Yes, I have the stack trace, sorry about the delay.
/home/marlowa/mystuff/axis2-build/latest-from-git/axis-axis2-java-core: cat
/home/marlowa/mystuff/axis2-build/latest-from-git/axis-axis2-java-core/modules/tool/axis2-repo-maven-plugin/target/it/AXIS2-5782/build.log
java.security.AccessControlExce
Hello Andreas,
Yes, it's true that the clustering component is optional. However, my
concern is not about whether one is actually exposed to the CVE, my concern
is that the analysis tools think that the software is exposed. When a
project that uses axis is analysed by Black Duck it reports the
vul
On Thu, Feb 25, 2021 at 3:37 PM robertlazarski
wrote:
> Axis2 1.7.9 will not build on JDK 11 for a few reasons such as the removal
> of XDoclet.
>
> The latest Axis2 trunk from our git repo does build on JDK 11 ... maybe
> later too, I haven't got to that yet.
>
> git clone https://github.com/ap
Note that the clustering component is optional. You can remove it if you
don't need it.
Andreas
On Sun, Feb 28, 2021 at 10:22 AM Andrew Marlow
wrote:
> Hello everyone,
>
> I've discovered that a dependency in the axi2 clustering component makes
> axis2 vulnerable to CVE-2020-0822, filed against
