaw Cwiklik  wrote:
> 
> There is a problem building eclipse plugins though. Not enough free time to
> address this now.

For the UIMA Java SDK and Ruta, we no longer obtain the Eclipse plugin 
dependencies
from Maven Central but instead use this plugin to pull the Eclipse bundles 
directly
from the official P2 repositories:

  
org.openntf.maven
p2-layout-resolver
1.3.0
true
  

That protects us now from the volatility of the version range resolving due to 
Eclipse
publishing new artifacts to Maven Central as we can lock to a particular P2 
update site
and those remain stable.

Cheers,

-- Richard

Re: UIMA-AS latest version security issues

[Jaroslaw Cwiklik]

I was able to run UIMA-AS (from
https://github.com/apache/uima-async-scaleout) extended tests with AMQ
5.16.2.
There is a problem building eclipse plugins though. Not enough free time to
address this now.
Regards, Jerry Cwiklik


5.16.2

4.3.30.RELEASE
2.25.2


On Wed, Jun 2, 2021 at 2:38 AM Richard Eckart de Castilho 
wrote:

> Hi,
>
> > On 1. Jun 2021, at 21:52, E Khorasani  wrote:
> >
> > We are using UIMA-AS 2.10.3  which includes ActiveMQ  5.15.2.  But our
> > AppScan report show High and medium severity security in
> > activemq-broker-5.15.2.jar and activemq-client-5.15.2.jar. Is there a
> way
> > to upgrade ActiveMQ  libraries in UIMA-AS? If so, could you please point
> > me to documents as to how to achieve this?
>
> Have you tried checking out the sources, replacing all the ActiveMQ
> dependency
> versions with the latest 5.x version, building and checking if it still
> works?
>
> Cheers,
>
> -- Richard