Re: UIMA-AS latest version security issues
Hi Richard, sorry for the delay in responding. Was away on vacation last week. Will merge your changes soon. Thanks for the help. I will work on a new uima-as release when I have free time. Jerry On Mon, Jun 21, 2021 at 2:51 PM Richard Eckart de Castilho wrote: > Hi Jerry, > > > On 18. Jun 2021, at 19:35, Jaroslaw Cwiklik wrote: > > > > Thanks Richard. I took a look today at Ruta and compared its eclipse > > plugins setup to uima-as. Seems like many changes are needed to make them > > work. Actually made some changes to uima-as poms (including one you've > > suggested) but am not able to build. > > Please have a look at the PR: > https://github.com/apache/uima-async-scaleout/pull/3 > > -- Richard
Re: UIMA-AS latest version security issues
Hi Jerry, > On 18. Jun 2021, at 19:35, Jaroslaw Cwiklik wrote: > > Thanks Richard. I took a look today at Ruta and compared its eclipse > plugins setup to uima-as. Seems like many changes are needed to make them > work. Actually made some changes to uima-as poms (including one you've > suggested) but am not able to build. Please have a look at the PR: https://github.com/apache/uima-async-scaleout/pull/3 -- Richard
Re: UIMA-AS latest version security issues
Thanks Richard. I took a look today at Ruta and compared its eclipse plugins setup to uima-as. Seems like many changes are needed to make them work. Actually made some changes to uima-as poms (including one you've suggested) but am not able to build. The latest problem is this: *ERROR*] Failed to execute goal on project uimaj-ep-runtime-deployeditor: *Could not resolve dependencies for project org.apache.uima:uimaj-ep-runtime-deployeditor:jar:2.10.4-SNAPSHOT: Artifact not found*: /var/folders/qv/mb2304nn2yg65q0c3n0vrcpmgn/T/org.openntf.maven.p2.layout.P2RepositoryLayout-org.eclipse.p2.201812-metadata4232512035347814454/1997609141157123 (No such file or directory) -> *[Help 1]* *Regards, Jerry* *I * On Thu, Jun 17, 2021 at 1:55 PM Richard Eckart de Castilho wrote: > Hi Jerry, > > On 17. Jun 2021, at 19:11, Jaroslaw Cwiklik wrote: > > > > There is a problem building eclipse plugins though. Not enough free time > to > > address this now. > > For the UIMA Java SDK and Ruta, we no longer obtain the Eclipse plugin > dependencies > from Maven Central but instead use this plugin to pull the Eclipse bundles > directly > from the official P2 repositories: > > > org.openntf.maven > p2-layout-resolver > 1.3.0 > true > > > That protects us now from the volatility of the version range resolving > due to Eclipse > publishing new artifacts to Maven Central as we can lock to a particular > P2 update site > and those remain stable. > > Cheers, > > -- Richard
Re: UIMA-AS latest version security issues
Hi Jerry, On 17. Jun 2021, at 19:11, Jaroslaw Cwiklik wrote: > > There is a problem building eclipse plugins though. Not enough free time to > address this now. For the UIMA Java SDK and Ruta, we no longer obtain the Eclipse plugin dependencies from Maven Central but instead use this plugin to pull the Eclipse bundles directly from the official P2 repositories: org.openntf.maven p2-layout-resolver 1.3.0 true That protects us now from the volatility of the version range resolving due to Eclipse publishing new artifacts to Maven Central as we can lock to a particular P2 update site and those remain stable. Cheers, -- Richard
Re: UIMA-AS latest version security issues
I was able to run UIMA-AS (from https://github.com/apache/uima-async-scaleout) extended tests with AMQ 5.16.2. There is a problem building eclipse plugins though. Not enough free time to address this now. Regards, Jerry Cwiklik 5.16.2 4.3.30.RELEASE 2.25.2 On Wed, Jun 2, 2021 at 2:38 AM Richard Eckart de Castilho wrote: > Hi, > > > On 1. Jun 2021, at 21:52, E Khorasani wrote: > > > > We are using UIMA-AS 2.10.3 which includes ActiveMQ 5.15.2. But our > > AppScan report show High and medium severity security in > > activemq-broker-5.15.2.jar and activemq-client-5.15.2.jar. Is there a > way > > to upgrade ActiveMQ libraries in UIMA-AS? If so, could you please point > > me to documents as to how to achieve this? > > Have you tried checking out the sources, replacing all the ActiveMQ > dependency > versions with the latest 5.x version, building and checking if it still > works? > > Cheers, > > -- Richard
Re: UIMA-AS latest version security issues
Hi, > On 1. Jun 2021, at 21:52, E Khorasani wrote: > > We are using UIMA-AS 2.10.3 which includes ActiveMQ 5.15.2. But our > AppScan report show High and medium severity security in > activemq-broker-5.15.2.jar and activemq-client-5.15.2.jar. Is there a way > to upgrade ActiveMQ libraries in UIMA-AS? If so, could you please point > me to documents as to how to achieve this? Have you tried checking out the sources, replacing all the ActiveMQ dependency versions with the latest 5.x version, building and checking if it still works? Cheers, -- Richard